DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/07/2022 has been entered.
 
Response to Amendment
The amendments filed on 11/07/2022 have been entered. Applicant amended claims 1, 5, 7, 11, 13, 17. Claims 1-18 remain pending in the application. 

Response to Arguments
Applicant’s arguments filed on 11/07/2022 with respect to the Final Office Action dated 08/15/2022 have been fully considered.
Applicant' s arguments with respect to claims 1 and 5 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

	Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over McClure et al. (US PGPUB No. 20070011319), hereinafter, McClure, in view of Matsuo et al. (US PGPUB No. 20090041035), hereinafter, Matsuo.

Regarding claim 1:
McClure teaches:
A method implemented by a traceroute application implementing a Transmission Control Protocol (TCP) stack in a processing device, the method comprising (see at least paragraph 0169 discussing TCP trace route. Fig. 4 shows Network security system 410 (processing device) implementing TCP traceroute): 
sending a plurality of TCP packets via a raw socket to perform a trace to a destination (Fig. 4 shows network security system sends plurality of TCP SYN (TCP Packets) to a target computer 412 (destination). Paragraph 0070, lines 1-4, as states “the TCP traceroute routine 362 works similarly to ICMP traceroute routine 354, except that TCP SYN packets are sent to the target computers”. Paragraph 0057, lines 7-10, discusses TCP stack and using raw socket as stated “The operating system preferably contains at least one network TCP/IP stack 204 to provide packet transport, preferably including an interface to provide raw socket 206 connections between the target computer 200 and the network”. Therefore, TCP packets can be communicated via raw socket);  
receiving responses to the plurality of TCP packets (Fig. 4 shows network security system receives plurality of TCP SYN ACK (response)); 
recognizing one of a Synchronize-Acknowledgement (SYN-ACK) or a Reset (RST) from the destination in the responses (paragraph 0108, lines 8-13, recognizing TCP SYS ACK in the response states “As discussed above, at least a portion of the information included in the first SYN ACK packet received from the target computer 412 is determined by data in the TCP/IP stack within the target computer 412”. Therefore, SYN ACK is recognized as TCP traceroute traffic at the network security system);
aggregating the responses by the traceroute application to determine details of a service path from the processing device to the destination (paragraph 0171, lines 8-14,  discusses determining complete map of the target network topology (service path) by aggerating traceroute responses as stated “As with ICMP tracerouting, the TTL value in each SYN packet is incrementally increased, and the return of ICMP unreachable packets and SYN ACK packets is monitored for all "hops" between the scanning system and the target host. Through the combination of ICMP tracerouting and TCP tracerouting, a complete map to each target computer, and collectively a relatively complete map of the target network topology, is advantageously created.”).
McClure does not explicitly teach responsive to recognizing the SYN-ACK or RST in the responses, diverting the SYN-ACK or RST responses to the raw socket (paragraph 0057, lines 7-10, discuses using raw socket for TCP packets in general. However, McClure does not explicitly mention diverting SYN-ACK or RST responses to the raw socket).
Matsuo teaches responsive to recognizing the  SYN-ACK or RST in the responses, diverting the SYN-ACK or RST responses to the raw socket (paragraph 0102, lines 1-7, discloses sending SYN packet using raw socket and receiving ACK/SYN (SYN-ACK) packet using raw socket as stated “As in a TTL measurement method using TCP protocol shown in FIG. 9, the own node device 1 (node Z) sends a SYN packet to the other node device 1 (node B) using the RAW socket. The node B receiving the SYN packet sends an ACK/SYN packet to the node Z. The node Z can acquire TTL in the ACK/SYN packet by receiving the ACK/SYN packet using the RAW socket.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McClure to incorporate the teaching of Matsuo about processing ACK/SYN message using raw socket instead of ordinary TCP socket. One would be motivated do that that since raw socket can acquire the TTL value in the ACK/SYN packet whereas the ordinary TCP socket is unable to do so (see at least paragraphs 0101-0102 of Matsuo). 
As to claim 2, the rejection of claim 1 is incorporate. McClure in view of Matsuo teach all the limitations of claim 1 as shown above.
McClure further teaches wherein the plurality of TCP packets include TCP Synchronize (SYN) messages, and the responses include TCP SYN-Acknowledgement (ACK) or Reset (RST) messages (see at least Fig. 4 showing TCP SYN and TCP SYN ACK message).
As to claim 3, the rejections of claims 1 and 2 are incorporate. McClure in view of Matsuo teach all the limitations of claims 1 and 2 as shown above.
While McClure teaches fcomprising receiving a TCP SYN-ACK message from the destination (see claim 2 rejection as shown above)
McClure does not teach sending a TCP RST packet to the destination.
Matsuo teaches sending a TCP RST packet to the destination (see at least paragraph 0102 disclosing send TCP RST packet “Thus since the node Z is enabled to acquire TTL before establishing connection with the node B, the node Z sends the RST packet or the FIN packet instead of the ACK packet as shown in FIG. 7 and finishes the communication using the RAW socket.”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McClure to incorporate the teaching of Matsuo about sending TCP RST to the destination. One would be motivated to send TCP RST to use traceroute operation without establishing a full connection (see paragraph 0102 of Matsuo).
As to claim 4, the rejections of claims 1-3 are incorporate.  McClure in view of Matsuo teach all the limitations of claims 1-3 as shown above.
McClure further teaches wherein a TCP checksum, sequence, and ACK in the TCP RST packet are implemented by the traceroute application (see paragraph 0106 showing structure of a TCP packet including checksum, sequence, acknowledgement).
As to claim 5, the rejection of claim 1 is incorporate.  McClure in view of Matsuo teach all the limitations of claim 1 as shown above.
While McClure further teaches wherein the raw socket is used in lieu of a TCP socket (Paragraph 0057, lines 7-10 discusses using raw socket),
McClure does not teach to determine the reachability to the destination when TCP traceroute traffic is recognized.
Matsuo teaches to determine the reachability to the destination when TCP traceroute traffic is recognized (paragraphs 0101-0102 discloses raw socket is used in instead of ordinary TCP socket because it is not possible to acquire the TTL value (reachability to the destination) using ordinary TCP socket). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify McClure to incorporate the teaching Matsuo about processing ACK/SYN message using raw socket instead of ordinary TCP socket. One would be motivated do that that since raw socket can acquire the TTL value in the ACK/SYN packet whereas the ordinary TCP socket is unable to do so (see at least paragraphs 0101-0102 of Matsuo). 
As to claim 6, the rejection of claim 1 is incorporate. McClure in view of Matsuo teach all the limitations of claim 1 as shown above.
McClure further teaches wherein a port for the raw socket is allocated by the TCP stack from a pool of ports based on the destination (paragraph 0057, lines 7-10, discusses raw socket).
Regarding claim 7:
Claim 7 is directed towards a non-transitory computer-readable medium performing the method of claim 1. Accordingly, it is rejected under similar rationale.
Claim 8 is directed towards a non-transitory computer-readable medium performing the method of claim 2. Accordingly, it is rejected under similar rationale.
Claim 9 is directed towards a non-transitory computer-readable medium performing the method of claim 3. Accordingly, it is rejected under similar rationale.
Claim 10 is directed towards a non-transitory computer-readable medium performing the method of claim 4. Accordingly, it is rejected under similar rationale.
Claim 11 is directed towards a non-transitory computer-readable medium performing the method of claim 5. Accordingly, it is rejected under similar rationale.
Claim 12 is directed towards a non-transitory computer-readable medium performing the method of claim 6. Accordingly, it is rejected under similar rationale.
Regarding claim 13:
Claim 13 is directed towards a processing device performing the method of claim 1. Accordingly, it is rejected under similar rationale.
Claim 14 is directed towards a processing device performing the method of claim 2. Accordingly, it is rejected under similar rationale.
Claim 15 is directed towards a processing device performing the method of claim 3. Accordingly, it is rejected under similar rationale.
Claim 16 is directed towards a processing device performing the method of claim 4. Accordingly, it is rejected under similar rationale.
Claim 17 is directed towards a processing device performing the method of claim 5. Accordingly, it is rejected under similar rationale.
Claim 18 is directed towards a processing device performing the method of claim 6. Accordingly, it is rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAMAL M HOSSAIN whose telephone number is (571)270-3070. The examiner can normally be reached 9:30-5:30 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571)272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



	November 18, 2022

/KAMAL M HOSSAIN/Examiner, Art Unit 2444                                                                                                                                                                                                        
/JOHN A FOLLANSBEE/Supervisory Patent Examiner, Art Unit 2444