With rapid growth of mobile data transfer over a high-speed communication network such as 3G or 4G cellular services, managing and controlling such data transfer become increasingly difficult and complicated. A conventional network layout includes Internet, LAN (local area network), and wireless networks that include hundreds of network devices such as access switches, routers, and bridges for facilitating data delivery from source devices to destination devices. Transferring massive amount of data efficiently between wireless portable devices such as smart phones and laptops over a typical and/or standard network becomes increasingly challenging.
In typical mobile wireless networks, subscriber devices or end user (“EU”) equipments enter idle mode or idle state to conserve power. When downstream data arrives for a mobile in idle state, a conventional gateway typically pages the mobile in order to wake up the mobile from the idle mode. However, in a high speed packet core gateway, this type of paging process could result in high signaling load bursts. Bursts of paging messages can negatively impact overall network performance.
Another type of Internet attacks is a denial-of-service (“DOS”) attack during an idle mode of an EU equipment. A DOS attack, in one example, is an attempt to flood paging messages to a target machine during an idle mode whereby causing the target machine to exit idle mode frequently resulting in paging flood on the network and battery drain on the target machine.
To track, monitor, and/or understand causes of such paging bursts or DOS attacks, a conventional approach is to install sniffers in the network and correlate traffic patterns with bursts and/or flood of paging messages. A drawback with the conventional sniffer is that it is expensive to sniff all traffic continuously. Continuously sniffing massive amount data will not only consume network resources, but also negatively impacts network performance. Another drawback with a typical sniffer is lack of accuracy because, depending on location of sniffer(s), it may not know exactly which traffic actually causes the burst(s) or flooding.