US 9,813,324 B2
Dynamic control of endpoint profiling
Ramesh Nampelly, Sunnyvale, CA (US); and Pok Sze Wong, Santa Clara, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Jun. 9, 2015, as Appl. No. 14/734,511.
Prior Publication US 2016/0366040 A1, Dec. 15, 2016
Int. Cl. G06F 15/16 (2006.01); H04L 12/26 (2006.01); H04L 29/06 (2006.01); H04L 29/08 (2006.01); H04L 12/24 (2006.01); H04L 29/12 (2006.01)
CPC H04L 43/12 (2013.01) [H04L 41/0806 (2013.01); H04L 43/50 (2013.01); H04L 67/02 (2013.01); H04L 67/42 (2013.01); H04L 69/22 (2013.01); H04L 61/6004 (2013.01); H04L 61/6022 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
at a server in communication with a network device that has network connectivity to one or more endpoint devices:
receiving from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device;
determining whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices;
extracting from the packet one or more attributes that carry further descriptive information of the endpoint device;
determining based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule;
if the endpoint device cannot be classified at the level of granularity, dynamically selecting a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device;
obtaining one or more additional attributes from operation of a selected probe function from the dynamically selecting; and
repeating the determining whether the endpoint device can be classified, the dynamically selecting and the obtaining until the endpoint device can be classified at the level of granularity, if possible.