Dynamic Control of Endpoint Profiling
First Claim
1. A method comprising:
- at a server in communication with a network device that has network connectivity to one or more endpoint devices;
receiving from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device;
determining whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices;
extracting from the packet one or more attributes that carry further descriptive information of the endpoint device;
determining based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule;
if the endpoint device cannot be classified at the level of granularity, dynamically selecting a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device;
obtaining one or more additional attributes from operation of a selected probe function from the dynamically selecting; and
repeating the determining whether the endpoint device can be classified, the dynamically selecting and the obtaining until the endpoint device can be classified at the level of granularity, if possible.
1 Assignment
0 Petitions
Accused Products
Abstract
A server is in communication with a network device that has network connectivity to an endpoint device. The server receives from the network device a packet that includes a Media Access Control (MAC) address of the endpoint device. A determination is made as to whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices. One or more attributes that carry further descriptive information of the endpoint device are extracted from the packet. It is determined based whether the endpoint device can be classified at a level of granularity according to a policy rule. If the endpoint device cannot be classified at the level of granularity, a probe function is dynamically selected based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device.
-
Citations
20 Claims
-
1. A method comprising:
at a server in communication with a network device that has network connectivity to one or more endpoint devices; receiving from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device; determining whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices; extracting from the packet one or more attributes that carry further descriptive information of the endpoint device; determining based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule; if the endpoint device cannot be classified at the level of granularity, dynamically selecting a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device; obtaining one or more additional attributes from operation of a selected probe function from the dynamically selecting; and repeating the determining whether the endpoint device can be classified, the dynamically selecting and the obtaining until the endpoint device can be classified at the level of granularity, if possible. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. An apparatus comprising:
-
a network interface unit configured to enable communications over a network, including communication with a network device that has network connectivity to one or more endpoint devices; and a processor coupled to the network interface unit and configured to; receive from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device; determine whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices; extract from the packet one or more attributes that carry further descriptive information of the endpoint device; determine based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule; if the endpoint device cannot be classified at the level of granularity, dynamically select a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device; obtain one or more additional attributes from operation of a selected probe function; and repeat the operations to determine whether the endpoint device can be classified, dynamically select a probe function and obtain the one or more additional attributes until the endpoint device can be classified at the level of granularity, if possible. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a network device that has network connectivity to one or more endpoint devices; and a server in communication with the network device, wherein the server is configured to; receive from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device; determine whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices; extract from the packet one or more attributes that carry further descriptive information of the endpoint device; determine based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule; if the endpoint device cannot be classified at the level of granularity, dynamically select a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device; obtain one or more additional attributes from operation of a selected probe function; and repeat the operations to determine whether the endpoint device can be classified, dynamically select a probe function and obtain the one or more additional attributes until the endpoint device can be classified at the level of granularity, if possible. - View Dependent Claims (17, 18, 19, 20)
-
Specification