System and method for remotely monitoring wireless networks

US 7,316,031 B2
Filed: 09/06/2002
Issued: 01/01/2008
Est. Priority Date: 09/06/2002
Status: Active Grant

First Claim

Patent Images

1. A system for monitoring a wireless network, comprising:

a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;

wherein each monitoring device comprises;

a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;

a packet filtering module operable to;

filter the received packets to identify any packets associated with the establishment of a communication session; and

select one or more packets identified as being associated with the establishment of a communication session for communication to the centralized security manager; and

a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and

wherein the centralized security manager comprises;

a packet collection module operable to receive the one or more selected packets communicated from each monitoring device;

a packet analysis module operable to;

analyze the one or more packets; and

determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device; and

an alert module operable to communicate an alert if the particular communication session is not valid;

wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and

the centralized security manager further comprises a countermeasure module operable to prevent the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for monitoring a wireless network is provided. The system includes a security network including a plurality of monitoring devices coupled to a centralized security manager. The security network is operable to manage access to a data network associated with a plurality of authorized devices. Each monitoring device is operable to receive packets communicated from one or more wireless device and communicate one or more of the packets to the centralized security manager. Each packet is associated with a communication session. The centralized security manager is operable to receive and analyze the one or more packets communicated from each monitoring device. The centralized security manager is further operable to determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device, and to communicate an alert if the particular communication session is not valid.

141 Citations

45 Claims

1. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
  
  wherein each monitoring device comprises;
  
  a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;
  
  a packet filtering module operable to;
  
  filter the received packets to identify any packets associated with the establishment of a communication session; and
  
  select one or more packets identified as being associated with the establishment of a communication session for communication to the centralized security manager; and
  
  a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and
  
  wherein the centralized security manager comprises;
  
  a packet collection module operable to receive the one or more selected packets communicated from each monitoring device;
  
  a packet analysis module operable to;
  
  analyze the one or more packets; and
  
  determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device; and
  
  an alert module operable to communicate an alert if the particular communication session is not valid;
  
  wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and
  
  the centralized security manager further comprises a countermeasure module operable to prevent the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the packet analysis module of the centralized security manager is further operable to determine whether the particular communication session is a new session or an existing session based on the analysis of the at least one particular packet.
  - 3. The system of claim 1, wherein the centralized security manager further comprises a countermeasure module operable to direct the wireless device to a honey pot if the particular wireless device is not one of the plurality of authorized devices.
  - 4. The system of claim 1, wherein the centralized security manager further comprises a countermeasure module operable to update a session database based on the determination of whether the particular communication session is valid.

5. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
  
  wherein each monitoring device comprises;
  
  a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;
  
  a packet filtering module operable to;
  
  filter the received packets to identify any packets associated with the establishment of a communication session; and
  
  select one or more packets identified as being associated with the establishment of a communication session for communication to the centralized security manager; and
  
  a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and
  
  wherein the centralized security manager comprises;
  
  a packet collection module operable to receive the one or more selected packets communicated from each monitoring device;
  
  a packet analysis module operable to;
  
  analyze the one or more packets; and
  
  determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with a particular wireless device; and
  
  an alert module operable to communicate an alert if the particular communication session is not validwherein;
  
  the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network;
  
  the packet analysis module of the centralized security manager is further operable to determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and
  
  the packet analysis module of the centralized security manager is operable to determine whether the particular wireless device is one of the plurality of authorized devices by;
  
  determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and
  
  determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless client is one of the plurality of authorized wireless clients at least by:
    - determining the manufacturer of the wireless client; and
      
      determining whether the manufacturer of the wireless client matches the manufacturer of at least one of the plurality of authorized wireless clients.
  - 7. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless client is one of the plurality of authorized wireless clients at least by determining whether the wired equivalency privacy (WEP) associated with the wireless client is turned on.
  - 8. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless client is one of the plurality of authorized wireless clients at least by determining whether the MAC address of the wireless client matches the MAC address of any of the plurality of authorized wireless clients.
  - 9. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless access point is one of the plurality of authorized wireless access points at least by:
    - determining the manufacturer of the wireless access point; and
      
      determining whether the manufacturer of the wireless access point matches the manufacturer of at least one of the plurality of authorized wireless access points.
  - 10. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless access point is one of the plurality of authorized wireless access points at least by determining whether the wired equivalency privacy (WEP) associated with the wireless access point is turned on.
  - 11. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless access point is one of the plurality of authorized wireless access points at least by determining whether the MAC address of the wireless access point matches the MAC address of any of the plurality of authorized wireless access points.
  - 12. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless access point is one of the plurality of authorized wireless access points at least by determining whether the service set identifier (SSIID) of the wireless access point matches the service set identifier of each of the plurality of authorized wireless access points.
  - 13. The system of claim 5, wherein the packet analysis module of the centralized security manager is operable to determine whether the wireless access point is one of the plurality of authorized wireless access points at least by determining whether the wireless access point is broadcasting packets.

14. A method of monitoring a wireless network, comprising:
- receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network associated with a plurality of authorized devices;
  
  wherein the one or more packets are associated with a communication session;
  
  filtering the one or more received packets to identify any packets associated with the establishment of a communication session;
  
  selecting at least one particular packet associated with the establishment of a communication session for communication to the centralized security manager;
  
  communicating at least one particular packet of the one or more packets to a centralized manager coupled to each of the plurality of monitoring devices;
  
  analyzing the at least one particular packet;
  
  determining whether the communication session is valid based on the analysis of the at least one particular packet;
  
  communicating an alert if the communication session is not valid;
  
  directing the wireless device to a honey pot if the communication session is not valid.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network;
    - andwherein the method further comprises preventing the wireless device access to the network via each of the plurality of wireless access points if the communication session is not valid.
  - 16. The method of claim 14, further comprising determining whether the communication session is a new session or an existing session based on the analysis of the at least one particular packet.
  - 17. The method of claim 14, further comprising updating a session database associated with the centralized security manager based on the determination of whether the communication session is valid.

18. A method of monitoring a wireless network, comprising:
- receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network associated with a plurality of authorized devices;
  
  wherein the one or more packets are associated with a communication session;
  
  filtering the one or more received packets to identify any packets associated with the establishment of a communication session;
  
  selecting at least one particular packet associated with the establishment of a communication session for communication to the centralized security manager;
  
  communicating at least one particular packet of the one or more packets to a centralized manager coupled to each of the plurality of monitoring devices;
  
  analyzing the at least one particular packet;
  
  determining whether the communication session is valid based on the analysis of the at least one particular packet; and
  
  communicating an alert if the communication session is not valid, wherein the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and
  
  wherein the method further comprises;
  
  determining whether the wireless device is a wireless access point or a wireless client based on the analysis of the at least one data packet; and
  
  wherein determining whether the communication session is valid comprises;
  
  if the wireless device is a wireless access point, determining whether the wireless access point is one of the plurality of authorized wireless access points; and
  
  if the wireless device is a wireless client, determining whether the wireless client is one of the plurality of authorized wireless clients.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method of claim 18, wherein determining whether the wireless client is one of the plurality of authorized wireless clients comprises:
    - determining the manufacturer of the wireless client; and
      
      determining whether the manufacturer of the wireless client matches the manufacturer of at least one of the plurality of authorized wireless clients.
  - 20. The method of claim 18, wherein determining whether the wireless client is one of the plurality of authorized wireless clients comprises determining whether the wired equivalency privacy (WEP) associated with the wireless client is turned on.
  - 21. The method of claim 18, wherein determining whether the wireless client is one of the plurality of authorized wireless clients comprises determining whether the MAC address of the wireless client matches the MAC address of any of the plurality of authorized wireless clients.
  - 22. The method of claim 18, wherein determining whether the wireless access point is one of the plurality of authorized wireless access points comprises:
    - determining the manufacturer of the wireless access point; and
      
      determining whether the manufacturer of the wireless access point matches the manufacturer of at least one of the plurality of authorized wireless access points.
  - 23. The method of claim 18, wherein determining whether the wireless access point is one of the plurality of authorized wireless access points comprises determining whether the wired equivalency privacy (WEP) associated with the wireless access point is turned on.
  - 24. The method of claim 18, wherein determining whether the wireless access point is one of the plurality of authorized wireless access points comprises determining whether the MAC address of the wireless access point matches the MAC address of any of the plurality of authorized wireless access points.
  - 25. The method of claim 18, wherein determining whether the wireless access point is one of the plurality of authorized wireless access points comprises determining whether the service set identifier (SSIID) of the wireless access point matches the service set identifier of each of the plurality of authorized wireless access points.
  - 26. The method of claim 18, wherein determining whether the wireless access point is one of the plurality of authorized wireless access points comprises determining whether the wireless access point is broadcasting packets.

27. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
  
  wherein each monitoring device comprises;
  
  a packet sniffing module operable to receive packets communicated from one or more wireless device;
  
  a packet filtering module operable to;
  
  filter the received packets to identify any packets associated with the establishment of a communication session; and
  
  select one or more of the identified packets associated with the establishment of a communication session for communication to the centralized security manager; and
  
  a packet routing module operable to communicate one or more of the selected packets to the centralized security manager; and
  
  wherein the centralized security manager comprisesa packet collection module operable to receive the one or more selected packets communicated from each monitoring device;
  
  a packet analysis module operable to;
  
  analyze the one or more packets; and
  
  determine based on the analysis of at least one particular packet associated with a particular wireless device whether the particular wireless device is one of the plurality of authorized devices; and
  
  an alert module operable to communicate an alert if the particular wireless device is not one of the plurality of authorized devices;
  
  wherein the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network;
  
  the packet analysis module of the centralized security manager is further operable to determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and
  
  the packet analysis module of the centralized security manager is operable to determine whether the particular wireless device is one of the plurality of authorized devices by;
  
  determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and
  
  determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client.

28. A method of monitoring a wireless network, comprising:
- receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network comprising a plurality of authorized wireless access points and a plurality of authorized wireless clients;
  
  filtering the one or more received packets to identify any packets associated with the establishment of a communication session;
  
  selecting one or more of the identified packets associated with the establishment of a communication session for communication to the centralized manager;
  
  communicating at least one particular packet of the one or more selected packets to a centralized manager coupled to each of the plurality of monitoring devices;
  
  analyzing the at least one particular packet;
  
  determining whether the wireless device is one of the plurality of authorized devices based on the analysis of the at least one particular packet;
  
  communicating an alert if the wireless device is not one of the plurality of authorized devicesdetermining whether the wireless device is a wireless access point or a wireless client based on the analysis of the at least one data packet; and
  
  wherein determining whether the wireless device is one of the plurality of authorized devices comprises;
  
  if the wireless device is a wireless access point, determining whether the wireless access point is one of the plurality of authorized wireless access points; and
  
  if the wireless device is a wireless client, determining whether the wireless client is one of the plurality of authorized wireless clients.

29. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
  
  wherein each monitoring device comprises;
  
  a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;
  
  a packet filtering module operable to select one or more of the received packets to be analyzed;
  
  a packet routing module operable to;
  
  determine whether the selected packets are to be analyzed locally or by the centralized security manager based on whether a wireless connection is available between the monitoring device and the centralized security manager; and
  
  communicate the selected packets to the centralized security manager if it is determined that the wireless connection is available;
  
  a packet analysis module operable to;
  
  analyze the selected packets if it is determined that the selected packets are to be analyzed locally; and
  
  determine whether the communication session is valid based on the analysis of the selected packets;
  
  a local alert module operable to;
  
  store a record regarding the communication session if it is determined by the monitoring device that the communication session is valid; and
  
  communicate the record regarding the communication session to the centralized security manager; and
  
  wherein the centralized security manager is further operable to update a central session database based on the record regarding the communication session; and
  
  wherein the centralized security manager comprises;
  
  a packet collection module operable to receive the selected packets from the monitoring device if it is determined that the selected packets are to be analyzed by the centralized security manager; and
  
  a packet analysis module operable to;
  
  analyze the received selected packets; and
  
  determine whether the communication session is valid based on the analysis of the received selected packets.
- View Dependent Claims (30, 31)
- - 30. The system of claim 29, wherein:
    - each monitoring device further comprises a local session database operable to store a record regarding a particular communication session if the monitoring device determines whether or not the particular communication session is valid; and
      
      the centralized security manager is further operable to update a central session database based on the determination of whether the particular communication session is valid.
  - 31. The system of claim 29, wherein each monitoring device further comprises an local alert module operable to:
    - communicate an alert if it is determined by the monitoring device that the communication session is not valid;
      
      store a record of the alert communicated from the monitoring device; and
      
      communicate the record of the alert to the centralized security manager.

32. A method of monitoring a wireless network, comprising:
- receiving packets communicated from a wireless device at one of a plurality of monitoring devices, the one or more packets being associated with a communication session;
  
  selecting one or more of the received packets to be analyzed;
  
  determining whether the selected packets are to be analyzed by the monitoring device or by a centralized manager coupled to each of the plurality of monitoring devices based on whether a wireless connection is available between the monitoring device and the centralized manager;
  
  if it is determined that the selected packets are to be analyzed by the monitoring device;
  
  analyzing the selected packets by the monitoring device; and
  
  determining whether the communication session is valid based on the analysis of the selected packets; and
  
  if it is determined that the selected packets are to be analyzed by the centralized security manager;
  
  communicating the selected packets to the centralized security manager;
  
  analyzing the selected packets by the centralized security manager; and
  
  determining whether the communication session is valid based on the analysis of the received selected packets; and
  
  storing a record regarding the communication session if it is determined by the monitoring device that the communication session is valid;
  
  communicating the record regarding the communication session to the centralized security manager; and
  
  updating a session database associated with the centralized security manager based on the record regarding the communication session.
- View Dependent Claims (33, 34)
- - 33. The method of claim 32, further comprising updating a session database associated with the centralized security manager based on the determination of whether the communication session is valid.
  - 34. The method of claim 32, further comprising:
    - communicating an alert from the monitoring device if it is determined by the monitoring device that the communication session is not valid;
      
      storing a record of the alert communicated from the monitoring device; and
      
      communicating the record of the alert to the centralized security manager.

35. Software for monitoring a wireless network, the software being embodied in computer-readable media and when executed operable to:
- receive one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to monitor at least a portion of a network associated with a plurality of authorized devices;
  
  wherein the one or more packets are associated with a communication session;
  
  filtering the one or more received packets to identify any packets associated with the establishment of a communication session;
  
  selecting at least one particular packet associated with the establishment of a communication session for communication to the centralized security manager;
  
  communicate at least one particular packet of the one or more selected packets to a centralized manager coupled to each of the plurality of monitoring devices;
  
  analyze the at least one particular packet;
  
  determine whether the communication session is valid based on the analysis of the at least one particular packet; and
  
  generate an alert if the communication session is not valid,wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network, andwherein the software, when executed, is further operable to prevent the wireless device access to the network via each of the plurality of wireless access points if the communication session is not valid.

36. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
  
  wherein each monitoring device comprises;
  
  a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;
  
  a packet filtering module operable to identify one or more packets associated with the establishment of a communication session;
  
  a packet analysis module operable to;
  
  analyze the one or more packets associated with the establishment of a communication session; and
  
  determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with the establishment of a communication session;
  
  an alert module operable to communicate an alert if the particular communication session is not valid; and
  
  a countermeasure module operable to update a session database based on the determination of whether the particular communication session is valid.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The system of claim 36, wherein the packet analysis module is further operable to determine whether the particular communication session is a new session or an existing session based on the analysis of the at least one particular packet.
  - 38. The system of claim 36, wherein:
    - the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network; and
      
      each monitoring device further comprises a countermeasure module operable to prevent the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.
  - 39. The system of claim 36, wherein:
    - the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network;
      
      the packet analysis module is further operable to;
      
      determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and
      
      determine whether the particular wireless device is one of the plurality of authorized devices by;
      
      determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and
      
      determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client.
  - 40. The system of claim 36, wherein the packet analysis module is further operable to determine whether the wireless device is one of a plurality of authorized wireless devices by performing at least one of the following:
    - determining the manufacturer of the wireless device and determining whether the manufacturer of the wireless device matches the manufacturer of at least one of the plurality of authorized wireless devices;
      
      determining whether the wired equivalency privacy (WEP) associated with the wireless device is turned on;
      
      determining whether the MAC address of the wireless device matches the MAC address of any of the plurality of authorized wireless devices;
      
      determining whether the service set identifier (SSID) of the wireless device matches the service set identifier of each of the plurality of authorized wireless devices; and
      
      determining whether the wireless device is broadcasting packets.

41. A method for monitoring a wireless network, comprising:
- receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to manage access to a data network associated with a plurality of authorized devices;
  
  filtering the one or more received packets, at the monitoring device, to identify any packets associated with the establishment of a communication session;
  
  analyzing at least one particular packet identified as being associated with the establishment of a communication session;
  
  determining whether the communication session is valid based on the analysis of the at least one particular packet associated with the establishment of a communication session;
  
  communicating an alert if the communication session is not valid and; and
  
  determining whether the particular communication session is a new session or an existing session based on the analysis of the at least one particular packet.
- View Dependent Claims (42, 43)
- - 42. The method of claim 41, wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network, the method further comprising preventing the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.
  - 43. The method of claim 41, further comprising determining whether the wireless device is one of a plurality of authorized wireless devices by performing at least one of the following:
    - determining the manufacturer of the wireless device and determining whether the manufacturer of the wireless device matches the manufacturer of at least one of the plurality of authorized wireless devices;
      
      determining whether the wired equivalency privacy (WEP) associated with the wireless device is turned on;
      
      determining whether the MAC address of the wireless device matches the MAC address of any of the plurality of authorized wireless devices;
      
      determining whether the service set identifier (SSID) of the wireless device matches the service set identifier of each of the plurality of authorized wireless devices; and
      
      determining whether the wireless device is broadcasting packets.

44. A system for monitoring a wireless network, comprising:
- a security network including a plurality of monitoring devices coupled to a centralized security manager, the security network operable to manage access to a data network associated with a plurality of authorized devices;
  
  wherein each monitoring device comprises;
  
  a packet sniffing module operable to receive packets communicated from one or more wireless device, each packet associated with a communication session;
  
  a packet filtering module operable to identify one or more packets associated with the establishment of a communication session;
  
  a packet analysis module operable to;
  
  analyze the one or more packets associated with the establishment of a communication session; and
  
  determine whether a particular communication session is valid based on the analysis of at least one particular packet associated with the establishment of a communication session;
  
  an alert module operable to communicate an alert if the particular communication session is not valid,wherein the plurality of authorized devices includes a plurality of wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network;
  
  the packet analysis module is further operable to;
  
  determine whether the particular wireless device is a wireless access point or a wireless client based on the analysis of the at least one particular packet; and
  
  determine whether the particular wireless device is one of the plurality of authorized devices by;
  
  determining whether the wireless access point is one of the plurality of authorized wireless access points if the particular wireless device is a wireless access point; and
  
  determining whether the wireless client is one of the plurality of authorized wireless clients if the particular wireless device is a wireless client.

45. A method for monitoring a wireless network, comprising:
- receiving one or more packets communicated from a wireless device at one of a plurality of monitoring devices operable to manage access to a data network associated with a plurality of authorized devices;
  
  filtering the one or more received packets, at the monitoring device, to identify any packets associated with the establishment of a communication session;
  
  analyzing at least one particular packet identified as being associated with the establishment of a communication session;
  
  determining whether the communication session is valid based on the analysis of the at least one particular packet associated with the establishment of a communication session; and
  
  communicating an alert if the communication session is not valid,wherein the plurality of authorized devices includes a plurality of authorized wireless access points and a plurality of authorized wireless clients, each of the wireless access points operable to provide one or more of the authorized wireless clients access to the data network, the method further comprising preventing the wireless device access to the data network via each of the plurality of wireless access points if the wireless device is not one of the plurality of authorized devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Financial Corporation
Inventors
Griffith, Terry A., Moran, Stephen M., Bragg, John M.
Primary Examiner(s)
ZIA, SYED

Application Number

US10/236,633
Publication Number

US 20040049699A1
Time in Patent Office

1,943 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 69/22   Parsing or analysis of headers

H04W 12/122   Counter-measures against at...

H04W 24/00   Supervisory, monitoring or ...

H04W 74/00   Wireless channel access

System and method for remotely monitoring wireless networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remotely monitoring wireless networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links