1. Field of Invention
Embodiments of the invention relate to data transmission over networks. More specifically, embodiments of the invention relate to methods and systems for mirroring dropped packets.
2. Description of the Background Art
In a network, data is transmitted from a source to a destination in the form of packets. During the transmission, some redundant data may get added to the original data in the form of viruses, worms or other unwanted malicious code. To detect such redundant data, network devices employ a firewall to screen the packets and to determine if the packets containing redundant data comply with security policies and firewall rules. Packets that do not meet the criteria of the firewall's rules are prevented from further transmission in the network and are considered “dropped” packets. However, dropping packets can result in the loss of necessary data if the Firewall rules are incorrectly configured. Some networking devices such as routers can have access control rules, which filter and drop packets similar to firewall rules. Hence incorrect configuration of access control rules can lead to loss of desired data.
In addition, packets can be dropped in transit at a networking device, such as a router, or other network infrastructure device, for example, due to network congestion. A congested network means that the traffic in a route is greater than the capacity of the router so some packets may be arbitrarily dropped.
According to conventional methods, an administrator of a firewall can explicitly log the dropped packets by configuring the firewall in such a way that the syslog messages about dropped packets are logged to a syslog server. Syslog technology is used to analyze the dropped packets at the firewalls. Syslog maintains a record of packets that the firewall rejects before they are actually dropped if administratively configured as mentioned above. This record might be used later for analyzing and receiving information about dropped packets. However, syslog does not facilitate the storage of the dropped packets for subsequent analysis.