You are on page 1of 13



V1.1 Printed On: 3rd Dec 2007 C:\Washington University\ProjectDoc !ent2.doc

Department Of Computer Science & En ineerin Wa!"in ton Uni#er!it$ in Saint %oui!

" #!itted $y " #harthi Pa % &adh ri ' %(arni

Ta&'e of Content!
1 INTRODUCTION 1.1 Abstract____________________________________________________________ 1.2 Introduction_________________________________________________________ 1.3 Product Overvie ____________________________________________________ "P#CI$IC R#%UIR#&#NT" 2.1 #(terna) Inter*ace Re+uire,ents_________________________________________ 2.1.1 User Inter*aces_________________________________________________ 2.1.2 .ard are Inter*aces_____________________________________________ 2.1.3 "o*t are Inter*aces______________________________________________ 2.1.4 Co,,unications Protoco)s________________________________________ 2.2 "o*t are Product $eatures______________________________________________ 2.3 "o*t are "/ste, Attributes_____________________________________________ 2.3.1 Re)iabi)it/_____________________________________________________ 2.3.2 Avai)abi)it/____________________________________________________ 2.3.3 "ecurit/_______________________________________________________ 2.3.4 &aintainabi)it/_________________________________________________ 2.3.5 Portabi)it/_____________________________________________________ 2.3.! Per*or,ance___________________________________________________ 3 ADDITIONA1 IN$OR&ATION 3.1 De*initions2 Acron/,s and Abbreviations_________________________________ 3.2 Re*erences__________________________________________________________ 3 4 5 ! ' 10 10 10 10 10 11 11 12 13 13


Pac3et sni**in4 or 5ac3et ca5ture so*t are is e(tensive)/ used as too)s *or 5rotoco) ana)/sis and securit/. In 5rotoco) desi4n researc62 suc6 a too) co,es 6and/ in ana)/7in42 debu44in4 and testin4 o* a ne bot6 as a 5ositive 5rotoco) i,5)e,entation. In "ecurit/2 as is true *or an/ too)s2 it ,a/ be used a/ to detect intrusions or attac3s on a s/ste, as e)) as in t6e ,a)icious a/

to 6ac3 *or 5rivate and 5ersona) data o* ot6ers. #ven t6ou46 use o* u55er )a/er encr/5tion tec6ni+ues ,a3e it di**icu)t to 4at6er data direct)/2 /et t6ese too)s are i,5ortant in )earnin4 about e(istin4 sessions2 co))ectin4 encr/5ted data to )aunc6 o**)ine attac3s to 4enerate t6e encr/5tion 3e/ and an/ suc6 attac3 )i,ited on)/ b/ ones i,a4ination. .ence2 5ac3et sni**er so*t are is one o* t6e ,ost essentia) too)s re+uired to 4et started to be ab)e to 5er*or, an/ o* t6e above ,entioned activities. T6e 4oa) o* our 5ro8ect is to o* sni**in4 across ired and rite a 5ac3et sni**er 9Net :i4i)ant;2 ca5ab)e ire)ess inter*aces and 5rovide additiona) 5ac3et a44re4ation2

*i)terin4 and ana)/sis ca5abi)ities. T6e 4oa) o* t6e 5ro8ect is not to 5rovide a nove) a55roac6 to ards sni**in4 on t6e net or3 but rat6er to 5rovide a basic understandin4 to t6e c6a))en4es invo)ved in ritin4 suc6 a so*t are and a)so to bui)d u5 *ro, t6e 3no )ed4e and e(5erience 4ained to desi4n ,ore advanced securit/ too)s.

Pac3et sni**in4 is an essentia) activit/ *or net or3 en4ineers as used in a 5ositive 3e/ c6a))en4e in e)) as securit/ e(5erts. I*2 a/2 it is t6e ,ost essentia) too) *or net or3 ana)/sis2 5rotoco) ana)/sis2 ritin4 suc6 so*t are is to co))ect ra 5ac3ets direct)/ *ro, t6e inter*ace

net or3 troub)es6ootin42 intrusion detection and 6undreds o* suc6 ot6er a55)ications. T6e cards and 5arsin4 t6e, to revea) use*u) in*or,ation. In nor,a) net or3 5ro4ra,,in4 t6rou46 soc3ets2 a so*t are ,odu)e )istens on a 5articu)ar soc3et *or 5ac3ets intended *or its use2 6ence *or a ,odu)e antin4 to sni** *or a)) 5ac3ets2 it s6a)) 6ave to )isten on a)) t6e TCP 5orts so t6at TCP does not t6ro a a/ 5ac3ets on *indin4 no ,odu)e attac6ed to t6e intended 5ort nu,ber in t6e 5ac3et. A)so2 eac6 5rotoco) )a/er 5er*or,s *i)terin4 o* t6e tra**ic2 *or e(a,5)e2 an/ TCP contro) 5ac3et i)) not be 5asses above t6e TCP )a/er2 an/ IP contro) 5ac3et is consu,ed b/ t6e IP )a/er and so on. &oreover2 t6e 6ard are net or3 inter*ace does an initia) *i)terin4 o* 5ac3ets not intended *or it. .ence2 it is a),ost certain t6at t6e nor,a) 5ro4ra,,in4 ,et6ods 5ac3et sni**in4 so*t are. T6e 6oo3 i)) not a))o *or t6e ca5abi)ities t6at e see3 to ca5ture in a a/ out o* t6is situation is to 6ave so,e t/5e o* a so*t are

6ic6 can 4at6er 5ac3ets be*ore it is 5assed t6rou46 t6e 5rotoco) )a/er 5rocessin4.

A)so2 to be ab)e to ca5ture 5ac3ets not intended *or t6e current net or3 inter*ace2 t6e so*t are s6ou)d set t6e inter*ace to t6e 95ro,iscuous ,ode; 5rovided suc6 a ,ode is su55orted b/ t6e 6ard are and t6e device driver o* t6e net or3 card. T6e 9so*t are 6oo3;2 t6at e ,entioned above2 e(ists2 in UNI< as t6e P$_PAC=#T soc3et or3 e ,a3e use o* t6e 5ac3ets *ro, t6e inter*ace. T6e stor/ does not end

>)ib5ca5 )ibrar/? and in @indo s as t6e @in5ca5 )ibrar/. In our @in5ca5 )ibrar/ to be ab)e to ca5ture ra

at bein4 ab)e to ca5ture ra 5ac3et. In *act2 it is t6e ,ost basic ste5. T6ere are certain 6urd)es in bein4 ab)e to ana)/7e correct)/ t6e ra 5ac3ets 6ic6 are not6in4 but a set o* 6e(adeci,a) 4ibberis6 to t6e unin*or,ed. T6ere are c6a))en4es in bein4 ab)e to seria)i7e t6e data co,in4 in2 in net or3 b/te order2 *or stora4e in t6e *i)e s/ste,s. A)so2 a ,a8or tas3 is to be ab)e to

5rovide an eas/ to use and e)e4ant user inter*ace *or runnin4 t6e so*t are as t6e 5ac3et data in a ,ore 6u,an readab)e *or,. @it6 a)) t6is in ,ind2 ired and

e)) as 5resent

e desi4ned 9Net :i4i)ant;2 a 5ac3et sni**er and ana)/7er too) *or ritten in CB over t6e .N#T 5)at*or,

ire)ess inter*aces. 9Net vi4i)ant; 6as a stateAo*At6eAart 4ra56ica) user inter*ace2

desi4ned on t6e .N#T 5)at*or,. A)) t6e code 6as been to ensure intero5erabi)it/ across indo s s/ste,s.

It ,a/ be ar4ued2 t6at suc6 too)s a)read/ e(ist in 5)ent/ and t6at a ne

endeavor ,a/ not be

8usti*ied. .o ever2 9Net :i4i)ant; 6as been desi4ned to be t6e ste55in4 stone *or *urt6er desi4n o* ,ore co,5)icated too)s and a)so a )earnin4 e(5erience *or novice 5ro4ra,,ers to desi4n and i,5)e,ent t6eir o n net or3 so*t are. It is basica))/ t6e *oundation bed *or ,ore advanced innovations in t6e *uture. 1.1 Product Overview T6e 5ro8ect i)) be i,5)e,ented in &icroso*t .N#T tec6no)o4ies usin4 CB )an4ua4e. $o))o in4 are so,e o* t6e *unctiona)ities e i)) i,5)e,entC Basic FunctionalityC 1 2 3 4 5 Net or3 &onitor DEasic 5ac3et ca5tureF Pac3et $i)terin4 Net or3 Uti)ities DPin42 TCP "tatistics2 UDP "tatisticsF Pac3et Ana)/sis Gra56ica) Inter*ace

Advanced FunctionalityC A)t6ou46 t6e advanced *unctiona)ities are not a 5art o* t6e 5ro8ect2 e 5)an to i,5)e,ent t6e, in *uture.

1. Port "canner Port "canner i)) 5rovide basic *unctiona)it/ o* searc6in4 a net or3 6ost *or o5en 5orts. T6is i)) be used b/ ad,inistrators to c6ec3 t6e securit/ o* t6eir net or3s. 2. Net or3 &a55in4 T6e net or3 ,a55in4 *unctiona)it/ i)) ,a5 t6e net or3 and 5rovide a net or3 ,a5.


C)ient Con*i4uration &onitor C)ient con*i4uration ,onitor i)) 5rovide t6e )ist o* 5rocesses2 resources and t6e status o* a node on t6e net or3.

P)ease note t6at t6e advanced *unctiona)it/ is not a 5art o* t6e 5ro8ect and i)) be i,5)e,ented on)/ i* ti,e 5er,its.


2.1 External Interface Requirements: 2.1.1 User Interfaces .e)5 and Too)ti5s are avai)ab)e *or eas/ understandin4. Gra56ica) inter*ace is avai)ab)e *or ease and convenience o* t6e user. &ost *unctions re+uire ,ouse c)ic3 t6us si,5)i*/in4 o5erations. Too)s stri5 ,enu is avai)ab)e *or *aster access o* ,enus. "6ortcut 3e/s are avai)ab)e *or e(5erienced users. Hardware Interfaces &ouse is re+uired *or use o* a55)ication =e/board is re+uired *or use o* a55)ication &onitor is re+uired *or use o* a55)ication Net or3 inter*ace card is re+uired *or 5ac3et ca5ture 1.5 &E o* 6ard dis3 s5ace. 1 GE RA& >Rando, Access &e,or/?. Software Interfaces T6is so*t are re+uires *o))o in4 so*t are inter*acesC @inPca5 :4.0.1 .N#T $ra,e or3 2.0 "6ar5Pca5 :1.5 Communications rotocols Net :i4i)ant s6ou)d ca5ture 5ac3ets on ired as e)) as ire)ess net or3s.




2.2 Software Product Feature! T6e *o))o in4 *eatures are inc)uded in Net :i4i)ant Net or3 &onitorC a? Net or3 &onitor *or ired net or3s D#t6ernetF T6is *eature i)) 5rovide t6e *aci)it/ to ca5ture net or3 5ac3ets. T6e detai)s o* t6e 5ac3et i)) be )isted in a tab)e. T6ese 5ac3ets can be stored in <&1 seria)i7ed *or,ats. Pac3ets can be retrieved )ater *or vie in4 and ana)/sis.

b? Net or3 ,onitor *or ire)ess net or3s D'02.11F T6is *eature i)) 5rovide t6e *aci)it/ to ca5ture net or3 5ac3ets. T6e detai)s o* t6e 5ac3et i)) be )isted in a tab)e. T6ese 5ac3ets can be stored in (,) seria)i7ed *or,ats. Pac3ets can be retrieved )ater *or vie in4 and ana)/sis.

c? Net or3







T6e above ,entioned uti)ities i)) be 5rovided *or net or3 tra**ic ana)/sis.

d? Pac3et "toreHRetrieve Pac3ets can be stored in an <&1 *i)e and )ater retrieved *or vie in4 or ana)/sis.

e? Pac3et $i)terin4 T6e 5ac3ets can be *i)tered b/ 5rotoco) t/5e TCP >Trans,ission Contro) Protoco)?2 UDP >User Data4ra, Protoco)?2 ARP >Address Reso)ution Protoco)?2 IC&P >Internet Contro) &essa4e Protoco)? and IG&P >Internet Grou5 &ana4e,ent Protoco)?.

*? @indo s based Gra56ica) User Inter*ace >GUI? @indo s based GUI *or better user e(5erience i)) be 5rovided.

2.3 Software S stem !ttri"utes: 2.3.1 "elia#ility T6is so*t are 6as been tested and *ound to be re)iab)e.


Availa#ility "ince t6is s/ste, 6as been tested *or de*ects and *i(ed2 t6e do nti,e is )o t6ere*ore is avai)ab)e. and


Security "ecurit/ *eatures are a)so 5rovided b/ .N#T.


$aintaina#ility #ase o* ,aintenance is one o* t6e advanta4es o* .N#T.


orta#ility T6is a55)ication is su55orted on *o))o in4 O5eratin4 "/ste,s. @indo s -<2 @indo s 20002 @indo s :ista.


erformance Per*or,ance o* t6is a55)ication is 4ood on a s,a)) net or3. It 6as /et to be tested on a )ar4er net or3.




3 A&&I'I()A* I)F("$AI'()

3.1 Acronyms UDP TCP ARP IC&P IG&P <&1 GE &E RA& IP GUI User Data4ra, Protoco) Trans,ission Contro) Protoco) Address Reso)ution Protoco) Internet Contro) &essa4e Protoco) Internet Grou5 &essa4e Protoco) #(tensib)e &ar3u5 1an4ua4e Gi4ab/tes &e4ab/tes Rando, Access &e,or/ Internet Protoco) Gra56ica) User Inter*ace

3.2 "eferences A +