Packet-based data networks continue to grow in importance, and it is often desirable to monitor network traffic associated with these packet-based networks on an ongoing basis. To meet these monitoring needs, copies of network packets can be forwarded to diagnostic network packet analysis tools. Packets are often forwarded using network hubs, test access ports (TAPs), and/or switched port analyzer (SPAN) ports available on network switches. For example, certain network switches produced by Cisco Systems include SPAN ports to which traffic on the switches are mirrored. It is also noted that other packet monitoring or access methods may also be used to acquire copies of network packets being communicated within a network packet communication infrastructure.
To help alleviate the problem of limited access to network packets for monitoring, tool aggregation devices have been developed that allow shared access to the monitored network packets. These tool aggregation devices allow users to obtain packets from one or more network monitoring points (e.g., network hub, TAP, SPAN port, etc.) and to forward them to different monitoring tools. U.S. Pat. No. 8,018,943 and U.S. Pat. No. 8,098,677 describe example embodiments for network tool optimizer (NTO) devices that provide solutions for packet forwarding from network packet sources to network packet analysis tools and provide, in part, configuration of user-define filters, automatic creation of filter engine forwarding rules, automatic handling of filter overlaps, graphical user interfaces (GUIs) for filter creation, and other features. U.S. Pat. No. 8,018,943 and U.S. Pat. No. 8,098,677 are each hereby incorporated by reference in its entirety.
Network packet analysis tools include a wide variety of devices that analyze packet traffic, including traffic monitoring devices, packet sniffers, data recorders, voice-over-IP monitors, intrusion detection systems, network security systems, application monitors and/or any other network management or security tool device or system. Because it is difficult for network administrators to know what types of security threats the network will face and/or to know what types of user applications will need to be monitored within the network, entities having packet-based communication networks often purchase a wide variety of network tools to make sure all potential analysis and threat discovery needs are covered. Further, because the amount of network traffic that needs to be monitored is also difficult to predict, entities often purchase enough tool bandwidth capacity so that peak loads can be covered. However, when lower load conditions exists and/or when certain types of packet flows are not present, network tool capacity and processing capability goes unused thereby wasting resources.
Network analysis tools, such as traffic analyzers, are also used within packet-based data networks to determine details about the network packet traffic flows within the packet communication network infrastructure. For example, certain network traffic analyzers identify software applications being used and executed by devices operating within the packet communication network infrastructure, track user activity within the network infrastructure, identify possible security threats to the network in fractures and its network-connected devices, and/or make other determinations based upon an analysis of the network packet traffic and/or the contents of the data packets being communicated within the network infrastructure. Application and threat intelligence processors (ATIPs) are network traffic analyzers that are used to determinate applications operating within the network infrastructure and to identify potential threats to the network infrastructure. Network traffic analyzers, including application and threat intelligence processors (ATIPs), can be included as part of a network tool optimizer device or other tool aggregation device, and the resulting traffic analysis can be used to provide traffic information concerning the nature of network traffic to external devices and systems.