Communication networks are widely used today. Various types of communication networks exist, including without limitation the Internet and other wide-area networks (WANs), local-area networks (LANs), telephony networks, and wireless networks. Additionally, many different communication protocols exist today. Information is often communicated across communication networks from a source (or “sender”) to one or more destinations. Additionally, monitoring devices may be implemented within the network for monitoring communication along such network. Such monitoring devices may be referred to as “eavesdropping devices” because they are generally not a party to the communication but are instead monitoring such communication for some reason, such as for performance monitoring of the network, testing, and/or other reasons. For instance, an eavesdropping device may capture packets sent along the network and analyze and/or insert a timestamp in the packets for use in monitoring the performance of the communication network.
Traditionally, when packets are sent to a specific network device, including eavesdropping devices, some form of network addressing is used. The device could be addressed explicitly, for example either by a data link layer address (e.g., Ethernet address) or by a network layer address (e.g., IP address). In this scheme, any networking device, including eavesdropping network devices, must be network addressable. If an active test is performed from a certain vantage point of the network (e.g., from a data source) and it is destined to a specific location (e.g., to a data destination) then the source has to use the data link or network layer address to reach the destination. If the destination is an eavesdropping device then the device has to have a network address in this traditional scheme. If the exact address of the eavesdropping device is not known a priori then the source could use either multicast or broadcast addresses, as examples. It should be noted that broadcast and multicast addresses may not be allowed or may not be practical to use in many cases.
It may be desirable in some instances for an eavesdropping device to receive communication that is destined from a source to a destination other than the eavesdropping device. That is, it may be desirable for the eavesdropping device to receive communication that is not addressed to such eavesdropping device, but is instead addressed to another destination. In this way, the eavesdropping device may monitor the packets that are communicated along a path from a source to a desired destination, rather than requiring that the packets be directed to the eavesdropping device. In some instances, it is desirable to not have a unique network address assigned to an eavesdropping device. For example, to minimize the total number of IP addresses required for devices on the network, certain devices may not be assigned a unique IP address. For instance, a router that has multiple ports may be assigned a single IP address, rather than a separate IP address being assigned for each of its ports.
It thus becomes desirable to enable a way for the eavesdropping device to identify packets that are of interest to it. For instance, certain packets may include information that the eavesdropping device desires for analyzing, for testing, for altering its configuration, etc. Thus, information that is intended for use by the eavesdropping device may be included in certain packets communicated across the network.
Traditionally, eavesdropping devices evaluate information included in the header of packets to identify those packets that are of interest to the eavesdropping device, e.g., the packets that include test information, configuration information, and/or other information intended for the eavesdropping device. For instance, a packet filter may match IP destination address with device IP address. As another example, for an Ethernet device, a frame filter may check if destination MAC address in a captured frame matches the device MAC address. Those addresses are in very specific places of corresponding headers, as is well-known in the art. In Ethernet, for example, the destination MAC address is the first 6 bytes of the frame. This requires the eavesdropping device to be implemented with knowledge regarding the protocol that is used by the packets it captures. That is, the eavesdropping device must have the capability of understanding the communication protocols that it encounters so that it can successfully evaluate the header information included in the packets according to the various protocols. Many protocols exist, and protocols continue to change and be developed, which is burdensome for implementing/updating eavesdropping devices that are capable of evaluating packets communicated via any of the various protocols to identify those packets that are of interest.
Accordingly, traditional eavesdropping devices must be implemented to have knowledge regarding the protocols that they may encounter. This increases the complexity of the devices, which may undesirably increase their size and increase their processing time. Further, such complexity increases the time and resources required for manufacturing the eavesdropping devices.