Systems, devices, and methods of measuring directional latency and congestion in a communication network. A Uni-Directional Latency Determination Unit is connected in a communication network, located between an end-user device and a server. It monitors packets transported between the end-user device and the server, and it estimates a uni-directional latency of packet transport from the end-user device to the server or from the server to the end-user device. It utilizes a Transmission Control Protocol (TCP) Header and Timestamp Analyzer, to perform an analysis of data contained in timestamps of TCP packet headers of transported packets; and particularly, it analyzes data contained in a TSval field of such TCP packet headers. Congestion mitigation operations are accordingly deployed or activated.

A network traffic device comprising: at least one network device adapted to receive network data packets; wherein said at least one network device filters network data packets to locate at least one identifying packet, and samples said network data packets to select at least one sample packet. The at least one network device may transfer said at least one identifying packet and said at least one sample packet to an analyser. A predetermined sample rate may determine the number of sample packets selected by said at least one network device.

A method includes partitioning a set of configuration management (CM) data for one or more cellular network devices into multiple distinct time intervals, each time interval associated with a distinct set of CM settings at the one or more cellular network devices, the CM data comprising multiple CM parameters. The method also includes determining a regression model based on the set of CM data. The method also includes applying the regression model to compute a distinct set of scores and compare the set of scores to estimate whether a performance of the one or more cellular network devices has changed during a second time interval relative to a first time interval.

Systems, devices, and methods of measuring directional latency and congestion in a communication network. A Uni-Directional Latency Determination Unit is connected in a communication network, located between an end-user device and a server. It monitors packets transported between the end-user device and the server, and it estimates a uni-directional latency of packet transport from the end-user device to the server or from the server to the end-user device. It utilizes a Transmission Control Protocol (TCP) Header and Timestamp Analyzer, to perform an analysis of data contained in timestamps of TCP packet headers of transported packets; and particularly, it analyzes data contained in a TSval field of such TCP packet headers. Congestion mitigation operations are accordingly deployed or activated.

Systems, devices, and methods of measuring directional latency and congestion in a communication network. A Uni-Directional Latency Determination Unit is connected in a communication network, located between an end-user device and a server. It monitors packets transported between the end-user device and the server, and it estimates a uni-directional latency of packet transport from the end-user device to the server or from the server to the end-user device. It utilizes a Transmission Control Protocol (TCP) Header and Timestamp Analyzer, to perform an analysis of data contained in timestamps of TCP packet headers of transported packets; and particularly, it analyzes data contained in a TSval field of such TCP packet headers. Congestion mitigation operations are accordingly deployed or activated.

A system and a method for performing programmable analytics on network data are described. A data layer constructs flow behavior information based on information present within headers of data packets flowing across one or more network devices configured in a computer network. An inline heuristics layer performs one or more inline heuristic operations on the flow behavior information to obtain aggregate statistical information. An integrated analytics layer performs one or more analytical operations on the flow behavior information to obtain network insights. A presentation layer filters and plots information obtained from the data layer, the inline heuristics layer, and the integrated analytics layer, based on a user input.

In one embodiment, a label stability analyzer service receives classification data indicative of device type labels assigned to endpoints in a network by a device classification service. The label stability analyzer service counts device type label changes made by the device classification service to the endpoints. The label stability analyzer service computes variability metrics for the device type labels, wherein the variability metric for a device type label is based on a count of the device type label changes associated with that label. The label stability analyzer service determines, based on one of the variability metrics for a particular one of the device type labels exceeding a threshold value, a configuration change for the device classification service that adjusts how the device classification service applies the particular label to endpoints. The label stability analyzer service provides the configuration change to the device classification service.

A first correspondence table in a terminal device stores a correspondence between an identifier of a process running on the terminal device and an identifier of a data stream created by the process, a second correspondence table stores a second correspondence between an identifier of an application and an identifier of a process created by the application. The terminal device receives an identifier, sent by a network security device, of a first data stream. The terminal device can find, in the first correspondence table, a first record storing the identifier of the first data stream to obtain an identifier of a process. The terminal device can find in the second correspondence table, a second record storing the identifier of the process in the first record to obtain an identifier of an application from the second record. The identifier of the application is then sent to the network security device.

A first correspondence table in a terminal device stores a correspondence between an identifier of a process running on the terminal device and an identifier of a data stream created by the process, a second correspondence table stores a second correspondence between an identifier of an application and an identifier of a process created by the application. The terminal device receives an identifier, sent by a network security device, of a first data stream. The terminal device can find, in the first correspondence table, a first record storing the identifier of the first data stream to obtain an identifier of a process. The terminal device can find in the second correspondence table, a second record storing the identifier of the process in the first record to obtain an identifier of an application from the second record. The identifier of the application is then sent to the network security device.

Multi-tenant cloud-based firewall systems and methods are described. The firewall systems and methods can operate overlaid with existing branch office firewalls or routers as well as eliminate the need for physical firewalls. The firewall systems and methods can protect users at user level control, regardless of location, device, etc., over all ports and protocols (not only ports 80/443) while providing administrators a single unified policy for Internet access and integrated reporting and visibility. The firewall systems and methods can eliminate dedicated hardware at user locations, providing a software-based cloud solution. The firewall systems and methods support application awareness to identify application; user awareness to identify users, groups, and locations regardless of physical address; visibility and policy management providing unified administration, policy management, and reporting; threat protection and compliance to block threats and data leaks in real-time; high performance through an in-line cloud-based, scalable system; etc.