US20120047253A1 - Network topology detection using a server - Google Patents

Network topology detection using a server Download PDF

Info

Publication number
US20120047253A1
US20120047253A1 US13/285,694 US201113285694A US2012047253A1 US 20120047253 A1 US20120047253 A1 US 20120047253A1 US 201113285694 A US201113285694 A US 201113285694A US 2012047253 A1 US2012047253 A1 US 2012047253A1
Authority
US
United States
Prior art keywords
client computer
network
computer
online service
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/285,694
Inventor
Neeraj Garg
Anatoliy Panasyuk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US13/285,694 priority Critical patent/US20120047253A1/en
Publication of US20120047253A1 publication Critical patent/US20120047253A1/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • H04L12/4625Single bridge functionality, e.g. connection of two networks over a single bridge

Definitions

  • the Internet has made large amounts of information available to computer users. For many users, access to this information has become essential. Yet connecting a private network to the Internet can expose critical data to attack from anywhere in the world. Users who connect a computer to the Internet need to be aware of these dangers and how to protect their data and systems. Many users set up a firewall to help monitor and defend their computer from Internet attacks. However, configuring appropriate firewall security settings can be difficult for some users.
  • Some applications allow a user to select different firewall security settings for public vs. private networks.
  • the firewall software When a new connection is detected, the firewall software will typically prompt the user to specify whether it is a private or public network. The firewall software then configures the firewall to low or high security based on the user's response.
  • Various technologies and techniques are disclosed for automatically detecting whether a computer is connected to a public or private network.
  • Data is received from a trusted online service to help determine a local network type to which a client computer is connected.
  • the data is analyzed to generate an answer as to the local network type that the client computer is connected to.
  • heuristics can be analyzed in addition to information from the trusted online service to help determine the local network type.
  • the local network type is automatically set for the client computer.
  • Trace route information is received from a first client computer and from a second client computer.
  • the trace route information and/or other information from the first client computer and the second client computer are analyzed to generate a merged view.
  • the merged view is further analyzed so a determination can be made as to whether or not the first client computer and the second client computer are located on a same local area network.
  • FIG. 2 is a high-level process flow diagram for one implementation that illustrates the stages involved in determining whether a local network to which a computer is connected is a public or private network.
  • FIG. 3 is a diagrammatic view of some exemplary data collection steps and/or tests that can be performed to determine whether a local network to which a computer is connected to is a public or private network.
  • FIG. 4 is a process flow diagram of one implementation illustrating the stages involved in comparing network addresses as seen by the client computer and a trusted online service to help determine local network type.
  • FIG. 5 is a process flow diagram of one implementation illustrating the stages involved in the trusted online service attempting to connect to the client to help determine local network type.
  • FIG. 6 is a process flow diagram for one implementation illustrating the stages involved in tracking the number of computers connected to the same network to help determine local network type.
  • FIG. 7 is a process flow diagram that illustrates one implementation of the stages involved in using heuristics to determine whether the local network that the client computer is connected to is a public network.
  • FIG. 8 is a process flow diagram that illustrates one implementation of the stages involved in using heuristics to determine whether the local network that the client computer is connected to is a private network.
  • FIG. 9 is a process flow diagram that illustrates one implementation of the stages involved in analyzing data previously gathered to help determine local network type.
  • FIG. 10 is a diagrammatic view of a LAN detection system of one implementation.
  • FIG. 11 is a process flow diagram that illustrates one implementation of the stages involved in determining whether or not two computers are connected to the same LAN.
  • FIG. 12 is a diagrammatic view of a computer system of one implementation.
  • the technologies and techniques herein may be described in the general context as a firewall application that programmatically detects whether a computer is connected to a public or private network, but the technologies and techniques also serve other purposes in addition to these.
  • one or more of the techniques described herein can be implemented as features within a firewall program such as Network Location Awareness (NLA) in MICROSOFT® WINDOWS® Vista, or from any other type of program or service that provides security and/or firewall capabilities for computers or provide logic to adapt application behavior based on the type of local network.
  • NLA Network Location Awareness
  • FIG. 1 is a diagrammatic view of a network topology detection system 10 of one implementation.
  • Client computer 12 communicates with trusted online service 14 in determining whether or not the local network that client computer 12 is connected to is a public network or a private network.
  • the term “local network” as used herein is meant to include a set of computers that are logically or physically close by.
  • the term “private network” as used herein is meant to include a network that only contains devices that are trusted by an administrator of a device being protected.
  • public network as used herein is meant to include any network which is not a private network as defined above.
  • client computer as used herein is meant to include one of various types of computing devices, such as a laptop, desktop computer, mobile device, or personal digital assistant that can receive communications from other devices over a network.
  • trusted online service as used herein is meant to include a server or other computer that is trusted by client computer and capable of communicating with client computer.
  • Trusted online service can be provided by a different entity than the one utilizing the client computer, or by the same entity as the one utilizing client computer.
  • the trusted online service 14 provides additional data to client computer 12 to help client computer 12 make a determination as to the type of local network that client computer is on.
  • the additional data provided by trusted online service 14 can be utilized in combination with one or more heuristics to make a local network type determination. Once the network determination is made, this information can be utilized by one or more software applications on the client computer 12 for one or more purposes.
  • the type of network can be set in the firewall software on the client computer 12 to help client computer 12 protect the machine from unauthorized access or other firewall-related problems.
  • other applications can adapt their behavior based upon whether or not the client computer 12 is on a private network or not.
  • a media player application may broadcast its presence to other devices on the network when the network is private, but not when the network is public.
  • FIGS. 2-11 the stages for implementing one or more implementations of the technologies and techniques herein are described in further detail.
  • the processes of FIGS. 2-11 are at least partially implemented in the operating logic of computing device 500 (of FIG. 12 ).
  • FIG. 2 is a high-level process flow diagram 100 that illustrates one implementation of the stages involved in determining whether the local network to which client computer 12 is connected is a public or private network.
  • Trusted online service is utilized to help make a decision as to whether or not a client computer is directly connected to a public network or is behind a private network (such as a Network Address Translation [NAT] private network) (stage 102 ).
  • NAT is a networking protocol that allows a network of private IP addresses to be set up using a single real IP address.
  • a network address is a unique identifier that identifies the location of a computer on a network as per the network protocol being used. Basically, a network address works like a street address.
  • a local area network can be set up with no special configuration of the Internet connection. To the devices outside the LAN, the private network looks like one computer, but on the LAN, each computer has its own internal network address.
  • One or more heuristics can be used in addition to or instead of trusted online service to help determine whether client computer is connected to a public network (stage 104 ) or a private network (stage 106 ). If a definite answer as to whether the network is a private network or a public network can be discerned from the previous analysis (decision point 108 ), then a programmatic determination is made of the network classification. That programmatic determination can then be set in the software of the client computer. If, however, a definite answer cannot be discerned (decision point 108 ), but a likely answer was produced from the analysis (decision point 112 ), then the user is prompted to classify the network, while being provided with a default or suggested answer (stage 114 ).
  • stage 116 the user is prompted to classify the local network type without being given a default suggestion.
  • the stages of FIG. 2 are just one example of how local network types can be determined programmatically and/or with user assistance. For example, in another implementation, the user may be prompted to confirm that the programmatic determination is acceptable, even when a definite answer was produced. Each of these exemplary steps is discussed in greater detail in FIGS. 3-9 .
  • FIG. 3 is a diagrammatic view of some exemplary data collection steps and/or tests that can be performed to determine whether the local network that a computer is connected to is a public or private network.
  • the network addresses as seen by the client computer and the trusted online service can be compared to help determine whether the network is private or public (stage 122 ).
  • the trusted online service can attempt to connect to client computer to help determine whether the network is private or public (stage 124 ).
  • data aggregating can be performed by the trusted online service to track the number of users connecting to the same network and to use that data to help determine whether the network of the client computer is private or public (stage 126 ).
  • stage 128 a determination can then be made with a certain level of confidence as to whether or not the client computer is on a public network or a private network (e.g. behind a NAT) (stage 128 ).
  • a public network or a private network e.g. behind a NAT
  • FIG. 4 is a process flow diagram 140 of one implementation illustrating the stages involved in comparing network addresses as seen by the client computer and a trusted online service to help determine local network type.
  • the client computer sends a message to the trusted online service with a network address of the client computer (stage 142 ).
  • the client computer sends a message with the network address it sees internally inside the message to the trusted online service.
  • a packet is a formatted block of information carried by a computer network carrying the information that will help get to its destination including the sender's network address and the intended receiver's network address.
  • the network address as the trusted online service sees the client computer is compared with the network address as seen by the client computer (stage 144 ).
  • the comparison can be performed by the trusted online service, or the comparison can be made by the client computer. In the latter case, the trusted online service responds back with the network address that the trusted online service saw on the envelope of the packet received.
  • the client computer if the network address that the client computer sends to the trusted online service inside the message is the same as the network address that the trusted online services sees of the client computer, then the client computer is located behind a public network (stage 146 ). If the network address that the client computer sends to the trusted online services is not the same as the network address that the trusted online service sees of the client computer, then the client computer may be located on a private network (stage 148 ).
  • FIG. 5 is a process flow diagram 160 of one implementation illustrating the stages involved in the trusted online service attempting to connect to the client to help determine local network type.
  • the client computer sends a message to the trusted online service (stage 162 ).
  • the trusted online service attempts to initiate a connection with network address (IP address, etc.) seen on the envelope of the message from the client computer (stage 164 ) using the sender address on the envelope that it received.
  • IP address, etc. network address
  • the local network of the client computer is a public network (stage 166 ). If the connection is not successful, then this could indicate a private network is being used, or it could indicate there was another reason the connection failed (such as a communication error) (stage 168 ). In other words, just because the connection from trusted online service to client computer is not successful, it does not automatically mean that the client computer is located on a public network.
  • FIG. 6 is a process flow diagram 180 for one implementation illustrating the stages involved in tracking the number of computers connected to the same network to help determine local network type.
  • the trusted online service tracks the number of computing devices connecting to the same local network where network is considered same for the computing devices if their “network identity” is the same (stage 182 ).
  • the network identity can be constructed based upon one or more attributes of that network.
  • the network identity can be the MAC address of the default gateway.
  • the network identity could be the fully qualified domain name of the network.
  • authenticate IP the network identity could be based on the certificate used to establish an authenticated IP.
  • the network identity could be the name of the service provider.
  • the trusted online service then receives the message from the client computer with the local network identity of the network it has connected to as well as the identity of the client device (stage 184 ).
  • a local identity of a network can be determined by one of various techniques, such as the MAC address of the DHCP server that issued the IP address, the domain name for a domain authenticated network, or certificate/secrets used to connect to a secure network, to name a few examples.
  • a computing device identity can be determined by considering one or more characteristics such as the name of the computer on the network, the MAC address of the network card on the router, an identifier issued by the trusted online service to connect to it, and/or an identifier issued by the network authority managing the network, to name a few non-limiting examples.
  • the trusted online service aggregates the data across multiple devices to compute whether the usage patterns of devices or users connecting to the network indicates that it is a publically used network. For example, for a consumer scenario if the network has seen more than fifty unique devices connect to it ever, it is probably not a home router. Similarly, we can use the number of concurrent sessions, length of sessions etc to compute.
  • the trusted online service responds back with the aggregate data across multiple devices to the client computer. If the tracking of data regarding other computers reveals that this network is a public network (decision point 188 ), then the trusted online service can include a notice or other indication in the response back to the client that the network appears to be public due to the tracking data (stage 190 ).
  • the trusted online service determines whether the number of different computing devices connecting to this local network is beyond the threshold for private networks as established by the trusted online service or the client computer. If the threshold is exceeded, then the local network is considered public. In an alternate implementation, trusted online service sends the aggregated data back to the client e.g. how many unique devices have connected with this network and the client makes the determination based on local policy. If the tracking of data regarding other computers does not reveal that this local network is a public network (decision point 188 ), then the return is inconclusive (stage 192 ).
  • FIG. 7 is a process flow diagram 200 that illustrates one implementation of the stages involved in using heuristics to help determine whether the local network that the client computer is connected to is a public network. If the internal network address of the client computer is not part of network addresses reserved for special address ranges reserved by the communication protocols for non global communication network addresses, then the client computer is connected to a public network (stage 202 ). An exception to this can be entities that use public range IP addresses but are still behind a NAT.
  • the term “private network address” as used herein is meant to include a privately used network address that is not usable for global communication. A few non-limiting examples of private IP addresses can include IP addresses based upon IPv4 and IPv6 references.
  • the client is connected to a public network (stage 204 ).
  • this can include wireless networks provided by cellular phone providers, city wide wireless provided by ISP or cities, WiMax networks etc.
  • a wireless-enabled device such as a laptop can connect to the Internet when the laptop is within range of a wireless network connected to the Internet.
  • the network ID of the network is on the list of the known public HotSpots (such as Municipal WiFi)
  • the client computer is connected to a public network (stage 206 ).
  • Municipal WiFi or Muni WiFi
  • Hotspots are WiFi zones found in restaurants and public places that allow users to connect to the Internet.
  • the trusted online service does the network ID database lookup of known public addresses. While the examples, above refer to wireless network, the approach is also applicable to wired networks as long as a unique identity can be computed regardless of the actual medium of connection.
  • the client computer performs the network ID database lookup of known public network identities.
  • the steps described in FIG. 8 do not need to be performed to see if the network has characteristics of a private network.
  • the steps of FIG. 8 to analyze whether the network has characteristics of a private network could be performed first, and then if that determination is not conclusive, then the steps of FIG. 7 could be performed.
  • these heuristics can be performed instead of, or in combination with the trusted online service analysis and tests described in FIGS. 3-6 .
  • FIG. 8 is a process flow diagram 230 that illustrates one implementation of the stages involved in using heuristics to determine whether the local network that the client computer is connected to is a private network.
  • the WiFi security feature of MICROSOFT® WINDOWS® Live OneCare detects when the user is connected to an unsecured wireless network. The user is presented with an action item. When the action item is executed, OneCare communicates directly with the router and turns on WEP128 security.
  • Wired Equivalent Privacy is a security protocol for wireless networks that encrypts data. Using OneCare as a non-limiting example, WEP encrypts the data portion of each packet exchanged on the 802.11b network using a 128-bit encryption algorithm.
  • WiFi Protected Access is an improved form of encryption for wireless data meant to replace WEP.
  • FIG. 9 is a process flow diagram 250 that illustrates one implementation of the stages involved in determining local network type. If the analysis and/or tests conducted with the trusted online services and/or the heuristics described herein produced a definite answer (private or public), then an automatic determination can be made programmatically without asking the user (stage 252 ). In one implementation, the user will be notified even if not asked.
  • the user is prompted to classify the network as private/public network, with a default value being set to the most likely classification based on automatic detection (stage 254 ). If automatic classification is undetermined, then the user is prompted to classify the network without any default (stage 256 ).
  • FIG. 10 is a diagrammatic view of a LAN detection system 300 of one implementation.
  • Client computer 1 ( 302 ) and client computer 2 ( 304 ) utilize external computer 306 via the Internet to determine whether the two client computers ( 302 and 304 ) are on the same LAN.
  • external computer 306 is a trusted service, such as trusted online service 14 described in earlier figures. The communication steps for utilizing external computer 306 to help make this determination are shown in more detail in FIG. 11 .
  • FIG. 11 is a process flow diagram 400 that illustrates one implementation of the stages involved in determining whether two computers that belong to the same trusted ‘circle’ are connected to the same LAN or not. In one implementation, it is useful to know whether computers are connected to the same LAN or not for utilizing point to point communications between the two computers.
  • Both client computers send trace route information to the external computer (stage 402 ).
  • a “trace route” is a computer network tool that can be used to determine the route taken by packets across an IP network. Trace route information thus includes details about the path taken by the packets across the network in reaching their destination.
  • both client computers send data to the external computer relating to how the network appears to each of them internally (stage 404 ) (also called “internal network appearance information”). This internal network appearance information can include the network address as each computer sees it.
  • External computer 306 analyzes information received to merge the two views to find the common point (stage 406 ).
  • the merged view is utilized to determine whether or not the common point is a local LAN (stage 408 ).
  • the external computer forwards the raw information to the clients, and the clients analyze the information received from the external computer to deduce the common point and whether the common point is within what they will consider the local LAN (stage 408 ).
  • both client computers should have the same network details for an internal network, or the same information at some point that the network is still private (this is what is meant by “common point”).
  • the online service can interpret the merged view and send the results to one or more of the client computers. Once that common point is determined, then an analysis can be performed on whether or not that common point is considered a local LAN or not.
  • client computer 1 and client computer 2 in a home environment, suppose client computer 1 and client computer 2 consider each other on the same LAN if they are directly behind the same router. Client computer 1 and client computer 2 each send a message to the external computer containing: trace route information, internal IP address of the client computer, and the default gateway's IP address as well as MAC address.
  • external computer 306 concludes that client computers 1 and 2 are on the same LAN if all of three following outcomes are true.
  • the default gateway IP address and MAC address received is same for both client computer 1 and client computer 2 .
  • client computer 1 and client computer 2 have internal IP addresses within the private IP segments (e.g. 192.168.*.*).
  • the external IP address as seen by external computer 306 for both client computer 1 and client computer 2 are the same. If all of the above are true, then client computer 1 and client computer 2 are considered to be on the same LAN.
  • an exemplary computer system to use for implementing one or more parts of the system includes a computing device, such as computing device 500 .
  • computing device 500 typically includes at least one processing unit 502 and memory 504 .
  • memory 504 may be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two.
  • This most basic configuration is illustrated in FIG. 12 by dashed line 506 .
  • device 500 may also have additional features/functionality.
  • device 500 may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape.
  • additional storage is illustrated in FIG. 12 by removable storage 508 and non-removable storage 510 .
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Memory 504 , removable storage 508 and non-removable storage 510 are all examples of computer storage media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by device 500 . Any such computer storage media may be part of device 500 .
  • Computing device 500 includes one or more communication connections 514 that allow computing device 500 to communicate with other computers/applications 515 .
  • Device 500 may also have input device(s) 512 such as keyboard, mouse, pen, voice input device, touch input device, etc.
  • Output device(s) 511 such as a display, speakers, printer, etc. may also be included. These devices are well known in the art and need not be discussed at length here.

Abstract

Various technologies and techniques are disclosed for automatically detecting whether a local network that a computer is connected to is a public or private network by utilizing a trusted online service and/or heuristics. Techniques are also described for detecting whether or not two computers are connected to the same local area network.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims priority to and is a continuation of co-pending U.S. patent application Ser. No. 12/057,381 entitled “Automatically Detecting Whether a Computer is Connected to a Public or Private Network” and filed Mar. 28, 2008, which is incorporated herein by reference.
    • BACKGROUND
  • The Internet has made large amounts of information available to computer users. For many users, access to this information has become essential. Yet connecting a private network to the Internet can expose critical data to attack from anywhere in the world. Users who connect a computer to the Internet need to be aware of these dangers and how to protect their data and systems. Many users set up a firewall to help monitor and defend their computer from Internet attacks. However, configuring appropriate firewall security settings can be difficult for some users.
  • Some applications allow a user to select different firewall security settings for public vs. private networks. When a new connection is detected, the firewall software will typically prompt the user to specify whether it is a private or public network. The firewall software then configures the firewall to low or high security based on the user's response.
  • The ability for a user to manually specify a local network type is certainly useful, but it relies on the user to make the correct determination whether the network is private or public. Unfortunately, incorrect classification leads to either an insecure system that can be attacked or to valuable features or services being blocked by the firewall.
    • SUMMARY
  • Various technologies and techniques are disclosed for automatically detecting whether a computer is connected to a public or private network. Data is received from a trusted online service to help determine a local network type to which a client computer is connected. The data is analyzed to generate an answer as to the local network type that the client computer is connected to. In one implementation, heuristics can be analyzed in addition to information from the trusted online service to help determine the local network type. When a definite answer regarding the local network type can be determined from analyzing the data, then the local network type is automatically set for the client computer.
  • In another implementation, technologies and techniques are described for detecting whether two computers are connected to the same local area network (LAN) or not. Trace route information is received from a first client computer and from a second client computer. The trace route information and/or other information from the first client computer and the second client computer are analyzed to generate a merged view. The merged view is further analyzed so a determination can be made as to whether or not the first client computer and the second client computer are located on a same local area network.
  • This Summary was provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a diagrammatic view of FIG. 1 is a diagrammatic view of a network topology detection system of one implementation.
  • FIG. 2 is a high-level process flow diagram for one implementation that illustrates the stages involved in determining whether a local network to which a computer is connected is a public or private network.
  • FIG. 3 is a diagrammatic view of some exemplary data collection steps and/or tests that can be performed to determine whether a local network to which a computer is connected to is a public or private network.
  • FIG. 4 is a process flow diagram of one implementation illustrating the stages involved in comparing network addresses as seen by the client computer and a trusted online service to help determine local network type.
  • FIG. 5 is a process flow diagram of one implementation illustrating the stages involved in the trusted online service attempting to connect to the client to help determine local network type.
  • FIG. 6 is a process flow diagram for one implementation illustrating the stages involved in tracking the number of computers connected to the same network to help determine local network type.
  • FIG. 7 is a process flow diagram that illustrates one implementation of the stages involved in using heuristics to determine whether the local network that the client computer is connected to is a public network.
  • FIG. 8 is a process flow diagram that illustrates one implementation of the stages involved in using heuristics to determine whether the local network that the client computer is connected to is a private network.
  • FIG. 9 is a process flow diagram that illustrates one implementation of the stages involved in analyzing data previously gathered to help determine local network type.
  • FIG. 10 is a diagrammatic view of a LAN detection system of one implementation.
  • FIG. 11 is a process flow diagram that illustrates one implementation of the stages involved in determining whether or not two computers are connected to the same LAN.
  • FIG. 12 is a diagrammatic view of a computer system of one implementation.
    •  DETAILED DESCRIPTION
  • The technologies and techniques herein may be described in the general context as a firewall application that programmatically detects whether a computer is connected to a public or private network, but the technologies and techniques also serve other purposes in addition to these. In one implementation, one or more of the techniques described herein can be implemented as features within a firewall program such as Network Location Awareness (NLA) in MICROSOFT® WINDOWS® Vista, or from any other type of program or service that provides security and/or firewall capabilities for computers or provide logic to adapt application behavior based on the type of local network.
  • FIG. 1 is a diagrammatic view of a network topology detection system 10 of one implementation. Client computer 12 communicates with trusted online service 14 in determining whether or not the local network that client computer 12 is connected to is a public network or a private network. The term “local network” as used herein is meant to include a set of computers that are logically or physically close by. The term “private network” as used herein is meant to include a network that only contains devices that are trusted by an administrator of a device being protected. The term “public network” as used herein is meant to include any network which is not a private network as defined above. The term “client computer” as used herein is meant to include one of various types of computing devices, such as a laptop, desktop computer, mobile device, or personal digital assistant that can receive communications from other devices over a network. The term “trusted online service” as used herein is meant to include a server or other computer that is trusted by client computer and capable of communicating with client computer.
  • Trusted online service can be provided by a different entity than the one utilizing the client computer, or by the same entity as the one utilizing client computer. In one implementation, the trusted online service 14 provides additional data to client computer 12 to help client computer 12 make a determination as to the type of local network that client computer is on. The additional data provided by trusted online service 14 can be utilized in combination with one or more heuristics to make a local network type determination. Once the network determination is made, this information can be utilized by one or more software applications on the client computer 12 for one or more purposes. As one non-limiting example, the type of network can be set in the firewall software on the client computer 12 to help client computer 12 protect the machine from unauthorized access or other firewall-related problems. As another non-limiting example, other applications can adapt their behavior based upon whether or not the client computer 12 is on a private network or not. For example, a media player application may broadcast its presence to other devices on the network when the network is private, but not when the network is public. These techniques for determining a local network type are described in further detail in FIGS. 3-9.
  • Turning now to FIGS. 2-11, the stages for implementing one or more implementations of the technologies and techniques herein are described in further detail. In some implementations, the processes of FIGS. 2-11 are at least partially implemented in the operating logic of computing device 500 (of FIG. 12).
  • FIG. 2 is a high-level process flow diagram 100 that illustrates one implementation of the stages involved in determining whether the local network to which client computer 12 is connected is a public or private network.
  • Trusted online service is utilized to help make a decision as to whether or not a client computer is directly connected to a public network or is behind a private network (such as a Network Address Translation [NAT] private network) (stage 102). NAT is a networking protocol that allows a network of private IP addresses to be set up using a single real IP address. For a computer to communicate with other computers and web servers on the Internet, it needs a network address. A network address is a unique identifier that identifies the location of a computer on a network as per the network protocol being used. Basically, a network address works like a street address. However, when using NAT, a local area network (LAN) can be set up with no special configuration of the Internet connection. To the devices outside the LAN, the private network looks like one computer, but on the LAN, each computer has its own internal network address.
  • One or more heuristics can be used in addition to or instead of trusted online service to help determine whether client computer is connected to a public network (stage 104) or a private network (stage 106). If a definite answer as to whether the network is a private network or a public network can be discerned from the previous analysis (decision point 108), then a programmatic determination is made of the network classification. That programmatic determination can then be set in the software of the client computer. If, however, a definite answer cannot be discerned (decision point 108), but a likely answer was produced from the analysis (decision point 112), then the user is prompted to classify the network, while being provided with a default or suggested answer (stage 114). If neither a definite answer (decision point 108) nor a likely answer (decision point 112) can be discerned from the prior analysis, then the user is prompted to classify the local network type without being given a default suggestion (stage 116). The stages of FIG. 2 are just one example of how local network types can be determined programmatically and/or with user assistance. For example, in another implementation, the user may be prompted to confirm that the programmatic determination is acceptable, even when a definite answer was produced. Each of these exemplary steps is discussed in greater detail in FIGS. 3-9.
  • FIG. 3 is a diagrammatic view of some exemplary data collection steps and/or tests that can be performed to determine whether the local network that a computer is connected to is a public or private network. As described in further detail in FIG. 4, the network addresses as seen by the client computer and the trusted online service can be compared to help determine whether the network is private or public (stage 122). As described in further detail in FIG. 5, the trusted online service can attempt to connect to client computer to help determine whether the network is private or public (stage 124). As described in further detail in FIG. 6, data aggregating can be performed by the trusted online service to track the number of users connecting to the same network and to use that data to help determine whether the network of the client computer is private or public (stage 126). Once the data and/or tests have been performed, a determination can then be made with a certain level of confidence as to whether or not the client computer is on a public network or a private network (e.g. behind a NAT) (stage 128). Each of these techniques will now be discussed in further detail.
  • FIG. 4 is a process flow diagram 140 of one implementation illustrating the stages involved in comparing network addresses as seen by the client computer and a trusted online service to help determine local network type. The client computer sends a message to the trusted online service with a network address of the client computer (stage 142). In other words, the client computer sends a message with the network address it sees internally inside the message to the trusted online service. A packet is a formatted block of information carried by a computer network carrying the information that will help get to its destination including the sender's network address and the intended receiver's network address.
  • The network address as the trusted online service sees the client computer is compared with the network address as seen by the client computer (stage 144). The comparison can be performed by the trusted online service, or the comparison can be made by the client computer. In the latter case, the trusted online service responds back with the network address that the trusted online service saw on the envelope of the packet received. In either implementation, if the network address that the client computer sends to the trusted online service inside the message is the same as the network address that the trusted online services sees of the client computer, then the client computer is located behind a public network (stage 146). If the network address that the client computer sends to the trusted online services is not the same as the network address that the trusted online service sees of the client computer, then the client computer may be located on a private network (stage 148).
  • FIG. 5 is a process flow diagram 160 of one implementation illustrating the stages involved in the trusted online service attempting to connect to the client to help determine local network type. The client computer sends a message to the trusted online service (stage 162). The trusted online service attempts to initiate a connection with network address (IP address, etc.) seen on the envelope of the message from the client computer (stage 164) using the sender address on the envelope that it received. If the trusted online service is able to successfully connect to the client computer, then the local network of the client computer is a public network (stage 166). If the connection is not successful, then this could indicate a private network is being used, or it could indicate there was another reason the connection failed (such as a communication error) (stage 168). In other words, just because the connection from trusted online service to client computer is not successful, it does not automatically mean that the client computer is located on a public network.
  • FIG. 6 is a process flow diagram 180 for one implementation illustrating the stages involved in tracking the number of computers connected to the same network to help determine local network type. Over a period of time, the trusted online service tracks the number of computing devices connecting to the same local network where network is considered same for the computing devices if their “network identity” is the same (stage 182). There are many schemes to compute the network identity. The network identity can be constructed based upon one or more attributes of that network. Here are several non-limiting examples. For ethernet based networks, the network identity can be the MAC address of the default gateway. For some domain-authenticated networks, the network identity could be the fully qualified domain name of the network. For authenticate IP, the network identity could be based on the certificate used to establish an authenticated IP. For narrowband networks, the network identity could be the name of the service provider.
  • The trusted online service then receives the message from the client computer with the local network identity of the network it has connected to as well as the identity of the client device (stage 184). A local identity of a network can be determined by one of various techniques, such as the MAC address of the DHCP server that issued the IP address, the domain name for a domain authenticated network, or certificate/secrets used to connect to a secure network, to name a few examples. A computing device identity can be determined by considering one or more characteristics such as the name of the computer on the network, the MAC address of the network card on the router, an identifier issued by the trusted online service to connect to it, and/or an identifier issued by the network authority managing the network, to name a few non-limiting examples.
  • The trusted online service aggregates the data across multiple devices to compute whether the usage patterns of devices or users connecting to the network indicates that it is a publically used network. For example, for a consumer scenario if the network has seen more than fifty unique devices connect to it ever, it is probably not a home router. Similarly, we can use the number of concurrent sessions, length of sessions etc to compute. The trusted online service responds back with the aggregate data across multiple devices to the client computer. If the tracking of data regarding other computers reveals that this network is a public network (decision point 188), then the trusted online service can include a notice or other indication in the response back to the client that the network appears to be public due to the tracking data (stage 190).
  • In one implementation, the trusted online service determines whether the number of different computing devices connecting to this local network is beyond the threshold for private networks as established by the trusted online service or the client computer. If the threshold is exceeded, then the local network is considered public. In an alternate implementation, trusted online service sends the aggregated data back to the client e.g. how many unique devices have connected with this network and the client makes the determination based on local policy. If the tracking of data regarding other computers does not reveal that this local network is a public network (decision point 188), then the return is inconclusive (stage 192).
  • It will be appreciated that the examples discussed in FIGS. 4-6 for utilizing the trusted online service to provide additional data and/or tests on the type of network being utilized by client computer can be performed simultaneously with each other, separately from each other, or in some cases, not performed at all. These tests and analysis were described separately for the sake of illustration.
  • FIG. 7 is a process flow diagram 200 that illustrates one implementation of the stages involved in using heuristics to help determine whether the local network that the client computer is connected to is a public network. If the internal network address of the client computer is not part of network addresses reserved for special address ranges reserved by the communication protocols for non global communication network addresses, then the client computer is connected to a public network (stage 202). An exception to this can be entities that use public range IP addresses but are still behind a NAT. The term “private network address” as used herein is meant to include a privately used network address that is not usable for global communication. A few non-limiting examples of private IP addresses can include IP addresses based upon IPv4 and IPv6 references.
  • If the external network address belongs to a known ISP or network that is used or deployed in a fashion such that users will want local network of devices connected to be considered public, then the client is connected to a public network (stage 204). Examples of this can include wireless networks provided by cellular phone providers, city wide wireless provided by ISP or cities, WiMax networks etc.
  • A wireless-enabled device such as a laptop can connect to the Internet when the laptop is within range of a wireless network connected to the Internet. If the network ID of the network is on the list of the known public HotSpots (such as Municipal WiFi), then the client computer is connected to a public network (stage 206). Municipal WiFi (or Muni WiFi) is the concept of turning an entire city into a wireless access zone by providing wireless broadband to residents. Hotspots are WiFi zones found in restaurants and public places that allow users to connect to the Internet. In one implementation, the trusted online service does the network ID database lookup of known public addresses. While the examples, above refer to wireless network, the approach is also applicable to wired networks as long as a unique identity can be computed regardless of the actual medium of connection. In another implementation, the client computer performs the network ID database lookup of known public network identities.
  • In one implementation, if one of the tests described in FIG. 7 reveal that the network that the client computer is connected to is a public network, then the steps described in FIG. 8 do not need to be performed to see if the network has characteristics of a private network. Alternatively or additionally, the steps of FIG. 8 to analyze whether the network has characteristics of a private network could be performed first, and then if that determination is not conclusive, then the steps of FIG. 7 could be performed. As noted earlier, these heuristics can be performed instead of, or in combination with the trusted online service analysis and tests described in FIGS. 3-6.
  • FIG. 8 is a process flow diagram 230 that illustrates one implementation of the stages involved in using heuristics to determine whether the local network that the client computer is connected to is a private network.
  • If the network does not allow connection without presenting an access token, and if access token is considered secure enough, the network could be considered private (stage 232). As one non-limiting example, the WiFi security feature of MICROSOFT® WINDOWS® Live OneCare detects when the user is connected to an unsecured wireless network. The user is presented with an action item. When the action item is executed, OneCare communicates directly with the router and turns on WEP128 security. Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that encrypts data. Using OneCare as a non-limiting example, WEP encrypts the data portion of each packet exchanged on the 802.11b network using a 128-bit encryption algorithm.
  • If the client computer is connected to the wireless network using an encrypted (WPA/WEP) connection, the network is likely to be private (stage 234). WiFi Protected Access (WPA) is an improved form of encryption for wireless data meant to replace WEP.
  • FIG. 9 is a process flow diagram 250 that illustrates one implementation of the stages involved in determining local network type. If the analysis and/or tests conducted with the trusted online services and/or the heuristics described herein produced a definite answer (private or public), then an automatic determination can be made programmatically without asking the user (stage 252). In one implementation, the user will be notified even if not asked.
  • If the above heuristics sequence produced a likely answer (e.g. the network is likely to be private), then the user is prompted to classify the network as private/public network, with a default value being set to the most likely classification based on automatic detection (stage 254). If automatic classification is undetermined, then the user is prompted to classify the network without any default (stage 256).
  • Turning now to FIGS. 10 and 11, a LAN detection system for helping determine whether two computers are on a same LAN is described. FIG. 10 is a diagrammatic view of a LAN detection system 300 of one implementation. Client computer 1 (302) and client computer 2 (304) utilize external computer 306 via the Internet to determine whether the two client computers (302 and 304) are on the same LAN. In one implementation, external computer 306 is a trusted service, such as trusted online service 14 described in earlier figures. The communication steps for utilizing external computer 306 to help make this determination are shown in more detail in FIG. 11.
  • FIG. 11 is a process flow diagram 400 that illustrates one implementation of the stages involved in determining whether two computers that belong to the same trusted ‘circle’ are connected to the same LAN or not. In one implementation, it is useful to know whether computers are connected to the same LAN or not for utilizing point to point communications between the two computers.
  • Both client computers send trace route information to the external computer (stage 402). A “trace route” is a computer network tool that can be used to determine the route taken by packets across an IP network. Trace route information thus includes details about the path taken by the packets across the network in reaching their destination. Alternatively or additionally to sending the trace route information, both client computers send data to the external computer relating to how the network appears to each of them internally (stage 404) (also called “internal network appearance information”). This internal network appearance information can include the network address as each computer sees it.
  • External computer 306 analyzes information received to merge the two views to find the common point (stage 406). The merged view is utilized to determine whether or not the common point is a local LAN (stage 408). In one implementation, to make the determination, the external computer forwards the raw information to the clients, and the clients analyze the information received from the external computer to deduce the common point and whether the common point is within what they will consider the local LAN (stage 408). In other words, both client computers should have the same network details for an internal network, or the same information at some point that the network is still private (this is what is meant by “common point”). In another implementation, the online service can interpret the merged view and send the results to one or more of the client computers. Once that common point is determined, then an analysis can be performed on whether or not that common point is considered a local LAN or not.
  • As a non-limiting example, in a home environment, suppose client computer 1 and client computer 2 consider each other on the same LAN if they are directly behind the same router. Client computer 1 and client computer 2 each send a message to the external computer containing: trace route information, internal IP address of the client computer, and the default gateway's IP address as well as MAC address.
  • Using the above non-limiting example, external computer 306 concludes that client computers 1 and 2 are on the same LAN if all of three following outcomes are true. First, the default gateway IP address and MAC address received is same for both client computer 1 and client computer 2. Second, client computer 1 and client computer 2 have internal IP addresses within the private IP segments (e.g. 192.168.*.*). Third, the external IP address as seen by external computer 306 for both client computer 1 and client computer 2 are the same. If all of the above are true, then client computer 1 and client computer 2 are considered to be on the same LAN.
  • As shown in FIG. 12, an exemplary computer system to use for implementing one or more parts of the system includes a computing device, such as computing device 500. In its most basic configuration, computing device 500 typically includes at least one processing unit 502 and memory 504. Depending on the exact configuration and type of computing device, memory 504 may be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc.) or some combination of the two. This most basic configuration is illustrated in FIG. 12 by dashed line 506.
  • Additionally, device 500 may also have additional features/functionality. For example, device 500 may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape. Such additional storage is illustrated in FIG. 12 by removable storage 508 and non-removable storage 510. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Memory 504, removable storage 508 and non-removable storage 510 are all examples of computer storage media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by device 500. Any such computer storage media may be part of device 500.
  • Computing device 500 includes one or more communication connections 514 that allow computing device 500 to communicate with other computers/applications 515. Device 500 may also have input device(s) 512 such as keyboard, mouse, pen, voice input device, touch input device, etc. Output device(s) 511 such as a display, speakers, printer, etc. may also be included. These devices are well known in the art and need not be discussed at length here.
  • Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims. All equivalents, changes, and modifications that come within the spirit of the implementations as described herein and/or by the following claims are desired to be protected.
  • For example, a person of ordinary skill in the computer software art will recognize that the examples discussed herein could be organized differently on one or more computers to include fewer or additional options or features than as portrayed in the examples.

Claims (20)

What is claimed is:
1. A method for utilizing an external computer to determine whether two client computers are on a same local area network comprising the steps of:
receiving trace route information from a first client computer;
receiving trace route information from a second client computer; and
analyzing trace route information from the first client computer and the second client computer to generate a merged view, the merged view being later utilized to make a determination as to whether or not the first client computer and the second client computer are located on a same local area network.
2. The method of claim 1, wherein internal network appearance information is also received from the first client computer and from the second client computer.
3. The method of claim 2, wherein the merged view is sent to at least one of the first client computer and the second client computer where the determination step is performed.
4. The method of claim 1, wherein the determination as to whether or not the first client computer and the second client computer are located on a same local area network is based on default gateway addresses received from the first client computer and the second client computer.
5. The method of claim 1, wherein the determination as to whether or not the first client computer and the second client computer are located on a same local area network is based on internal addresses of the first client computer and the second client computer.
6. The method of claim 1, wherein the determination as to whether or not the first client computer and the second client computer are located on a same local area network is based on external addresses of the first client computer and the second client computer.
7. The method of claim 1, wherein if:
a default gateway addresses received from the first client computer and the second client computer are the same;
internal addresses of the first client computer and the second client computer are within specified address segments; and
external addresses of the first client computer and the second client computer are the same, then the first client computer and the second client computer are determined to be located on a same local area network.
8. A method for utilizing heuristics in combination with a trusted online service to determine a local network type to which a client computer is connected comprising the steps of:
using a computing device, utilizing data produced as a result of performing one or more heuristics in combination with data received from a trusted online service to determine a type of network and a level of confidence as to the determined type of network to which a client computer is connected;
if the determined level of confidence exceeds a first level, then automatically setting the local network type for the client computer to the determined type of network; and
if the determined level of confidence is less than the first level, but greater than a second level, then prompting a user to classify the local network type with the determined type of network set as a default value.
9. The method of claim 8, wherein when an internal network address of the client computer is not part of a reserved network address range, then the local network type is a public network.
10. The method of claim 8, wherein when an external network address belongs to a known network then the local network type is a public network.
11. The method of claim 8, wherein when a network ID of a wireless network that the client computer is connected to is on a list of known public hotspots, then the local network type is a public network.
12. The method of claim 8, wherein when a network ID of the client computer matches a secured network ID, then the client computer is connected to a private network.
13. The method of claim 8, wherein when the client computer is connected directly to a wireless network using an encrypted connection, then the local network type is a private network.
14. The method of claim 8, wherein the data from the trusted online service includes a network address of the client computer as seen by the trusted online service.
15. The method of claim 14, wherein the analyzing step utilizes the network address of the client computer as seen by the trusted online service along with a network address of the client computer as seen by the client computer to help determine the local network type.
16. The method of claim 15 wherein when the network address of the client computer as seen by the trusted online service is a same network address as the network address of the client computer as seen by the client computer, then the local network type is a private network.
17. The method of claim 8, wherein the data from the trusted online services includes information regarding whether an attempt by the trusted online service to connect directly to the client computer was successful.
18. The method of claim 8, wherein the data from the trusted online service includes usage patterns of devices or users connecting to a network that the client computer is connected to.
19. A computer storage medium having computer-executable instructions for causing a computer to perform a method for utilizing an external computer to determine whether two client computers are on a same local area network comprising, the steps comprising:
receiving trace route information from a first client computer;
receiving trace route information from a second client computer; and
analyzing trace route information from the first client computer and the second client computer to generate a merged view, the merged view being later utilized to make a determination as to whether or not the first client computer and the second client computer are located on a same local area network.
20. The computer storage medium of claim 19, wherein if:
default gateway addresses received from the first client computer and the second client computer are the same;
internal addresses of the first client computer and the second client computer are within specified address segments; and
external addresses of the first client computer and the second client computer are the same, then the first client computer and the second client computer are determined to be located on a same local area network.
US13/285,694 2008-03-28 2011-10-31 Network topology detection using a server Abandoned US20120047253A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/285,694 US20120047253A1 (en) 2008-03-28 2011-10-31 Network topology detection using a server

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/057,381 US8073959B2 (en) 2008-03-28 2008-03-28 Automatically detecting whether a computer is connected to a public or private network
US13/285,694 US20120047253A1 (en) 2008-03-28 2011-10-31 Network topology detection using a server

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/057,381 Continuation US8073959B2 (en) 2008-03-28 2008-03-28 Automatically detecting whether a computer is connected to a public or private network

Publications (1)

Publication Number Publication Date
US20120047253A1 true US20120047253A1 (en) 2012-02-23

Family

ID=41118783

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/057,381 Expired - Fee Related US8073959B2 (en) 2008-03-28 2008-03-28 Automatically detecting whether a computer is connected to a public or private network
US13/285,694 Abandoned US20120047253A1 (en) 2008-03-28 2011-10-31 Network topology detection using a server

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/057,381 Expired - Fee Related US8073959B2 (en) 2008-03-28 2008-03-28 Automatically detecting whether a computer is connected to a public or private network

Country Status (1)

Country Link
US (2) US8073959B2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120079134A1 (en) * 2010-09-23 2012-03-29 Microsoft Corporation Providing virtual networks using multi-tenant relays
US20160020956A1 (en) * 2014-07-17 2016-01-21 Hive Streaming Ab Site detection
WO2018052751A1 (en) * 2016-09-14 2018-03-22 Rapid Focus Security, Llc Reflective network device position identification

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5051238B2 (en) * 2007-11-13 2012-10-17 富士通株式会社 Control proxy device
US8073959B2 (en) * 2008-03-28 2011-12-06 Microsoft Corporation Automatically detecting whether a computer is connected to a public or private network
KR20090113033A (en) * 2008-04-25 2009-10-29 삼성전자주식회사 Method and apparatus for setting wireless LAN of device
JP5305999B2 (en) * 2009-03-16 2013-10-02 キヤノン株式会社 Information processing apparatus, control method thereof, and program
WO2013048389A1 (en) 2011-09-28 2013-04-04 Intel Corporation Techniques for dynamic enpoint secure location awareness
WO2015041704A1 (en) * 2013-09-23 2015-03-26 Empire Technology Development, Llc Ubiquitous computing (ubicomp) service detection by network tomography
WO2015171165A1 (en) * 2014-05-09 2015-11-12 Nokia Technologies Oy Plmn restriction for mbsfn measurement reporting
US9843934B1 (en) * 2015-12-15 2017-12-12 Symantec Corporation Systems and methods for detecting public networks
CN106096923A (en) * 2016-06-27 2016-11-09 联想(北京)有限公司 A kind of secure payment means of defence and electronic equipment
CN108881211B (en) * 2018-06-11 2021-10-08 杭州盈高科技有限公司 Illegal external connection detection method and device
US10945230B2 (en) 2018-12-20 2021-03-09 Arris Enterprises Llc System and method for automatic redirection of wireless client to nearby wireless hotspot device

Citations (88)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5740438A (en) * 1995-03-31 1998-04-14 International Business Machines Corporation Methods and system for network communications of multiple partitions
US5793763A (en) * 1995-11-03 1998-08-11 Cisco Technology, Inc. Security system for network address translation systems
US6006274A (en) * 1997-01-30 1999-12-21 3Com Corporation Method and apparatus using a pass through personal computer connected to both a local communication link and a computer network for indentifying and synchronizing a preferred computer with a portable computer
US6009469A (en) * 1995-09-25 1999-12-28 Netspeak Corporation Graphic user interface for internet telephony application
US6058431A (en) * 1998-04-23 2000-05-02 Lucent Technologies Remote Access Business Unit System and method for network address translation as an external service in the access server of a service provider
US6108704A (en) * 1995-09-25 2000-08-22 Netspeak Corporation Point-to-point internet protocol
US6112245A (en) * 1998-04-07 2000-08-29 3Com Corporation Session establishment for static links in Point-to-Point Protocol sessions
US6128664A (en) * 1997-10-20 2000-10-03 Fujitsu Limited Address-translating connection device
US6167433A (en) * 1997-08-01 2000-12-26 Muse Technologies, Inc. Shared multi-user interface for multi-dimensional synthetic environments
US6256295B1 (en) * 1997-09-25 2001-07-03 Nortel Networks Limited Method and apparatus for determining multiple minimally-overlapping paths between nodes in a network
US6256739B1 (en) * 1997-10-30 2001-07-03 Juno Online Services, Inc. Method and apparatus to determine user identity and limit access to a communications network
US20020042832A1 (en) * 2000-08-14 2002-04-11 Fallentine Mark D. System and method for interoperability of H.323 video conferences with network address translation
US6424653B1 (en) * 1998-11-09 2002-07-23 Teradyne, Inc. Point-to-point link implemented over a broadcast network
US20020112182A1 (en) * 2000-12-15 2002-08-15 Ching-Jye Chang Method and system for network management with adaptive monitoring and discovery of computer systems based on user login
US20020112051A1 (en) * 2000-12-15 2002-08-15 International Business Machines Corporation Method and system for network management with redundant monitoring and categorization of endpoints
US20020143991A1 (en) * 2001-03-16 2002-10-03 Kingsum Chow Geographic location determination including inspection of network address
US20020143905A1 (en) * 2001-03-30 2002-10-03 Priya Govindarajan Method and apparatus for discovering network topology
US6470453B1 (en) * 1998-09-17 2002-10-22 Cisco Technology, Inc. Validating connections to a network system
US20020174362A1 (en) * 2001-03-29 2002-11-21 Ibm Corporation Method and system for network management capable of identifying sources of small packets
US20030009553A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for network management with adaptive queue management
US20030009546A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for management of logical networks for multiple customers within a network management framework
US20030009552A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for network management with topology system providing historical topological views
US20030009547A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for restricting and enhancing topology displays for multi-customer logical networks within a network management system
US20030009551A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for a network management framework with redundant failover methodology
US20030018814A1 (en) * 2001-06-29 2003-01-23 Yung-Chung Kao Method of letting a single LAN port voice over IP device have network address translation function
US20030023729A1 (en) * 2000-03-24 2003-01-30 Foster Robert Al Network access arrangement
US6515997B1 (en) * 1999-05-17 2003-02-04 Ericsson Inc. Method and system for automatic configuration of a gateway translation function
US20030028777A1 (en) * 2001-08-04 2003-02-06 Hennessey Wade L. Method and apparatus for facilitating secure distributed content delivery
US20030045316A1 (en) * 2001-08-31 2003-03-06 Soemin Tjong Point-to-point data communication implemented with multipoint network data communication components
US6542504B1 (en) * 1999-05-28 2003-04-01 3Com Corporation Profile based method for packet header compression in a point to point link
US20030074471A1 (en) * 2000-04-03 2003-04-17 Mark Anderson Method and apparatus for estimating a geographic location of a networked entity
US20030097438A1 (en) * 2001-10-15 2003-05-22 Bearden Mark J. Network topology discovery systems and methods and their use in testing frameworks for determining suitability of a network for target applications
US20030158959A1 (en) * 2002-02-15 2003-08-21 Jay Jayapalan Establishment of communications using point to point protocols such that duplicate negotiations are avoided
US6651105B1 (en) * 1998-11-12 2003-11-18 International Business Machines Corporation Method for seamless networking support for mobile devices using serial communications
US20030217177A1 (en) * 2002-05-15 2003-11-20 Manu Gulati Smart routing between peers in a point-to-point link based system
US6665715B1 (en) * 2000-04-03 2003-12-16 Infosplit Inc Method and systems for locating geographical locations of online users
US20040054781A1 (en) * 2002-07-30 2004-03-18 Heng-Chien Chen Method for establishing point to point or point to multiple points internet connection(s)
US20040059830A1 (en) * 2002-09-17 2004-03-25 Sockeye Networks, Inc. Network address space clustering employing topological groupings, distance measurements and structural generalization
US20040133689A1 (en) * 2002-12-24 2004-07-08 Samrat Vasisht Method, system and device for automatically configuring a communications network
US20040171369A1 (en) * 2001-06-12 2004-09-02 Little Herbert A. Certificate management and transfer system and method
US20040240404A1 (en) * 2003-03-12 2004-12-02 Ibrahim Brima B. Peer to peer wireless communication conflict resolution
US20040264385A1 (en) * 2003-06-30 2004-12-30 Hennessey Wade L Method and apparatus for determining network topology in a peer-to-peer network
US20050021738A1 (en) * 2002-11-12 2005-01-27 Kenneth Goeller Network geo-location system
US20050044247A1 (en) * 2003-07-15 2005-02-24 Tadiran Telecom Business Systems Ltd. Communication between users located behind a NAT device
US20050050211A1 (en) * 2003-08-29 2005-03-03 Kaul Bharat B. Method and apparatus to manage network addresses
US20050047350A1 (en) * 2003-09-03 2005-03-03 Milan Kantor Apparatus and methods for discovery of network elements in a network
US20050168380A1 (en) * 2004-01-30 2005-08-04 Zhichen Xu Determining location information for a node in a network using at least one local landmark node
US20050182820A1 (en) * 2003-12-30 2005-08-18 Nokia Corporation Method for controlling access to an electronic message
US20050257267A1 (en) * 2003-02-14 2005-11-17 Williams John L Network audit and policy assurance system
US7062572B1 (en) * 2001-03-19 2006-06-13 Microsoft Corporation Method and system to determine the geographic location of a network user
US7068646B2 (en) * 2001-04-03 2006-06-27 Voxpath Networks, Inc. System and method for performing IP telephony including internal and external call sessions
US20060174019A1 (en) * 1998-05-04 2006-08-03 Koichiro Ikudome User specific automatic data redirection system
US20060187928A1 (en) * 2005-02-01 2006-08-24 Mcgee Michael S Automated configuration of point-to-point load balancing between teamed network resources of peer devices
US7107360B1 (en) * 2001-07-24 2006-09-12 Cisco Technology, Inc. Network address translation in a gateway
US20070041317A1 (en) * 2005-08-16 2007-02-22 International Business Machines Corporation Method and system for generating an annotated network topology
US20070111568A1 (en) * 2004-12-07 2007-05-17 Pure Networks, Inc. Network device setup utility
US7251688B2 (en) * 2000-05-26 2007-07-31 Akamai Technologies, Inc. Method for generating a network map
US7313145B1 (en) * 2003-05-28 2007-12-25 Nortel Networks Limited Method and system for establishing paths between end points in packet data networks
US20080016115A1 (en) * 2006-07-17 2008-01-17 Microsoft Corporation Managing Networks Using Dependency Analysis
US20080046530A1 (en) * 2001-02-14 2008-02-21 Research In Motion Limited System and Method for Pushing Information from a Host System to a Mobile Data Communication Device
US20080168146A1 (en) * 2007-01-04 2008-07-10 Boaz Fletcher Electronic messaging system and method
US20080192650A1 (en) * 2005-07-14 2008-08-14 Johan Kolhi Method and Node for Locating a Network User
US7424033B2 (en) * 2002-08-07 2008-09-09 Samsung Electronics Co., Ltd. Network address translation router for voice internet protocol system
US20080232262A1 (en) * 2007-03-19 2008-09-25 Alina Beygelzimer Method and apparatus for network topology discovery using closure approach
US7461171B2 (en) * 2001-08-07 2008-12-02 Siemens Aktiengesellschaft System, method & apparatus of providing process data to a client
US7493371B1 (en) * 2004-03-31 2009-02-17 Network Appliance, Inc. Using a client-server connection protocol to establish a peer-to-peer connection
US20090135728A1 (en) * 2007-11-28 2009-05-28 Naiming Shen User datagram protocol traceroute probe extension
US20090144411A1 (en) * 2007-11-30 2009-06-04 Quova, Inc. Method and system for evaluating and selecting traceroutes to be used in determining the geographic location of a network block
US7546372B2 (en) * 2002-07-11 2009-06-09 Ibeam Systems, Inc. System and method for providing to multiple user computers concurrent telephonic access to multiple remote devices
US20090232030A1 (en) * 2004-12-01 2009-09-17 Nec Corporation Overlay link calculation device, calculation method and program thereof
US20090248840A1 (en) * 2008-03-28 2009-10-01 Microsoft Corporation Network topology detection using a server
US7606885B2 (en) * 2000-09-05 2009-10-20 Netsocket, Inc. Method for, and a topology aware resource manager in an IP-telephony system
US7627651B2 (en) * 2003-10-27 2009-12-01 American Power Conversion Corporation System and method for network device communication
US20100088427A1 (en) * 2007-11-06 2010-04-08 Alibaba Group Holding Limited Selective Routing of Data Transmission Between Clients
US7797433B2 (en) * 2000-06-30 2010-09-14 Net2Phone System, method, and computer program product for resolving addressing in a network including a network address translator
US20110058499A1 (en) * 2009-01-30 2011-03-10 Nec Laboratories America Inc Method for inferring physical network topology from end-to-end measurement
US7961727B2 (en) * 1997-10-03 2011-06-14 Alcatel-Lucent Canada Inc. Method and apparatus for forwarding packets
US7961718B2 (en) * 2005-05-30 2011-06-14 Siemens Enterprise Communications Gmbh & Co. Kg Method for setting up a connection to a terminal via a communication device, and a terminal and a communication device for implementing the method
US20110305234A1 (en) * 2009-12-25 2011-12-15 Tomohiko Kitamura Network positioning system and terminal positioning device
US8108553B2 (en) * 2001-06-14 2012-01-31 Rockstar Bidco, LP Providing network address translation information
US8108552B2 (en) * 2004-01-30 2012-01-31 Panasonic Corporation Information processing device, server, communication system, address decision method, address modification method, and program
US20120079106A1 (en) * 2003-02-14 2012-03-29 Preventsys, Inc. System and Method for Interfacing with Heterogeneous Network Data Gathering Tools
US20120246301A1 (en) * 2011-03-21 2012-09-27 Vyrros Andrew H Apparatus and method for managing peer-to-peer connections between different service providers
US20120290650A1 (en) * 2011-05-11 2012-11-15 Futurewei Technologies, Inc. System and Method for Peer to Peer Communications in Cellular Communications Systems
US8422391B2 (en) * 2008-04-03 2013-04-16 Huawei Technologies Co., Ltd. Method, media gateway and media gateway controller for maintaining NAT address mapping table
US20140059200A1 (en) * 2012-08-21 2014-02-27 Cisco Technology, Inc. Flow de-duplication for network monitoring
US8751617B2 (en) * 2006-08-23 2014-06-10 Thomson Licensing Method and device for identifying and selecting an interface to access a network
US20140310420A1 (en) * 2013-04-16 2014-10-16 Chi-Ming Kuo System and method of identifying networked device for establishing a p2p connection

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5392449A (en) * 1992-06-29 1995-02-21 Motorola, Inc. Resource management by an intelligent repeater
US5459761A (en) * 1992-06-29 1995-10-17 Motorola, Inc. Intelligent repeater for trunked communications
US5818824A (en) * 1995-05-04 1998-10-06 Interwave Communications International, Ltd. Private multiplexing cellular network
US5826014A (en) * 1996-02-06 1998-10-20 Network Engineering Software Firewall system for protecting network elements connected to a public network
US6829477B1 (en) * 1997-08-27 2004-12-07 Interwave Communications International, Ltd. Private multiplexing cellular network
US6751670B1 (en) * 1998-11-24 2004-06-15 Drm Technologies, L.L.C. Tracking electronic component
US6687243B1 (en) * 1999-09-29 2004-02-03 Cisco Technology, Inc. Method and apparatus for integrated wireless communications in private and public network environments
US6760780B1 (en) * 2000-05-25 2004-07-06 Microsoft Corporation Method and system for proxying telephony messages
US6944167B1 (en) * 2000-10-24 2005-09-13 Sprint Communications Company L.P. Method and apparatus for dynamic allocation of private address space based upon domain name service queries
JP3687579B2 (en) * 2000-11-02 2005-08-24 村田機械株式会社 Gateway device with private branch exchange function and facsimile transmission system
US7089334B2 (en) 2000-12-14 2006-08-08 Mindspeed Technologies, Inc. Intelligent network interface port for visiting computers
US7284267B1 (en) * 2001-03-08 2007-10-16 Mcafee, Inc. Automatically configuring a computer firewall based on network connection
US20020138615A1 (en) * 2001-03-21 2002-09-26 Schmeling Garth F. System and method for device management through world wide web confederacy
US6864902B2 (en) * 2001-09-24 2005-03-08 International Business Machines Corporation Apparatus and method of displaying bookmarks based on a scheduler or network connection
WO2003036887A1 (en) * 2001-10-25 2003-05-01 Research In Motion Limited Multiple-stage system and method for processing encoded messages
JP2005539409A (en) 2002-03-01 2005-12-22 エンテラシス ネットワークス インコーポレイテッド Position recognition data network
US20030236865A1 (en) * 2002-06-20 2003-12-25 Microsoft Corporation Method and system for configuring remote access to a server
US7809953B2 (en) * 2002-12-09 2010-10-05 Research In Motion Limited System and method of secure authentication information distribution
KR20060066709A (en) * 2003-07-22 2006-06-16 피씨티이엘 인코포레이티드 System and method for wake on wireless lan
AU2004214571B2 (en) * 2003-10-13 2007-05-10 Samsung Electronics Co., Ltd. Method and system for providing short message service in network interworking between wireless public network and wired/wireless private network
US6978317B2 (en) * 2003-12-24 2005-12-20 Motorola, Inc. Method and apparatus for a mobile device to address a private home agent having a public address and a private address
US20050176420A1 (en) * 2004-02-05 2005-08-11 James Graves Wireless network detector
KR101021277B1 (en) * 2004-02-06 2011-03-11 삼성전자주식회사 Method of processing data service of network including wireless public network and private network and system thereof
CN100486193C (en) * 2004-09-29 2009-05-06 腾讯科技(深圳)有限公司 Multi-policy P2P connection establishment method
EP1643689A1 (en) * 2004-10-01 2006-04-05 France Telecom Method for automatic selection of a security configuration for a mobile user terminal
KR100694206B1 (en) * 2005-02-28 2007-03-14 삼성전자주식회사 Pmethod and apparatus for providing sip service in private network
US20070027996A1 (en) 2005-08-01 2007-02-01 Microsoft Corporation Configuring application settings based on changes associated with a network identifier
WO2007027958A1 (en) * 2005-08-29 2007-03-08 Junaid Islam ARCHITECTURE FOR MOBILE IPv6 APPLICATIONS OVER IPv4
US7886351B2 (en) * 2006-06-19 2011-02-08 Microsoft Corporation Network aware firewall
KR100901790B1 (en) * 2006-12-04 2009-06-11 한국전자통신연구원 CONTROL TUNNEL AND DIRECT TUNNEL CONFIGURATION METHOD IN IPv6 SERVICE PROVIDE SYSTEM BASED IPv4 NETWORK
KR100848129B1 (en) * 2006-12-07 2008-07-24 한국전자통신연구원 Method for providing a personalization service in ubiquitous environment and intelligent gadget therefor
US20080161011A1 (en) * 2006-12-29 2008-07-03 Motorola, Inc. Method enabling indoor local positioning and movement tracking in wifi capable mobile terminals

Patent Citations (126)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5740438A (en) * 1995-03-31 1998-04-14 International Business Machines Corporation Methods and system for network communications of multiple partitions
US7149208B2 (en) * 1995-09-25 2006-12-12 Net2Phone, Inc. Method and apparatus for providing caller identification based responses in a computer telephony environment
US6009469A (en) * 1995-09-25 1999-12-28 Netspeak Corporation Graphic user interface for internet telephony application
US6829645B1 (en) * 1995-09-25 2004-12-07 Netspeak Corporation Method and apparatus for establishing point-to-point communications over a computer network
US6513066B1 (en) * 1995-09-25 2003-01-28 Netspeak Corporation Establishing a point-to-point internet communication
US6108704A (en) * 1995-09-25 2000-08-22 Netspeak Corporation Point-to-point internet protocol
US20030067908A1 (en) * 1995-09-25 2003-04-10 Shane D. Mattaway Method and apparatus for providing caller identification based responses in a computer telephony environment
US6687738B1 (en) * 1995-09-25 2004-02-03 Netspeak Corporation Establishing an internet telephone call using e-mail
US6131121A (en) * 1995-09-25 2000-10-10 Netspeak Corporation Point-to-point computer network communication utility utilizing dynamically assigned network protocol addresses
US20070086445A1 (en) * 1995-09-25 2007-04-19 Net2Phone, Inc. Method and apparatus for providing caller identification based responses in a computer telephony environment
US6701365B1 (en) * 1995-09-25 2004-03-02 Netspeak Corporation Point-to-point internet protocol
US5793763A (en) * 1995-11-03 1998-08-11 Cisco Technology, Inc. Security system for network address translation systems
US6006274A (en) * 1997-01-30 1999-12-21 3Com Corporation Method and apparatus using a pass through personal computer connected to both a local communication link and a computer network for indentifying and synchronizing a preferred computer with a portable computer
US6167433A (en) * 1997-08-01 2000-12-26 Muse Technologies, Inc. Shared multi-user interface for multi-dimensional synthetic environments
US6256295B1 (en) * 1997-09-25 2001-07-03 Nortel Networks Limited Method and apparatus for determining multiple minimally-overlapping paths between nodes in a network
US7961727B2 (en) * 1997-10-03 2011-06-14 Alcatel-Lucent Canada Inc. Method and apparatus for forwarding packets
US6128664A (en) * 1997-10-20 2000-10-03 Fujitsu Limited Address-translating connection device
US6256739B1 (en) * 1997-10-30 2001-07-03 Juno Online Services, Inc. Method and apparatus to determine user identity and limit access to a communications network
US6112245A (en) * 1998-04-07 2000-08-29 3Com Corporation Session establishment for static links in Point-to-Point Protocol sessions
US6058431A (en) * 1998-04-23 2000-05-02 Lucent Technologies Remote Access Business Unit System and method for network address translation as an external service in the access server of a service provider
US20060174019A1 (en) * 1998-05-04 2006-08-03 Koichiro Ikudome User specific automatic data redirection system
US6470453B1 (en) * 1998-09-17 2002-10-22 Cisco Technology, Inc. Validating connections to a network system
US6424653B1 (en) * 1998-11-09 2002-07-23 Teradyne, Inc. Point-to-point link implemented over a broadcast network
US6651105B1 (en) * 1998-11-12 2003-11-18 International Business Machines Corporation Method for seamless networking support for mobile devices using serial communications
US6515997B1 (en) * 1999-05-17 2003-02-04 Ericsson Inc. Method and system for automatic configuration of a gateway translation function
US6542504B1 (en) * 1999-05-28 2003-04-01 3Com Corporation Profile based method for packet header compression in a point to point link
US20030023729A1 (en) * 2000-03-24 2003-01-30 Foster Robert Al Network access arrangement
US6665715B1 (en) * 2000-04-03 2003-12-16 Infosplit Inc Method and systems for locating geographical locations of online users
US20030074471A1 (en) * 2000-04-03 2003-04-17 Mark Anderson Method and apparatus for estimating a geographic location of a networked entity
US7251688B2 (en) * 2000-05-26 2007-07-31 Akamai Technologies, Inc. Method for generating a network map
US7797433B2 (en) * 2000-06-30 2010-09-14 Net2Phone System, method, and computer program product for resolving addressing in a network including a network address translator
US20020042832A1 (en) * 2000-08-14 2002-04-11 Fallentine Mark D. System and method for interoperability of H.323 video conferences with network address translation
US7606885B2 (en) * 2000-09-05 2009-10-20 Netsocket, Inc. Method for, and a topology aware resource manager in an IP-telephony system
US20020112182A1 (en) * 2000-12-15 2002-08-15 Ching-Jye Chang Method and system for network management with adaptive monitoring and discovery of computer systems based on user login
US20020112051A1 (en) * 2000-12-15 2002-08-15 International Business Machines Corporation Method and system for network management with redundant monitoring and categorization of endpoints
US20080046530A1 (en) * 2001-02-14 2008-02-21 Research In Motion Limited System and Method for Pushing Information from a Host System to a Mobile Data Communication Device
US20020143991A1 (en) * 2001-03-16 2002-10-03 Kingsum Chow Geographic location determination including inspection of network address
US7062572B1 (en) * 2001-03-19 2006-06-13 Microsoft Corporation Method and system to determine the geographic location of a network user
US20020174362A1 (en) * 2001-03-29 2002-11-21 Ibm Corporation Method and system for network management capable of identifying sources of small packets
US7263552B2 (en) * 2001-03-30 2007-08-28 Intel Corporation Method and apparatus for discovering network topology
US20020143905A1 (en) * 2001-03-30 2002-10-03 Priya Govindarajan Method and apparatus for discovering network topology
US7068646B2 (en) * 2001-04-03 2006-06-27 Voxpath Networks, Inc. System and method for performing IP telephony including internal and external call sessions
US20040171369A1 (en) * 2001-06-12 2004-09-02 Little Herbert A. Certificate management and transfer system and method
US8108553B2 (en) * 2001-06-14 2012-01-31 Rockstar Bidco, LP Providing network address translation information
US20030009553A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for network management with adaptive queue management
US20030009546A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for management of logical networks for multiple customers within a network management framework
US20030009552A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for network management with topology system providing historical topological views
US20030009551A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for a network management framework with redundant failover methodology
US20030018814A1 (en) * 2001-06-29 2003-01-23 Yung-Chung Kao Method of letting a single LAN port voice over IP device have network address translation function
US20030009547A1 (en) * 2001-06-29 2003-01-09 International Business Machines Corporation Method and system for restricting and enhancing topology displays for multi-customer logical networks within a network management system
US7107360B1 (en) * 2001-07-24 2006-09-12 Cisco Technology, Inc. Network address translation in a gateway
US20030028626A1 (en) * 2001-08-04 2003-02-06 Hennessey Wade L. Dynamically configuring network communication parameters for an application
US20030028777A1 (en) * 2001-08-04 2003-02-06 Hennessey Wade L. Method and apparatus for facilitating secure distributed content delivery
US20030028623A1 (en) * 2001-08-04 2003-02-06 Hennessey Wade L. Method and apparatus for facilitating distributed delivery of content across a computer network
US7461171B2 (en) * 2001-08-07 2008-12-02 Siemens Aktiengesellschaft System, method & apparatus of providing process data to a client
US7631031B2 (en) * 2001-08-31 2009-12-08 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication components
US7305426B2 (en) * 2001-08-31 2007-12-04 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication components
US20050125495A1 (en) * 2001-08-31 2005-06-09 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication components
US20050138214A1 (en) * 2001-08-31 2005-06-23 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication
US20050138215A1 (en) * 2001-08-31 2005-06-23 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication components
US7213044B2 (en) * 2001-08-31 2007-05-01 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication components
US7433913B2 (en) * 2001-08-31 2008-10-07 Microsoft Corporation Point-to-point data communication implemented with multipoint network data communication components
US20030045316A1 (en) * 2001-08-31 2003-03-06 Soemin Tjong Point-to-point data communication implemented with multipoint network data communication components
US20030097438A1 (en) * 2001-10-15 2003-05-22 Bearden Mark J. Network topology discovery systems and methods and their use in testing frameworks for determining suitability of a network for target applications
US8543681B2 (en) * 2001-10-15 2013-09-24 Volli Polymer Gmbh Llc Network topology discovery systems and methods
US20030158959A1 (en) * 2002-02-15 2003-08-21 Jay Jayapalan Establishment of communications using point to point protocols such that duplicate negotiations are avoided
US20030217177A1 (en) * 2002-05-15 2003-11-20 Manu Gulati Smart routing between peers in a point-to-point link based system
US7979573B2 (en) * 2002-05-15 2011-07-12 Broadcom Corporation Smart routing between peers in a point-to-point link based system
US20110188504A1 (en) * 2002-05-15 2011-08-04 Broadcom Corporation Smart routing between peers in a point-to-point link based system
US8571033B2 (en) * 2002-05-15 2013-10-29 Broadcom Corporation Smart routing between peers in a point-to-point link based system
US7546372B2 (en) * 2002-07-11 2009-06-09 Ibeam Systems, Inc. System and method for providing to multiple user computers concurrent telephonic access to multiple remote devices
US20040054781A1 (en) * 2002-07-30 2004-03-18 Heng-Chien Chen Method for establishing point to point or point to multiple points internet connection(s)
US7424033B2 (en) * 2002-08-07 2008-09-09 Samsung Electronics Co., Ltd. Network address translation router for voice internet protocol system
US20040059830A1 (en) * 2002-09-17 2004-03-25 Sockeye Networks, Inc. Network address space clustering employing topological groupings, distance measurements and structural generalization
US20050021738A1 (en) * 2002-11-12 2005-01-27 Kenneth Goeller Network geo-location system
US7200658B2 (en) * 2002-11-12 2007-04-03 Movielink, Llc Network geo-location system
US20040133689A1 (en) * 2002-12-24 2004-07-08 Samrat Vasisht Method, system and device for automatically configuring a communications network
US20120079106A1 (en) * 2003-02-14 2012-03-29 Preventsys, Inc. System and Method for Interfacing with Heterogeneous Network Data Gathering Tools
US20120079107A1 (en) * 2003-02-14 2012-03-29 Preventsys, Inc. System and Method for Interfacing with Heterogeneous Network Data Gathering Tools
US7627891B2 (en) * 2003-02-14 2009-12-01 Preventsys, Inc. Network audit and policy assurance system
US20050257267A1 (en) * 2003-02-14 2005-11-17 Williams John L Network audit and policy assurance system
US20040240404A1 (en) * 2003-03-12 2004-12-02 Ibrahim Brima B. Peer to peer wireless communication conflict resolution
US8311209B2 (en) * 2003-03-12 2012-11-13 Broadcom Corporation Peer to peer wireless communication conflict resolution
US20080062918A1 (en) * 2003-03-12 2008-03-13 Ibrahim Brima B Peer to peer wireless communication conflict resolution
US7295528B2 (en) * 2003-03-12 2007-11-13 Broadcom Corporation Peer to peer wireless communication conflict resolution
US7313145B1 (en) * 2003-05-28 2007-12-25 Nortel Networks Limited Method and system for establishing paths between end points in packet data networks
US20040264385A1 (en) * 2003-06-30 2004-12-30 Hennessey Wade L Method and apparatus for determining network topology in a peer-to-peer network
US7450524B2 (en) * 2003-06-30 2008-11-11 Kontiki, Inc. Method and apparatus for determining network topology in a peer-to-peer network
US20050044247A1 (en) * 2003-07-15 2005-02-24 Tadiran Telecom Business Systems Ltd. Communication between users located behind a NAT device
US20050050211A1 (en) * 2003-08-29 2005-03-03 Kaul Bharat B. Method and apparatus to manage network addresses
US20050047350A1 (en) * 2003-09-03 2005-03-03 Milan Kantor Apparatus and methods for discovery of network elements in a network
US7627651B2 (en) * 2003-10-27 2009-12-01 American Power Conversion Corporation System and method for network device communication
US20050182820A1 (en) * 2003-12-30 2005-08-18 Nokia Corporation Method for controlling access to an electronic message
US7444416B2 (en) * 2003-12-30 2008-10-28 Nokia Corporation System using time or location with environment conditions of sender and addressee for controlling access to an electronic message
US8108552B2 (en) * 2004-01-30 2012-01-31 Panasonic Corporation Information processing device, server, communication system, address decision method, address modification method, and program
US20050168380A1 (en) * 2004-01-30 2005-08-04 Zhichen Xu Determining location information for a node in a network using at least one local landmark node
US7493371B1 (en) * 2004-03-31 2009-02-17 Network Appliance, Inc. Using a client-server connection protocol to establish a peer-to-peer connection
US20090232030A1 (en) * 2004-12-01 2009-09-17 Nec Corporation Overlay link calculation device, calculation method and program thereof
US7565418B2 (en) * 2004-12-07 2009-07-21 Cisco Technology, Inc. Network device setup utility
US20070111568A1 (en) * 2004-12-07 2007-05-17 Pure Networks, Inc. Network device setup utility
US20060187928A1 (en) * 2005-02-01 2006-08-24 Mcgee Michael S Automated configuration of point-to-point load balancing between teamed network resources of peer devices
US8040903B2 (en) * 2005-02-01 2011-10-18 Hewlett-Packard Development Company, L.P. Automated configuration of point-to-point load balancing between teamed network resources of peer devices
US7961718B2 (en) * 2005-05-30 2011-06-14 Siemens Enterprise Communications Gmbh & Co. Kg Method for setting up a connection to a terminal via a communication device, and a terminal and a communication device for implementing the method
US20080192650A1 (en) * 2005-07-14 2008-08-14 Johan Kolhi Method and Node for Locating a Network User
US7782796B2 (en) * 2005-08-16 2010-08-24 International Business Machines Corporation Method for generating an annotated network topology
US20070041317A1 (en) * 2005-08-16 2007-02-22 International Business Machines Corporation Method and system for generating an annotated network topology
US20080016115A1 (en) * 2006-07-17 2008-01-17 Microsoft Corporation Managing Networks Using Dependency Analysis
US8751617B2 (en) * 2006-08-23 2014-06-10 Thomson Licensing Method and device for identifying and selecting an interface to access a network
US20080168146A1 (en) * 2007-01-04 2008-07-10 Boaz Fletcher Electronic messaging system and method
US20080232262A1 (en) * 2007-03-19 2008-09-25 Alina Beygelzimer Method and apparatus for network topology discovery using closure approach
US7821966B2 (en) * 2007-03-19 2010-10-26 International Business Machines Corporation Method and apparatus for network topology discovery using closure approach
US20100088427A1 (en) * 2007-11-06 2010-04-08 Alibaba Group Holding Limited Selective Routing of Data Transmission Between Clients
US7852774B2 (en) * 2007-11-28 2010-12-14 Cisco Technology, Inc. User datagram protocol traceroute probe extension
US20090135728A1 (en) * 2007-11-28 2009-05-28 Naiming Shen User datagram protocol traceroute probe extension
US8055792B2 (en) * 2007-11-30 2011-11-08 Quova, Inc. Method and system for evaluating and selecting traceroutes to be used in determining the geographic location of a network block
US20090144411A1 (en) * 2007-11-30 2009-06-04 Quova, Inc. Method and system for evaluating and selecting traceroutes to be used in determining the geographic location of a network block
US8073959B2 (en) * 2008-03-28 2011-12-06 Microsoft Corporation Automatically detecting whether a computer is connected to a public or private network
US20090248840A1 (en) * 2008-03-28 2009-10-01 Microsoft Corporation Network topology detection using a server
US8422391B2 (en) * 2008-04-03 2013-04-16 Huawei Technologies Co., Ltd. Method, media gateway and media gateway controller for maintaining NAT address mapping table
US8264988B2 (en) * 2009-01-30 2012-09-11 Nec Laboratories America, Inc. Method for inferring physical network topology from end-to-end measurement
US20110058499A1 (en) * 2009-01-30 2011-03-10 Nec Laboratories America Inc Method for inferring physical network topology from end-to-end measurement
US20110305234A1 (en) * 2009-12-25 2011-12-15 Tomohiko Kitamura Network positioning system and terminal positioning device
US20120246301A1 (en) * 2011-03-21 2012-09-27 Vyrros Andrew H Apparatus and method for managing peer-to-peer connections between different service providers
US20120290650A1 (en) * 2011-05-11 2012-11-15 Futurewei Technologies, Inc. System and Method for Peer to Peer Communications in Cellular Communications Systems
US20140059200A1 (en) * 2012-08-21 2014-02-27 Cisco Technology, Inc. Flow de-duplication for network monitoring
US20140310420A1 (en) * 2013-04-16 2014-10-16 Chi-Ming Kuo System and method of identifying networked device for establishing a p2p connection

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120079134A1 (en) * 2010-09-23 2012-03-29 Microsoft Corporation Providing virtual networks using multi-tenant relays
US8935427B2 (en) * 2010-09-23 2015-01-13 Microsoft Corporation Providing virtual networks using multi-tenant relays
US20160020956A1 (en) * 2014-07-17 2016-01-21 Hive Streaming Ab Site detection
US9705748B2 (en) * 2014-07-17 2017-07-11 Hive Streaming Ab Site detection
WO2018052751A1 (en) * 2016-09-14 2018-03-22 Rapid Focus Security, Llc Reflective network device position identification

Also Published As

Publication number Publication date
US20090248840A1 (en) 2009-10-01
US8073959B2 (en) 2011-12-06

Similar Documents

Publication Publication Date Title
US8073959B2 (en) Automatically detecting whether a computer is connected to a public or private network
US8972571B2 (en) System and method for correlating network identities and addresses
US7970894B1 (en) Method and system for monitoring of wireless devices in local area computer networks
JP4596275B2 (en) Method, system and software for detecting relay communication
US8146160B2 (en) Method and system for authentication event security policy generation
US9948675B2 (en) Identity-based internet protocol networking
JP4731935B2 (en) Network DNA
US20060203736A1 (en) Real-time mobile user network operations center
US20050195753A1 (en) Method and system for detecting wireless access devices operably coupled to computer local area networks and related methods
US8578468B1 (en) Multi-factor client authentication
US10116538B2 (en) Attributing network address translation device processed traffic to individual hosts
US20220060474A1 (en) Selective authentication of network devices
Agrawal et al. The performance analysis of honeypot based intrusion detection system for wireless network
Burns et al. A novel traceroute-based detection scheme for wi-fi evil twin attacks
US20220021654A1 (en) Multi-network system architecture with electronic segmentation
Oliveira et al. Network admission control solution for 6LoWPAN networks
Najjar et al. Reliable behavioral dataset for IPv6 neighbor discovery protocol investigation
KR20080040256A (en) Method for ip address authentication in ipv6 network, and ipv6 network system
Ovadia et al. {Cross-Router} Covert Channels
Makaroff et al. Intrusion detection systems for community wireless mesh networks
Marksteiner et al. Automatically determining a network reconnaissance scope using passive scanning techniques
Aura et al. Chattering laptops
Alsmadi et al. Network Forensics: Lesson Plans
Urama et al. SDN-Based Cryptographic Client Authentication: A New Approach to DHCP Starvation Mitigation
Omar et al. Rule-Based SLAAC Attack Detection Mechanism

Legal Events

Date Code Title Description
AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034544/0001

Effective date: 20141014

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION