Method and apparatus for filtering that specifies the types of frames to be captured and to be displayed for an IEEE802.11 wireless LAN

US 6,693,888 B2
Filed: 06/06/2001
Issued: 02/17/2004
Est. Priority Date: 06/06/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of capturing and selectively filtering data frames transmitted between stations in a wireless communications network, said method comprising the steps of:

(a) establishing a direct wireless logical connection with the wireless communications network;

(b) receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;

(c) receiving frame attribute parameters inputted by a user through a user interface system;

(d) comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters; and

(e) displaying to the user and/or storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters;

wherein step (d) further comprises the steps of;

resolving one or more addresses associated with a received data frame;

comparing said resolved one or more addresses with the user-selected frame attribute parameters;

resolving frame type and subtype information associated with the received data frame; and

comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters;

wherein the address resolving step further comprises;

securing a source address associated with the received data frame in said memory storage device;

securing a destination address associated with the received data frame in said memory storage device;

securing a receiver address associated with the received data frame in said memory storage device; and

securing a transmitter address associated with the received data frame in said memory storage device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus provides for wirelessly monitoring data packets or frames transmitted in a wireless LAN, that permits a user to selectively filter out unwanted ones of the data packets or frames with respect to the source and destination hardware addresses, and to the frame type and subtypes.

92 Citations

View as Search Results

32 Claims

1. A method of capturing and selectively filtering data frames transmitted between stations in a wireless communications network, said method comprising the steps of:
- (a) establishing a direct wireless logical connection with the wireless communications network;
  
  (b) receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  (c) receiving frame attribute parameters inputted by a user through a user interface system;
  
  (d) comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters; and
  
  (e) displaying to the user and/or storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters;
  
  wherein step (d) further comprises the steps of;
  
  resolving one or more addresses associated with a received data frame;
  
  comparing said resolved one or more addresses with the user-selected frame attribute parameters;
  
  resolving frame type and subtype information associated with the received data frame; and
  
  comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters;
  
  wherein the address resolving step further comprises;
  
  securing a source address associated with the received data frame in said memory storage device;
  
  securing a destination address associated with the received data frame in said memory storage device;
  
  securing a receiver address associated with the received data frame in said memory storage device; and
  
  securing a transmitter address associated with the received data frame in said memory storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the step of providing a user with capability to select and input frame attribute parameters of data frames desired to be displayed.
  - 3. The method of claim 1, wherein the source address securing step further comprises the steps of:
4. The method of claim 1, wherein the destination address securing step further comprises the steps of:
- determining frame type of the received data frame;
  
  registering the destination address from an Address 1 field of the data frame, if the data frame is a MANAGEMENT type;
  
  checking bit values of ToDS field, if the data frame is DATA type;
  
  registering the destination address from an Address 4 field of the data frame, if the bit value of ToDS field is high; and
  
  registering the destination address from an Address 1 field of the data frame, if the bit values of To DS field is low.
5. The method of claim 1, wherein the receiver address securing step further comprises the steps of:
- determining frame type of the received data frame;
  
  registering the receiver address from an Address 1 field of the data frame, if the data frame is a Control type;
  
  checking bit value of ToDS field, if the data frame is a DATA type; and
  
  registering the receiver address from an Addressl field of the data frame, if the bit value of ToDS field is high.
6. The method of claim 1, wherein the transmitter address securing step farther comprises the steps of:
- determining the frame type of the received data frame;
  
  determining the frame subtype of the received data frame, if data frame is a Control type;
  
  registering the transmitter address from an Address2 field of the Control data frame, if the data frame is PS-Poll, RTS, CF-End, or CF-End-CF-Ack subtypes;
  
  checking bit value of FromDS field, if the data frame is DATA type; and
  
  registering the transmitter address from an Address2 field of the DATA data frame, if the bit value of FromDS field is high.
7. The method of claim 6, further comprising the steps of:
- determining if the received data frame is a MANAGEMENT, DATA, or CONTROL frame type;
  
  determining if the received data frame is configured for unicast transmission, and if the received data frame is a DATA or MANAGEMENT type; and
  
  recording into memory duration information for an m_frameAck.duration, an Address 1 form_franieAck.ReceiverAddr, and a frameTime for an m_frameAck.timestamp, if the received data frame is configured for unicast transmission.
8. The method of claim 7, further comprising the step of determining if the received data frame is an Acknowledgement, a Request to Send, a Clear to Send, or a Power_Save Poll subtype, if the received data frame is a CONTROL type.
9. The method of claim 1, wherein the step of comparing said resolved one or more addresses step further comprises the steps of:
- determining if a match between the secured source address or the transmitter address associated with said received data frame and a user-selected filter source address parameter is present;
  
  determining if a match between the secured receiver address or the destination address associated with said receiver data frame and a user-selected filter source address is present, if the user-selected filter source address parameter matches or if no user-selected source address parameter is inputted by the user; and
  
  displaying to the user and/or storing in the memory storage device said received data frame, if either the filter source address parameter match, or the filter destination address parameter match, is positive.
10. The method of claim 1, wherein the step of comparing said resolved frame type and subtype information step further comprises the steps of:
- determining if a frame type parameter has been inputted by the user;
  
  comparing the frame type information associated with the received data frame with the frame type parameter, if inputted by the user;
  
  determining if a frame subtype parameter has been inputted by the user;
  
  comparing the frame subtype information associated with the received data frame with the frame subtype parameter, if inputted by the user;
  
  displaying to the user and/or storing in the memory storage device said received data frame, if both the frame type and subtype parameters match with the frame type and subtype information of the received data frame.

11. A network monitoring apparatus (hr capturing and selectively filtering data frames transmitted between stations in a wireless communications network, the apparatus comprising:
- a wireless network interface device for establishing a logical connection with a wireless communications network and capturing a plurality of data frames transmitted though said network;
  
  a user interface system comprising input and output devices for enabling a user to input and obtain information associated with said plurality of captured data frames;
  
  a memory storage device for storing said plurality of captured data frames from said wireless communications network;
  
  a processor unit electronically connected to said network interface device, said user interface system, and said memory storage device being programmed to execute a routine comprising the steps of;
  
  (a) establishing a direct wireless logical connection with the wireless communications network via said network interface device;
  
  (b) receiving wirelessly, in real-time, data frames transmitted in the wireless communications network via said direct wireless logical connection;
  
  (c) receiving one or more frame attribute parameters inputted by a user through the user interface system;
  
  (d) comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters; and
  
  (e) displaying to the user and/or storing in the memory storage device, the data frames that match positively with the user-inputted frame attribute parameters;
  
  wherein step (d) executed by the processing unit further comprises the steps of;
  
  resolving one or more addresses associated with a received data frame;
  
  comparing said resolved one or more addresses with the user-selected frame attribute parameters;
  
  resolving frame type and subtype information associated with the received data frame; and
  
  comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters;
  
  wherein the address resolving step further comprises;
  
  securing a source address associated with the received data frame;
  
  securing a destination address associated with the received data frame;
  
  securing a receiver address associated with the received data frame; and
  
  securing a transmitter address associated with the received data frame.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, wherein the routine executed by the processing unit further comprises the step of providing a user with capability to select and input frame attribute parameters of data frames desired to be displayed.
  - 13. The apparatus of claim 11, wherein the source address securing step executed by the processing unit, further comprises the steps of:
14. The apparatus of claim 11, wherein the destination address securing step executed by the processing unit, further comprises the steps of:
- determining frame type of the received data frame;
  
  registering the destination address from an Address1 field of the data frame, if the data frame is a MANAGEMENT type;
  
  checking bit values of ToDS field, if the data frame is a DATA type;
  
  registering the destination address from an Address 4 field of the data frame, if the bit value of ToDS field is high; and
  
  registering the destination address from an Address 1 field of the data frame, if the bit values of To DS field are low.
15. The apparatus of claim 11, wherein the receiver address securing step executed by the processing unit, further comprises the steps of:
- determining frame type of the received data frame;
  
  registering the receiver address from an Address1 field of the data frame, if the data frame is Control type;
  
  checking bit value of ToDS field, if the data frame is DATA type; and
  
  registering the receiver address from an Address 1 field of the data frame, if the bit value of ToDS field is high.
16. The apparatus of claim 11, wherein the transmitter address securing step executed by the processing unit, further comprises the steps of:
- determining the frame type of the received data frame;
  
  determining a frame subtype of the received data frame, if the data frame is Control type;
  
  registering the transmitter address from an Address2 field of the Control data frame, if the data frame is PS-Poll, RTS, CF-End, or CF-End-CF-Ack subtypes;
  
  checking bit value of FromDS field, if the data frame is DATA type; and
  
  registering the transmitter address from an Address2 field of the DATA data frame, if the bit value of FromDS field is high.
17. The method of claim 16, wherein the routine executed by the processing unit, further comprising the steps of:
- determining if the received data frame is a MANAGEMENT, DATA, or CONTROL frame type;
  
  determining if the received data frame is configured for unicast transmission, if the received data frame is a DATA or MANAGEMENT type; and
  
  recording into memory duration information for m_frameAck.duration, Address 1 for m_frameAckReceiverAddr, and fameTime for m_frameAck.timestamp, if the received data frame is configured for unicast transmission.
18. The method of claim 17, further comprising the step of determining if the received data frame is an Acknowledgement, a Request to Send, a Clear to Send, or a Power_Save Poll subtype, if the received data frame is a CONTROL type.
19. The apparatus of claim 11, wherein the resolved one or more addresses comparing step executed by the processing unit, further comprises the steps of:
- determining if a match between the secured source address or the transmitter address associated with said received data frame and a user-selected filter source address parameter is present;
  
  determining if a match between the secured receiver address or the destination address associated with said receiver data frame and a user-selected filter source address is present, if the user-selected filter source address parameter matches or if no user-selected source address parameter is inputted by the user; and
  
  displaying to the user and/or storing in the memory storage device said received data frame, if either the filter source address parameter match, or the filter destination address parameter match, is present.
20. The apparatus of claim 11, wherein said resolved frame type and subtype information comparing step executed by the processing unit, further comprises the steps of:
- determining if a frame type parameter has been inputted by the user;
  
  comparing the frame type information associated with the received data frame with the frame type parameter, if inputted by the user;
  
  determining if a frame subtype parameter has been inputted by the user;
  
  comparing the frame subtype information associated with the received data frame with the frame subtype parameter, if inputted by the user;
  
  displaying to the user and/or storing in the memory storage device said received data frame, if both the frame type and subtype parameters matches with the frame type and subtype information of the received data frame.

21. A method of capturing and selectively filtering data frames transmitted between stations in a wireless communications network, the method comprising:
- establishing a direct wireless logical connection with the wireless communications network;
  
  receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  receiving frame attribute parameters inputted by a user through a user interface system;
  
  comparing frame attributes of one of the received data frames with the user-inputted frame attribute parameters;
  
  displaying to the user the data frames that match with the user-inputted frame attribute parameters; and
  
  displaying traffic stream information of at least a portion of the data frames in graphic form;
  
  wherein the comparing further includes;
  
  resolving one or more addresses associated with a received data frame;
  
  comparing said resolved one or more addresses with the user-selected frame attribute parameters;
  
  resolving frame type and subtype information associated with the received data frame; and
  
  comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters;
  
  wherein the address resolving further comprises;
  
  securing a source address associated with the received data frame;
  
  securing a destination address associated with the received data frame;
  
  securing a receiver address associated with the received data frame; and
  
  securing a transmitter address associated with the received data frame.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, further comprising storing the data frames being displayed to the user in a memory storage device.
  - 23. The method of claim 22, wherein the stored data frames include at least one time stamp.

24. A method of capturing and selectively filtering data frames transmitted between stations in a wireless communications network, the method comprising:
- establishing a direct wireless logical connection with the wireless communications network;
  
  receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  receiving frame attribute parameters inputted by a user through a user interface system;
  
  comparing frame attributes of one of the received data frames with the user-inputted frame attribute parameters;
  
  storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters; and
  
  wherein the stored data frames include at least one time stamp;
  
  wherein the comparing further includes;
  
  resolving one or more addresses associated with a received data frame;
  
  comparing said resolved one or more addresses with the user-selected frame attribute parameters;
  
  resolving frame type and subtype information associated with the received data frame; and
  
  comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters;
  
  wherein the address resolving further comprises;
  
  securing a source address associated with the received data frame;
  
  securing a destination address associated with the received data frame;
  
  securing a receiver address associated with the received data frame; and
  
  securing a transmitter address associated with the received data frame.
- View Dependent Claims (25)
- - 25. The method of claim 24, further comprising determining at least one of an address of a transmitter of the data frames and an address of a receiver of the data frames;
    - displaying at least one of the address of the transmitter and the address of the receiver; and
      
      displaying traffic stream information of at least a portion of the data frames in graphic form.

26. A network monitoring apparatus for capturing and selectively filtering data frames transmitted between stations in a wireless communications network, the apparatus comprising:
- a wireless network interface device for establishing a logical connection with a wireless communications network and capturing a plurality of data frames transmitted though the network;
  
  a user interface system comprising input and output devices for enabling a user to input and obtain information associated with the plurality of captured data frames;
  
  a memory storage device for storing the plurality of captured data frames from the wireless communications network; and
  
  a processor unit electronically connected to the network interface device, the user interface system, and the memory storage device, and being programmable to execute a routine comprising;
  
  establishing a direct wireless logical connection with the wireless communications network via the network interface device;
  
  receiving wirelessly, in real-time, data frames transmitted in the wireless communications network via the direct wireless logical connection;
  
  receiving one or more frame attribute parameters inputted by a user through the user interface system;
  
  comparing frame attributes of one of the received data frames with the user-inputted frame attribute parameters;
  
  displaying to the user and/or storing in the memory storage device, the data frames that match positively with the user-inputted frame attribute parameters, wherein the stored data frames include at least one time stamp; and
  
  displaying traffic stream information of at least a portion of the data frames in graphic form;
  
  wherein the comparing further includes;
  
  resolving one or more addresses associated with a received data frame;
  
  comparing said resolved one or more addresses with the user-selected frame attribute parameters;
  
  resolving frame type and subtype information associated with the received data frame; and
  
  comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters.

27. A network monitoring apparatus for capturing and selectively filtering data frames transmitted between stations in a wireless communications network, the apparatus comprising:
- a wireless network interface device for establishing a logical connection with a wireless communications network and capturing a plurality of data frames transmitted though the network;
  
  a user interface system comprising input and output devices for enabling a user to input and obtain information associated with the plurality of captured data frames;
  
  a memory storage device for storing the plurality of captured data frames from the wireless communications network; and
  
  a processor unit electronically connected to the network interface device, the user interface system, and the memory storage device, and being programmable to execute a routine comprising;
  
  establishing a direct wireless logical connection with the wireless communications network via the network interface device;
  
  receiving wirelessly, in real-time, data frames transmitted in the wireless communications network via the direct wireless logical connection;
  
  receiving one or more frame attribute parameters inputted by a user through the user interface system;
  
  comparing frame attributes of one of to received data frames with to user-inputted frame attribute parameters;
  
  displaying to the user the data frames that match positively with the user-inputted frame attribute parameters;
  
  storing in the memory storage device to data frames that match positively with to user-inputted frame attribute parameters, wherein to stored data frames include at least one time stamp;
  
  determining an address of a transmitter of the data frames and an address of a receiver of the data frames;
  
  displaying to address of the transmitter and the address of the receiver; and
  
  displaying traffic stream information of at least a portion of the data frames in graphic form;
  
  wherein the comparing further includes;
  
  resolving one or more addresses associated with a received data frame;
  
  comparing said resolved one or more addresses with the user-selected frame attribute parameters;
  
  resolving frame type and subtype information associated with the received data frame; and
  
  comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters.
- View Dependent Claims (28)
- - 28. The network monitoring apparatus of claim 27, wherein the wireless communications network includes an IEEE 802.11 local area network.

29. A method of capturing and selectively filtering data frames transmitted between stations in a wireless communications network, said method comprising:
- establishing a direct wireless logical connection with the wireless communications network;
  
  receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  receiving frame attribute parameters inputted by a user through a user interface system;
  
  comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters, wherein the comparing further comprises;
  
  resolving one or more addresses associated with a received data frame, wherein the address resolving further comprises;
  
  securing at least one of a media access control (MAC) address and a basic service set identifier (BSSID) associated with the received data frame, comparing said resolved one or more addresses with the user-selected frame attribute parameters, resolving frame type and subtype information associated with the received data frame, and comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters; and
  
  at least one of displaying to the user and storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters.

30. A computer program product for capturing and selectively filtering data frames transmitted between stations in a wireless communications network, said computer program product comprising:
- computer code for establishing a direct wireless logical connection with the wireless communications network;
  
  computer code for receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  computer code for receiving frame attribute parameters inputted by a user through a user interface system;
  
  computer code for comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters, wherein the comparing further comprises;
  
  resolving one or more addresses associated with a received data frame, wherein the address resolving further comprises;
  
  securing at least one of a media access control (MAC) address and a basic service set identifier (BSSID) associated with the received data frame, comparing said resolved one or more addresses with the user-selected frame attribute parameters, resolving frame type and subtype information associated with the received data frame, and comparing said resolved frame type and subtype information with the user-inputted frame attribute parameters; and
  
  computer code for at least one of displaying to the user and storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters.

31. A method of capturing and selectively filtering data frames transmitted between stations in a wireless communications network, said method comprising:
- establishing a direct wireless logical connection with the wireless communications network;
  
  receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  receiving frame attribute parameters inputted by a user through a user interface system;
  
  comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters, wherein the comparing further comprises;
  
  resolving one or more addresses associated with a received data frame, wherein the address resolving further comprises;
  
  securing a source address associated with the received data frame, securing a destination address associated with the received data frame, and securing at least one of a media access control (MAC) address and a basic service set identifier (BSSID) associated with the received data frame, and comparing said resolved one or more addresses with the user-selected frame attribute parameters; and
  
  at least one of displaying to the user and storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters.

32. A computer program product for capturing and selectively filtering data frames transmitted between stations in a wireless communications network, said computer program product comprising:
- computer code for establishing a direct wireless logical connection with the wireless communications network;
  
  computer code for receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
  
  computer code for receiving frame attribute parameters inputted by a user through a user interface system;
  
  computer code for comparing frame attributes of one of the received data frames with said user-inputted frame attribute parameters, wherein the comparing further comprises;
  
  resolving one or more addresses associated with a received data frame, wherein the address resolving further comprises;
  
  securing a source address associated with the received data frame, securing a destination address associated with the received data frame, and securing at least one of a media access control (MAC) address and a basic service set identifier (BSSID) associated with the received data frame, and comparing said resolved one or more addresses with the user-selected frame attribute parameters; and
  
  computer code for at least one of displaying to the user and storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Yildiz, Kazim Orhan, Cafarelli, Dominick Anthony
Primary Examiner(s)
Pham, Chi
Assistant Examiner(s)
Boakye, Alexander O.

Application Number

US09/875,544
Publication Number

US 20030012163A1
Time in Patent Office

986 Days
Field of Search

370/252, 370/253, 370/328, 370/338, 370/329, 370/352, 370/401, 370/465, 370/466, 370/349, 370/241, 370/312
US Class Current

370/338
CPC Class Codes

H04L 1/1607   Details of the supervisory ...

H04L 41/0803   Configuration setting

H04L 41/22   comprising specially adapte...

H04L 43/028   by filtering

H04L 69/22   Parsing or analysis of headers

H04W 24/00   Supervisory, monitoring or ...

Method and apparatus for filtering that specifies the types of frames to be captured and to be displayed for an IEEE802.11 wireless LAN

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for filtering that specifies the types of frames to be captured and to be displayed for an IEEE802.11 wireless LAN

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links