PACKET SNIFFER TOOL

INTRODUCTION

Today's networks are increasingly employing "switch" technology, preventing this

technique from being as successful as in the past. It is still useful, though, as it is

becoming increasingly easy to install remote sniffing programs on servers and

routers, through which a lot of traffic flows.

Packet sniffing is a form of wire-tap applied to computer networks instead of phone

networks. It came into vogue with Ethernet, which is known as a "shared medium"

network.

This means that traffic on a segment passes by all hosts attached to that segment.

Ethernet cards have a filter that prevents the host machine from seeing the traffic

addressed to other stations. Sniffing programs turn off the filter, and thus see

every ones traffic.

Today's networks may already contain built-in sniffing modules. Most hubs support

the RMON standard, which allow the intruder to sniff remotely using SNMP, which

has weak authentication.

Many corporations employ Network Associates "Distributed Sniffer Servers", which

are set up with easy to guess passwords. Windows NT machines often have a

"Network Monitoring Agent" installed, which again allows for remote sniffing.

Packets sniffing is difficult to detect, but it can be done. But the difficulty of the

solution means that in practice, it is rarely done.

A dedicated device designed for the purpose of monitoring network traffic in order

to recognize and decode certain packets of interest.

A software package that enables a general-purpose computer to recognize and

decode certain packets of interest. The packet sniffer is normally used by system

administrators for network management and diagnostics.

A program and/or device that monitors data traveling over a network. Sniffers can

be used both for legitimate network management functions and for stealing

information off a network.

Unauthorized sniffers can be extremely dangerous to a network's security because

they are virtually impossible to detect and can be inserted almost anywhere. On

TCP/IP networks, where they sniff packets, they're often called packet sniffers.

Packet sniffing is listening (with software) to the raw network device for packets

that interest the user. When the user’s software sees a packet that fits certain

criteria, it logs it to a file. The most common criteria for an interesting packet is one

that contains words like "login" or "password."

There are lots of existing packet sniffers, but all the existing ones have a demerit in

terms of allowing only specific types of sniffers. We need a generic sniffer. Hence

we are proposing to develop the same.

AIM/OBJECTIVE OF THE SYSTEM

The aim of the proposed system is to develop a JAVA based sniffer,

which can handle the necessary packets and also analyze the network

traffic.

PROPOSED SYSTEM

PROPOSED SOFTWARE REQUIREMENTS

Operating system : Windows 2000 Server and Client

Software : JSDK, Java 1.4 or higher

Web server : Suitable web server/web logic/Tom Cat

Database : Oracle 8i

PROPOSED HARDWARE REQUIREMENTS

Processor : P III 866 MHZ or above server and client

RAM : 128 MB or above

HDD : 80 GB Seagate or above

FDD : 1.44 MB or above

Monitor : Color or any compatible monitor

CD Drive, Keyboard, Mouse, ATX cabinet

PROPOSED SYSTEM DESCRIPTION

"Packet Sniffer" is a utility that sniffs without modifying the network's packets in

any way. By comparison, a firewall sees all of a computer's packet traffic as well,

but it has the ability to block and drop any packets that its programming dictates.

Packet sniffers merely watch, display, and log this traffic.

One disturbingly powerful aspect of packet sniffers is their ability to place the

hosting machine's network adapter into "promiscuous mode."

Network adapters running in promiscuous mode receive not only the data directed

to the machine hosting the sniffing software, but also ALL of the traffic on the

physically connected local network. Packet sniffer acts as a spying tool.

The popularity of packet sniffing stems from the fact that it

sees everything.

TYPICAL ITEMS SNIFFED INCLUDE

� SMTP, POP, IMAP traffic

� Allows intruder to read the actual e-mail.

� POP, IMAP, HTTP Basic, Telnet authentication

� Reads passwords off the wire in clear-text.

� SMB, NFS, FTP traffic

� Reads files of the wire.

� SQL databse

� Reads financial transactions and credit card numbers.

Not only can sniffing read information that helps break into a system, it is an

intrusion by itself because it reads the very files the intruder is interested in.

This technique can be combined with active transmission for even more effective

attacks.

Its a cruel irony in information security that many of the features that make using

computers easier or more efficient and the tools used to protect and secure the

network can also be used to exploit and compromise the same computers and

networks. This is the case with packet sniffing.

A packet sniffer, sometimes referred to as a network monitor or network analyzer,

can be used legitimately by a network or system administrator to monitor and

troubleshoot network traffic.

Using the information captured by the packet sniffer an administrator can identify

erroneous packets and use the data to pinpoint bottlenecks and help maintain

efficient network data transmission.

In its simple form a packet sniffer simply captures all of the packets of data that

pass through a given network interface.

Typically, the packet sniffer would only capture packets that were intended for the

machine in question.

A packet sniffer can only capture packet information within a given subnet. So, its

not possible for a malicious attacker to place a packet sniffer on their home ISP

network and capture network traffic from inside our corporate network.

In order to do so, the packet sniffer needs to be running on a computer that is

inside the corporate network as well.

PROPOSED SYSTEM FEATURES

� Captures the network traffic

� Analyzes the packets received

� Monitors the traffic

� Logs the data

� Classify the packets

� Bandwidth limitation

PROPOSED SYSTEM MODULES

CLIENT MODULES

1. CLIENT MANAGEMENT

� Client login / Client registration

� Client password change

2. SERVER CONNECTION

ESTABLISHMENT

� File transfer request

� File transfer process

3. PEER - PEER CONNECTION

� File transfer request

� File transfer process

4. PORT LISTENER

5. PACKET SNIFFING

6. PACKET FILTERING

7. BANDWIDTH ALLOCATION

8. LOG FILE TRACKING

SERVER MODULES

1. SERVER MANAGEMENT

� Server authentication

� Server –client registration

completion

� Authenticate Client password

change

2. SERVER CONNECTION

ESTABLISHMENT

� File transfer response

� File transfer reception

3. AUTHENTICATE PEER-PEER

CONNECTION

4. PORT SCANNER

5. PACKET ANALYZER

� Packet classification

� Packet type storage

� Set Packet filtering

� Bandwidth allocation and

maintenance

� Log file maintenance

6. REPORTS