Passive collection of network traffic involves obtaining copies of network streams from inline switches, hubs, network taps, or other devices that can produce copies of full duplex data streams. Alternate approaches to passive collection of network traffic can employ inline processing devices such as network switches. Inline network switches often offer the capability to copy network data streams via mirror or span ports. Passively collected traffic has a number of uses such as network data analysis, intrusion detection, fraud analysis, threat analysis, and data archiving. Passively collected network traffic offers advantages in that it does not introduce latency or interfere with the normal network traffic data streams.
Passive collection of network traffic can be accomplished by generating copies of the original inline network streams. These copies can be generated by devices known as passive inline network taps. The devices work by copying the electrical signals used to convey the original network data streams. The electrical copies are placed on different network wires and as such reproduce, or copy the original network traffic.
When network traffic is passively collected, it is typically passed to a system for analysis, parsing, or archiving. Such systems have finite processing capabilities and more than one system may be necessary to handle the required total computational loads. In these scenarios, routing the passively collected network traffic to multiple recipients may be necessary.
Routing of passively collected network traffic involves taking the original copy of the passively collected network traffic and creating new copies of the network traffic. New copies can be transmitted onto a network with possible reception from zero or more recipients.
SSL is a protocol in wide use on the Internet for securing, via encryption, data communications. SSL was developed by Netscape Communications Corp., of Mountain View, Calif. Version 3 of SSL is in wide use in most web browsers, with version 3.1 (also known as TLS v1) also in wide deployment. It would be beneficial to provide improved systems for passively obtaining and routing SSL encoded network traffic. Further, it would be beneficial to provide a system capable of passively obtaining a copy of SSL encoded network traffic and capable of routing the copies to multiple output devices based on a common stream of SSL network traffic.
Accordingly, in light of the above described needs, there exists a need for improved methods, systems, and computer program products for passively routing SSL encoded network traffic.