Search

EP-4740550-A1 - SYSTEM AND METHOD FOR PACKET CAPTURING AND SOFT PARSING

EP4740550A1EP 4740550 A1EP4740550 A1EP 4740550A1EP-4740550-A1

Abstract

The disclosed system captures and processes network packets in a network, utilizing a high-capacity packet capturing unit (212) that directly captures up to two hundred thousand TCP data packets per second from a network interface card A data aggregation unit (214) with optical taps and packet brokers filters. A native streaming framework streams data to a centralized streaming framework, while a packet soft parser (216-1) extracts user information and manages data during the centralized streaming framework downtime. A packet writer (216-2) enriches and compresses data for optimized storage, and multiple broker topics ensure efficient data handling and management.

Inventors

  • BHATNAGAR, AAYUSH
  • SINGH, Kumar Gaurav
  • ANSHU, Amit Kumar
  • CHAND, Mandeep

Assignees

  • Jio Platforms Limited

Dates

Publication Date
20260513
Application Date
20240613

Claims (16)

  1. 1. A system for capturing and processing network packets in a network, comprising: a memory (204); a database (210); and a processing engine (208) coupled to the memory (204), the processing engine (208) comprising: a packet capturing unit (212) configured to capture a plurality of network packets flowing at a pre-defined rate based on at least one network function; a data aggregation unit (214) communicatively coupled with the packet capturing unit (212) and configured to collect the plurality of network packets to filter and aggregate the plurality of network packets based on a set of predefined parameters to generate a plurality of filtered network packets; a packet streaming unit (216) configured to retrieve the plurality of filtered network packets in response to filtering and aggregating the plurality of network packets, wherein the packet streaming unit (216): a packet soft parser (216-1) configured to parse at least one information from each of the plurality of filtered network packets to generate a plurality of parsed network packets; and the database (210) configured to store the plurality of parsed network packets along with the at least one information, wherein the plurality of parsed network packets along with the at least one information is further transmitted and stored in a centralized database.
  2. 2. The system as claimed in claim 1, wherein the packet streaming unit (216) further includes: a packet writer (216-2) configured to retrieve the plurality of parsed network packets and the at least one information from the centralized database based on one or more pre-defined topics to generate a compressed file.
  3. 3. The system as claimed in claim 1, wherein the packet soft parser (216-1) is configured to archive the plurality of parsed network packets in the database when a connection with the centralized database is lost.
  4. 4. The system as claimed in claim 3, wherein the packet soft parser (216-1) is configured to send the plurality of parsed network packets archived in the database to the centralized database upon restoring the connection.
  5. 5. The system as claimed in claim 1, wherein the packet capturing unit (212) is configured to capture the plurality of network packets based on the at least one network function by employing at least one of a port mirroring approach, an optical tapping approach, and a direct capturing approach.
  6. 6. The system as claimed in claim 1, wherein the direct capturing approach includes receiving the plurality of network packets from the at least one network function using a network interface card.
  7. 7. The system as claimed in claim 1 , is further configured to support a Generic Routing Encapsulation (GRE) and Encapsulated Remote Switched Port Analyzer (ERSPAN)) encapsulation parsing for mirrored traffic in the port mirroring approach.
  8. 8. The system as claimed in claim 1, wherein the at least one information includes a source Internet Protocol (IP), a destination IP, a port number, and an application layer payload marker.
  9. 9. The system as claimed in claim 1, wherein the set of predefined parameters includes an Internet Protocol (IP), a port, or a Virtual Local Area Network (VLAN).
  10. 10. The system as claimed in claim 1, wherein each of the plurality of network packets is a transmission control protocol (TCP) data packet.
  11. 11. The system as claimed in claim 1, wherein the pre-defined rate is in a range of fifty thousand packets per second to four hundred thousand packets per second.
  12. 12. The system as claimed in claim 1, wherein the data aggregation unit (214) comprises at least one optical Traffic Access Point (TAP).
  13. 13. The system as claimed in claim 1, wherein the packet soft parser (216-1) is configured to support a Hypertext Transfer Protocol Version 2 (HTTP2).
  14. 14. The system of claim 1, wherein the packet writer (216-2) is configured to write data into each compressed file, and wherein each compressed file is corresponding to a specific broker topic.
  15. 15. A method for capturing and processing network packets in a network, the method comprising the steps of: capturing (1002), by a processing engine (208), a plurality of network packets flowing at a pre-defined rate, based on at least one network function; collecting (1004), by the processing engine (208), the plurality of network packets to filter and aggregate the plurality of network packets based on a set of predefined parameters to generate a plurality of filtered network packets; retrieving (1006), by the processing engine (208), the plurality of filtered network packets in response to filtering and aggregating the plurality of network packets; parsing (1008), by the processing engine (208), at least one information from each of the plurality of filtered network packets to generate a plurality of parsed network packets; and storing (1010), by the processing engine (208), the plurality of parsed network packets along with the at least one information in a database, wherein the plurality of parsed network packets along with the at least one information is further transmitted and stored in a centralized database.
  16. 16. A computer program product comprising a non-transitory computer- readable medium comprising instructions that, when executed by one or more processors, cause the one or more processors to: capturing (1002) a plurality of network packets flowing at a predefined rate, based on at least one network function; collecting (1004) the plurality of network packets to filter and aggregate the plurality of network packets based on a set of predefined parameters to generate a plurality of filtered network packets; retrieving (1006) the plurality of filtered network packets in response to filtering and aggregating the plurality of network packets; parsing (1008) at least one information from each of the plurality of filtered network packets to generate a plurality of parsed network packets; and storing (1010) the plurality of parsed network packets along with the at least one information in a database, wherein the plurality of parsed network packets along with the at least one information is further transmitted and stored in a centralized database.

Description

SYSTEM AND METHOD FOR PACKET CAPTURING AND SOFT PARSING RESERVATION OF RIGHTS [0001] A portion of the disclosure of this patent document contains material, which is subject to intellectual property rights such as, but are not limited to, copyright, design, trademark, integrated circuit (IC) layout design, and/or trade dress protection, belonging to Jio Platforms Limited (JPL) or its affiliates (herein after referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner. TECHNICAL FIELD [0002] The present disclosure generally relates to a field of telecommunications. More particularly, the present disclosure relates to a system and a method for packet capturing and soft parsing. BACKGROUND [0003] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art. [0004] The advent of 5G Standalone (SA) cellular networks has introduced new paradigms in a communication technology, significantly increasing a speed and responsiveness of wireless networks. As these advanced networks proliferate, a management of network resources and an optimization of user equipment (UE) operations become increasingly critical. A particular area of concern within this technology sphere is an Automatic Neighbor Relation (ANR) algorithm, an essential component for maintaining robust and efficient network connectivity. [0005] Prior arts in this field have focused on facilitating seamless communication between UEs and the network infrastructure. The ANR algorithm, a sophisticated feature within the Fifth Generation (5G) Standalone (SA) networks, is designed to streamline a management of cell relations by automating a detection and registration of neighboring cells. However, field observations have revealed a persistent issue: the UEs often report multiple measurement reports containing a same Evolved Universal Terrestrial Radio Access Network (EUTRA) Physical Cell Identifiers (PCIs). This repetition leads to inefficiencies both in network operations and a UE performance. [0006] The problem is twofold. Firstly, duplicate measurement reports can overwhelm the network's processing capacity, leading to data congestion and potential delays in network response. Secondly, and perhaps more critically, these redundancies have a detrimental impact on a battery life of the UEs. With each superfluous measurement report sent, the UE expends unnecessary energy, which could otherwise be conserved for essential communications. [0007] Recognizing the limitations of current technologies, there is a clear need for an improved approach to UE management within the ANR algorithm. The goal is to enhance the network's ability to handle these measurements without compromising the performance and battery efficiency of the UE. This background lays the foundation for the need for advancements in the field of the 5G SA technology, specifically in ae development of more sophisticated algorithms that can address these challenges. OBJECTS OF THE PRESENT DISCLOSURE [0008] It is an object of the present disclosure to provide a system and a method that uses continuous network packet capturing to analyze past sessions or flows. [0009] It is an object of the present disclosure to provide a system and a method that uses on-demand capturing of network packets to trace a particular flow, monitor a particular subscriber or monitoring a network traffic flow of a complete application. [0010] It is an object of the present disclosure to provide a system and a method that handles of an internet protocol (IP) fragmentation, and a Transmission Control Protocol (TCP) segmentation and Layer 2 (L2) to Layer 7 (L7) protocol level soft parsing for desired search criteria. LIST OF REFERENCE NUMERALS 100 - Network Architecture 102-1, 102-2...102-N - Users 104-1, 104-2... 104-N - User Equipments (UEs) 106 - Network 108 - System 110 - Entity 112 - Centralized Server 202 - One or more processor(s) 204 - Memory 206 - Interface(s) 208 - Processing Engine(s) 212 - Packet capturing unit 214 - Data aggregation unit 216 - Packet streaming unit 216-1 - Packet soft parser 216-2 - Packet writer 218 - Database 1100 - Computer System 1110 - External Storage Device 1120 - Bus 1130 - Main Memory 1140 - Read Only Memory 1150 - Mass Storage Device 1160 - Communication Port(s) 1170 - Processor SUMMARY [0011] In an exemplary embodiment, a system for capturing and processing network