Network Monitoring Apparatus and Network Monitoring Method
First Claim
1. A network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising:
- an unauthorized node determination module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet;
a spoofed address resolution protocol request transmission module configured to transmit a spoofed address resolution protocol request packet to a target node corresponding to a target network address in the received address resolution protocol request packet if the sender node is an unauthorized node, the spoofed address resolution protocol request packet including a network address of the target node as a target network address, a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized node as a sender network address;
an address resolution protocol reply reception module configured to receive an address resolution protocol reply packet from the target node, wherein the target node is configured to unicast the address resolution protocol reply packet to the network monitoring apparatus in response to the reception of the spoofed address resolution protocol request packet, and wherein the address resolution protocol reply packet includes the physical address of the network monitoring apparatus as a target physical address, the network address of the unauthorized node as a target network address, a physical address of the target node as a sender physical address, and the network address of the target node as a sender network address; and
a spoofed address resolution protocol reply transmission module configured to transmit a spoofed address resolution protocol reply packet to the unauthorized node in response to the reception of the address resolution protocol reply packet, the spoofed address resolution protocol reply packet including a predetermined physical address other than the physical address of the target node as a sender physical address and a network address of the target node as a sender network address.
0 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a network monitoring apparatus includes an unauthorized node determination module, a spoofed address resolution protocol request transmission module, and a spoofed address resolution protocol reply transmission module. The unauthorized node determination module determines whether a sender node which transmits an address resolution protocol request packet is an unauthorized node. The spoofed address resolution protocol request transmission module transmits a spoofed address resolution protocol request packet to a target node corresponding to a target network address in the address resolution protocol request packet if the sender node is an unauthorized node. The spoofed address resolution protocol reply transmission module transmits to the unauthorized node a spoofed address resolution protocol reply packet which includes a predetermined physical address other than the physical address of the target node as a sender physical address and a network address of the target node as a sender network address.
225 Citations
15 Claims
-
1. A network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising:
-
an unauthorized node determination module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet; a spoofed address resolution protocol request transmission module configured to transmit a spoofed address resolution protocol request packet to a target node corresponding to a target network address in the received address resolution protocol request packet if the sender node is an unauthorized node, the spoofed address resolution protocol request packet including a network address of the target node as a target network address, a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized node as a sender network address; an address resolution protocol reply reception module configured to receive an address resolution protocol reply packet from the target node, wherein the target node is configured to unicast the address resolution protocol reply packet to the network monitoring apparatus in response to the reception of the spoofed address resolution protocol request packet, and wherein the address resolution protocol reply packet includes the physical address of the network monitoring apparatus as a target physical address, the network address of the unauthorized node as a target network address, a physical address of the target node as a sender physical address, and the network address of the target node as a sender network address; and a spoofed address resolution protocol reply transmission module configured to transmit a spoofed address resolution protocol reply packet to the unauthorized node in response to the reception of the address resolution protocol reply packet, the spoofed address resolution protocol reply packet including a predetermined physical address other than the physical address of the target node as a sender physical address and a network address of the target node as a sender network address. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network monitoring method of monitoring a network to which nodes are connected by use of a network monitoring apparatus connected to the network, the network monitoring method comprising:
-
determining, by the network monitoring apparatus, whether a sender node which transmits an address resolution protocol request packet is an unauthorized node, based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet; transmitting, by the network monitoring apparatus, a spoofed address resolution protocol request packet to a target node corresponding to a target network address in the received address resolution protocol request packet if the sender node is an unauthorized node, the spoofed address resolution protocol request packet including a network address of the target node as a target network address, a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized node as a sender network address; receiving, by the network monitoring apparatus, an address resolution protocol reply packet from the target node, wherein the target node is configured to unicast the address resolution protocol reply packet to the network monitoring apparatus in response to the reception of the spoofed address resolution protocol request packet, and wherein the address resolution protocol reply packet includes the physical address of the network monitoring apparatus as a target physical address, the network address of the unauthorized node as a target network address, a physical address of the target node as a sender physical address, and the network address of the target node as a sender network address; and transmitting, by the network monitoring apparatus, a spoofed address resolution protocol reply packet to the unauthorized node in response to the reception of an address resolution protocol reply packet unicast from the target node to the network monitoring apparatus with respect to the spoofed address resolution protocol request packet, the spoofed address resolution protocol reply packet including a physical address of the unauthorized node as a sender physical address and a network address of the target node as a sender network address.
-
-
9. A network monitoring apparatus which is configured to monitor a network to which nodes are connected, the network monitoring apparatus comprising:
-
a processor; and a memory that comprises an first module configured to determine whether a sender node which transmits an address resolution protocol request packet is an unauthorized node based on a sender physical address in the address resolution protocol request packet, in response to the reception of the address resolution protocol request packet, a second module configured to transmit a spoofed address resolution protocol request packet to a target node corresponding to a target network address in the received address resolution protocol request packet if the sender node is an unauthorized node, the spoofed address resolution protocol request packet including a network address of the target node as a target network address, a physical address of the network monitoring apparatus as a sender physical address and a network address of the unauthorized node as a sender network address, a third module configured to receive an address resolution protocol reply packet from the target node, wherein the target node is configured to unicast the address resolution protocol reply packet to the network monitoring apparatus in response to the reception of the spoofed address resolution protocol request packet, and wherein the address resolution protocol reply packet includes the physical address of the network monitoring apparatus as a target physical address, the network address of the unauthorized node as a target network address, a physical address of the target node as a sender physical address, and the network address of the target node as a sender network address, and a fourth module configured to transmit a spoofed address resolution protocol reply packet to the unauthorized node in response to the reception of the address resolution protocol reply packet, the spoofed address resolution protocol reply packet including a predetermined physical address other than the physical address of the target node as a sender physical address and a network address of the target node as a sender network address. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification