Method and system for detecting characteristics of a wireless network

US 8,078,722 B2
Filed: 04/10/2009
Issued: 12/13/2011
Est. Priority Date: 04/03/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method, performed by one or more components of a node, the method comprising:

observing, by the one or more components, a channel in a wireless network for a predetermined amount of time;

parsing, by the one or more components, a plurality of packets transmitted on the channel;

identifying, by the one or more components, protocol information in each of the plurality of parsed packets;

comparing, by the one or more components, the identified protocol information to known patterns associated with an ad hoc network; and

determining, by the one or more components and based on a result of the comparing, that the ad hoc wireless network exists.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Characteristics about one or more wireless access devices in a wireless network, whether known or unknown entities, can be determined using a system and method according to the present invention. An observation is made of the activity over a Wireless Area Network (WLAN). Based on this activity, changes in state of wireless access devices within the WLAN can be observed and monitored. These changes in state could be indicative of normal operation of the WLAN, or they may indicate the presence of an unauthorized user. In the latter case, an alert can be sent so that appropriate action may be taken. Additionally, ad hoc networks can be detected that may be connected to a wireless access point.

66 Citations

View as Search Results

17 Claims

1. A method, performed by one or more components of a node, the method comprising:
- observing, by the one or more components, a channel in a wireless network for a predetermined amount of time;
  
  parsing, by the one or more components, a plurality of packets transmitted on the channel;
  
  identifying, by the one or more components, protocol information in each of the plurality of parsed packets;
  
  comparing, by the one or more components, the identified protocol information to known patterns associated with an ad hoc network; and
  
  determining, by the one or more components and based on a result of the comparing, that the ad hoc wireless network exists.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, where the predetermined amount of time comprises less than 60 seconds.
  - 3. The method of claim 1, where the predetermined amount of time comprises approximately two seconds.
  - 4. The method of claim 1, where the protocol information comprises a device identifier for a first network device associated with the ad hoc network.
  - 5. The method of claim 4, where the device identifier is a Basic Service Set Identifier (BSSID).
  - 6. The method of claim 5, where the BSSID comprises a random number generated by a second network device of the ad hoc network.
  - 7. The method of claim 6, where the second network device is an initial member of the ad hoc network and the BSSID does not include a media access control (MAC) address for the first network device.

8. A system, comprising:
- a network device configured to;
  
  observe a channel in a wireless network for a predetermined amount of time,parse a plurality of packets transmitted on the channel,identify protocol information in each of the plurality of parsed packets,compare the identified protocol information, for a particular one of the plurality of parsed packets, to a plurality of known patterns, where the identified protocol information comprises a Basic Service Set Identifier (BSSID) of a second network device, associated with the particular parsed packet, anddetermine, based on a result of the comparing, whether the plurality of packets were transmitted over the wireless network or an ad hoc network,where the network device is further configured to determine the particular parsed packet was transmitted over the wireless network, when the BSSID corresponds to a media access control (MAC) address of the second network device, andwhere the network device is further configured to determine the particular parsed packet was transmitted over the ad hoc network, when the BSSID comprises a number of random bits.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, where the number of random bits comprise a random number generated by a third network device.
  - 10. The system of claim 9, where the third network device is an initial member of the ad hoc network and the BSSID does not include a media access control (MAC) address for the second network device.
  - 11. The system of claim 8, where the predetermined amount of time comprises less than 60 seconds.
  - 12. The system of claim 8, where the predetermined amount of time comprises approximately two seconds.
  - 13. The system of claim 8, where the network device is further configured to:
    - observe a second channel in the wireless network for the predetermined amount of time,parse a second plurality of packets transmitted on the second channel,identify second protocol information in each of the second plurality of parsed packets,compare the identified second protocol information, for a particular one of the second plurality of parsed packets, to a second plurality of known patterns, where the identified second protocol information comprises a Basic Service Set Identifier (BSSID), of a fourth network device, associated with the particular parsed packet, of the second plurality of parsed packets, anddetermine, based on a result of the comparing the second protocol information, whether the second plurality of packets were transmitted over the wireless network or a second ad hoc network,where the particular parsed packet, of the second plurality of parsed packets, was transmitted over the wireless network, when the BSSID, of the fourth network device, corresponds to a media access control (MAC) address of the fourth network device, andwhere the particular parsed packet, of the second plurality of parsed packets, was transmitted over the ad hoc network, when the BSSID, of the fourth network device, comprises a number of random bits.

14. A method comprising:
- observing, by each of a plurality of network devices, a channel in a wireless network for a predetermined amount of time;
  
  parsing, by each of the plurality of network devices, a plurality of observed packets transmitted on the channel;
  
  identifying, by each of the plurality of network devices, protocol information associated with each of the plurality of parsed packets;
  
  comparing, by each of the plurality of network devices, the identified protocol information, for a particular one of the plurality of parsed packets, to a plurality of known patterns, where the identified protocol information comprises a Basic Service Set Identifier (BSSID) of a first network device, where the first network device does not comprise one of the plurality of network devices, and the first network device is associated with the particular one of the plurality of parsed packets; and
  
  determining, by each of the plurality of network devices and based on a result of the comparing, whether the particular one of the plurality of parsed packets was transmitted over a wireless network or an ad hoc network,where the particular one of the plurality of parsed packets was transmitted over the wireless network, when the BSSID corresponds to a media access control (MAC) address of the first network device, andwhere the particular one of the plurality of parsed packets was transmitted over the ad hoc network, when the BSSID comprises a number of random bits.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, where the predetermined amount of time comprises less than 60 seconds.
  - 16. The method of claim 14, where the predetermined amount of time comprises approximately two seconds.
  - 17. The method of claim 14, where the BSSID comprises a random number generated by a second network device of the ad hoc network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ozmo Licensing LLC
Original Assignee
MCI Communications Services Incorporated (Verizon Communications Inc.)
Inventors
Harvey, Elaine, Walnock, Matthew
Primary Examiner(s)
Pich, Ponnoreay

Application Number

US12/421,841
Publication Number

US 20090300763A1
Time in Patent Office

977 Days
Field of Search

726 22- 23, 709/224, 370/254
US Class Current

709/224
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

Method and system for detecting characteristics of a wireless network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for detecting characteristics of a wireless network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links