System and method for remote monitoring in a wireless network

US 8,218,449 B2
Filed: 07/09/2009
Issued: 07/10/2012
Est. Priority Date: 10/13/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an intrusion detection system configured to be coupled to a network having a first wireless area and a second wireless area;

the intrusion detection system configured to receive a copy of a first packet meeting a specified criteria, the intrusion detection system configured to receive the copy of the first packet from a first snoop filter of a first access point included in the first wireless access area and monitoring traffic between the first access point and a mobile device having an identity;

the intrusion detection system configured to receive a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to the second wireless access area, the intrusion detection system configured to receive the copy of the second packet from a second snoop filter of a second access point included in the second access area and monitoring traffic between the second access point and the mobile device having an identity corresponding to the identity of the mobile device when the first snoop filter monitors traffic between the first access point and the mobile device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, a method includes combining operations of a wireless access point with operations of a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for analysis. In an embodiment, the observer may provide a protocol-level debug. A system according to the technique can, for example, accomplish concurrent in-depth packet analysis of one or more interfaces on a wireless switch. The system can also, for example, augment embedded security functions by forwarding selected packets to a remote Intrusion Detection System (IDS). In an embodiment, filters on the probes may reduce overhead.

632 Citations

20 Claims

1. A system comprising:
- an intrusion detection system configured to be coupled to a network having a first wireless area and a second wireless area;
  
  the intrusion detection system configured to receive a copy of a first packet meeting a specified criteria, the intrusion detection system configured to receive the copy of the first packet from a first snoop filter of a first access point included in the first wireless access area and monitoring traffic between the first access point and a mobile device having an identity;
  
  the intrusion detection system configured to receive a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to the second wireless access area, the intrusion detection system configured to receive the copy of the second packet from a second snoop filter of a second access point included in the second access area and monitoring traffic between the second access point and the mobile device having an identity corresponding to the identity of the mobile device when the first snoop filter monitors traffic between the first access point and the mobile device.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein the intrusion detection system is configured to be coupled to the network providing a Layer 2 path for Layer 3 traffic.
  - 3. The system of claim 1, wherein the identity includes a Layer 3 attribute.

4. A method comprising:
- receiving a copy of a first packet meeting a specified criteria, the copy of the first packet being received from a mobile device via a first filter of a first wireless access area, the mobile device having an associated IP address;
  
  analyzing the copy of the first packet to determine whether the mobile device is a threat;
  
  receiving a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to a second wireless access area, the copy of the second packet being received from the mobile device via a second filter of the second access area, the mobile device having the associated IP address; and
  
  analyzing the copy of the second packet to determine whether the mobile device is a threat.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, wherein the copy of the first packet is encapsulated with TZSP prior to receiving the copy of the first packet.
  - 6. The method of claim 4, wherein the copy of the first packet is decrypted so that a header associated with the packet is readable even if the header indicates encrypted data.
  - 7. The method of claim 4, further comprising decoding encrypted data and reporting accurate signal strength measurements.

8. An apparatus, comprising:
- an access point configured to pass wireless traffic to a network portion;
  
  the access point including a filter;
  
  the access point configured to capture a packet from the wireless traffic if the packet matches a specified criteria associated with the filter;
  
  the access point configured to send a copy of the packet, via the network portion, to an intrusion detection system for analyzing the copy of the packet.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 9. The system of claim 8, wherein the intrusion detection system is remote with respect to the access point.
  - 10. The system of claim 8, wherein the access point is configured to append radio information to the copy of the packet.
  - 11. The system of claim 8, wherein the access point is a first access point, the system further comprising a second access point, the first access point to the second access point collectively configured to pass a mobile device with subnet mobility.
  - 12. The system of claim 8, wherein the access point is configured to be coupled to the instruction detection system disposed in a workstation.
  - 13. The system of claim 8, wherein the access point includes at least one radio interface configured to receive the wireless traffic.
  - 14. The system of claim 8, wherein the access point includes a radio interface mapped to the filter.
  - 15. The system of claim 8, wherein the access point is configured to decrypt the packet such that the payload is readable even if a header indicates encrypted data.
  - 16. The system of claim 8, wherein the access point includes a radio interface configured to pass the wireless traffic, the access point includes a monitor configured to capture the packet.
  - 17. The system of claim 8, wherein the access point includes a persistent monitor.
  - 18. The system of claim 8, wherein the filter includes at least one parameter of Basic Service Set Identifier (BSSID), a channel identifier, a media access control (mac) address, and a frame-type.
  - 19. The system of claim 8, wherein the filter is non-persistently enabled/disabled.
  - 20. The system of claim 8, wherein the packet is an 802.11 packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Original Assignee
Trapeze Networks Incorporated (Juniper Networks Incorporated)
Inventors
Taylor, Ron
Primary Examiner(s)
Bhattacharya, Sam

Application Number

US12/500,392
Publication Number

US 20090274060A1
Time in Patent Office

1,097 Days
Field of Search

370/232, 370/252, 370/338, 370/352, 370/389, 455/410, 455/411, 726/5, 726/12, 726/25
US Class Current

370/252
CPC Class Codes

H04L 43/12   Network monitoring probes

H04L 43/18   Protocol analysers

H04L 63/1408   by monitoring network traff...

H04W 24/00   Supervisory, monitoring or ...

H04W 24/06   Testing, supervising or mon...

System and method for remote monitoring in a wireless network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

632 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for remote monitoring in a wireless network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

632 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links