Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Join some other group Network Security Project Proposal Title: Network Packet Sniffer Objective: Network traffic analyzing or “sniffing” is the process of monitoring both incoming and outgoing traffic on an organization’s network by capturing and retracing the steps of any network user. Our sniffer shall be able to monitor only that segment on which it resides. Description of Modules: Our application shall encapsulate the following features: Data capture: 1. The promiscuous mode would be enabled in which every underlying packet can be monitored. One should note that packets from every machine can only be captured in case of a shared medium. If a switched Ethernet is deployed than only the broadcast or the multicast packets would be visible along with those packets meant for the machine on which the sniffer is running. 2. The captured data packets can be stored on the computer where the sniffer is running. Filter Packets on many criteria: 1. Packets can be monitored depending on some specific criteria. This criterion is specified in filters. These could be constructed using certain schematics, which are defined in the libpcap library. These filters could then be stored and used later. Hence, a dialog box would act as an editor to construct such filters. For example, this could include monitoring traffic between two specific nodes. Options for packet filtering criteria shall be elaborated upon in the SRS. Complete Graphical User interface: 1. The main window will be comprised of three sub windows. One showing the destination, source and the protocol used (based on the ETHEREAL interface). 2. The other would sub window show the encapsulation of the packet with respect to different protocols. 3. The Last sub window would show the packet contents in a HEX format. 4. Enable MAC name resolution. 5. Enable Network name resolution. Architecture: Our sniffer will only work on an Ethernet LAN. In case of a shared medium, all the packets flowing through the network would be monitored. However, in case a switched network such as those having a star topology are used, then only those packets meant for the machine on which the sniffer runs, and those which were broadcasted will be captured. The main instrument that would be used to capture packets is the Linux Library LIBPCAP. The basic algorithm for packet capturing would be as follows: Grab a device to examine. In our case it would be the network card which is referred to as eth0. Open the device in promiscuous mode. Capture the packet using pcap_next function, included in the libpcap library. Filters can be set using predefined formats in libpcap. Contents can be analyzed using knowledge of the packet structure which is provided in various RFC’s. The main work would come in constructing the Graphical User Interface, which would be constructed using GTK+ or K developer. Functions in the libpcap library exist for MAC name resolution and IP name resolution. Once the packet is analyzed and the source and destination addresses extracted for different layers, we use these functions for their name resolution. Deliverables: Requirements Specification Document 15th January 2003 Implementation 3rd February 2003 Test Document (if required) 10th February 2003 If time permits, we would also like to include a node discovery module in the sniffer. In this module we hope to draw a complete map of the network topology inclusive of routers, links, end stations, etc. Submitted by: Jawad Khan 2003-02-0082 Fahd Gilani 2003-02-0056