Browse Prior Art Database

Method for an integrated packet-processing snoop link

IP.com Disclosure Number: IPCOM000042271D
Publication Date: 2005-Feb-03
Document File: 3 page(s) / 19K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for an integrated packet-processing snoop link. Benefits include improved functionality and improved performance.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 56% of the total text.

Method for an integrated packet-processing snoop link

Disclosed is a method for an integrated packet-processing snoop link. Benefits include improved functionality and improved performance.

General description

              The disclosed method is the addition of logic and an interface to a network controller chip that enables an external device to monitor network packets for content. The method detects patterns that are indicative of security attacks, such as worms and viruses, in network traffic.

              The disclosed method can be applied to network controllers that include multiple network interfaces.

              The key elements of the disclosed method include:

•             Packet filter block

•             Field filter block

•             Snoop data link                                                                                                                                     

Advantages

              The disclosed method provides advantages, including:
•             Improved functionality due to providing an integrated packet-processing snoop link

•             Improved functionality due to providing integrated antivirus protection at a network level

•             Improved functionality due to providing a scalable network controller solution

•             Improved functionality due to enabling the network controller to be usable over more generations of hardware

•             Improved performance due to providing traffic engineering and monitoring that is transparent to the host system

Detailed description

              The disclosed method includes three elements that form an integrated packet-snoop capability. It enables an external processor to examine portions of the incoming and outgoing network packets without involving the host system (see Figure 1).

              The packet filter block detects patterns in network packets. The filter samples the packets or parts of the packet, such as the headers. All packets can be sampled or only some of the packets. Packets that match the patterns of interest are passed to the field filter and snoop data link.

              The field filter block extracts specified data fields for transmission ove...