SYSTEM AND METHOD FOR REMOTE MONITORING IN A WIRELESS NETWORK
First Claim
1. A system comprising:
- a wired backbone network;
a network, coupled to the wired backbone network;
a wireless access domain, including;
a first access area havinga first wireless exchange switch for sending data through the network to the wired backbone network, anda first access point, with a first snoop filter, that links wireless mobile stations to the wired backbone network through the first wireless exchange switch;
a second access area havinga second wireless exchange switch for sending data through the network to the wired backbone network, anda second access point, with a second snoop filter, that links wireless mobile stations to the wired backbone network through the second wireless exchange switch;
an intrusion detection system, coupled to the network, for analyzing packets;
wherein, in operation, a connection is established between a mobile device in the first access area and the mobile device is associated with a persistent identity;
the first snoop filter monitors traffic between the mobile device and the first access point and copies packets that meet a specified criteria to the intrusion detection system;
when the mobile device moves into the second access area, the connection is maintained along with the persistent identity of the mobile device;
the second snoop filter continues to monitor traffic between the mobile device and the second access point and continues to copy packets that meet the specified criteria to the intrusion detection system.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for combining operations of a wireless access point with a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for analysis. In an embodiment, the observer may provide a protocol-level debug. A system according to the technique can, for example, accomplish concurrent in-depth packet analysis of one or more interfaces on a wireless switch. The system can also, for example, augment embedded security functions by forwarding selected packets to a remote Intrusion Detection System (IDS). In an embodiment, filters on the probes may reduce overhead.
-
Citations
20 Claims
-
1. A system comprising:
-
a wired backbone network; a network, coupled to the wired backbone network; a wireless access domain, including; a first access area having a first wireless exchange switch for sending data through the network to the wired backbone network, and a first access point, with a first snoop filter, that links wireless mobile stations to the wired backbone network through the first wireless exchange switch; a second access area having a second wireless exchange switch for sending data through the network to the wired backbone network, and a second access point, with a second snoop filter, that links wireless mobile stations to the wired backbone network through the second wireless exchange switch; an intrusion detection system, coupled to the network, for analyzing packets; wherein, in operation, a connection is established between a mobile device in the first access area and the mobile device is associated with a persistent identity;
the first snoop filter monitors traffic between the mobile device and the first access point and copies packets that meet a specified criteria to the intrusion detection system;
when the mobile device moves into the second access area, the connection is maintained along with the persistent identity of the mobile device;
the second snoop filter continues to monitor traffic between the mobile device and the second access point and continues to copy packets that meet the specified criteria to the intrusion detection system. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
establishing a wireless connection with a mobile device in a first access area of a wireless access domain, wherein the connection has an associated IP address; monitoring traffic associated with the mobile device through the first access area; capturing a packet from the traffic if the packet meets a specified criteria; analyzing the packet to determine whether the mobile device is a threat; detecting movement of the mobile device from the first access area to a second access area of the wireless access domain; maintaining the wireless connection and the associated IP address; continuing to monitor traffic associated with the mobile device through the second access area. - View Dependent Claims (5, 6, 7)
-
-
8. A system comprising:
-
an access point, including; a radio interface through which wireless traffic passes; one or more filters; a monitor, coupled to the radio interface, that captures a packet from the wireless traffic if the packet matches a filter of the one or more filters; an intrusion detection system for analyzing packets; a network coupling the access point to the intrusion detection system, wherein the captured packet is copied through the network from the access point to the intrusion detection system. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification