Method and system for detecting characteristics of a wireless network
First Claim
1. A method, performed by one or more components of a node in a wireless network, the method comprising:
- detecting, by the one or more components, a first packet associated with a wireless access device and transmitted via the wireless network;
determining, by the one or more components, a type of the first packet;
determining, by the one or more components, an identity of at least one device in communication with the wireless access device;
defining, by the one or more components, a first state of operation, of the wireless access device, corresponding to the type of the first packet and the identity of the at least one device;
detecting, by the one or more components, a second packet associated with the wireless access device and transmitted via the wireless network;
determining, by the one or more components, a type of the second packet;
determining, by the one or more components, one or more source devices and/or one or more destination devices of the second packet;
defining, by the one or more components, a current state of operation, of the wireless access device, corresponding to the type of the second packet and the one or more source devices and/or the one or more destination devices;
identifying, by the one or more components and when the first state of operation differs from the current state of operation, a state change for the wireless access device; and
generating, by the one or more components, an event notification indicating the identified state change.
7 Assignments
0 Petitions
Accused Products
Abstract
Characteristics about one or more wireless access devices in a wireless network, whether known or unknown entities, can be determined using a system and method according to the present invention. An observation is made of the activity over a Wireless Area Network (WLAN). Based on this activity, changes in state of wireless access devices within the WLAN can be observed and monitored. These changes in state could be indicative of normal operation of the WLAN, or they may indicate the presence of an unauthorized user. In the latter case, an alert can be sent so that appropriate action may be taken. Additionally, ad hoc networks can be detected that may be connected to a wireless access point.
-
Citations
20 Claims
-
1. A method, performed by one or more components of a node in a wireless network, the method comprising:
-
detecting, by the one or more components, a first packet associated with a wireless access device and transmitted via the wireless network; determining, by the one or more components, a type of the first packet; determining, by the one or more components, an identity of at least one device in communication with the wireless access device; defining, by the one or more components, a first state of operation, of the wireless access device, corresponding to the type of the first packet and the identity of the at least one device; detecting, by the one or more components, a second packet associated with the wireless access device and transmitted via the wireless network; determining, by the one or more components, a type of the second packet; determining, by the one or more components, one or more source devices and/or one or more destination devices of the second packet; defining, by the one or more components, a current state of operation, of the wireless access device, corresponding to the type of the second packet and the one or more source devices and/or the one or more destination devices; identifying, by the one or more components and when the first state of operation differs from the current state of operation, a state change for the wireless access device; and generating, by the one or more components, an event notification indicating the identified state change. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a network device to; detect a first packet identifying a wireless access device; determine a type of the first packet; determine at least one device in communication with the wireless access device via a wireless network; define, based on the at least one device and the type of the first packet, a first state of a session between the wireless access device and the at least one device; detect a plurality of packets associated with the wireless access device; determine types of the plurality of packets; determine sources and/or destinations of the plurality of packets; determine that a state change has occurred, from the first state, when at least one of the types of the plurality of packets differs from the type of the first packet or the sources or the destinations comprise devices other than the at least one device; and generate an event notification of the state change. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium storing computer program comprising:
-
instructions to define a first operational state associated with a wireless access device based on a first type of a packet detected via the wireless network and at least one destination network device and/or source network device for the packet; instructions to monitor a plurality of packets transmitted by the wireless access device and/or received at the wireless access device; instructions to determine that a state change from a first operational state has occurred when a destination network device and/or a source network device, other than the at least one destination network device and/or the source network device is identified based on the observation; instructions to determine that a state change from the first operational state has occurred when a second type of packet that differs from the first type of packet is identified based on the observation; instructions to define, using information indicative of the state change, a second operational state; and instructions to generate an event notification indicating the state change. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification