International Business Machines Corporation
DETERMINING NETWORK FLOW DIRECTION

Abstract:

A computer-implemented system and method identifies a network flow direction. The method includes observing, by a network flow monitor, a plurality of data packets as each data packet travels past a connection point. The method further includes identifying, from the plurality of data packets, a flow session, wherein the flow session comprises a source port, a source device, a destination device, a destination port, and a communication protocol. The method also includes, gathering, from the plurality of data packets, directional metadata. The method includes, comparing the source port and the destination port against a list of common destination ports. The method further includes determining, based on the plurality of data packets, a flow direction of the flow session. The method includes storing the flow session in a database.