Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is in response to the amendments filed on 10/8/2021. Claims 1, 9, 12, 16, and 18 have been amended. Claims 1-21 are currently pending and have been considered below. 

Response to Arguments
Applicant’s arguments, see Page 8 of Remarks, filed 10/8/2021, with respect to the 35 U.S.C. 112 rejection of claims 12-17 have been fully considered and are persuasive.  This rejection of claims 12-17 has thus been withdrawn. 
Applicant's additional arguments filed 10/8/2021 have been fully considered but they are not persuasive. On pages 9-11 of Remarks, Applicant contends that neither Matityahu or Tulasi fully teach or suggest the now amended, “wherein the modified data packet is one of a plurality of modified data packets injected into the outgoing traffic flow, and where the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool”. The examiner respectfully disagrees.
Applicant appears to address the above limitation primarily in view of the examiner’s citations of Tulasi. Specifically, Applicant asserts that because Tulasi details creating a policy to block all packets of particular type, then Tulasi cannot determine a 
First, the claim amendment does not recite any such “counting” or “determination of a number”, and only recites that “the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool” (emphasis added). As such, any such “number” being utilized in order to make a determination on how many modified data packets were blocked would suffice.
Second, Fig. 11, steps 204, 206, 208, 210 of Tulasi outline a process that meets this limitation. Specifically, Fig. 11 outlines a process where a router policy is to be analyzed based on injecting a plurality of test packets into the router. The router then processes the test packets, in accordance with the router policy under test, and replies with result packets that is used to determine whether the router policy is valid. Col. 25, lines 38-40 specifically outlines, that at step 208, “Router 14 extracts the test packets form the RPC and processes the test packets according to its policy configuration data to produce zero or more result packets (208)”, and further outlines at Col. 15, lines 8-11, “Result packets stored in packet capture files 104 are the result packets that administrator 12 expects to receive in response to the test packets for the corresponding policy rules when the one of elements 5 under analysis is operating as intended”. Further, Col. 16, lines 59-67 & Col. 17, lines 1-2 disclose that, “The result packets represent the packets that router 14 would ordinarily forward to a neighboring network device if router 14 had received … packets identical to the test packets delivered as a parameter of the NETCONF message”. 
In other words, Tulasi’s “result packets” are generated based on whether the router processes the “test packets” or not. If the router processes the “test packet” (as it would if the “test packet” was an ordinary packet), then a “result packet” is generated (to indicate that the “test packet was not blocked). Tulasi then discloses generating a number of “zero or more” result packets that are then utilized to determine whether a router policy is operating as intended. This number of result packets thus clearly is utilized in determining an indication of health for the router / router policy. While Applicant may be correct in noting that Tulasi does not clearly disclose the term “counting” in the context of numbers, Tulasi very clearly does teach at least a number of result packets being utilized in making an determination of the health of the router / router policy. 
Therefore, in view of the above, the examiner maintains that the combination of Matityahu and Tulasi fully teach and suggest, “wherein the modified data packet is one of a plurality of modified data packets injected into the outgoing traffic flow, and where the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool”, and thus the rejection is maintained as stated below.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it 

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Each of claims 1, 12, and 18 recite, “wherein the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool”, which does not appear to have either explicit or implicit support for within the Specification. As such, claims 1, 12, 18, and their respective dependent claims fail to comply with the written description requirement established under 35 U.S.C. 112(a). While the examiner recognizes that Applicant referred to paragraph 55 for providing support of the above amendment, the examiner did not find recitation of a “number” (or the like) recited in this section.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10, 18, 19, and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Matityahu” (US 9813448) in further view of “Tulasi” (US 8248958).

Regarding Claim 1:
Matityahu teaches:
A method comprising: 
identifying, by a network appliance (Fig. 7, element 706), a data packet included in a first incoming traffic flow (Fig. 7 details data paths 730 and 732 which include data traffic shown by Col. 13, line 43-48 & lines 60-65. Here, the examiner interprets “data traffic” to include multiple data packets, as the data traffic in Matityahu is being routed in accordance with a TCP session (see Col. 7, lines 5-6). Col. 20, lines 30-36 further disclose an example where data traffic may also include heartbeat packets, and thus is made up of normal TCP packets in addition to heartbeat packets) received from a source node (Fig. 7, element 702); 
modifying, by the network appliance, the data packet (Col. 21, lines 31-34, “… additional functionalities may be provided on an inline monitoring/security system by manipulating the heartbeat packet. Fig. 13A shows an example of a typical heartbeat packet” & lines 52-57, “To provide the monitoring/security system with more functionality, two additional fields may be added … As shown in FIG. 13B, a new field (status 1310) may be employed to provide the monitoring/security system with information about the conditions of other modules …”; Col. 22, lines 23-26, “Another field that may be included in the heartbeat packet is command 1312 … may be employed by the monitoring/security system to provide a direct communication path to another module”) to produce a modified data packet (Fig. 13B details a modified heartbeat packet with a status field and command field added) that mimics abnormal traffic (Col. 7, lines 25-30, “With a sequential heartbeat diagnostic test, an algorithm may be provided to simulate real world conditions in order to determine the true state of a monitoring system … a company can configure the diagnostic test to specifically test the conditions that have the most impact on its network”); 
injecting, by the network appliance, the modified data packet into an outgoing traffic flow destined for a network tool (Col. 9, lines 59-67, “To ensure the network integrity, a sequential heartbeat diagnostic test may be executed … In an embodiment, the FPGA 310 may include a sequential heartbeat packet generator 312 for generating and inserting the heartbeat packets into the network data traffic flowing to the monitoring system (IPS 308)”; Fig. 8, step 808; Col. 14, lines 20-25, “At a next step 808, a diagnostic test is executed to determine the condition of each inline monitoring/security arrangement (such as IPS 708 and 720)”), wherein the outgoing traffic flow includes the modified data packet and at least one unmodified data packet from the first incoming traffic flow (Col. 20, lines 30-36, “The set of heartbeat packets may then be inserted into the data traffic and forwarded to IPS 308”; i.e., the system of Matityahu inserts the modified heartbeat backs into an existing data traffic flow, the existing data traffic flow being made up of regular TCP traffic. Thus, the examiner interprets the regular TCP traffic as “unmodified data packets” with the modified heartbeat packets inserted into the TCP traffic as being “modified data packets”); 
determining, by the network appliance, whether the modified data packet was [received] by the network tool in accordance with a security protocol by examining a second incoming traffic flow received from the network tool (Fig. 4A details sending a heartbeat packet to a network tool via a first port and receiving the same heartbeat packet from the network tool via a second port; Col. 9, lines 65-67 & Col. 10, lines 1-10, “… generating and inserting the heartbeat packets into the network data traffic flowing to the monitoring system (IPS 308). FPGA 310 … may also include a sequential heartbeat packet detector 314 which may be configured to identify and remove the heartbeat packet from the data traffic when the heartbeat packet returns from the monitoring system (IPS 308)”)); and 
generating, by the network appliance, an indication of health of the network tool based on a determination of whether the modified data packet was [received] by the network tool (Col. 14, lines 53-61, “However, if a fail condition exists, the system may trigger one or more events … the network tap may switch from a normal mode to a bypass mode … notification may be sent to the operator/administrator”; Fig. 5 details the failure conditions associated with a counter value).
Matityahu does not disclose:

generating, by the network appliance, an indication of health of the network tool based on a determination of whether the modified data packet was blocked by the network tool, wherein the modified data packet is one of a plurality of modified data packets injected into the outgoing traffic flow, and wherein the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool.
Tulasi teaches:
determining, by the network appliance, whether the modified data packet was blocked by the network tool (Col. 20, lines 41-67, “Service engine 30 applies one or more of services 32 to the parameters in accordance with policies 34 … For example, the exemplary policy rule provided above requires router 14 to drop packets originating from IP address 55.0.0.1. Applying this exemplary policy rule, service engine 30 drops the test packets where the test packet headers identify the packets as originating from IP address 55.0.0.1. Service engine 30 returns the result of the application of services 32 to service daemon 47. The returned result may in some instances (e.g., dropped packets) be a null data set”) …
generating, by the network appliance, an indication of health of the network tool based on a determination of whether the modified data packet was blocked by the network tool (Col. 21, line 18-33, “Packet analysis 38A may return the test packet processing result, i.e., the data received from lookup module 48”; Col. 22, lines 1-38, “This request-reply technique allows an administrator to remotely validate configuration data (e.g., policies) on router 14 by comparing an expected result with an actual result (i.e., the result packets and associated analysis data)”), wherein the modified data packet is one of a plurality of modified data packets injected into the outgoing traffic flow (Fig. 11, step 206), and wherein the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool (Fig. 11, step 208 & 210; Col. 25, lines 38-40, “Router 14 extracts the test packets form the RPC and processes the test packets according to its policy configuration data to produce zero or more result packets (208)”; Col. 15, lines 8-11, “Result packets stored in packet capture files 104 are the result packets that administrator 12 expects to receive in response to the test packets for the corresponding policy rules when the one of elements 5 under analysis is operating as intended”; Col. 16, lines 59-67 & Col. 17, lines 1-2, “The result packets represent the packets that router 14 would ordinarily forward to a neighboring network device if router 14 had received … packets identical to the test packets delivered as a parameter of the NETCONF message”; i.e., determine whether the router policy is blocking test packets based on the number of result packets that are returned).
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Matityahu’s secured network arrangement by enhancing Matityahu’s method of performing diagnostic tests on a network tool to include determining whether the network tool is properly blocking packets in accordance to a policy, as taught by Tulasi, in order to test and validate the full functionality of the network tool.


Regarding Claim 2:
The method of claim 1, Matityahu in view of Tulasi further comprising: 
identifying, by the network appliance, a flow map associated with the data packet (Matityahu, Fig. 11; Col. 16, lines 6-8, “… which shows examples of different paths available for directing traffic”).

Regarding Claim 3:
The method of claim 2, Matityahu in view of Tulasi further comprising: 
determining that a simulated error mode has been enabled for the flow map (Matityahu, Col. 10, lines 45-49, “To perform the test, sequential heartbeat packet generator 312 may generate sets of sequential heartbeat packets … and may insert the sets of sequential heartbeat packets into the network data traffic flowing to IPS 308”); Col. 14, lines 33-38, “However, if the diagnostic test indicates that the primary inline monitoring/security arrangement (e.g., IPS 708) has malfunctioned, then at a next step 812, the inline network arrangement is switched to a secondary mode and the data traffic is routed through the second inline monitoring/security arrangement …”).

Regarding Claim 4:
The method of claim 2, wherein Matityahu in view of Tulasi further teaches the flow map represents a policy that governs how the data packet is to be handled by the network appliance (Tulasi, Col. 5, lines 22-26, “Elements 5 may include … routers, switches, gateways, bridges, hubs…”; Col. 6, lines 50-54, “Enhanced device management software within each of network elements 5 decapsulates the traffic patterns for processing by the elements (e.g., applying filtering and forwarding policies) as if the traffic were “live” traffic”; Col. 7, lines 46-67, “Corresponding actions for the network device to perform upon occurrence of a condition concern the action the network device takes with respect to the packet or packet flow…”).
The motivation to rejection claim 4 under Matityahu in view of Tulasi is the same motivation used to reject claim 1 above.

Regarding Claim 5:
The method of claim 2, wherein Matityahu in view of Tulasi further teaches said identifying comprises:
recognizing a network port of the network appliance at which the data packet was received, the source node from which the data packet was received, or a characteristic of the data packet (Matityahu, Fig. 11, details recognizing specific tool ports (e.g., 1104-PORT and 1110-PORT being tool ports by virtue of being connected to 1128-IPS) for a specific data flow corresponding to PATH 1140); and 
selecting the flow map from a plurality of flow maps based on the network port, the source node, or the characteristic of the data packet (Matityahu, Fig. 4B discloses a 

Regarding Claim 6:
The method of claim 1, Matityahu in view of Tulasi further comprising: 
forwarding, by the network appliance, at least a portion of the second incoming traffic flow to a network port for transmission to a destination node (Matityahu, Fig. 7 details data traffic paths 730 and 732 as flowing to port 716 for transmission to destination node 704).

Regarding Claim 7:
The method of claim 1, Matityahu in view of Tulasi further comprising: 
in response to a determination that the modified data packet was not blocked by the network tool, 
generating, by the network appliance, a notification that indicates a security risk exists (Matityahu, Fig. 6, step 610; Fig. 8, steps 808 & 810); and 
causing, by the network appliance, display of the notification on an interface accessible to an administrator (Matityahu, Col. 14, lines 53-61, “However, if a fail condition exists, the system may trigger one or more events … the network tap may switch from a normal mode to a bypass mode … notification may be sent to the operator/administrator”).

Regarding Claim 8:
The method of claim 1, Matityahu in view of Tulasi further comprising: 
in response to a determination that the modified data packet was blocked by the network tool, 
generating, by the network appliance, a notification that indicates the network tool is operating properly (Tulasi, Col. 20, lines 41-67, “Service engine 30 applies one or more of services 32 to the parameters in accordance with policies 34 … For example, the exemplary policy rule provided above requires router 14 to drop packets originating from IP address 55.0.0.1. Applying this exemplary policy rule, service engine 30 drops the test packets where the test packet headers identify the packets as originating from IP address 55.0.0.1. Service engine 30 returns the result of the application of services 32 to service daemon 47. The returned result may in some instances (e.g., dropped packets) be a null data set”; Abstract, “… testing and verifying the functionality of … network devices …”; Col. 3, lines 10-19, “The device configuration manager of the network device includes a packet processing module that extracts the test packet and processes the test packet to produce a test packet processing result in accordance with the configuration data of the network device as if the test packet had been directly received from the network, and wherein the device management interface is configured to send the test packet processing result as a first parameter of a reply message”); and 
causing, by the network appliance, display of the notification on an interface accessible to an administrator (Tulasi, Fig. 7, element 149 details two “… then output the results of the policy validation comparison to an administrator of user interface 80”).
The motivation to rejection claim 8 under Matityahu in view of Tulasi is the same motivation used to reject claim 1 above.

Regarding Claim 9:
The method of claim 1, wherein Matityahu in view of Tulasi further teaches the indication of health of the network tool is based on a percentage of modified data packets that are dropped by the network tool (Tulasi, Col. 6, lines 60-67, “For example, after modifying the configuration data of element 5A to implement a given operational objective, e.g., by installing configuration data specifying a policy to drop packets received from a particular network source…”; Col. 13, lines 55-57, “As one example, a particular policy rule may direct a network device to drop all packets received from IP address 55.0.0.1”; i.e., a given objective for a network element under test is to drop 100% of all packets received from IP address 55.0.0.1).
The motivation to rejection claim 9 under Matityahu in view of Tulasi is the same motivation used to reject claim 1 above.

Regarding Claim 10:
The method of claim 9, wherein the indication of health specifies that the network tool is operating properly if the network tool blocks a predetermined percentage of all modified data packets in the outgoing traffic flow (Tulasi, Col. 21, lines 56-61, “… provide a mechanism by which device management system 10 may directly inject packets into router 14 in order to determine whether the device, as configured, meets the intended operational objectives”).
The motivation to rejection claim 10 under Matityahu in view of Tulasi is the same motivation used to reject claim 1 above.

Regarding Claim 18:
Matityahu teaches:
A method comprising: 
receiving, by a network appliance (Fig. 7, element 706), a data packet (Fig. 7 details data paths 730 and 732 which include data traffic shown by Col. 13, line 43-48 & lines 60-65. Here, the examiner interprets “data traffic” to include multiple data packets, as the data traffic in Matityahu is being routed in accordance with a TCP session (see Col. 7, lines 5-6). Col. 20, lines 30-36 further disclose an example where data traffic may also include heartbeat packets, and thus is made up of normal TCP packets in addition to heartbeat packets) produced by an originating node that is communicatively coupled to the network appliance (Fig. 7, element 702);
modifying, by the network appliance, the data packet (Col. 21, lines 31-34, “… additional functionalities may be provided on an inline monitoring/security system by manipulating the heartbeat packet. Fig. 13A shows an example of a typical heartbeat packet” & lines 52-57, “To provide the monitoring/security system with more functionality, two additional fields may be added … As shown in FIG. 13B, a new field (status 1310) may be employed to provide the monitoring/security system with information about the conditions of other modules …”; Col. 22, lines 23-26, “Another field that may be included in the heartbeat packet is command 1312 … may be employed by the monitoring/security system to provide a direct communication path to another module”) to produce a modified data packet  (Fig. 13B details a modified heartbeat packet with a status field and command field added) that mimics abnormal traffic (Col. 7, lines 25-30, “With a sequential heartbeat diagnostic test, an algorithm may be provided to simulate real world conditions in order to determine the true state of a monitoring system … a company can configure the diagnostic test to specifically test the conditions that have the most impact on its network”);






 PATENTtransmitting, by the network appliance, the modified data packet to a network tool that is communicatively coupled to the network appliance (Col. 9, lines 59-67, “To ensure the network integrity, a sequential heartbeat diagnostic test may be executed … In an embodiment, the FPGA 310 may include a sequential heartbeat packet generator 312 for generating and inserting the heartbeat packets into the network data traffic flowing to the monitoring system (IPS 308)”; Fig. 8, step 808; Col. 14, lines 20-25, “At a next step 808, a diagnostic test is executed to determine the condition of each inline monitoring/security arrangement (such as IPS 708 and 720)”); 
determining, by the network appliance, whether the modified data packet was [received] by the network tool by determining whether the modified data packet is included in incoming traffic received from the network tool (Fig. 4A details sending a heartbeat packet to a network tool via a first port and receiving the same heartbeat packet from the network tool via a second port; Col. 9, lines 65-67 & Col. 10, lines 1-10, “… generating and inserting the heartbeat packets into the network data traffic flowing to the monitoring system (IPS 308). FPGA 310 … may also include a sequential heartbeat packet detector 314 which may be configured to identify and remove the heartbeat packet from the data traffic when the heartbeat packet returns from the monitoring system (IPS 308)”)); and 
generating, by the network appliance, an indication of health of the network tool based on a determination of whether the modified data packet was [received] by the network tool (Col. 14, lines 53-61, “However, if a fail condition exists, the system may trigger one or more events … the network tap may switch from a normal mode to a bypass mode … notification may be sent to the operator/administrator”; Fig. 5 details the failure conditions associated with a counter value).
Matityahu does not disclose:
determining, by the network appliance, whether the modified data packet was blocked by the network tool …
generating, by the network appliance, an indication of health of the network tool based on a determination of whether the modified data packet was blocked by the network tool, wherein the modified data packet is one of a plurality of modified data packets injected into the outgoing traffic flow, and wherein the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool.
Tulasi teaches:
determining, by the network appliance, whether the modified data packet was blocked by the network tool (Col. 20, lines 41-67, “Service engine 30 applies one or more of services 32 to the parameters in accordance with policies 34 … For example, the exemplary policy rule provided above requires router 14 to drop packets originating from IP address 55.0.0.1. Applying this exemplary policy rule, service engine 30 drops the test packets where the test packet headers identify the packets as originating from IP address 55.0.0.1. Service engine 30 returns the result of the application of services 32 to service daemon 47. The returned result may in some instances (e.g., dropped packets) be a null data set”) …
generating, by the network appliance, an indication of health of the network tool based on a determination of whether the modified data packet was blocked by the network tool (Col. 21, line 18-33, “Packet analysis 38A may return the test packet processing result, i.e., the data received from lookup module 48”; Col. 22, lines 1-38, “This request-reply technique allows an administrator to remotely validate configuration data (e.g., policies) on router 14 by comparing an expected result with an actual result (i.e., the result packets and associated analysis data)”), wherein the modified data packet is one of a plurality of modified data packets injected into the outgoing traffic flow (Fig. 11, step 206), and wherein the indication of health of the network tool is based on a number of the modified data packets that are blocked by the network tool (Fig. 11, step 208 & 210; Col. 25, lines 38-40, “Router 14 extracts the test packets form the RPC and processes the test packets according to its policy configuration data to produce zero or more result packets (208)”; Col. 15, lines 8-11, “Result packets stored in packet capture files 104 are the result packets that administrator 12 expects to receive in response to the test packets for the corresponding policy rules when the one of elements 5 under analysis is operating as intended”; Col. 16, lines 59-67 & Col. 17, lines 1-2, “The result packets represent the packets that router 14 would ordinarily forward to a neighboring network device if router 14 had received … packets identical to the test packets delivered as a parameter of the NETCONF message”; i.e., determine whether the router policy is blocking test packets based on the number of result packets that are returned).
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Matityahu’s secured network arrangement by enhancing Matityahu’s method of performing diagnostic tests on a network tool to include determining whether the network tool is properly blocking packets in accordance to a policy, as taught by Tulasi, in order to test and validate the full functionality of the network tool.
	The motivation is to confirm proper configuration of a network tool, such as an intrusion prevention system, by testing that the network tool successfully blocks certain packets in accordance with a policy during a diagnostic test. This allows an administrator to completely verify policies affecting whether certain packets are able to traverse the network tool.

Regarding Claim 19:
The method of claim 18, wherein Matityahu in view of Tulasi further teaches the modified data packet is transmitted to the network tool as part of an outgoing traffic flow that includes at least one unmodified data packet produced by the originating node (Matityahu, Col. 20, lines 30-36, “The set of heartbeat packets may then be inserted into the data traffic and forwarded to IPS 308”; i.e., the system of Matityahu inserts the modified heartbeat backs into an existing data traffic flow, the existing data traffic flow 

Regarding Claim 21:
The method of claim 18, wherein Matityahu in view of Tulasi further teaches the originating node is communicatively coupled to the network appliance via at least one intermediary node (Matityahu, Fig. 3 discloses a switch element 318 as being an intermediary device which serves as a connection between network device 302 and network arrangement 306).

Claims 11 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Matityahu” (US 9813448) in further view of “Tulasi” (US 8248958) in further view of “Tessmer” (US 2015/0103679).

Regarding Claim 11:
Matityahu in view of Tulasi discloses:
The method of claim 1, …
Matityahu in view of Tulasi does not disclose:
…wherein said modifying comprises: 
altering a bit that resides in a header or a trailer of the data packet.
Tessmer teaches:
… wherein said modifying comprises: 
“In order to create such a logical network packet, a virtual switch of some embodiments on the host machine first inserts or appends a logical network section to the packet. This logical network section, in some embodiments, includes both a logical network identifier (e.g., a UUID that identifies the logical network for which the connectivity is being tested) and a set of flags. These flags include a marker that identifies the packet, in the logical network header, as a test packet (e.g., a single or multi -bit flag”; ¶0068, “Specifically, in this case, the packet includes a trace flag. This trace flag may be a single bit flag that is, e.g., set to 1 when the packet is a connectivity test and set to 0 for standard network traffic”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Matityahu in view of Tulasi’s secured network arrangement by enhancing Matityahu in view of Tulasi’s method of performing diagnostic tests on a network tool to include altering a data packet by modifying a bit within the packet, as taught by Tessmer, in order to ensure the data packet intended to be tested is further marked so that the packet is not forwarded as actual data traffic.
	The motivation is to prevent a test packet from being treated as actual data by ensuring that the test packet is flagged by setting a bit in the test packet itself. This will ensure that if a device-under-test fails to apply a respective policy to the test packet then the test packet won’t be further forwarded as an actual data packet would be (Tessmer, ¶0006, “Without such a marker, a virtual switch receiving the packet at one of the additional hosts would not realize that the packet is a test packet and would attempt to deliver the packet to a destination address specified in the encapsulated packet…”).

Regarding Claim 20:
Matityahu in view of Tulasi teaches:
The method of claim 18, …
Matityahu in view of Tulasi does not disclose:
… wherein said modifying includes altering a bit that resides within a payload of the data packet. 
Tessmer teaches:
… wherein said modifying includes altering a bit that resides within a payload of the data packet (¶0006, “In order to create such a logical network packet, a virtual switch of some embodiments on the host machine first inserts or appends a logical network section to the packet. This logical network section, in some embodiments, includes both a logical network identifier (e.g., a UUID that identifies the logical network for which the connectivity is being tested) and a set of flags. These flags include a marker that identifies the packet, in the logical network header, as a test packet (e.g., a single or multi -bit flag”; ¶0068, “Specifically, in this case, the packet includes a trace flag. This trace flag may be a single bit flag that is, e.g., set to 1 when the packet is a connectivity test and set to 0 for standard network traffic”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Matityahu in view of Tulasi’s secured network arrangement by enhancing Matityahu in view of Tulasi’s method of 
	The motivation is to prevent a test packet from being treated as actual data by ensuring that the test packet is flagged by setting a bit in the test packet itself. This will ensure that if a device-under-test fails to apply a respective policy to the test packet then the test packet won’t be further forwarded as an actual data packet would be (Tessmer, ¶0006, “Without such a marker, a virtual switch receiving the packet at one of the additional hosts would not realize that the packet is a test packet and would attempt to deliver the packet to a destination address specified in the encapsulated packet…”).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491