Learning packet capture policies to enrich context for device classification systems

Assignee

• Cisco Technology, Inc. · US

Inventors

• Jean-Philippe Vasseur · Meylan, FR
• David Tedaldi · Zürich, CH
• Grégory Mermoud · Veyras, CH
• Pierre-André Savalle · Rueil-Malmaison, FR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L43/026
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In various embodiments, a device classification service receives, from a networking device in a network, an indication that deep packet inspection (DPI) trace data is not available for an endpoint device in the network because the endpoint device does not match any DPI policies of the networking device. The service configures a first DPI policy on the networking device that causes it to capture a DPI trace of traffic associated with the endpoint device. The service receives, via a user interface, an indication that a subset of attributes of the endpoint device in the DPI trace is relevant to labeling the endpoint device with a device type. The service replaces the first DPI policy on the networking device with a second DPI policy that causes it to report only the subset of attributes of endpoint devices to the device classification service for endpoint devices that match the second DPI policy.