公开(公告)号：US20210360004A1

公开(公告)日：2021-11-18

申请号：US17360910

申请日：2021-06-28

Applicant: Cisco Technology, Inc.

Inventor： David McGrew ,  ANDREW ZAWADOWSKIY ,  DONOVAN O'HARA ,  SARAVANAN RADHAKRISHNAN ,  TOMAS PEVNY ,  DANIEL G. WING

IPC: H04L29/06

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

公开(公告)号：US20250150348A1

公开(公告)日：2025-05-08

申请号：US18501771

申请日：2023-11-03

Applicant: Cisco Technology, Inc.

Inventor： Sanjay Kumar Hooda ,  MASSIMILIANO ARDICA ,  DARRIN JOSEPH MILLER ,  ELANGO GANESAN ,  IAN MCDOWELL CAMPBELL ,  SARAVANAN RADHAKRISHNAN

IPC: H04L41/0894 ,  H04L12/46 ,  H04L41/0893

Abstract: A method of cross-domain policy orchestration may include executing, with a cross-domain automation (CDA) controller, a macro-segmentation of a plurality of domains based at least in part on metadata defining a mapping to a corresponding plurality of domain controllers, and executing, with the CDA controller, a micro-segmentation of policies within a group based at least in part on a merged policy matrix obtained from policies of the domain controllers.

公开(公告)号：US20160352761A1

公开(公告)日：2016-12-01

申请号：US14820265

申请日：2015-08-06

Applicant: Cisco Technology, Inc.

Inventor： DAVID MCGREW ,  ANDREW ZAWADOWSKIY ,  DONOVAN O'HARA ,  SARAVANAN RADHAKRISHNAN ,  TOMAS PEVNY ,  DANIEL G. WING

IPC: H04L29/06

CPC classification number: H04L63/145 ,  H04L63/1408 ,  H04L63/166 ,  H04L69/16 ,  H04L2463/121

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract translation: 一种方法包括在网络基础设施设备处接收分组流，使用网络基础设施设备和分组的第一子集来确定第一子集对应于第一数据报，并确定第一数据报的第一长度 确定使用所述网络基础设施设备和所述分组的第二子集，所述第二子集对应于在所述第一数据报之后接收到的第二数据报，并且确定所述第二数据报的第二长度，使用所述网络基础设施 设备，第一数据报的第一到达时间与第二数据报的第二到达时间之间的持续时间值，发送到与网络基础设施设备分开的收集器设备，第一长度，第二长度和持续时间 价值分析。

公开(公告)号：US20190230095A1

公开(公告)日：2019-07-25

申请号：US16370853

申请日：2019-03-29

Applicant: Cisco Technology, Inc.

Inventor： DAVID MCGREW ,  ANDREW ZAWADOWSKIY ,  DONOVAN O'HARA ,  SARAVANAN RADHAKRISHNAN ,  TOMAS PEVNY ,  DANIEL G. WING

IPC: H04L29/06

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.