Theodore C. Len

Bio: Theodore C. Len is an academic researcher from University of Rochester. The author has contributed to research in topics: Port mirroring & Crossbar switch. The author has an hindex of 1, co-authored 2 publications receiving 51 citations.

Method and apparatus to establish a tap-point in a switched network using self-configuring switches having distributed configuration capabilities

Abstract: A method and apparatus for monitoring data sent between a source node and destination node in a switched network, wherein the switches configure themselves to establish a connection path to a probe switch to receive the monitored data. The source and destination are identified along with the probe switch. An originating switch on a path between the source and destination is identified and connections between the originating switch and the probe switch are established. The originating switch sends out a first message and when the probe switch receives the first message, it returns a second message to the originating switch. Each switch between the originating switch and the probe switch that receives the first and second messages configures itself to establish the connection path.

Method and apparatus to establish a tap-point in a switched network

Abstract: A method and apparatus for monitoring data sent between a source node and destination node in a switched network, wherein the switches configure themselves to establish a connection path to a probe switch to receive the monitored data. The source and destination are identified along with the probe switch. An originating switch on a path between the source and destination is identified and connections between the originating switch and the probe switch are established. The originating switch sends out a first message and when the probe switch receives the first message, it returns a second message to the originating switch. Each switch between the originating switch and the probe switch that receives the first and second messages configures itself to establish the connection path.

Network security tap for use with intrusion detection system

Abstract: A system and method is presented for analyzing information in a communication line for unwanted intrusions and for allowing information to be transmitted back into the communication line without disrupting the communication traffic when an intrusion is detected. The system and method includes a security tap connected to a firewall. The security tap is also connected to an intrusion detection device. The intrusion detection device analyzes the information in the communication line for indicia of attempts to compromise the network. When such indicia is detected, the intrusion detection device sends a “kill” data packet back through the security tap and directed back to the communication line to the firewall to instruct the firewall to prevent further communications into the network by the intrusive source. An Ethernet switch or field programmable gate array (FPGA) is incorporated in the security tap to coordinate the transmission of the “kill” data packet to avoid data collisions with data transmissions already existing in the communication line.

System and method for flow mirroring in a network switch

Abstract: A network switch has a plurality of mirror ports to which data is copied for purposes such as networking monitoring Data flows are identified and copied to an appropriate mirror port in response to the type of flow, a mirroring policy set up by a network administrator, and a distribution mechanism A monitoring device attached to each mirror port is able to monitor specific types of traffic Because the data flows are distributed among a plurality of mirror ports and monitoring devices, the ports and devices are less likely to overflow and therefore are more likely to be able to handle the copied data without dropping data packets The mirror ports are collected into groups of such ports A given port may only be a member of a single group at one time The mirroring policy must identify the group to which a particular type of flow is copied

Method and system for predicting causes of network service outages using time domain correlation

Abstract: Methods and systems are described for predicting the likely causes of service outages using only time information, and for predicting and the likely costs of service outages The likely causes are found by defining a narrow likely cause window around an outage based on service quality and/or service usage data, and correlating service events to the likely cause window in the time domain to find a probability distribution for the events The likely costs are found by measuring usage loss and duration for a given point during an outage and using cost component functions of the time and usage to extrapolate over the outage These cause and cost predictions supply service administrators with tools for making more informed decisions about allocation of resources in preventing and correcting service outages

Methods and systems for automatically configuring network monitoring system

Abstract: An automatically configurable network monitoring system includes a network monitoring communications protocol used for communications between a network monitoring client executing on a routing node ( 100 ) being monitored and a network monitoring server executing on a network monitoring processor ( 106 ). According to the network monitoring communications protocol, the network monitoring client broadcasts a network monitoring service request message to the network monitoring servers. The service request message identifies a signaling link for which network monitoring service is being requested. The network monitoring servers provisioned to the requested provide network monitoring service respond affirmatively and thereby automatically grant network monitoring service. The network monitoring system may be completely probeless or, alternatively, used in conjunction with probe-based network monitoring devices.

Method and system for event impact analysis

Abstract: An impact analysis software system is described which resides on a computer connected to a network in an enterprise. The system analyzes the impact of network events on the network, and includes a number of modules, including a number of data source adapters for interfacing with external data sources to thereby allow access by the system to enterprise-related data in the external data sources. The system further includes an impact analysis data structure populated with data accessed from the external data sources and defining relationships between the enterprise-related data. One or more action tree data structures comprise a routine which, when executed, acts upon the relationships defined by the impact analysis data structure to handle events. A message processor reads the network events and select one of the action tree data structures to handle each read network event.