17-04-2012, 04:44 PM
hi kindly send me the project of Network Sniffer with the documentation.
Regards,
Sam.
17-04-2012, 04:44 PM
hi kindly send me the project of Network Sniffer with the documentation. Regards, Sam.
24-09-2012, 12:43 PM
Network Sniffer Network Sniffer.docx (Size: 682.22 KB / Downloads: 30) Abstract With the constant threats of denial of service attacks, intrusions and compromises of computer networks on the Internet, the need for information security education is in the highest demand these days. A laboratory environment in an accredited educational institution with world-renowned professors would be an ideal place to offer such education for future network and system administrators and information security enthusiasts. Network sniffing is a technique of monitoring every packet that crosses the network. A network sniffer is a piece of software or hardware that monitors all network traffic. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and usernames or other sensitive material. While network sniffers can be fully passive, some aren’t, therefore they can be detected. INTRODUCTION Network Sniffer is a powerful network analysis tool. It consists of a well-integrated set of functions that can resolve network problems. Network Sniffer can list all of the network packets in real-time from multi network card (Include Modem, ISDN, ADSL) and can also support capturing packets based on the applications (SOCKET, TDI etc). You can observe all traffic of the application that you are interested in. It is easy for you to learn and simple to use. Network Sniffer has plug-ins for different protocols such as ETHERNET, IP, TCP, UDP, PPPOE, HTTP, FTP, WINS, PPP, SMTP, POP3 and so on. Sniffer is a registered trademark of Network Associates, Inc. used on their network analyzing. How does a network sniffer work? To understand how a sniffer works, we need to know the main components of a sniffer and its working principle. 1. Components Sniffer is a combination of hardware and software. Different sniffers may have various configurations on account of designation and final usage, but basically, a sniffer is composed of four parts: • Hardware Most sniffing products can work by standard adapters. Some sniffers only support Ethernet or wireless adapters whereas some others support multi adapters and allow users to customize, so if you plan to install a sniffer in your computer, you shall be sure at first what type of adapter you possess and what type of adapter the sniffer requires. • Drive program This is the core of a sniffer. Each sniffing product has its own drive program, only after completing installation can a sniffer start to capture traffic and data from network. • Buffer A buffer is a storage device for captured data from network. In general, there are two modes of buffers: keep capturing until the storage place full, or keep capturing and overflowing as the latest captured data keep replacing the oldest data. The size of a buffer depends on a computer's EMS memory, that is, the bigger EMS memory is, the more data can be stored in the buffer. • Packet analysis Capture and analysis are both the most basic and important features of a sniffer. Most sniffing products can provide real-time analysis of captured packets, which is the main reason why they are good assistants of network administrators: record the errors and abnormity while they happening. Some advanced sniffing products are able to resume the contents of captured packets, they may also allow you to edit the content and transmit to network. Working principles As a rule, all network interfaces of a same segment have the ability to visit all the data transmitted on physical medium and each network interface is supposed to have a hardware address which is different to other existing network interfaces' on network, and at the same time, every network should have at least a broadcast address. In common cases, a legal network interface should response to only these two kinds of frames: 1. Target domain of frame has a hardware address matching to local network interface; 2. Target domain of frame has a broadcast address. When local network interface card is set as promiscuous mode, this network interface card has a broadcast address and produces a hardware halt to each frame it meets in order to notify operation system to deal with every packet passing through. Each machine on a local network has its own hardware address which differs from other machines'. When a packet is sent, it will be transmitted to all available machines on local network. Owing to the shared principle of Ethernet, all computers on a local network share the same wire, so in normal situation, all machines on network can see the traffic passing through but will be unresponsive to those packets do not belong to themselves by just ignoring. However, if the network interface of a machine is in promiscuous mode, the NIC of this machine can take over all packets and frames it receives on network, namely this machine (involving its software) is a sniffer. Conclusion : When computers communicate over networks, they normally just listen to the traffic specifically for them. However, network cards have the ability to enter promiscuous mode, which allows them to listen to all network traffic regardless of if it’s directed to them. Network sniffers can capture things like clear-text passwords and usernames or other sensitive material. Because of this network sniffers are a serious matter for network security. Fortunately, not all sniffers are fully passive. Since they aren’t tools like Anti-Sniff can detect them. Since sniffing is possible on non-switched and switched networks, it’s a good practice to encrypt your data communications |
|