Method for detecting hosts behind network address translators
First Claim
Patent Images
1. A method for counting hosts behind a network address translator in a network using a network device that is not behind the network address translator and using a protocol defining packets with identifiers, comprising:
- reading a plurality of the identifiers that each include an internet protocol identification field read from an internet protocol header of a packet of a plurality of the packets transmitted from the network address translator, wherein the internet protocol identification field is adapted for fragment reassembly and is not an address;
forming a plurality of subsets of the packets based on the identifiers;
automatically adding packets having an internet protocol identification value of zero to a nonmatching subset selected from the plurality of subsets of the packets;
counting the plurality of subsets of the packets to determine a count of the plurality of subsets of the packets, wherein the plurality of subsets of the packets includes the nonmatching subset; and
reporting a determined count of the hosts behind the network address translator, wherein the determined count of the hosts is the count of the plurality of subsets of packets.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a method and apparatus for counting the number of active hosts behind network address translation boxes. The technique is based on the observation that on many operating systems, the IP header'"'"'s ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined.
19 Citations
40 Claims
-
1. A method for counting hosts behind a network address translator in a network using a network device that is not behind the network address translator and using a protocol defining packets with identifiers, comprising:
-
reading a plurality of the identifiers that each include an internet protocol identification field read from an internet protocol header of a packet of a plurality of the packets transmitted from the network address translator, wherein the internet protocol identification field is adapted for fragment reassembly and is not an address; forming a plurality of subsets of the packets based on the identifiers; automatically adding packets having an internet protocol identification value of zero to a nonmatching subset selected from the plurality of subsets of the packets; counting the plurality of subsets of the packets to determine a count of the plurality of subsets of the packets, wherein the plurality of subsets of the packets includes the nonmatching subset; and reporting a determined count of the hosts behind the network address translator, wherein the determined count of the hosts is the count of the plurality of subsets of packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for determining a number of hosts behind a network address translator in a network using a network device that is not behind the network address translator and using a packet protocol defining a header with an identification string, comprising:
-
reading an identification string from a packet header of a packet transmitted from the network address translator, wherein the identification string is an internet protocol identification field, which is not an address and is adapted for fragment reassembly; comparing the identification string with at least one series of identification strings formed from a plurality of previously read identification strings; if the identification string matches one of the at least one series of identification strings, adding the identification string to the at least one series of identification strings, otherwise, starting a new series with the identification string; automatically adding packets having an internet protocol identification value of zero to a nonmatching series selected from the at least one series of identification strings; counting the at least one series of identification strings to determine a count of the at least one series of identification strings, wherein the count of the at least one series of identification strings is the number of hosts behind the network address translator, wherein the at least one series of identification strings includes the nonmatching series; and reporting the number of hosts behind the network address translator. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method for determining a number of hosts behind a network address translator in a network using a network device that is not behind the network address translator and using a packet protocol defining a connection identifier and a header with an internet protocol identification field, comprising:
-
reading a connection identifier and the internet protocol identification field from a packet transmitted from the network address translator, wherein the internet protocol identification field is adapted for fragment reassembly and is not an address; based on the connection identifier, placing the packet in a group containing other packets transmitted over a common connection; based on identification strings of packets, coalescing the group with at least one other group originating from a common host, to form a plurality of series of packets; automatically adding packets having an internet protocol identification value of zero to a nonmatching series selected from the plurality of series of packets; counting the plurality of series of packets to determine a count of the plurality of series of packets, wherein the count of the plurality of series of packets is the number of hosts behind the network address translator, wherein the plurality of series of packets includes the nonmatching series; and reporting the number of hosts behind the network address translator. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
Specification