Communication networks typically include network devices, such as routers, which transfer or switch data from one or more sources to one or more destinations. For example, a network device may receive a packet from a source device (or another network device), may determine a destination for the packet, and may send an original or a modified packet to a destination device (or another network device). A law enforcement agency may request to obtain packets, or information associated with the packets, sent or received by a particular target device. Such activity may be identified as lawful interception. Lawful interception is the legally sanctioned official access to private communications, such as telephone calls or email messages. The law enforcement agency may send a request to a network device to obtain data associated with a target device (e.g., utilized by a subscriber) and the network device may establish a lawful interception session associated with the target device.
Internet protocol (IP) multicast is a method of sending IP packets to a group of interested subscribers in a single transmission. IP multicast may be employed for streaming media applications on the Internet and private networks. However, network devices are unable to perform lawful interception of multicast traffic (e.g., packets) received by a particular subscriber since a multicast packet does not contain any subscriber specific information. A multicast packet contains a multicast group address in a destination address of the packet, rather than a destination address of the particular subscriber. A multicast group subscription request may be generated by a subscriber based on the Internet group management protocol (IGMP). A particular multicast group stream may be sent to the subscriber based on the IGMP subscription request.
One proposed method to perform lawful interception of multicast traffic received by a particular subscriber involves using another device (e.g., a mediation device) in addition to a network device. The mediation device may monitor IGMP requests by the particular subscriber by intercepting the IGMP requests using a source address of the particular subscriber provided in the IGMP requests. Once an IGMP request is received, the mediation device may send, to the network device, an explicit request to intercept multicast traffic requested by the particular subscriber. However, such a method requires a secondary device (e.g., the mediation device) to monitor the IGMP requests, and requires the mediation device to send a request to the network device to lawfully intercept the multicast traffic. Furthermore, the mediation device will not know whether the multicast traffic was actually delivered to the particular subscriber.
Another proposed method to perform lawful interception of multicast traffic received by a particular subscriber involves using a special service card, in the network device, to intercept the multicast traffic. However, even after streaming the multicast traffic to a service packet interface card (PIC), this method requires additional filtering to retrieve traffic relevant to the particular subscriber.