9. Update the database with the current packet calculated round trip time.

A similar approach may be used for UDP/IP and application level protocols using intrinsic information in the UDP packets and application level protocols (varies by protocol).

FIG. 3 illustrates the results of an ARP redirection attack on a local network. Using an illustrative portion of the network described in FIG. 1, in normal use, an end user device (100a) may connect to a router or switch (e.g. router 120a) and route packets to that router for forwarding to other systems that are part of the IP-based network (not shown). As part of the low level protocol, the end user device may use the ARP to request and receive the MAC address of the router and stores that information in its ARP table (e.g. ARP table 2056, FIG. 2). In an ARP redirection attack, the redirect attack device (400a) (e.g. the bad actor) transmits a false ARP response message in response to the ARP request from the end user device. In this way, the redirect attack device pretends to be the router. If successful, packets from the end user device will be sent to the redirect attack device instead of the router (packet path 1 in FIG. 3). The redirect attack device may then copy or change the packet and then forward it on to the router for transmission to the IP-based network (the packet path 2 in FIG. 3). This type of attack may be employed against public wireless access points with great success, as the surreptitious ARP redirection provides no notice to the end user device or its user.