Communications Sniffer Ed Paradise, Rob Lingle, Todd Hoffenberg,

Henry Barnes, Robert Brooke

Senior Design ProposalECE4006D Internetworking Design

Georgia Institute of TechnologyFall 2002

Proposal Overview Introduction Project Organization Design Details Project Challenges Product Verification

Intro - Concept Sniffing e-mail from network traffic Used to search for specific

threatening keywords Valuable to police organizations

Intro – Product Back end – retrieve packets and

piece them together Database – store packets Front end – web-based access to

database

Intro – Competing Products Carnivore

FBI use - intercepts large volumes of email Data handled differently

EtherpeekAdmin. use - capture packets of data from many different sources

• AIM, Real Networks, Windows Media Player, Yahoo! Instant Messenger, and MSN Messenger

Lacks database features

Project Organization

Communications Sniffer

Sniffer Python Code MySQL Database PHP GUI

Sniffer Python Code: Ed, Rob, Hank

MySQL Database: Todd, Bobby, Hank

PHP GUI: Todd, Bobby

Project Organization

Week Sniffer Task Database/GUI Task

4   Preliminary GUI design

5 Architecture Meet to discuss database organization

6 Architecture Set up database and code search/scoring algorithm

7 Basic SMTP capture Run tests to ensure algorithms are fast enough for high traffic

8 Advanced SMTP Work on GUI/database interface

9 Basic POP capture / Python-MySQL Database Work on GUI/database interface

10 Advanced POP Work on GUI/database interface

11 Basic IMAP Finishing touches/help database

12 Advanced IMAP Work on security/SSL connections to interface

13 Testing Work on security/SSL connections to interface

14 Interoperability of features with database/GUI Testing/Additional Features

15 Interoperability of features with database/GUI Testing/Additional Features

16 Documentation and paper Testing/Additional Features

Design Details - Sniffer Ideas: Ethereal, tcpdump, Sniffit

None written in Python

Tasks of codeDifferentiate emails from other trafficReassemble email

Translate code for tailored needsStarting point: Pylibpcab (sniff.py)

Design Details – Database/GUI

GUI is web-based HTML PHP interface to database

GUI highlightsOnly brief header information shown initiallyBody, full header, etc. available on request

Email separationBy e-mail addressScoring system for “offensive” emails – separate table

Design Details - Database

MySQL Database

GUI config/help

E-mail address 1

E-mail address N

Scored e-mails

E-mail address list

E-mail Storage Unit

Scoring Rules

Back-end tableIntermediate sorter tableGUI table

Back-end + sorter tableSorter + GUI table

Challenges - Sniffer Sorting messages from multiple

users Multi-packet messages Email attachments

Challenges – Database/GUI PHP/Python Interface

Manipulation of filters during operation

Product Demonstration

Small network required Mail server (Linux) “Listening post” system (Linux)

• System with communications sniffer software package

End-user system (OS TBD)

Product Verification Reconstruct single-packet messages Reconstruct multi-packet messages Reconstruct attachments Handle different protocols:

SMTP IMAP POP3