METHOD AND SYSTEM FOR DETECTING CHARACTERISTICS OF A WIRELESS NETWORK
7 Assignments
0 Petitions
Accused Products
Abstract
Characteristics about one or more wireless access devices in a wireless network, whether known or unknown entities, can be determined using a system and method according to the present invention. An observation is made of the activity over a Wireless Area Network (WLAN). Based on this activity, changes in state of wireless access devices within the WLAN can be observed and monitored. These changes in state could be indicative of normal operation of the WLAN, or they may indicate the presence of an unauthorized user. In the latter case, an alert can be sent so that appropriate action may be taken. Additionally, ad hoc networks can be detected that may be connected to a wireless access point.
-
Citations
42 Claims
-
1-22. -22. (canceled)
-
23. A method, performed by one or more components of a node in a wireless network, comprising:
-
detecting, by the one or more components, a first packet associated with a wireless access device and transmitted via the wireless network; determining, by the one or more components, a type of the first packet; determining, by the one or more components, an identity of at least one device in communication with the wireless access device; defining, by the one or more components, a first state of operation of the wireless access device corresponding to the type of the first packet and the identity of the at least one device; detecting, by the one or more components, a second packet associated with the wireless access device and transmitted via the wireless network; determining, by the one or more components, a type of the second packet; determining, by the one or more components, one or more source and/or destination devices of the second packet; defining, by the one or more components, a current state of operation of the wireless access device corresponding to the type of the second packet and the one or more source and/or destination devices; identifying, by the one or more components and when the first state differs from the current state, a state change for the wireless access device; and generating, by the one or more components, an event notification indicating the identified state change. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A system comprising:
-
means for detecting a first packet identifying a wireless access device; means for determining a type of the first packet; means for determining at least one device in communication with the wireless access device via a wireless network; means for defining, based on the at least one device and the type of the first packet, a first state of a session between the wireless access device and the at least one device; means for detecting a plurality of packets associated with the wireless access device; means for determining types of the plurality of packets; means for determining sources and/or destinations of the plurality of packets; means for determining that a state change has occurred, from the first state, when at least one of the types of detected packets differs from the type of the first packet or the detected packets have sources or destinations other than the at least one device; and means for generating an event notification of the state change. - View Dependent Claims (33, 34, 35, 36)
-
-
37. A computer-readable storage medium containing computer program comprising:
-
instructions to define a first operational state associated with a wireless access device based on a first type of the packet detected via wireless network and at least one destination and/or source network device for the packet; instructions to monitor a plurality of packets transmitted by and/or received at the wireless access device; instructions to determine that a state change from the first operational state has occurred when a destination network device and/or source device other than the at least one destination and/or source network device is identified based on the observation; instructions to determine that a state change from the first operational state has occurred when a second type of packet that differs from the first type of packet is identified based on the observation; instructions to define, using information indicative of the state change, a second operational state; and instructions to generate an event notification indicating the state change. - View Dependent Claims (38, 39, 40, 41, 42)
-
Specification