Method and apparatus for fingerprinting systems and operating systems in a network
Originating portfolio: ALU
Estimated expiration: 2034-Oct-21
Potentially relevant companies (4): Blackberry Limited, Cisco Systems, Inc., Dell Inc., Juniper Networks Inc.
Products & technologies (1): Network:Security
A system and method for identifying the number of computer hosts and types of operating systems behind a network address translation is provided. The method includes processing an internet protocol packet associated with the host computer system. The process may involve capturing the internet protocol packet and extracting key fields from the internet protocol packet to produce a fingerprint. The method continues with analyzing the fields in order to determine if a network address translator is connected between the host computer and a public network (e.g. the internet). If there is a network address translator connected, fields may be analyzed in order to determine the number of computers using the network address translator. The fields may also be analyzing in order to determine with a level of probability that the fingerprint identifies the correct operating system running the host computers. Generally, the internet protocol packet that is analyzing will be captured from an aggregation point in the carrier network.
1. A method for identifying the number of computers and types of operating systems behind a network address translator, comprising:
processing an internet protocol packet associated with at least one host computer system including capturing said internet protocol packet at a point between the at least one host computer system and a network and extracting fields from said internet protocol packet to produce a fingerprint;
analyzing said fields to determine if an associated network address translator is connected between said at least one host computer system and the point at which the internet protocol packet was captured;
if said network address translator is connected, analyzing said fields to determine the number of host computer systems behind said associated network address translator;
analyzing said fields to determine with a level of probability that said fingerprint identifies an operating system running said at least one host computer system;
recording subscriber information for subscribers associated with the at least one host computer system in a user index table; and
generating a subscriber profile from the subscriber information in the user index table if the at least one host computer system has not been previously fingerprinted.
Interested in licensing a slice of this patent? Contact us to take the next step, or read about our method to understand the logistics.