公开(公告)号：US07949732B1

公开(公告)日：2011-05-24

申请号：US10843459

申请日：2004-05-12

申请人： Martin Roesch ,  Ronald A. Dempster ,  Andrew Baker ,  Eric Gustafson

发明人： Martin Roesch ,  Ronald A. Dempster ,  Andrew Baker ,  Eric Gustafson

IPC分类号： G06F15/177 ,  G06F15/173 ,  G06F15/16 ,  H04L12/28

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US08578002B1

公开(公告)日：2013-11-05

申请号：US12969682

申请日：2010-12-16

申请人： Martin Roesch ,  Ronald A. Dempster ,  Andrew Baker ,  Eric Gustafson

发明人： Martin Roesch ,  Ronald A. Dempster ,  Andrew Baker ,  Eric Gustafson

IPC分类号： G06F15/177 ,  G06F15/173 ,  G06F15/16

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US07885190B1

公开(公告)日：2011-02-08

申请号：US10843374

申请日：2004-05-12

申请人： Martin Roesch ,  Ronald A. Dempster

发明人： Martin Roesch ,  Ronald A. Dempster

IPC分类号： H04L12/28

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US07730175B1

公开(公告)日：2010-06-01

申请号：US10843373

申请日：2004-05-12

申请人： Martin Roesch ,  Ronald A. Dempster

发明人： Martin Roesch ,  Ronald A. Dempster

IPC分类号： G06F15/173

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US07801980B1

公开(公告)日：2010-09-21

申请号：US10843398

申请日：2004-05-12

申请人： Martin Roesch ,  Ronald A. Dempster ,  Judy Novak

发明人： Martin Roesch ,  Ronald A. Dempster ,  Judy Novak

IPC分类号： G06F15/173

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US07496662B1

公开(公告)日：2009-02-24

申请号：US10843375

申请日：2004-05-12

申请人： Martin Roesch ,  Ronald A. Dempster

发明人： Martin Roesch ,  Ronald A. Dempster

IPC分类号： G06F15/173 ,  G06F11/00

CPC分类号： H04L67/125 ,  H04L63/1433

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A service running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and services identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and services identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组识别在网络设备上运行的服务。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 脆弱性分配给通过读取，解码和分析数据包识别的操作系统和服务。 在通过读取，解码和分析数据包识别的操作系统和服务上实施网络配置策略。

公开(公告)号：US07467205B1

公开(公告)日：2008-12-16

申请号：US11272033

申请日：2005-11-14

申请人： Ronald A. Dempster ,  Nigel Houghton

发明人： Ronald A. Dempster ,  Nigel Houghton

IPC分类号： G06F15/173

CPC分类号： H04L43/18 ,  H04L41/0893 ,  H04L41/12

摘要： A packet transmitted on a network is read and decoded. A network device and its operating system are identified by analyzing the decoded packet. If more than one operating system is identified from the decoded packet, the operating system is selecting by comparing confidence values assigned to the operating systems identified. A client application running on the network device is identified from the decoded packet or subsequent packets that are read, decoded and analyzed. The network topology of a network is determined by reading, decoding, and analyzing a plurality of packets. A flow between two network devices is determined by reading, decoding, and analyzing a plurality of packets. Vulnerabilities are assigned to operating systems and client applications identified by reading, decoding, and analyzing packets. Network configuration policy is enforced on operating systems and client applications identified by reading, decoding, and analyzing packets.

摘要翻译： 在网络上发送的分组被读取和解码。 通过分析解码的分组来识别网络设备及其操作系统。 如果从解码的分组识别出多于一个的操作系统，则操作系统通过比较分配给所识别的操作系统的置信度来选择。 从解码的分组或被读取，解码和分析的后续分组中识别在网络设备上运行的客户端应用。 通过读取，解码和分析多个分组来确定网络的网络拓扑。 通过读取，解码和分析多个分组来确定两个网络设备之间的流。 漏洞分配给通过读取，解码和分析数据包来识别的操作系统和客户端应用程序。 在通过读取，解码和分析数据包识别的操作系统和客户端应用程序上实施网络配置策略。