CA2325652A1 - A method for intercepting network packets in a computing device - Google Patents

A method for intercepting network packets in a computing device Download PDF

Info

Publication number
CA2325652A1
CA2325652A1 CA002325652A CA2325652A CA2325652A1 CA 2325652 A1 CA2325652 A1 CA 2325652A1 CA 002325652 A CA002325652 A CA 002325652A CA 2325652 A CA2325652 A CA 2325652A CA 2325652 A1 CA2325652 A1 CA 2325652A1
Authority
CA
Canada
Prior art keywords
network
replacement
function
module
network adapter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002325652A
Other languages
French (fr)
Other versions
CA2325652C (en
Inventor
Niko Haatainen
Tero Kivinen
Jussi Kukkonen
Tatu Ylonen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rambus Inc
Original Assignee
Ssh Communications Security Corp.
Niko Haatainen
Tero Kivinen
Jussi Kukkonen
Tatu Ylonen
Sfnt Finland Oy
Safenet, Inc.
Authentec, Inc.
Inside Secure
Verimatrix
Rambus Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ssh Communications Security Corp., Niko Haatainen, Tero Kivinen, Jussi Kukkonen, Tatu Ylonen, Sfnt Finland Oy, Safenet, Inc., Authentec, Inc., Inside Secure, Verimatrix, Rambus Inc. filed Critical Ssh Communications Security Corp.
Publication of CA2325652A1 publication Critical patent/CA2325652A1/en
Application granted granted Critical
Publication of CA2325652C publication Critical patent/CA2325652C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level

Abstract

A method is provided for intercepting network packets in a computer system, where a number of functions are used to communicate network packets between a network adapter and a protocols entity. A first network adapter and a first protocols entity installed in the computer system are identified. A set of replacement functions is provided within a packet interceptor module. At least one function used for transmitting network packets from said first protocols entity to said first network adapter is hooked into a first replacement function. At least one function used for transmitting network packets from said first network adapter to said first protocols entity is hooked into a second replacement function. At least one function used for receiving information about the status of the network interface implemented by said first network adapter is hooked into a third replacement function.

Claims (47)

1. A method for intercepting network packets in a computer system, where network packets are communicated between a first network adapter and a first protocols entity, of which the network adapter implements a certain network interface, the method comprising the steps of - providing a set of replacement functions within a packet interceptor module;
- hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function;
and - hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
2. A method according to claim 1, additionally comprising the steps of - determining, whether or not a dynamic IP address has been allocated for the network interface implemented by said first network adapter; and - in a case where a dynamic IP address has been allocated for the network interface implemented by said first network adapter, determining which said dynamic IP
address is.
3. A method according to claim 1, additionally comprising a step of identifying a first network adapter and a first protocols entity installed in the computer system, so arranged that this step comprises first the substep of - hooking a certain mechanism, meant to be used by network adapters and protocols entities to register themselves to the computer system, into a certain replacement mechanism;
and after that without any specific order the substeps of - identifying said first network adapter when it uses said replacement mechanism to register itself to the computer system and - identifying said first protocols entity when it uses said replacement mechanism to register itself to the computer system.
4. A method according to claim 3, wherein the step of hooking a certain mechanism used by network adapters and protocols entities to register themselves comprises, without any specific order, the substeps of - loading an interface module that determines said certain mechanism;
- loading a packet interceptor module that determines said replacement mechanism;
and - hooking predetermined parts of said certain mechanism into predetermined parts of said replacement mechanism.
5. A method according to claim 4, wherein the step of loading an interface module that determines said certain mechanism comprises the step of loading an NDIS
interface module, and the step of hooking predetermined parts of said certain mechanism into predetermined parts of said replacement mechanism comprises the substeps of - hooking the NdisRegisterProtocol function determined by said NDIS interface module into a replacement protocol registering function determined by said packet interceptor module; and - hooking the NdisOpenAdapter function determined by said NDIS interface module into a replacement network adapter opening function determined by said packet interceptor module.
6. A method according to claim 5, wherein the step of hooking the NdisRegisterProtocol function comprises the step of replacing a plurality of the functions in the NDIS_PROTOCOL_CHARACTERISTICS structure determined by said NDIS
interface module.
7. A method according to claim 6, wherein the step of replacing a plurality of the functions in the NDIS_PROTOCOL_CHARACTERISTICS structure comprises the step of replacing the ReceiveHandler, ReceiveCompleteHandler and TransferData-CompleteHandler functions determined by said NDIS interface module.
8. A method according to claim 7, wherein the step of replacing a plurality of the functions in the NDIS_PROTOCOL_CHARACTERISTICS structure comprises additionally the step of replacing the SendCompleteHandler and RequestComplete-Handler functions determined by said NDIS interface module.
9. A method according to claim 5, additionally comprising the step of determining, which bindings connect said first network adapter and said first protocols entity, by calling said replacement adapter opening function.
10. A method according to claim 1, additionally comprising the steps of - loading said first network adapter and said first protocols entity and - determining, which bindings connect said first network adapter and said first protocols entity, by analyzing data structures after said first network adapter and said first protocols entity have been loaded.
11. A method according to claim 10, wherein said step of analyzing data structures after said first network adapter and said first protocols entity have been loaded comprises the step of reading a piece of system configuration information from a memory.
12. A method according to claim 11, wherein said step of reading a piece of system configuration information comprises the step of reading a registry.
13. A method according to claim 1, additionally comprising the step of identifying the first network adapter and the first protocols entity, so that this step comprises the substep of reading a piece of system configuration information from a memory.
14. A method according to claim 13, wherein the substep of reading a piece of system configuration information from a memory comprises the reading of a registry.
15. A method according to claim 1, additionally comprising the steps of - loading said first network adapter and said first protocols entity and - identifying the first network adapter and the first protocols entity by traversing data structures after adapters and protocols have been loaded into the computer system.
16. A method according to claim 15, comprising first without any specific order the steps of - loading said first protocols entity into the computer system; and - loading said first network adapter into the computer system;
and after that, in the following order, the steps of - loading a dynamically loadable packet interceptor module into the computer system; and - traversing data structures to identify said first network adapter and said first protocols entity.
17. A method according to claim 1, wherein at least one of said hooking steps comprises the substeps of - locating the beginning of the executable program code of a certain first function that is to be hooked into a certain first replacement function;
- saving a copy of a certain passage of executable program code starting from said beginning; and - replacing said certain passage of executable program code starting from said beginning with another passage of executable program code that transfers execution to said first replacement function.
18. A method according to claim 1, wherein at least one of said hooking steps comprises the substeps of - locating, in a data structure, a function pointer that points to a certain first function that is to be hooked into a certain first replacement function;
- saving a copy of said function pointer; and - replacing said function pointer with another function pointer that points to said first replacement function.
19. A method according to claim 1, wherein at least one of said hooking steps comprises the substeps of - locating a dispatch table in a dynamically loaded module; and - modifying said dispatch table.
20. A method according to claim 1, wherein at least one of said hooking steps comprises the substep of calling a system function that installs a hook for a system service.
21. A method according to claim 1, wherein at least one of said hooking steps comprises the substep of adding a first replacement function - into which a certain first function is hooked - to a system-provided hook list.
22. A method according to claim 1, wherein at least one of said hooking steps comprises the substep of redirecting an interrupt vector.
23. A method according to claim 1, additionally comprising the step of handling a network packet with a certain first replacement function without passing said network packet to the function which is hooked into said first replacement function.
24. A method according to claim 1, additionally comprising the step of calling a certain first function from a certain first replacement function into which said first function is hooked.
25. A method according to claim 1, additionally comprising, in the following order, the steps of - modifying a network packet with a certain first replacement function and - passing the modified network packet to the function which is hooked into said first replacement function.
26. A method according to claim 1, additionally comprising the step of copying a network packet by applying a certain first replacement function.
27. A method according to claim 1, additionally comprising the step of calling a certain first function, which is hooked into a certain first replacement function, without first calling said first replacement function.
28. A method according to claim 1, additionally comprising the steps of - determining whether a dial-up link is up or down; and - providing information about said dial-up link being up or down to said packet interceptor module.
29. A method according to claim 1, additionally comprising the steps of - determining at least one network address used for said first network interface; and - providing information about determined network addresses to said packet interceptor module.
30. A method according to claim 29, wherein the step of determining at least one network address comprises the substep of examining link-layer protocol packets.
31. A method according to claim 30, wherein the step of examining link-layer protocol packets comprises the substep of examining IPCP packets where IPCP is a subprotocol of PPP.
32. A method according to claim 30, wherein the step of examining link-layer protocol packets comprises the substep of examining ARP protocol packets.
33. A method according to claim 29, wherein the step of determining at least one network address comprises the substep of examining the DHCP protocol.
34. A method according to claim 29, wherein the step of determining at least one network address comprises the substeps of - hooking a certain first function that is to be called when there is a change in the address information into a certain replacement function;
- traversing a number of predetermined data structures at the time of calling said replacement function; and - comparing information read from said data structures against a predetermined piece of earlier saved corresponding information.
35. A method according to claim 1, further comprising the step of - modifying information passed between said first network adapter and said first protocols entity about link-layer characteristics; and - as a result of said modification of information, reducing the maximum transmitted packet size known to said first protocols entity on a link.
36. A method for intercepting network packets in a computer system, where a number of functions are used to communicate network packets between a plurality of network adapters and a plurality of protocols entities, of which the network adapters implement certain network interfaces, the method comprising the steps of - providing a set of replacement functions within a packet interceptor module;
- hooking a plurality of functions used for transmitting network packets from protocols entities to network adapters into a first set of replacement functions;
- hooking a plurality of functions used for transmitting network packets from network adapters to protocols entities into a second set of replacement functions; and - hooking a plurality of functions used for receiving information about the status of the network interfaces implemented by network adapters into a third set of replacement functions.
37. A method according to claim 36, additionally comprising the step of identifying a number of network adapters and protocols entities which are installed in the computer system.
38. A method according to claim 37, wherein the step of identifying a number of network adapters and protocols entities comprises the substep of ignoring one or more member of the group of said network adapters and protocols.
39. A method for intercepting network packets in a computer system, where a certain first operating system module is used to implement network functionality and said first operating system module implements a certain programming interface with a plurality of entry points, the method comprising the steps of - replacing said first operating system module with a certain first replacement module that implements a programming interface equal to said programming interface of the first operating system module and calls said first operating system module from a plurality of the entry points of the programming interface;
- using said replacement module to identify at least one network adapter and at least one protocols entity installed in the computer system;
- using said replacement module to replace at least one function used for transmitting network packets from said first protocols entity to said first network adapter;
- using said replacement module to to replace at least one function used for transmitting network packets from said first network adapter to said first protocols entity;
- using said replacement module to replace at least one function used for receiving information about the status of the network interface implemented by said first net-work adapter;
- using said replacement module to determine, whether or not a dynamic IP
address has been allocated for the network interface implemented by said first network adapter; and - in a case where a dynamic IP address has been allocated for the network interface implemented by said first network adapter, using said replacement module to determine, which said dynamic IP address is.
40. A method according to claim 39, additionally comprising the step of calling said first operating system module from said replacement module.
41. A method according to claim 39, wherein the step of replacing said first operating system module with said replacement module comprises the substeps of - moving said first operating system module aside at installation time and - replacing said first operating system module with said first replacement module.
42. A method according to claim 39, wherein said step of replacing said first operating system module with said replacement module is performed when the computer system boots but before said first operating system module is loaded.
43. A method according to claim 42, additionally comprising the step of undoing the replacing by said replacement module after said first operating system module has been loaded.
44. A method according to claim 39, additionally comprising the step of automatically generating said replacement module based on the said first operating system module.
45. A computer system for handling network packets, comprising - a first network adapter arranged to implement a network interface;
- a first protocols entity;
- a number of predetermined functions for communicating network packets between said network adapter and said protocols entity;
- a packet interceptor module for determining a set of replacement functions;
- within said packet interceptor module, means for hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- within said packet interceptor module, means for hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function; and - within said packet interceptor module, means for hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
46. A computer system according to claim 45, additionally comprising means for identifying said first network adapter and said first protocols entity.
47. A packet interceptor module for intercepting network packets in a computer system which comprises a first network adapter, a first protocols entity and a number of predetermined functions for communicating network packets between said network adapter and said protocols entity; said packet interceptor module comprising - the definition of a set of replacement functions;
- means for hooking at least one function used for transmitting network packets from said first protocols entity to said first network adapter into a first replacement function;
- means for hooking at least one function used for transmitting network packets from said first network adapter to said first protocols entity into a second replacement function; and - means for hooking at least one function used for receiving information about the status of the network interface implemented by said first network adapter into a third replacement function.
CA2325652A 1999-11-13 2000-11-10 A method for intercepting network packets in a computing device Expired - Lifetime CA2325652C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/439,419 US6678734B1 (en) 1999-11-13 1999-11-13 Method for intercepting network packets in a computing device
US09/439,419 1999-11-13

Publications (2)

Publication Number Publication Date
CA2325652A1 true CA2325652A1 (en) 2001-05-13
CA2325652C CA2325652C (en) 2010-08-17

Family

ID=23744629

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2325652A Expired - Lifetime CA2325652C (en) 1999-11-13 2000-11-10 A method for intercepting network packets in a computing device

Country Status (5)

Country Link
US (1) US6678734B1 (en)
CA (1) CA2325652C (en)
DE (1) DE10054923B4 (en)
FI (1) FI113927B (en)
IL (1) IL139415A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1320238A2 (en) * 2001-12-11 2003-06-18 Microsoft Corporation Architecture and run-time environment for network filter drivers

Families Citing this family (98)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7089591B1 (en) 1999-07-30 2006-08-08 Symantec Corporation Generic detection and elimination of marco viruses
US6775657B1 (en) * 1999-12-22 2004-08-10 Cisco Technology, Inc. Multilayered intrusion detection system and method
US6754709B1 (en) * 2000-03-29 2004-06-22 Microsoft Corporation Application programming interface and generalized network address translator for intelligent transparent application gateway processes
GB0017201D0 (en) * 2000-07-14 2000-08-30 Ibm Generalised program hooks
US7630398B2 (en) * 2000-09-27 2009-12-08 Intel Corporation Subnet independent transparent bridge
US20020092003A1 (en) * 2000-11-29 2002-07-11 Brad Calder Method and process for the rewriting of binaries to intercept system calls in a secure execution environment
US20020065876A1 (en) * 2000-11-29 2002-05-30 Andrew Chien Method and process for the virtualization of system databases and stored information
US20020065874A1 (en) * 2000-11-29 2002-05-30 Andrew Chien Method and process for virtualizing network interfaces
WO2002093334A2 (en) * 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US7290266B2 (en) * 2001-06-14 2007-10-30 Cisco Technology, Inc. Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy
US7231665B1 (en) * 2001-07-05 2007-06-12 Mcafee, Inc. Prevention of operating system identification through fingerprinting techniques
US20030084321A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Node and mobile device for a mobile telecommunications network providing intrusion detection
US20030084319A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Node, method and computer readable medium for inserting an intrusion prevention system into a network stack
US7737134B2 (en) * 2002-03-13 2010-06-15 The Texas A & M University System Anticancer agents and use
US6959297B2 (en) 2002-04-25 2005-10-25 Winnow Technology, Llc System and process for searching within a data stream using a pointer matrix and a trap matrix
US7155742B1 (en) * 2002-05-16 2006-12-26 Symantec Corporation Countering infections to communications modules
US7367056B1 (en) 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
US7418729B2 (en) * 2002-07-19 2008-08-26 Symantec Corporation Heuristic detection of malicious computer code by page tracking
US7380277B2 (en) 2002-07-22 2008-05-27 Symantec Corporation Preventing e-mail propagation of malicious computer code
US20040019895A1 (en) * 2002-07-29 2004-01-29 Intel Corporation Dynamic communication tuning apparatus, systems, and methods
US7478431B1 (en) 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US7469419B2 (en) * 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7159149B2 (en) * 2002-10-24 2007-01-02 Symantec Corporation Heuristic detection and termination of fast spreading network worm attacks
US7278019B2 (en) * 2002-11-04 2007-10-02 Hewlett-Packard Development Company, L.P. Method of hindering the propagation of a computer virus
US7249187B2 (en) * 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US7941854B2 (en) * 2002-12-05 2011-05-10 International Business Machines Corporation Method and system for responding to a computer intrusion
US7631353B2 (en) * 2002-12-17 2009-12-08 Symantec Corporation Blocking replication of e-mail worms
US7296293B2 (en) * 2002-12-31 2007-11-13 Symantec Corporation Using a benevolent worm to assess and correct computer security vulnerabilities
US7203959B2 (en) 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers
JP2004289561A (en) * 2003-03-24 2004-10-14 Sony Corp Management method of network connection, and electronic equipment
US7398386B2 (en) * 2003-04-12 2008-07-08 Cavium Networks, Inc. Transparent IPSec processing inline between a framer and a network component
US7496662B1 (en) 2003-05-12 2009-02-24 Sourcefire, Inc. Systems and methods for determining characteristics of a network and assessing confidence
US8271774B1 (en) 2003-08-11 2012-09-18 Symantec Corporation Circumstantial blocking of incoming network traffic containing code
US20050091558A1 (en) * 2003-10-28 2005-04-28 International Business Machines Corporation System, method and program product for detecting malicious software
US7978716B2 (en) * 2003-11-24 2011-07-12 Citrix Systems, Inc. Systems and methods for providing a VPN solution
US7426574B2 (en) * 2003-12-16 2008-09-16 Trend Micro Incorporated Technique for intercepting data in a peer-to-peer network
US7337327B1 (en) 2004-03-30 2008-02-26 Symantec Corporation Using mobility tokens to observe malicious mobile code
US7533415B2 (en) * 2004-04-21 2009-05-12 Trend Micro Incorporated Method and apparatus for controlling traffic in a computer network
US7484094B1 (en) 2004-05-14 2009-01-27 Symantec Corporation Opening computer files quickly and safely over a network
US7373667B1 (en) 2004-05-14 2008-05-13 Symantec Corporation Protecting a computer coupled to a network from malicious code infections
US7370233B1 (en) 2004-05-21 2008-05-06 Symantec Corporation Verification of desired end-state using a virtual machine environment
US7953814B1 (en) 2005-02-28 2011-05-31 Mcafee, Inc. Stopping and remediating outbound messaging abuse
US8495305B2 (en) 2004-06-30 2013-07-23 Citrix Systems, Inc. Method and device for performing caching of dynamically generated objects in a data communication network
US8739274B2 (en) * 2004-06-30 2014-05-27 Citrix Systems, Inc. Method and device for performing integrated caching in a data communication network
US7757074B2 (en) * 2004-06-30 2010-07-13 Citrix Application Networking, Llc System and method for establishing a virtual private network
CA2574776A1 (en) * 2004-07-23 2006-02-02 Citrix Systems, Inc. Systems and methods for optimizing communications between network nodes
EP1771979B1 (en) 2004-07-23 2011-11-23 Citrix Systems, Inc. A method and systems for securing remote access to private networks
US7539681B2 (en) * 2004-07-26 2009-05-26 Sourcefire, Inc. Methods and systems for multi-pattern searching
US7441042B1 (en) 2004-08-25 2008-10-21 Symanetc Corporation System and method for correlating network traffic and corresponding file input/output traffic
US7567573B2 (en) * 2004-09-07 2009-07-28 F5 Networks, Inc. Method for automatic traffic interception
US7690034B1 (en) 2004-09-10 2010-03-30 Symantec Corporation Using behavior blocking mobility tokens to facilitate distributed worm detection
US7565686B1 (en) 2004-11-08 2009-07-21 Symantec Corporation Preventing unauthorized loading of late binding code into a process
US9160755B2 (en) 2004-12-21 2015-10-13 Mcafee, Inc. Trusted communication network
US9015472B1 (en) 2005-03-10 2015-04-21 Mcafee, Inc. Marking electronic messages to indicate human origination
US8700695B2 (en) * 2004-12-30 2014-04-15 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP pooling
US7810089B2 (en) * 2004-12-30 2010-10-05 Citrix Systems, Inc. Systems and methods for automatic installation and execution of a client-side acceleration program
US8706877B2 (en) * 2004-12-30 2014-04-22 Citrix Systems, Inc. Systems and methods for providing client-side dynamic redirection to bypass an intermediary
US8549149B2 (en) * 2004-12-30 2013-10-01 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing
US8954595B2 (en) * 2004-12-30 2015-02-10 Citrix Systems, Inc. Systems and methods for providing client-side accelerated access to remote applications via TCP buffering
US8255456B2 (en) 2005-12-30 2012-08-28 Citrix Systems, Inc. System and method for performing flash caching of dynamically generated objects in a data communication network
US8104086B1 (en) 2005-03-03 2012-01-24 Symantec Corporation Heuristically detecting spyware/adware registry activity
US20060288096A1 (en) * 2005-06-17 2006-12-21 Wai Yim Integrated monitoring for network and local internet protocol traffic
US7486673B2 (en) 2005-08-29 2009-02-03 Connect Technologies Corporation Method and system for reassembling packets prior to searching
US7639715B1 (en) * 2005-09-09 2009-12-29 Qlogic, Corporation Dedicated application interface for network systems
US7779422B1 (en) 2005-10-05 2010-08-17 Mcafee, Inc. System, method, and computer program product for compatibility among hooking applications
US8046833B2 (en) 2005-11-14 2011-10-25 Sourcefire, Inc. Intrusion event correlation with network discovery information
US7733803B2 (en) * 2005-11-14 2010-06-08 Sourcefire, Inc. Systems and methods for modifying network map attributes
US7735099B1 (en) 2005-12-23 2010-06-08 Qlogic, Corporation Method and system for processing network data
US8301839B2 (en) * 2005-12-30 2012-10-30 Citrix Systems, Inc. System and method for performing granular invalidation of cached dynamically generated objects in a data communication network
US7921184B2 (en) * 2005-12-30 2011-04-05 Citrix Systems, Inc. System and method for performing flash crowd caching of dynamically generated objects in a data communication network
US8131667B1 (en) * 2006-04-28 2012-03-06 Netapp, Inc. System and method for generating synthetic clients
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US7948988B2 (en) * 2006-07-27 2011-05-24 Sourcefire, Inc. Device, system and method for analysis of fragments in a fragment train
US7701945B2 (en) * 2006-08-10 2010-04-20 Sourcefire, Inc. Device, system and method for analysis of segments in a transmission control protocol (TCP) session
US8997074B1 (en) * 2006-09-29 2015-03-31 Trend Micro Incorporated Dynamic linking library (DLL) replacement in an embedded operating system environment
CA2672908A1 (en) * 2006-10-06 2008-04-17 Sourcefire, Inc. Device, system and method for use of micro-policies in intrusion detection/prevention
US8069352B2 (en) * 2007-02-28 2011-11-29 Sourcefire, Inc. Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session
US7987065B1 (en) * 2007-04-17 2011-07-26 Nvidia Corporation Automatic quality testing of multimedia rendering by software drivers
US8127353B2 (en) * 2007-04-30 2012-02-28 Sourcefire, Inc. Real-time user awareness for a computer network
US20080306815A1 (en) * 2007-06-06 2008-12-11 Nebuad, Inc. Method and system for inserting targeted data in available spaces of a webpage
EP2079191A3 (en) * 2008-01-09 2010-01-13 Verint Systems Inc. Method and system for direct data recording
US8474043B2 (en) * 2008-04-17 2013-06-25 Sourcefire, Inc. Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing
US10354229B2 (en) 2008-08-04 2019-07-16 Mcafee, Llc Method and system for centralized contact management
US8272055B2 (en) 2008-10-08 2012-09-18 Sourcefire, Inc. Target-based SMB and DCE/RPC processing for an intrusion detection system or intrusion prevention system
US8893260B2 (en) * 2008-12-17 2014-11-18 Rockstar Consortium Us Lp Secure remote access public communication environment
CN101640923A (en) * 2009-08-20 2010-02-03 深圳华为通信技术有限公司 Method and device for acquiring network configuration information
US10235216B1 (en) * 2009-10-15 2019-03-19 Ivanti, Inc. Modifying system-defined user interface control functionality on a computing device
CA2789824C (en) 2010-04-16 2018-11-06 Sourcefire, Inc. System and method for near-real time network attack detection, and system and method for unified detection via detection routing
US8433790B2 (en) 2010-06-11 2013-04-30 Sourcefire, Inc. System and method for assigning network blocks to sensors
US8671182B2 (en) 2010-06-22 2014-03-11 Sourcefire, Inc. System and method for resolving operating system or service identity conflicts
US8479292B1 (en) * 2010-11-19 2013-07-02 Symantec Corporation Disabling malware that infects boot drivers
US8601034B2 (en) 2011-03-11 2013-12-03 Sourcefire, Inc. System and method for real time data awareness
US8527665B2 (en) * 2011-04-15 2013-09-03 Ixia Redirecting function calls
US9560504B2 (en) * 2011-08-01 2017-01-31 Samsung Electronics Co., Ltd. Secondary mobile device
EP2792104B1 (en) 2011-12-21 2021-06-30 SSH Communications Security Oyj Automated access, key, certificate, and credential management
US20140380300A1 (en) * 2013-06-25 2014-12-25 Bank Of America Corporation Dynamic configuration framework
CN103957214A (en) * 2014-05-06 2014-07-30 重庆邮电大学 Computer network data package grabbing method for teaching
WO2018058182A1 (en) * 2016-09-27 2018-04-05 Cog Systems Pty Ltd A network connectable computing system and a method for processing a plurality of messages

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6085234A (en) * 1994-11-28 2000-07-04 Inca Technology, Inc. Remote file services network-infrastructure cache
GB2301735B (en) * 1995-06-02 1999-07-28 Dsc Communications Message handling in a telecommunications network
US5862362A (en) 1995-10-05 1999-01-19 Microsoft Corporation Network failure simulator
US5822520A (en) * 1995-12-26 1998-10-13 Sun Microsystems, Inc. Method and apparatus for building network test packets
US5781550A (en) 1996-02-02 1998-07-14 Digital Equipment Corporation Transparent and secure network gateway
US5774660A (en) 1996-08-05 1998-06-30 Resonate, Inc. World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network
US6366958B1 (en) * 1996-10-21 2002-04-02 International Business Machines Corporation NETBIOS protocol support for a DCE RPC mechanism
US6026086A (en) * 1997-01-08 2000-02-15 Motorola, Inc. Apparatus, system and method for a unified circuit switched and packet-based communications system architecture with network interworking functionality
US5983274A (en) * 1997-05-08 1999-11-09 Microsoft Corporation Creation and use of control information associated with packetized network data by protocol drivers and device drivers
US6289388B1 (en) * 1997-06-02 2001-09-11 Unisys Corporation System for communicating heterogeneous computers that are coupled through an I/O interconnection subsystem and have distinct network addresses, via a single network interface card
US6473406B1 (en) * 1997-07-31 2002-10-29 Cisco Technology, Inc. Method and apparatus for transparently proxying a connection
US6111894A (en) * 1997-08-26 2000-08-29 International Business Machines Corporation Hardware interface between a switch adapter and a communications subsystem in a data processing system
US6226680B1 (en) * 1997-10-14 2001-05-01 Alacritech, Inc. Intelligent network interface system method for protocol processing
US6272551B1 (en) * 1998-04-08 2001-08-07 Intel Corporation Network adapter for transmitting network packets between a host device and a power line network
US6295554B1 (en) * 1998-05-27 2001-09-25 3Com Corporation System and method for communicating with a telco-return cable modem as a single communications device
US6363423B1 (en) * 1999-04-26 2002-03-26 3Com Corporation System and method for remotely generating, assigning and updating network adapter card in a computing system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1320238A2 (en) * 2001-12-11 2003-06-18 Microsoft Corporation Architecture and run-time environment for network filter drivers
EP1320238A3 (en) * 2001-12-11 2005-12-07 Microsoft Corporation Architecture and run-time environment for network filter drivers
US7209971B1 (en) 2001-12-11 2007-04-24 Microsoft Corporation Architecture and run-time environment for network filter drivers

Also Published As

Publication number Publication date
DE10054923B4 (en) 2013-11-14
FI113927B (en) 2004-06-30
IL139415A0 (en) 2001-11-25
US6678734B1 (en) 2004-01-13
DE10054923A1 (en) 2001-05-31
IL139415A (en) 2005-06-19
FI20002477A (en) 2001-05-14
FI20002477A0 (en) 2000-11-13
CA2325652C (en) 2010-08-17

Similar Documents

Publication Publication Date Title
CA2325652A1 (en) A method for intercepting network packets in a computing device
US5446680A (en) System and method for obtaining network performance data
US5815682A (en) Device independent modem interface
US7929539B2 (en) Multiple queue pair access with a single doorbell
US5870610A (en) Autoconfigurable method and system having automated downloading
US5638517A (en) Method and apparatus for transmitting a message from a computer system over a network adapter to the network by performing format conversion and memory verification
CN101490637B (en) Dynamic bus-based virtual channel multiplexing device driver architecture
US20110069710A1 (en) Switching Method
US6550006B1 (en) Method and apparatus to perform a remote boot
US20040122988A1 (en) System for controlling data transfer protocol with a host bus interface
WO1999026377A3 (en) A high performance interoperable network communications architecture (inca)
CN101135980A (en) Device and method for realizing zero copy based on Linux operating system
US7082524B2 (en) I/O bus abstraction for a cluster interconnection fabric
EP1204916A2 (en) Method, system and computer readable storage medium for automatic device driver configuration
US5454078A (en) System for sharing name among network adapters by, dynamically linking adapters having same logical name and maintaining linked state of remaining adapters
US5541853A (en) Processor configurable for both virtual mode and protected mode
US6708229B2 (en) Configuring computer components
US20020029302A1 (en) Method, computer program product, and system for managing connection-oriented media
US6591320B1 (en) Method and system for selective disablement of expansion bus slots in a multibus data processing system
GB2436627A (en) Message handling using a wrapper
US6259532B1 (en) Method and apparatus for communicating with a plurality of peripheral devices through a single parallel port
CN115454896A (en) SMBUS-based SSD MCTP control message verification method and device, computer equipment and storage medium
US7546611B2 (en) Driver agent device for supporting remote device driver development environment in embedded system and operation method thereof
US7336664B2 (en) Data processing device and its input/output method and program
EP1234235B1 (en) Method and apparatus for remotely debugging computer software over a serial bus

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20201110