Network tap

About: Network tap is a research topic. Over the lifetime, 395 publications have been published within this topic receiving 9510 citations.

Network port profiling

Abstract: A port profiling system (155) detects unauthorized network usage (110). The port profiling system analyzes network communications (101, 199)to determine the service ports being used (181, 182, 183, 184, 185, 186). The system collects flow data (101, 162) from packet headers (162) between two hosts or Internet Protocol (IP) addresses. The collected flow data (160) is analyzed to determin e the associated network service provided (166). A host data structure (160, 166) is maintained containing a profile of the network services normally associated with the host (162). If the observed network service is not one of the normal network services performed as defined by the port profile (160, 166) for that host, an alarm signal is generated (630) and action (642) can be taken based upon the detection of an Out of Profile network service (610). An Out of Profile operation can indicate the operation of a Trojan Horse program (120) on the host, a scanning probe, or the existence of a non-approved network application that has been installed (160, 162, 120).

Network security tap for use with intrusion detection system

Abstract: A system and method is presented for analyzing information in a communication line for unwanted intrusions and for allowing information to be transmitted back into the communication line without disrupting the communication traffic when an intrusion is detected. The system and method includes a security tap connected to a firewall. The security tap is also connected to an intrusion detection device. The intrusion detection device analyzes the information in the communication line for indicia of attempts to compromise the network. When such indicia is detected, the intrusion detection device sends a “kill” data packet back through the security tap and directed back to the communication line to the firewall to instruct the firewall to prevent further communications into the network by the intrusive source. An Ethernet switch or field programmable gate array (FPGA) is incorporated in the security tap to coordinate the transmission of the “kill” data packet to avoid data collisions with data transmissions already existing in the communication line.

Computer network switching system

Abstract: A network switching system is described. The network switching system comprises a first port coupled to a source, a second port coupled to a destination, and multiplexer means coupled to the first port and the second port for transferring data between the first port and the second port by selectively connecting the first port with the second port. The data is transferred from the source to the destination through the first port, the multiplexer means, and the second port. The network switching system further includes processing means coupled to the multiplexer means for assisting transmission of the data by receiving the data from the first port when the first port does not indicate a port for the destination. A method of transferring data from a source to a destination via a network switching system is also described.

Full-duplex medium tap apparatus and system

Abstract: A bi-directional network medium monitor including a tap apparatus connected inserted in a network media, e.g. Fiber Optic (FX) and Twisted Pair (TX), comprising a transceiver and a clock recovery element for each medium and medium monitor connection, and a bi-directional serial data multiplexer which directs the medium data while in the serial data format. Also, the medium monitor may interrupt medium data transfer in either medium direction and insert its data for diagnostic or other network purposes. Thus, the apparatus according to the present invention is operable to monitor a network at the maximum data rates currently used while providing no significantly network data delay.

Network-Based Binary File Extraction and Analysis for Malware Detection

Abstract: A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.