communications sniffer ed paradise, rob lingle, todd hoffenberg, henry barnes, robert brooke senior...
TRANSCRIPT
Communications Sniffer Ed Paradise, Rob Lingle, Todd Hoffenberg,
Henry Barnes, Robert Brooke
Senior Design ProposalECE4006D Internetworking Design
Georgia Institute of TechnologyFall 2002
Proposal Overview Introduction Project Organization Design Details Project Challenges Product Verification
Intro - Concept Sniffing e-mail from network traffic Used to search for specific
threatening keywords Valuable to police organizations
Intro – Product Back end – retrieve packets and
piece them together Database – store packets Front end – web-based access to
database
Intro – Competing Products Carnivore
FBI use - intercepts large volumes of email Data handled differently
EtherpeekAdmin. use - capture packets of data from many different sources
• AIM, Real Networks, Windows Media Player, Yahoo! Instant Messenger, and MSN Messenger
Lacks database features
Project Organization
Communications Sniffer
Sniffer Python Code MySQL Database PHP GUI
Sniffer Python Code: Ed, Rob, Hank
MySQL Database: Todd, Bobby, Hank
PHP GUI: Todd, Bobby
Project Organization
Week Sniffer Task Database/GUI Task
4 Preliminary GUI design
5 Architecture Meet to discuss database organization
6 Architecture Set up database and code search/scoring algorithm
7 Basic SMTP capture Run tests to ensure algorithms are fast enough for high traffic
8 Advanced SMTP Work on GUI/database interface
9 Basic POP capture / Python-MySQL Database Work on GUI/database interface
10 Advanced POP Work on GUI/database interface
11 Basic IMAP Finishing touches/help database
12 Advanced IMAP Work on security/SSL connections to interface
13 Testing Work on security/SSL connections to interface
14 Interoperability of features with database/GUI Testing/Additional Features
15 Interoperability of features with database/GUI Testing/Additional Features
16 Documentation and paper Testing/Additional Features
Design Details - Sniffer Ideas: Ethereal, tcpdump, Sniffit
None written in Python
Tasks of codeDifferentiate emails from other trafficReassemble email
Translate code for tailored needsStarting point: Pylibpcab (sniff.py)
Design Details – Database/GUI
GUI is web-based HTML PHP interface to database
GUI highlightsOnly brief header information shown initiallyBody, full header, etc. available on request
Email separationBy e-mail addressScoring system for “offensive” emails – separate table
Design Details - Database
MySQL Database
GUI config/help
E-mail address 1
E-mail address N
Scored e-mails
E-mail address list
E-mail Storage Unit
Scoring Rules
Back-end tableIntermediate sorter tableGUI table
Back-end + sorter tableSorter + GUI table
Challenges - Sniffer Sorting messages from multiple
users Multi-packet messages Email attachments
Challenges – Database/GUI PHP/Python Interface
Manipulation of filters during operation
Product Demonstration
Small network required Mail server (Linux) “Listening post” system (Linux)
• System with communications sniffer software package
End-user system (OS TBD)
Product Verification Reconstruct single-packet messages Reconstruct multi-packet messages Reconstruct attachments Handle different protocols:
SMTP IMAP POP3