Juniper Networks, Inc.
NETWORK TRAFFIC MONITORING BASED ON GEOLOCATION INFORMATION

Abstract:

A network monitoring device may receive, from a mediation device, flow-tap geolocation information that identifies a geographical location (e.g., that is derived based on current and/or previous flow-tap investigation reports) and may obtain, from a geographical Internet protocol (GeoIP) database and based on the flow-tap geolocation information, a plurality of Internet protocol (IP) addresses that are associated with the geographical location. The network device may map the plurality of IP addresses to a flow-tap content destination address of a content destination device in a plurality of entries of a flow-tap geolocation filter. The network device may detect, based on the flow-tap geolocation filter, a traffic flow that is associated with the geographical location, may generate a traffic flow copy, and may provide the traffic flow copy to the flow-tap content destination address, wherein the traffic flow copy is to be accessible to the content destination to enable a context analysis of the traffic flow.