This document is a research paper on network security and implementation of a network sniffer. The document overviews a study on computer networks, different hardware used in a network and how to programmatically approach to read all the packets that are being communicated within a specific network.
Network security and network monitoring are prime concerns for any organization. Network teams are established to monitor the bandwidth usage, anonymous transactions, intrusions, security breaches etc. Network sniffer is an approach to design an application that reads every packet in a local area network and forms an analysis to identify threats.
A network sniffer is a residual application that should be installed on one of the computers on the local Ethernet network. On initialization the application will reset the Ethernet card in promiscuous mode. This document will analyze the technical feasibility and will critically review the design for the project.
Network sniffer should be an application that assists network administrators to analyze in and outflow of data, identify the frequent source and destinations, identify bottle necks, data overflows etc. The application shall be accessible from a remote location for the administrator.
CHAPTER 1: INTRODUCTION
INTRODUCTION TO NETWORKS
A group of 2 or more computers linked with a communication medium is a network. The computers in a network are called nodes.
A network can also be defined as a set of independent nodes that have a physician or a logical medium for communication.
Computer networks are mans greatest invention ever. Networks are used for different purposes. A network definition is so simple and generic for the fact that they are versatile and have a broad list of tasks that they can accomplish. Today every activity that we perform has a network involved, our internet, the cell phone network, office networks, ATM machines etc. Networks are the driving power behind modern days technological growth. While networks play a major role, their evolution is of much to teach.
While today connecting a personal computer in a network is a common activity, during their origin, it was large mainframes that were connected to each other over a network. PC network was a phenomemoon that swung into action during the 90s.
As the benefits grow so will the challenges. Below are some of the challenges that computer networks face.
Security: Simple use of the term security would be a more generic way to express the challenge for networks. Network security is a major concern today. With the internet evolution hackers have the ability to barge into any computer in the network using some sophisticated tools. Network data leakage, network eavesdropping is a threat to data safety and security. Some of the modern day security systems are firewalls and intrusion detectors, packet analyzers.
Scalability: The ability to accommodate additional computers on a network is scalability. With the growing usage of networks the need to accommodate more number of computers increases. This is a challenge modern day networking. A network should be growing able.
Protocols: A better example to this is the networks of networks, the internet. The internet is a collection of different times of networks, but with evolving needs there might be new protocols and then the complication to have a communication between two different networks running on different protocols.
Speed: The type of network decides the speed of data transfer. On a shared network the speed might be a constraint and adding more computers will take their share of the network bandwidth. Critical applications will need high speed network access to resources.
The OSI model:
The famously known ISO-OSI model which stands for Open System Interconnection (OSI) reference model devised by the International standards organization (ISO). The OSI model is a standard model which governs every network protocol. This is the primary architecture model. The model describes 7 layers for data processing. Each layer is an independent by itself and will perform a set of activities. Each layer is self contented and independently implemented too. The reason this model is versatile and can accommodate one layer or all the 7 layers made it a chosen model for all protocols:
•Layer 2-Data link
Characteristics of the OSI Layers:
The OSI model is divided into two group layers. The Upper layers and the lower layers. The upper layers – Application layers are more often layers that interact with the end software on the computer. While the data transport layers deals with raw network data including the physical layer. The application layer directly interacts with the end user.
The physical layer and the data link layer are implementations of both hardware and software combinations. The lowest layer, the physical layer directly interacts with the network medium which is a network cable or a wireless medium.
Regularly used data communication formats are frames, packets, datagram, segments, messages, cells, and data units. Based on the protocol and different components inside the data unit, it is classified into a data format.
Frame is a unit that communicates at the data link layer. It contains both a header and trailer content. The header contains information about the source of origin, destination etc.
Above image describes the structure of a frame. The header and trailer packets contain control information for the data link layer, the upper layer data contains data that should be transmitted to the next upper layer which is the network layer.
While a frame deals at the datalink layer, packets are the term used for data that are processed at the network layer. A packet also contains a header and trailer load. This part of the packet contains the control data and checksum for the packet. On processing the packet the network layer feeds the upper layer data to the next layer.
Datagrams are information units with a source and destination as the network layer and use a connectionless service. Segment is the term used for data packets that involve at the transport layer.
A cell is a composition of a header and data load, the header will contain information that is dor the data link layer entity and is 5 bytes long. The data load or the payload is data for the upper layer is 48 bytes long. The size of these fields is fixed always.
Network protocols are for the purpose to support two different entities communicate in an understandable language with each other. A wide variety of protocols exist and all these protocols evolved from the ISO OSI model. Over the course of time companies developed protocols to suit their/their customer’s needs. While there are many protocols the top protocols is the TCP/IP protocol. The TCP protocol ensure data packets are delivered across the network without any loss and the IP protocol controls the transfer of data by maintain the routing for the data packets. LAN and WAN are such protocols that use TCP/IP.
TCP segment structure
A TCP segment consists of a segment header and a data section. The TCP header contains 10 mandatory fields, and an optional extension field (Options, pink background in table). The data section follows the header. Its contents are the payload data carried for the application.
1.4 Network Topologies
1.5 Network Identification and hardware
Network hardware, the physician medium that build the network system consists of different equipment like routers, switches, hubs, network interface cards, cables, bridges, modems, adaptors etc. Here I would like to discuss some of the primary hardware that will play a vital role for network sniffers discussion.
Switches: A network bridge that routes data at the DLL (layer 2 – Data link layer) of the OSI model. There are two types of switches, layer 2 and layer 3 switches. Each point on a switch acts as a direct communication point with the client machine. The switch provides a one to one relation and identification for the server. When a data packet enters a switch, the switch registers the MAC address and associates it with a port on the switch. When there is a data packet for this destination it directly transfers data over this port.
Routers: An efficient networking device is a router. It is an advanced level switch. A network router works at the network layer and can transfer data with IP addresses and not binding to MAC addresses. Routers maintain a routing table and will run on algorithms that improve data transfer and eliminate bottlenecks.
Network interface cards (NIC): Also known as Ethernet card is an interface on the computer to the network via a cable or wireless medium. It provides a low level address with the Media Access control identification or also called as MAC ID.
CHAPTER 2: NETWORK SNIFFERS
Network sniffer as the name says is an application that can sniff packets traversing over a certain selected network. In a bus network, the data communication is a broadcast service.
A sniffer takes advantage of this service and reads all the packets in the network. Some of the applications that will have a network sniffer underlying are
Network monitoring tools
Network analysis/diagnostics tools
Parental control tools
While network sniffers tend to be the solution for network administrators to perform their day to day activities, the current model of sniffers are limited to bus based topologies. This said, the sniffer is practically a subset of itself when it is installed in a switch based network.
Types of network sniffers
Stand-alone sniffer: A stand-alone network sniffer is an application that is installed on a device which is carried by the network administrator. The network administrator has to plug in this device into the local network and start analyzing packets. This is the old model where network administrator is expected to be present to capture and analyze packets.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
Modern Sniffer with RMON (remote monitoring): The current day network sniffers are advanced sniffers with ability to work remotely. Network administrator can run the sniffer application in one of the local computers on the network which will be active most of the time. The sniffer will continuously analyze packets and store results. When the administrator prefers to generate reports, review network usage, traffic etc the administrator can remotely login to this server via the same network and read all the reports. This gives the flexibility to the administrator to choose to provide services from wherever he/she are and also provide simultaneous service to multiple networks.
Network sniffers provide multiple advantages. As told earlier, they are a boon to the network administrator to run diagnostics on their network to analyze the network usage, generate reports, identify protocols on the network etc.
This can lead to identifying security breaches, over bandwidth usages, source computers accessing illegal sites, virus/worm transmission pattern identifications etc.
Based on the packets traversal a pre-emptive program can identify frequently visited destinations inside and outside the network.
Like any other software network sniffers have another side too. If fallen in wrong hands, every data communication over the network could be eavesdropped by hackers and interpreted leading to data leakage.
In general a network sniffer doesn’t consider reading data inside a packet; the major concern is the overhead which has the source and destination addresses and the packet types. But it is always extendable to read the data inside a packet. However, this data might be encrypted but if the source/destination program are not robust enough, the data can be leaked.
CHAPTER 3: OUR APPROACH
Every time there is a packet on the network, the packet is sent to all the computers in the network and only that machine whose MAC ID matches with the destination MAC ID in the packet will process the packet further. All other machines reject this packet.
3.2 The Design
This section, I would like to briefly discuss how a network sniffer works and the design structure of the same
Set the Ethernet card to promiscuous mode
When the network sniffer is initialized for monitoring purpose, the network sniffer would first set the Ethernet card into promiscuous mode.
Read all packets on the network
Once the Ethernet card is set to promiscuous mode, it starts reading every packet on the network from then on. The header of these packets is read and the source, destination, packet type, time etc are recorded in the system.
Move to network packet processor for analysis
Dynamic reporting is done in this phase. That means all the packets that are read, based on this data instant reports are generated like traffic on the network at that point of time, each source computer network usage etc.
Store results for interpretation
The results of the above reports and that network packet data is stored so the administrator can perform other interpretations and audits as required.
1. Ethernet based architecture: This architecture of network sniffer is an Ethernet based architecture which means that the software will then be more of a local computer monitoring tool if installed on switch based architecture.
CHAPTER 4: TECHNICAL FEASIBILITY
CHAPTER 5: CRITICAL EVALUATION
5.1 The design
5.2 Technical resources availability
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: