28-10-2016, 11:44 AM
[attachment=74091]
Abstract: The evolution ofcomputer networks in the past few decades has been tremendous. With the increase in size of these networks and its users, the intricacy of the entire network amplifies. The volume of traffic that traverses through these network nodes affect the overall network efficiency. Since not all the traffic using the network resources is legitimate, this traffic needs to be monitored. Network Analysts need to be consistently aware of the kind of traffic that is consuming the network resources. For this, they make use of various packet-analyzers. There are different packet-analyzing software products available viz. Wireshark, Fiddler etc. By making use of these software products, they can track and trace any illegitimate activity occurring in the network. This project focuses on the working of a packet-analyzer and its bid to monitor the traffic in a network.
Introduction:
Packet analyzers or packet sniffers are softwares that collect all the data frames from the link layer by intercepting them at the transmitting device’s adapter. These frames are stored by the software as log files. Many of these software products come with features that enable the network analysts to study the packets in detail. Theycan observe the Source and Destination ports being used by the network to transmit the packets. They can also view the protocol being used for the packet transfer. In some cases, these packet analyzers have also been used to monitor the traffic traversing through the network.
After analyzing the captured traffic, they can recognize the invalid packets and zero-in on the logjam causing traffic in the network. This in turn helps alleviate the network congestion. But packet-analyzers can also be used illegally to intercept sensitive information like passwords, financial data etc. This problem is exacerbated by the fact that no one can actually know if the data that is being sent through their device is being monitored by a packet analyzer.
Related Work:
Lot of work regarding Network Traffic Monitoring has already been done in the past and a lot of research work is currently ongoing regarding the same. In one of previous works, the authors tried to improve the packet-capturing performance of Wireshark. They achieved this by increasing the buffering at the Kernel or Application level. The results of this experiment were applicable to all the libcap-based applications. [1]In another work, the problemsinvolved in Broadband network monitoring were studied and solutions were provided by suggesting a distributed network monitoring structure in broadband network. This distributed network monitoring system comprised of optical splitter, flow distribution, low-level-filtering etc. [2] Also the authors of one of the papers evaluated the performance of router based network traffic monitoring techniques via NS-2. It was concluded that SNMP (Simple Network Management Protocol) was a better performer than RMON (Remote Monitoring) and Netflow.[3]
There have been other projects where the functionalities like WinPcap in Win32 operating system has been studied and how it has improved the network performance [4]. Also in another project, Broadband Network Traffic was captured and analyzed and categorized into different brackets. The authors developed a series of MATLAB scripts to analyze 5.5 Megabytes of captured traffic. They concluded that peer-to-peer traffic was dominant in total network traffic [5]. In another project, the authors designed a network traffic monitoring system which could monitor traffic of multiple computers in the network. They introduced and used Socket technology and Network traffic monitoring technology to achieve their target
Methodology:
Every machine in a network has its own hardware address called the Media Access Control (MAC) address.
Whenever a packet is transmitted, it is usually broadcast over the entire local network. Hence, all the packets can be seen by all the machines in the network. Each device only accepts the packet which is intended for itself indicated by the MAC address present in the header or trailer of the packet. But, if the network interface of this device is in promiscuous mode, the Network Interface Controller [11] of this device can capture all the packets over the entire network. NIC is hardware component in the device that connects the device to the network. Whenever it receives a packet, NIC usually compares it to its own MAC address and if both of them concur, then it keep the packet or else it discards it. In promiscuous mode, it accepts all the packets and keeps all of them. Packet sniffer does the job of setting the NIC in promiscuous mode.
Results and Discussions:
Wireshark was initiated on a home Wi-Fi network. After selecting the appropriate interface which, in this case is Wi-Fi. Next, we initiate the packet capture process. But before that, we will open an explorer (Firefox, for this project).
1) NDTV Profit.
First we will browse through a website belonging to the NDTV network i.e. NDTV Profit. This page deals with Stock Exchange in India. Account users of this page can keep a track of their investments. In that sense, it is important for the page owners to keep the account activity of each and every user confidential and secure. But evidently, the security mechanism of this page has many loopholes.
After I login into my NDTV Profit account, I return to Wireshark and stop the packet capture process. Next, I apply the ‘http’ filter to traverse only through the http traffic that I browsed.
Conclusion and Future Work:
As said earlier, for one of the webpages i.e. NDTV Profit, I was able to achieve both my targets- Monitor browsing activity and Sniff User credentials. But for Amazon and Saavn, I could only monitor the browsing activity of the user because of the ‘https’ scheme.
Future work of this project could implicate use of more intricate and effective tools to monitor the traffic and using Hash Crackers to crack the hashed passwords.
Abstract: The evolution ofcomputer networks in the past few decades has been tremendous. With the increase in size of these networks and its users, the intricacy of the entire network amplifies. The volume of traffic that traverses through these network nodes affect the overall network efficiency. Since not all the traffic using the network resources is legitimate, this traffic needs to be monitored. Network Analysts need to be consistently aware of the kind of traffic that is consuming the network resources. For this, they make use of various packet-analyzers. There are different packet-analyzing software products available viz. Wireshark, Fiddler etc. By making use of these software products, they can track and trace any illegitimate activity occurring in the network. This project focuses on the working of a packet-analyzer and its bid to monitor the traffic in a network.
Introduction:
Packet analyzers or packet sniffers are softwares that collect all the data frames from the link layer by intercepting them at the transmitting device’s adapter. These frames are stored by the software as log files. Many of these software products come with features that enable the network analysts to study the packets in detail. Theycan observe the Source and Destination ports being used by the network to transmit the packets. They can also view the protocol being used for the packet transfer. In some cases, these packet analyzers have also been used to monitor the traffic traversing through the network.
After analyzing the captured traffic, they can recognize the invalid packets and zero-in on the logjam causing traffic in the network. This in turn helps alleviate the network congestion. But packet-analyzers can also be used illegally to intercept sensitive information like passwords, financial data etc. This problem is exacerbated by the fact that no one can actually know if the data that is being sent through their device is being monitored by a packet analyzer.
Related Work:
Lot of work regarding Network Traffic Monitoring has already been done in the past and a lot of research work is currently ongoing regarding the same. In one of previous works, the authors tried to improve the packet-capturing performance of Wireshark. They achieved this by increasing the buffering at the Kernel or Application level. The results of this experiment were applicable to all the libcap-based applications. [1]In another work, the problemsinvolved in Broadband network monitoring were studied and solutions were provided by suggesting a distributed network monitoring structure in broadband network. This distributed network monitoring system comprised of optical splitter, flow distribution, low-level-filtering etc. [2] Also the authors of one of the papers evaluated the performance of router based network traffic monitoring techniques via NS-2. It was concluded that SNMP (Simple Network Management Protocol) was a better performer than RMON (Remote Monitoring) and Netflow.[3]
There have been other projects where the functionalities like WinPcap in Win32 operating system has been studied and how it has improved the network performance [4]. Also in another project, Broadband Network Traffic was captured and analyzed and categorized into different brackets. The authors developed a series of MATLAB scripts to analyze 5.5 Megabytes of captured traffic. They concluded that peer-to-peer traffic was dominant in total network traffic [5]. In another project, the authors designed a network traffic monitoring system which could monitor traffic of multiple computers in the network. They introduced and used Socket technology and Network traffic monitoring technology to achieve their target
Methodology:
Every machine in a network has its own hardware address called the Media Access Control (MAC) address.
Whenever a packet is transmitted, it is usually broadcast over the entire local network. Hence, all the packets can be seen by all the machines in the network. Each device only accepts the packet which is intended for itself indicated by the MAC address present in the header or trailer of the packet. But, if the network interface of this device is in promiscuous mode, the Network Interface Controller [11] of this device can capture all the packets over the entire network. NIC is hardware component in the device that connects the device to the network. Whenever it receives a packet, NIC usually compares it to its own MAC address and if both of them concur, then it keep the packet or else it discards it. In promiscuous mode, it accepts all the packets and keeps all of them. Packet sniffer does the job of setting the NIC in promiscuous mode.
Results and Discussions:
Wireshark was initiated on a home Wi-Fi network. After selecting the appropriate interface which, in this case is Wi-Fi. Next, we initiate the packet capture process. But before that, we will open an explorer (Firefox, for this project).
1) NDTV Profit.
First we will browse through a website belonging to the NDTV network i.e. NDTV Profit. This page deals with Stock Exchange in India. Account users of this page can keep a track of their investments. In that sense, it is important for the page owners to keep the account activity of each and every user confidential and secure. But evidently, the security mechanism of this page has many loopholes.
After I login into my NDTV Profit account, I return to Wireshark and stop the packet capture process. Next, I apply the ‘http’ filter to traverse only through the http traffic that I browsed.
Conclusion and Future Work:
As said earlier, for one of the webpages i.e. NDTV Profit, I was able to achieve both my targets- Monitor browsing activity and Sniff User credentials. But for Amazon and Saavn, I could only monitor the browsing activity of the user because of the ‘https’ scheme.
Future work of this project could implicate use of more intricate and effective tools to monitor the traffic and using Hash Crackers to crack the hashed passwords.