Download Network Packet Sniffer

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts
no text concepts found
Transcript 
Join some other group
Network Security
Project Proposal
Title: Network Packet Sniffer
Objective:
Network traffic analyzing or “sniffing” is the process of monitoring both incoming
and outgoing traffic on an organization’s network by capturing and retracing the
steps of any network user. Our sniffer shall be able to monitor only that segment
on which it resides.
Description of Modules:
Our application shall encapsulate the following features:

Data capture:
1. The promiscuous mode would be enabled in which every
underlying packet can be monitored. One should note that packets
from every machine can only be captured in case of a shared
medium. If a switched Ethernet is deployed than only the broadcast
or the multicast packets would be visible along with those packets
meant for the machine on which the sniffer is running.
2. The captured data packets can be stored on the computer where
the sniffer is running.

Filter Packets on many criteria:
1. Packets can be monitored depending on some specific criteria. This
criterion is specified in filters. These could be constructed using
certain schematics, which are defined in the libpcap library. These
filters could then be stored and used later. Hence, a dialog box
would act as an editor to construct such filters. For example, this
could include monitoring traffic between two specific nodes. Options
for packet filtering criteria shall be elaborated upon in the SRS.

Complete Graphical User interface:
1. The main window will be comprised of three sub windows. One
showing the destination, source and the protocol used (based on
the ETHEREAL interface).
2. The other would sub window show the encapsulation of the packet
with respect to different protocols.
3. The Last sub window would show the packet contents in a HEX
format.
4. Enable MAC name resolution.
5. Enable Network name resolution.
Architecture:
Our sniffer will only work on an Ethernet LAN. In case of a shared medium, all
the packets flowing through the network would be monitored. However, in case a
switched network such as those having a star topology are used, then only those
packets meant for the machine on which the sniffer runs, and those which were
broadcasted will be captured.
The main instrument that would be used to capture packets is the Linux Library
LIBPCAP. The basic algorithm for packet capturing would be as follows:

Grab a device to examine. In our case it would be the network card which
is referred to as eth0.

Open the device in promiscuous mode.

Capture the packet using pcap_next function, included in the libpcap
library.

Filters can be set using predefined formats in libpcap.

Contents can be analyzed using knowledge of the packet structure which
is provided in various RFC’s.

The main work would come in constructing the Graphical User Interface,
which would be constructed using GTK+ or K developer.

Functions in the libpcap library exist for MAC name resolution and IP
name resolution. Once the packet is analyzed and the source and
destination addresses extracted for different layers, we use these
functions for their name resolution.
Deliverables:

Requirements Specification Document
15th January 2003

Implementation
3rd February 2003

Test Document (if required)
10th February 2003
If time permits, we would also like to include a node discovery module in the
sniffer. In this module we hope to draw a complete map of the network topology
inclusive of routers, links, end stations, etc.
Submitted by:
Jawad Khan 2003-02-0082
Fahd Gilani 2003-02-0056
Related documents
Web Services Using Visual .NET
Web Services Using Visual .NET
Impact of Computers on Society
Impact of Computers on Society
p4 - Describe What Data Elements Are and why they are important
p4 - Describe What Data Elements Are and why they are important
Web
Web
Networks
Networks
Network Measurement
Network Measurement
see Jose`s poster
see Jose`s poster
Network Traffic Measurement and Modeling
Network Traffic Measurement and Modeling
1. Application layer, Transport layer, Internet layer, Link layer 2
1. Application layer, Transport layer, Internet layer, Link layer 2
The World of the Internet
The World of the Internet
INTERNET CONNECTIONS How does data get from point A to point
INTERNET CONNECTIONS How does data get from point A to point
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
McGill University Monday, Sept 21 st 2009
McGill University Monday, Sept 21 st 2009
hw3 - OpenLab
hw3 - OpenLab
EQ23854856
EQ23854856
Firewall Configuration
Firewall Configuration
Document
Document
Assignment Group A1
Assignment Group A1
Datasheet - EnOcean Alliance
Datasheet - EnOcean Alliance
DiCAP - An Architecture for Distributed Packet Capturing
DiCAP - An Architecture for Distributed Packet Capturing
A Packet Distribution Traffic Model for Computer Networks
A Packet Distribution Traffic Model for Computer Networks
IP Network Addressing
IP Network Addressing