Browse Prior Art Database

Method and Apparatus to work with beacon packet depending on network status

IP.com Disclosure Number: IPCOM000214379D
Publication Date: 2012-Jan-24
Document File: 4 page(s) / 53K

Publishing Venue

The IP.com Prior Art Database

Abstract

Described are the method and apparatus to work with beacon packet and capture network data automatically based on network-related incidents.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 41% of the total text.

Page 01 of 4

Method and Apparatus to work with beacon packet depending on network status

Abstract:


Described are the method and device to work with beacon packet and capture network data automatically based on network-related incidents. It will help administrators to analyze these incidents by reviewing captured data efficiently and establish action plan to resolve them in a timely manner.

Backgraound:


Once network-related incidents such as network connectivity issue or cyber attacks occurred, administrator needs to investigate a root cause and take immediate action. Existing network switches do not have sufficient capability to capture network data around the time of incident because buffer space to save data is limited and wraps around sometimes.

Description:

In this invention disclosed are the method and apparatus to work with beacon packet sent from client system based on network-related events.

The invention consists of following components.


1) client system to monitor the status of target network


Client system sends special beacon packet with several parameters to target network.

For convenience' sake the network switch that receives beacon packet first is called as 'master switch' which is described in 3) later.

Client system could be laptop PC, smartphone etc.


2) Beacon packet sent from client system


Beacon packet has several parameters that will change depending on the network status.

Beacon packet has following parameters.

(case A) network connectivity issue


In this scenario, beacon packets are sent continuously to master switch at specific interval.
- debug flag
When client system detects network connectivity issue to a target server for a specific period, debug flag changes to 'enabled' from 'disabled'. By receiving beacon packet with debug flag 'enabled', network switches change own behavior.

When the first beacon packet is sent to master switch from client system, two parameters below are set. These parameters are also sent to member switches by beacon packet that are described in 3).
- 'no response' time
This is the time to judge the network connection issue occurred. In other words, debug flag will not change to 'enabled' until 'no response' time elapses.
- interval to collect switch logs in buffer of switch

1


Page 02 of 4

This is the interval to collect switch logs and save them in buffer. Switch logs can be event log, L2/L3 table, CPU/memory usage etc.

(case B) cyber attacks


In this scenario beacon packet is sent to master switch when security level changes to 'MIDDLE' or 'HIGH'.
- security level (LOW, MIDDLE, HIGH)

Security level in beacon packet will change step by step depending on security status of client system. When there are no problems on security, the security level is still 'LOW'. When client system gets cyber attacks like port scan attack or does not have security patches applied appropriately, the security level is changed to 'MIDDLE'. If client system stays at security level 'MIDDLE' , and user does not take any acti...