report sniffer

8/7/2019 REPORT SNIFFER

http://slidepdf.com/reader/full/report-sniffer 1/32

INTELLIGENT SNIFFER

COMPUTER DEPT 1 DYPCOE AKURDI,PUNE

INTRODUCTION

___________________________________________________________________________

Enterprises in which all desktops have internet access need to be more vigilant in the

network access both from internet to intranet and intranet to internet. Middleware systems

which allow internet access need to be more intelligent in avoiding outages, hacking and

spoofing. This Project involves creation of a packet analyzer with Artificial Intelligence based

Graphical Web Front End providing Data visualization models for traffic and usage analysis.

The system will also be able to provide Intrusion detection and alarming capabilities.

1.1 Description

A packet sniffer is a device or program that allows eavesdropping on traffic traveling

between networked computers. The packet sniffer will capture data that is addressed to other

machines, saving it for later analysis. This application will pick up the data and will generate

dynamic charts; this will make it easier to make analysis on the packet sniffing analysis.

These data based live charts will be very helpful in analysis of the packet sniffing on internet.

These charts can look like

Fig No 1.1:- Packet sniffing graphs

Chapter 1



INTELLIGENT SNIFFER


Fig no 1.2 Statistic levels

All information that travels across a network is sent in "packets." For example, when

an email is sent from one computer to another, it is first broken up into smaller segments.

Each segment has the destination address attached, the source address, and other information

such as the number of packets and reassembly order. Once they arrive at the destination, the

packet's headers and footers are stripped away, and the packets reconstituted. In the example

of the simplest network where computers share an Ethernet wire, all packets that travel

between the various computers are "seen" by every computer on the network. A hub

broadcasts every packet to every machine or node on the network, and then a filter in each

computer discards packets not addressed to it. A packet sniffer disables this filter to capture

and analyze some or all packets traveling through the Ethernet wire, depending on the

sniffer's configuration.

A packet sniffer is not just a hacker 's tool. It can be used for network troubleshooting

and other useful purposes. However, in the wrong hands, a packet sniffer can capture sensitive



INTELLIGENT SNIFFER


personal information that can lead to invasion of privacy, identity theft, and other serious

eventualities.



INTELLIGENT SNIFFER


Chapter 2

LITERATURE SURVEY

_______________________________________________________

The past five years have witnessed the emergence of comprehensive efforts to improve the

security of information systems and networks. A recent survey by the OECD demonstrates

that governments have developed national policy frameworks as well as partnerships with the

private sector and civil society around combating cybercrime, developing Computer Security

Incident Response Teams (CSIRTs), raising awareness,information sharing, fostering

education and other initiatives.

During the same period, security threats have increasingly captured the public¶s attention ±

fueled by new attack trends on the Internet, terrorism warnings, rising cybercrime and our

growing reliance on the Internet and other communication networks in virtually all aspects of

our lives. An increasingly powerful threat is posed by so-called ³malware´ ± commonly

defined as malicious software that is inserted into an information system, usually covertly,

with the intent of compromising the confidentiality, integrity, or availability of the victim¶s

data, applications, or operating system or otherwise annoying or disrupting the victim¶s

system or other systems (Mell et al. 2005, p. ES-1). Typical forms of malware include viruses,

worms, Trojans, key loggers and malicious mobile code.

The effects of malware have increased significantly in the last few years, forcing us to rethink

the way in which information security is pursued. For governments, increasing public

attention implies increasing political pressure to intensify their actions, beyond the initiatives

already underway. The question is: When and how? What policies and initiatives are needed

How to improve cybersecurity is hardly a straightforward question. Notwithstanding rapidly

growing investments in security measures, it has become clear that cybersecurity is a

technological arms race that will not be decided in the immediate future. Take spam, for

instance. Several years ago, so-called open e-mail relays were a major source of spam. ISPs

and other actors developed measures to collectively combat open relays, such as blacklisting



INTELLIGENT SNIFFER


By the time the adoption of these measures reached a critical mass, spammers had already

shifted their tactics. As a result, the significant reduction in the number of open relays had

hardly any impact on the amount of spam. More recently, the industry debated the use of

Sender Policy Framework (SPF) as a way to combat the forging of the sender¶s mail

addresses ± a typical property of spam messages. While the industry was still discussing the

merits of SPF, spammers were already successfully abusing SPF as a means to get even more

messages past spam filters. The list of examples goes on and on.

While many would agree that cybersecurity needs to be strengthened, the effectiveness of

many security measures is uncertain and contested, to say the least. Furthermore, security

measures may also impede innovation and productivity. It is easy to forget that while the

internet has enabled an extraordinary wave of technological innovation and productivity

growth, it is also susceptible to significant security threats. The benefits of the latter often

outweigh the costs of the former ± as in the case of online credit card transactions. From the

very start, credit card companies have struggled with rising fraud. That hasn¶t stopped them

from expanding their online business. The benefits of that growth were consistently higher

than the costs of the increase in fraud that came with it. Rather than implementing farreaching

security measures that would restrict the usefulness of the system, they¶ve adopted strategies

to fight instances of fraud, up until the point where the costs of further reductions in fraud are

higher than the remaining damages.

All this means that total security is neither achievable nor desirable. Actors need to make their

own tradeoffs regarding what kind of security measures they deem appropriate and rational,

given their business model. Clearly, these business models are very different for actors in the

different niches of the complex ecosystem surrounding information systems and networks ±

In other words, many instances of what could be conceived as security failures are in fact the

outcome of rational economic decisions, given the costs and benefits facing the actors

involved. What is needed, then, is a better understanding of these costs and benefits ± in short:

of the economics of cybersecurity. This report outlines a research project to this aim,

considering options for OECD member countries with respect to new policies, as well as

providing a better foundation for the public-private partnerships set up to deal with

cybersecurity.



INTELLIGENT SNIFFER


Research in the field of cybersecurity is undergoing a major paradigm shift. More and more

researchers are adopting economic approaches to study cybersecurity, shifting emphasis away

from a focus on technological causes and solutions. Most of this innovative research has yet

to find its way into the realm of policymakers, let alone into the policies themselves. While

reports like the OECD survey on the culture of security (OECD, 2005) generally recognize

that there is more to cybersecurity than technology, the proposed measures are still mostly

oriented in that direction: developing technological responses and efforts to stimulate their

adoption. Think of initiatives to promote authentication, encryption and Trusted Third Parties,

awareness campaigns urging people to improve the security of their systems, certification

schemes tied to security standards, and clearinghouses for information on security threats and

their remedies such as CERTs.

Notwithstanding the necessity of these initiatives, they typically ignore the economics of

cybersecurity ± i.e., the underlying economic incentive structure. As Anderson and Moore

(2006, p. 610) have argued, ³over the past 6 years, people have realized that security failure is

caused at least as often by bad incentives as by bad design.´ Many of the problems of

information security can be explained more clearly and convincingly using the language of

microeconomics: network effects, externalities, asymmetric information, moral hazard,

adverse selection, liability dumping and the tragedy of the commons. Within this literature,

the incentives that stimulate efficient behavior are central.

We can see the power of incentive structures around security threats everywhere. Take the

distribution of viruses and other malware. During the second part of the nineties, when the

cale of virus distribution was rapidly increasing and many end users (home, corporate,

governmental) were affected, most ISPs argued that virus protection was the responsibility of

the end users themselves. The computer was their property, after all. They further argued that

they couldn¶t scan the traffic coming through their e-mail servers, because that would invade

the privacy of the end user. The mail message was also considered the property of the end

user. About five years ago, this started to change. The spread of viruses and worms had grown

exponentially and now the infrastructures of the ISPs themselves were succumbing to the

load. ISPs radically shifted their position in response. Within a few years, the majority of

them started to scan incoming e-mail traffic and deleting traffic that they identified as



INTELLIGENT SNIFFER


malignant. The effects of the property rights had been extended: the property rights of the

infrastructure now gave the incentive to invest in fighting malware. One could view this as an

example of an invisible hand: self-interested behavior of ISPs led to a more thorough defense

against email-based viruses and increasing net social benefits.

In many cases, an economic perspective on cybersecurity ± and malware in particular ±

provides us with more powerful analysis and a fruitful starting point for new governmental

policies: incentive structures and market externalities. This report sets out to develop this

perspective, building on the innovative research efforts of the past six years. More work is

needed, however. As we will see, most of the research so far has been based on the methods

of neoclassical and new institutional economics. While powerful, these methods are based on

rather stringent assumptions about how actors behave ± such as their rationality, their security

tradeoffs and the kind of information they have ± and how they interact with their institutional

environment.

We discuss the implications of these neoclassical and new institutional approaches in more

detail in the next chapter. For now, we briefly mention three limitations: (1) they provide

limited insight into how actors actually perceive the cost, benefits and incentives they face;

(2) they have difficulties taking into account dynamic and learning effects, such as how a loss

of reputation changes the incentives an actor experiences; and (3) they treat issues of

institutional design as somewhat trivial. That is to say, the literature assumes that its models

can indicate what market design is optimal, that this design brought into existence at will and

that actors will behave as the model predicts. If the past decade of economic reforms ±such as

privatization, liberalization and deregulation ± have taught us anything, it is that designing

markets is highly complicated and sensitive to context. It cannot be based on formal

theoretical models alone. Institutional design requires an in-depth empirical understanding of

current institutional structures.



INTELLIGENT SNIFFER


2.1 Principles

There were five primary goals in the creation of the Java language:

1. It should be "simple, object oriented, and familiar".

2. It should be "robust and secure".

3. It should be "architecture neutral and portable".

4. It should execute with "high performance".

5. It should be "interpreted, threaded, and dynamic".

2.1.1 The Swing Components

Include everything from buttons to split panes to tables..

2.1.2 Pluggable Look and Feel Support

Gives any program that uses Swing components a choice of looks and feels. For

example, the same program can use either the JavaTM

look and feel or the Windows

look and feel. We expect many more look-and-feel packages -- including some that

use sound instead of a visual "look" -- to become available from various sources.

2.1.3 Accessibility API

Enables assistive software such as screen readers and Braille displays to get

information from the user interface.

2.1.4 Java 2DTM

API (Java 2 Platform only)

Enables developers to easily incorporate high-quality 2D graphics, text, and images in

applications and in applets.

2.1.5 Drag and Drop Support (Java 2 Platform only)

Provides the ability to drag and drop between a Java application and a native

application.

The first three JFC features were implemented without any native code, relying only on the

API defined in JDK 1.1. As a result, they could and did become available as an extension to



INTELLIGENT SNIFFER


JDK 1.1. This extension was released as JFC 1.1, which is sometimes called "the Swing

release." The API in JFC 1.1 is often called "the Swing API."

Note: "Swing" was the codename of the project that developed the new components.

Although it's an unofficial name, it's frequently used to refer to the new components and

related API. It's immortalized in the package names for the Swing API, which begin with

javax.swing.

This trail concentrates on the Swing components. We help you choose the appropriate ones

for your GUI, tell you how to use them, and give you the background information you need to

use them effectively. We discuss the Pluggable look and feel and Accessibility support when

they affect how you write programs that use Swing components.

2.2 Which Releases Contain the Swing API?

The Swing API is available in two forms:

y As a core part of the Java 2 Platform (standard edition of either v 1.2 or v 1.3)

y JFC 1.1 (for use with JDK 1.1)

Which release you use depends on whether you need to use JDK 1.1 or the Java 2

Platform, and on whether you're willing to be a beta tester for SDK v 1.3. It's a bit simpler to

use the Java 2 Platform because the JFC is built into the Java 2 Platform and you don't need

to add libraries to be able to use the Swing API. However, if you need to use JDK 1.1, then

adding the Swing API (using JFC 1.1) isn't difficult.This trail describes the Swing 1.1 API,

which is the version present in the Java 2 Platform v 1.2 and in the release called "JFC 1.1

(with Swing 1.1)." Except where noted, the code in this trail works unchanged with either

release and subsequent compatible releases, such as SDK v 1.3 and JFC 1.1 (with

Swing 1.1.1).



INTELLIGENT SNIFFER


Sun has released many versions of JFC 1.1, which are identified by the version of

Swing API they contain. One previous version, for example, was called "JFC 1.1 (with

Swing 1.0.3)." The last JFC 1.1 release was Swing version 1.1.1. It had the same API as

Swing 1.1, but added many bug fixes, some performance improvements, and a few new

capabilities such as HTML text in labels that required no API changes.

The following table shows some of the important releases containing Swing API. Bold font

indicates the releases typically used in shipping products.

2.2.1 What Swing Packages Should I Use?

The Swing API is powerful, flexible -- and immense. For example, the 1.1 version of the API

has 15 public packages: javax.accessibility, javax.swing, javax.swing.border,

javax.swing.colorchooser, javax.swing.event, javax.swing.filechooser, javax.swing.plaf,

javax.swing.plaf.basic, javax.swing.plaf.metal, javax.swing.plaf.multi, javax.swing.table,

javax.swing.text, javax.swing.text.html, javax.swing.tree, and javax.swing.undo.

Fortunately, most programs use only a small subset of the API. This trail sorts out the API for

you, giving you examples of common code and pointing you to methods and classes you're

likely to need. Most of the code in this trail uses only one or two Swing packages:

y javax.swing

y javax.swing.event (not always required)

2.2.2 How Are Swing Components Different from AWT Components?

The AWT components are those provided by the JDK 1.0 and 1.1 platforms. Although

the Java 2 Platform still supports the AWT components, we strongly encourage you to use

Swing components instead. You can identify Swing components because their names start

with J. The AWT button class, for example, is named Button, while the Swing button class is

named JButton. Additionally, the AWT components are in the java.awt package, while the

Swing components are in the javax.swing package.



INTELLIGENT SNIFFER


The biggest difference between the AWT components and Swing components is that

the Swing components are implemented with absolutely no native code. Since Swing

components aren't restricted to the least common denominator -- the features that are present

on every platform -- they can have more functionality than AWT components. Because the

Swing components have no native code, they can be be shipped as an add-on to JDK 1.1, in

addition to being part of the Java 2 Platform.

Even the simplest Swing components have capabilities far beyond what the AWT

components offer:

y Swing buttons and labels can display images instead of, or in addition to, text.

y You can easily add or change the borders drawn around most Swing components. For

example, it's easy to put a box around the outside of a container or label.

y You can easily change the behavior or appearance of a Swing component by either

invoking methods on it or creating a subclass of it.

y Swing components don't have to be rectangular. Buttons, for example, can be round.

y Assistive software such as screen readers can easily get information from Swing

components. For example, a tool can easily get the text that's displayed on a button or

label.

Swing lets you specify which look and feel your program's GUI uses. By contrast, AWT

components always have the look and feel of the native platform.

Another interesting feature is that Swing components with state use models to keep the state.

A JSlider, for instance, uses a BoundedRangeModel object to hold its current value and range

of legal values. Models are set up automatically, so you don't have to deal with them unless

you want to take advantage of the power they can give you.

If you're used to using AWT components, you need to be aware of a few gotchas when using

Swing components:



INTELLIGENT SNIFFER


y Programs should not, as a rule, use "heavyweight" components alongside Swing

components. Heavyweight components include all the ready-to-use AWT components

(such as Menu and ScrollPane) and all components that inherit from the AWT Canvas

and Panel classes. This restriction exists because when Swing components (and all

other "lightweight" components) overlap with heavyweight components, the

heavyweight component is always painted on top.

y Swing components aren't thread safe. If you modify a visible Swing component --

invoking its setText method, for example -- from anywhere but an event handler, then

you need to take special steps to make the modification execute on the event-

dispatching thread. This isn't an issue for many Swing programs, since component-

modifying code is typically in event handlers.

y The containment hierarchy for any window or applet that contains Swing components

must have a Swing top-level container at the root of the hierarchy. For example, a

main window should be implemented as a JFrame instance rather than as a Frame

instance.

y You don't add components directly to a top-level container such as a JFrame. Instead,

you add components to a container (called the content pane) that is itself contained by

the JFrame.

2.3 What Is Java?

Java is two things: a programming language and a platform.

2.3.1 The Java Programming Language

Java is a high-level programming language that is all of the following:

Simple Architecture-neutral

Object-oriented Portable

Distributed High-performance

Interpreted Multithreaded



INTELLIGENT SNIFFER


Robust Dynamic

Secure

You translate a Java program into an intermediate language called Java bytecode--the

platform-independent codes interpreted by the Java interpreter. With an interpreter, each Java

bytecode instruction is parsed and run on the computer. Compilation happens just once;

interpretation occurs each time the program is executed. This figure illustrates how this

works.

Fig no 2.1 Process of compilation

You can think of Java bytecodes as the machine code instructions for the J ava Vir t ual

Machine (Java VM). Every Java interpreter, whether it's a Java development tool or a Web

browser that can run Java applets, is an implementation of the Java VM. The Java VM can

also be implemented in hardware.

Java bytecodes help make "write once, run anywhere" possible. You can compile your Java

program into bytecodes on any platform that has a Java compiler. The bytecodes can then be

run on any implementation of the Java VM. For example, the same Java program can run on

Windows NT, Solaris, and Macintosh.



INTELLIGENT SNIFFER


Fig no:2.2 working of compiler

2.3.2 The Java Platform

A platform is the hardware or software environment in which a program runs. The Java

platform differs from most other platforms in that it's a software-only platform that runs on

top of other, hardware-based platforms. Most other platforms are described as a combination

of hardware and operating system.

The Java platform has two components:

y The J ava Vir t ual Machine (Java VM)

y The J ava Applicat ion Pr og ramming I nterface (Java API)

You've already been introduced to the Java VM. It's the base for the Java platform and is

ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that provide many

useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped

into libraries (pack ages) of related components.



INTELLIGENT SNIFFER


The following figure depicts a Java program, such as an application or applet, that's running

on the Java platform. As the figure shows, the Java API and Virtual Machine insulates the

Java program from hardware dependencies.

As a platform-independent environment, Java can be a bit slower than native code. However,

smart compilers, well-tuned interpreters, and just-in-time bytecode compilers can bring Java's

performance close to that of native code without threatening portability.

2.4 What Can Java Do?

Probably the most well-known Java programs are J ava appl ets. An applet is a Java program

that adheres to certain conventions that allow it to run within a Java-enabled browser. At the

beginning of this trail is an applet that displays an animation of Java's mascot, Duke, waving

at you.

However, Java is not just for writing cute, entertaining applets for the World Wide Web

("Web"). Java is a general-purpose, high-level programming language and a powerful

software platform. Using the generous Java API, you can write many types of programs.

The most common types of programs are probably applets and applications, where a

Java application is a standalone program that runs directly on the Java platform. A special

kind of application known as a server serves and supports clients on a network. Examples of

servers include Web servers, proxy servers, mail servers, print servers, and boot servers.

Another specialized program is a servl et . Servlets are similar to applets in that they are

runtime extensions of applications. Instead of working in browsers, though, servlets run

within Java servers, configuring or tailoring the server.



INTELLIGENT SNIFFER


How does the Java API support all of these kinds of programs? With packages of software

components that provide a wide range of functionality. The cor e API is the API included in

every full implementation of the Java platform. The core API gives you the following

features:

y The Essentials: Objects, strings, threads, numbers, input and output, data

structures, system properties, date and time, and so on.

y Applets: The set of conventions used by Java applets.

y Networking: URLs, TCP and UDP sockets, and IP addresses.

y Internationalization: Help for writing programs that can be localized for users

worldwide. Programs can automatically adapt to specific locales and be

displayed in the appropriate language.

y Security: Both low-level and high-level, including electronic signatures,

public/private key management, access control, and certificates.

y Software components: Known as JavaBeans, can plug into existing

component architectures such as Microsoft's OLE/COM/Active-X architecture,

OpenDoc, and Netscape's Live Connect.

y Object serialization: Allows lightweight persistence and communication via

Remote Method Invocation (RMI).

y Java Database Connectivity (JDBC): Provides uniform access to a wide

range of relational databases.

Java not only has a core API, but also standard extensions. The standard extensions define

APIs for 3D, servers, collaboration, telephony, speech, animation, and more.



INTELLIGENT SNIFFER


Chapter 3

PROJECT PLANNING

__________________________________________________________________________

The development of an application will be on J2EE software, MySQL database

server & Apache tomcat server.

3.1Project Process Management

Project Process Management means management of all activities throughout the

development of whole project. In terms of Software Engineering Project Process

Management is similar to Software Development Lifecycle (SDLC). We would be

following the incremental Software Development model. Please note the project itself

involves working with the first phase only .

fig no 3.1The incremental mode



I N ¡ ¢ ¢

IGE N

£

N IFFER

C ¤

¥ ¦

§

ER DEPT 18 DYP C ¤

E AK §

RDI,PU N E

Fi no 3.2 Gantt C ar t



INTELLIGENT SNIFFER


Chapter 4

SOFTWARE REQUIREMENT SPECIFICATION

The software requirement specification is produced at the culmination of the

analysis task. The function and performance allocated to software as part of system

engineering are refined by establishing a complete information description, a detailed

functional description, a representation of system behavior, an indication of performance

requirement and design constraints appropriate validation criteria, and other information

pertinent to requirement.

The introduction to software requirements specification states the goals and objectives of the

software, describing it in the context of the computer based system.The Information

Description provides a detailed description of the problem that the software must solve.

Information content, flow and structure are documented.A description of each function

required to solve the problem is presented in the Functional Description.

Validation Criteria is probably the most important and ironically the most often neglected

section of the software requirement specification.

Software requirement specification can be used for different purpose. Here are the major uses.

Statement of user needs:

A main purpose of the product specification is to define the need of the product¶s user. Some

times, the specification may be a part of a contract sign between the producer and the user. It

could also form part of the user manuals. A userµs needs are sometimes not clearly

understood by the developer. If this is the case, a careful analysis ± involving much

interaction with the user should be devoted to reaching a clear statement of requirements, in

order to avoid possible misunderstandings.

Sometimes, at the beginning of a project, even the user has no clear idea of what exactly the

desired product is. Think for instance of user interface , a user with no previous experience

with computer products may not appreciate the difference between , say menu driven



INTELLIGENT SNIFFER


interaction and a command line interface. Even an exact formation of system functions and

performance may be missing an initial description produced by an inexperienced user.

A statement of the requirements for the implementation:

Specifications are also used as a reference point during product implementation. In fact,

the ultimate goal of the implementation is to build a product that needs specification. Thus the

implementers use specifications during design to make design decisions and during the

verification activity to check that the implementation compiles with specifications.



INTELLIGENT SNIFFER


Chapter 5

SOFTWARE DESIGN

_____________________________________________________

Software design is the first of three technical activities ± design, code generation and test that

are required to build and verify the software. Each activity transforms information in manner

that ultimately results in validated computer software.

The design task produces a data design, an architectural design, an interface design and

component design.

The design of an information system produces the details that clearly describe how a system

will meet the requirements identified during system analysis. The system design process is not

a step by step adherence of clear procedures and guidelines. When I started working on

system design, I face different types of problems; many of these are due to constraints

imposed by the user or limitations of hardware and software available. Some times it was

quite difficult to enumerate that complexity of the problems and solutions thereof since the

variety of likely problems is so great and no solutions are exactly similar however the

following consideration I kept in mind during design phased.

Design objectives:-

The primary objective of the design is to deliver the requirements as specified in the

feasibility report. These are the some of the objectives, which I kept in mind.

Practicality: The system is quite stable and can be operated by the people with

average intelligence.

Efficiency: I tried to involve accuracy, timeliness and comprehensiveness of

the system output.



INTELLIGENT SNIFFER


Cost: It is desirable to aim for the system with a minimum cost subject to the

condition that it must satisfy the entire requirement.

Flexibility: I have tried that the system should be modifiable depending on the

changing needs of the user. Such modifications should entail extensive

reconstructing or recreation of software. It should also be portable to different

computer systems.

Security: This is very important aspect which I followed in this designing

phase and tried to covers the areas of hardware reliability, fallback procedures,

and physical security of data.

Runtime Environment

Eclipse Web Server requirements

MySql Webs Server & Apache tomcat server

Browser requirements

Mozilla Firefox or Internet Explorer

Desktop Software Requirements

JpCap or similar Packet Analysis Library

Java/J2EE ApacheTomcat

Fusion Charts Library

ExtJS and Flash



INTELLIGENT SNIFFER


Fig no 5.1 working of Sniffer

Denial of Service (DoS) attack is most widely used for this purpose. In DoS attack the

intruder blocks or exhausts network resources, so that the authenticated users will be unable to

use the services provided by network.

The Proposed SNIFFER should be a self contained system. It should not be dependent on the

other application software for detecting attacks done on the system. Intrusion Detection

Prevention System should have its own network packet analyzer.



INTELLIGENT SNIFFER


Chapter 6

IMPLEMENTATION

_______________________________________________________

This Project involves the following

Design and Development of a middleware system which provides the following

y Proxy and Relay Services

y Packet capture and analysis service

y Route detection and networking services

y Firewall Services

Design and Development of an Intrusion detection system which provides checks for

y ICMP flood Teardrop attacks

y Permanent denial-of-service attacks

y Application level floods

y Nuke

y Degradation-of-service attacks

y Unintentional denial of service

y Blind denial of service Configurable parameters for the various levels of Attacks being executed

Design and Development of Business Analytics based Web Monitoring Tool which

provides the following

y Graphical real-time insight into the flow of Data and Network Packets client

wise

y Real time In memory Info pads and Grids

y Ability to monitor network traffic and usage

y Ability to terminate malicious connections

y Ability to generate reports and graphs for

Intrusion attempts

Network Usage



INTELLIGENT SNIFFER


Protocol Mappings

Ability to generate historical reports on Network Usage and using Artificial intelligence

Allow administrators to depict network usage scenarios in upcoming weeks

Ability to define rules for accessing outside networks/protocol usage based on time of

the day

Ability to find error prone packets

Ability to firewall Denial of Service Attacks, SYN Attacks

Integration with Google Maps to roughly point the origin of a packet/communication on

Maps

Ability to visualize the routers machines etc in the vicinity

SMS and Email based notification in case attacks are detected

6.1 Architecture

Fig no 6.1 Architecture diag



INTELLIGENT SNIFFER


Existing Sniffers

This application will show the visualized packet sniffing through using Fusion charts. But

these are the packet sniffers those already exist but do not give the visualized effects of the

packet sniffing.

Wireshark : Sniffing the glue that holds the Internet together

Kismet : A powerful wireless sniffer

Tcpdump : The classic sniffer for network monitoring and data acquisition

Cain and Abel : The top password recovery tool for Windows

Ettercap : In case you still thought switched LANs provide much extra security

Dsniff : A suite of powerful network auditing and penetration-testing tools

NetStumbler : Free Windows 802.11 Sniffer

Ntop : A network traffic usage monitor

Ngrep : Convenient packet matching & display

EtherApe : EtherApe is a graphical network monitor for Unix modeled after etherman

KisMAC : A GUI passive wireless stumbler for Mac OS X

Advantages & Disadvantages of Packet Filters

Advantages

Easy to install

Packet filters make use of current network routers. Therefore implementing a

packet filter security system is typically less complicated than other network

security solutions.



INTELLIGENT SNIFFER


Supports High Speed

With simple network configurations, packet filters can be fast. Since there is a

direct connection between internal users and external hosts, data can be

transmitted at high speeds.

Makes Security Transparent to End-Users

Because packet filters work at the level of the network router, filtering is

transparent to the end-user. That makes using client applications much easier.

Disadvantages

y Leaves Data Susceptible to Exposure

With packet filtering, users connect directly from network to network. Direct

connections leave data susceptible to exposure. Hackers can use packet-sniffer to

access information, such as a user address from the data stream and network security

can be compromised.

y Offers Little Flexibility Creating complex access rules with packet filters can be

difficult. With segmented local-area networks (LAN), it's almost impossible to

configure rule sets for users with different access privileges.

Usage of Intelligent Sniffer

The versatility of intelligent sniffers means they can be used to

Analyze network problems

Detect network intrusion attempts

Detect network misuse by internal and external users

Documenting regulatory compliance through logging all perimeter and endpoint traffic



INTELLIGENT SNIFFER


Gain information for effecting a network intrusion

Isolate exploited systems

Monitor WAN bandwidth utilization

Monitor network usage (including internal and external users and systems)

Monitor data-in-motion

Monitor WAN and endpoint security status

Gather and report network statistics

Filter suspect content from network traffic

Serve as primary data source for day-to-day network monitoring and management

Spy on other network users and collect sensitive information such as passwords

(depending on any content encryption methods which may be in use)

Reverse engineer proprietary protocols used over the network

Debug client/server communications

Debug network protocol implementations

Verify adds, moves and changes

Verify internal control system effectiveness (firewalls, access control, Web filter,

Spam filter, proxy)

Packet Analytics Platform

A packet analytics Platform is an intelligent system that can intercept and log traffic passing

over a digital network or part of a network. As data streams flow across the network, the

analyzer captures each packet and, if needed, decodes and analyzes its content according to

the appropriate RFC or other specifications.

Because of the versatility of the Packet analyzers they can be used to

Analyze network problems

Detect network intrusion attempts

Gain information for effecting a network intrusion

Monitor network usage

Gather and report network statistics

Filter suspect content from network traffic



INTELLIGENT SNIFFER


Spy on other network users and collect sensitive information such as passwords

(depending on any content encryption methods which may be in use)

Reverse engineer proprietary protocols used over the network

Debug client/server communications

Debug network protocol implementations

A packet sniffer, sometimes referred to as a network monitor or network analyzer, can be used

legitimately by a network or system administrator to monitor and troubleshoot network traffic.

Using the information captured by the packet sniffer an administrator can identify erroneous

packets and use the data to pinpoint bottlenecks and help maintain efficient network data

transmission. In its simple form a packet sniffer simply captures all of the packets of data that

pass through a given network interface. Typically, the packet sniffer would only capture

packets that were intended for the machine in question. However, if placed into promiscuous

mode, the packet sniffer is also capable of capturing ALL packets traversing the network

regardless of destination.

By placing a packet sniffer on a network in promiscuous mode, a malicious intruder can

capture and analyze all of the network traffic. Within a given network, username and

password information is generally transmitted in clear text which means that the information

would be viewable by analyzing the packets being transmitted. A packet sniffer can only

capture packet information within a given subnet. So, it¶s not possible for a malicious

attacker to place a packet sniffer on their home ISP network and capture network traffic from

inside your corporate network (although there are ways that exist to more or less "hijack"

services running on your internal network to effectively perform packet sniffing from a

remote location). In order to do so, the packet sniffer needs to be running on a computer that

is inside the corporate network as well. However, if one machine on the internal network

becomes compromised through a Trojan or other security breach, the intruder could run a

packet sniffer from that machine and use the captured username and password information to

compromise other machines on the network.



INTELLIGENT SNIFFER


Detecting rogue packet sniffers on your network is not an easy task. By its very nature the

packet sniffer is passive. It simply captures the packets that are traveling to the network

interface it is monitoring. That means there is generally no signature or erroneous traffic to

look for that would identify a machine running a packet sniffer. There are ways to identify

network interfaces on your network that are running in promiscuous mode though and this

might be used as a means for locating rogue packet sniffers.

If you are one of the good guys and you need to maintain and monitor a network, I

recommend you become familiar with network monitors or packet sniffers such as Ethereal.

Learn what types of information can be discerned from the captured data and how you can

put it to use to keep your network running smoothly. But, also be aware that users on your

network may be running rogue packet sniffers, either experimenting out of curiosity or with

malicious intent, and that you should do what you can to make sure this does not happen.



INTELLIGENT SNIFFER


Chapter 7

CONCLUSION

_______________________________________________________

The future of these intelligent sniffers is very promising. The advantages of this

software far outweigh the advantages of the existing softwares.The Future sniffers will be

very fast in operation and they will be very cheap.

This software are being supported by many big companies so they might be available in the

next few years. This software aim to fulfill the needs and demands along with maintaining

lower costs and high quality. They have to prove themselves before mass production begins.

The previous sections explained recently developing projects which have the potential to

replace normal sniffers with intelligent sniffers,but before trying any new software, it must be

fully justified else it will get rejected.

Also the new technologies discussed have many disadvantages and drawbacks. Efforts are on

to improve the performance, quality and reliability of the proposed devices. Many giant

companies are investing millions into research in order to solve the problem of ever

increasing demand.

The Proposed SNIFFER should be a self contained system. It should not be dependent on the

other application software for detecting attacks done on the system. Intrusion Detection

Prevention System should have its own network packet analyzer.

A packet sniffer is not just a hacker 's tool. It can be used for network troubleshooting and

other useful purposes. However, in the wrong hands, a packet sniffer can capture sensitive

personal information that can lead to invasion of privacy, identity theft, and other serious

eventualities.



INTELLIGENT SNIFFER

Chapter 8 REFERENCES

_______________________________________________________

Websites:

http://www.j2meworld.com

http://www.wikipedia.org

http://www.sun.java.com

www.research.ibm.com

www.intel.com

Search engines:

www.google.com

www.turbo10.com

report sniffer

Documents