The present invention relates to the monitoring and evaluation of traffic in a computer network and, specifically, to the detection of the use of a single network access node by multiple users.
There are a variety of techniques by which multiple computers may gain access to a network through a single network access node. For example, a single device (e.g., a router) can employ network address translation (NAT) and port address translation (PAT) to translate the media access control (MAC) address and/or IP addresses of multiple connected devices which makes it appear as though all transmitted packets are originating from the single device. In other approaches, a single client device can use NAT and/or PAT, or act as a proxy for other client devices.
It will be understood that such techniques are advantageous for efficiently using scarce network resources. On the other hand, such techniques may also be employed to circumvent attempts by service providers and network operators to bill individual users for access to their networks. That is, because most such networks authenticate users based on the MAC address, multiple users may gain network access by purchasing a single connection and, in effect, sharing a single MAC and IP address.
It is therefore desirable to provide techniques for detecting when multiple users are gaining access to a network through a single network access node.