System and method for remote monitoring in a wireless network
First Claim
1. A system comprising:
- an intrusion detection system configured to be coupled to a network having a first wireless area and a second wireless area;
the intrusion detection system configured to receive a copy of a first packet meeting a specified criteria, the intrusion detection system configured to receive the copy of the first packet from a first snoop filter of a first access point included in the first wireless access area and monitoring traffic between the first access point and a mobile device having an identity;
the intrusion detection system configured to receive a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to the second wireless access area, the intrusion detection system configured to receive the copy of the second packet from a second snoop filter of a second access point included in the second access area and monitoring traffic between the second access point and the mobile device having an identity corresponding to the identity of the mobile device when the first snoop filter monitors traffic between the first access point and the mobile device.
3 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, a method includes combining operations of a wireless access point with operations of a remote probe. An access point links a wireless client to a wireless switch. A remote probe captures wireless packets, appends radio information, and forwards packets to a remote observer for analysis. In an embodiment, the observer may provide a protocol-level debug. A system according to the technique can, for example, accomplish concurrent in-depth packet analysis of one or more interfaces on a wireless switch. The system can also, for example, augment embedded security functions by forwarding selected packets to a remote Intrusion Detection System (IDS). In an embodiment, filters on the probes may reduce overhead.
632 Citations
20 Claims
-
1. A system comprising:
-
an intrusion detection system configured to be coupled to a network having a first wireless area and a second wireless area; the intrusion detection system configured to receive a copy of a first packet meeting a specified criteria, the intrusion detection system configured to receive the copy of the first packet from a first snoop filter of a first access point included in the first wireless access area and monitoring traffic between the first access point and a mobile device having an identity; the intrusion detection system configured to receive a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to the second wireless access area, the intrusion detection system configured to receive the copy of the second packet from a second snoop filter of a second access point included in the second access area and monitoring traffic between the second access point and the mobile device having an identity corresponding to the identity of the mobile device when the first snoop filter monitors traffic between the first access point and the mobile device. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
receiving a copy of a first packet meeting a specified criteria, the copy of the first packet being received from a mobile device via a first filter of a first wireless access area, the mobile device having an associated IP address; analyzing the copy of the first packet to determine whether the mobile device is a threat; receiving a copy of a second packet meeting the specified criteria when the mobile device moves from the first wireless access area to a second wireless access area, the copy of the second packet being received from the mobile device via a second filter of the second access area, the mobile device having the associated IP address; and analyzing the copy of the second packet to determine whether the mobile device is a threat. - View Dependent Claims (5, 6, 7)
-
-
8. An apparatus, comprising:
-
an access point configured to pass wireless traffic to a network portion; the access point including a filter; the access point configured to capture a packet from the wireless traffic if the packet matches a specified criteria associated with the filter; the access point configured to send a copy of the packet, via the network portion, to an intrusion detection system for analyzing the copy of the packet. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification