Packet capture ring: reliable, scalable packet capture for security applications

Assignee

• International Business Machines Corporation · US

Inventors

• William A. Bird · Fredericton, CA
• Russell Couturier · Milton, US
• Thomas D. Silliman · Leeds, US
• Wayne F. Tackabury · West Tisbury, US
• Alex Omo Agerholm · Elsinore, DK
• Michael Milde Lilja · Avenue Madeleine, DK
• Peter Ekner · Maribo, DK
• Philip Due Soeberg · Elsinore, DK

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2012/421
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Embodiments are directed to a packet capture ring that provides a single network tap for packet capture and a series of processors (or appliances) for handling serialization and search request processing in a confederated and highly scalable manner. One such appliance (a “primary” appliance) maintains a tap port to the network. Each packet capture appliance has a locally attached repository that stores raw packets and a juxtaposed index that allows for retrieval of those packets. The primary appliance sends a single copy of encapsulated packets in opposite directions around the ring to its descendants. A designation is made across the system as to a “currently designated” appliance for servicing requests for indexing and storage of captured packets. This current designation shifts from appliance to appliance in the system, as a “previously designated” appliance has its storage capacity filled.