首页>
外国专利>
Correlating network traffic to their OS processes using packet capture libraries and kernel monitoring mechanisms
Correlating network traffic to their OS processes using packet capture libraries and kernel monitoring mechanisms
展开▼
机译:使用数据包捕获库和内核监视机制将网络流量与其操作系统进程相关联
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method of monitoring and reporting of packets including their attribution to their origin processes from a user space application without installing proprietary drivers, rather using only infrastructures and capabilities supplied by the operating system (OS). The method relies on correlation between packets received from a packet capture library and a kernel monitoring mechanism that supplies an event with the process ID which is executed on the same time frame for transmitting or receiving of that traffic. The attribution between the event and the packet is based on the 4-tuple (or other exemplar) that exists on both the event and the packet where the “4-tuple” is a set of: source address, source port, destination address, destination port.
展开▼