SOFTWARE REQUIREMENT SPECIFICATION NET VIGILANT NETWORK MONITOR V1 1 Printed On 3rd Dec 2007 C Washington University ProjectDocument2 doc Department Of Computer Science Engineering Washington University in Saint Louis Submitted By Subharthi Paul Madhuri Kulkarni 1 Table of Contents 1 INTRODUCTION 1 1 Abstract 1 2 Introduction 1 3 Product Overview 3 4 5 6 2 SPECIFIC REQUIREMENTS 2 1 External Interface Requirements 2 1 1 User Interfaces 2 1 2 Hardware Interfaces 2 1 3 Software Interfaces 2 1 4 Communications Protocols 8 9 9 9 9 9 2 2 Software Product Features 2 3 Software System Attributes 2 3 1 Reliability 2 3 2 Availability 2 3 3 Security 2 3 4 Maintainability 2 3 5 Portability 2 3 6 Performance 9 10 10 10 10 10 11 11 ADDITIONAL INFORMATION 3 1 Definitions Acronyms and Abbreviations 3 2 References 12 13 13 3 2 INTRODUCTION 3 ABSTRACT Packet sniffing or packet capture software is extensively used as tools for protocol analysis and security In protocol design research such a tool comes handy in analyzing debugging and testing of a new protocol implementation In Security as is true for any tools it may be used both as a positive way to detect intrusions or attacks on a system as well as in the malicious way to hack for private and personal data of others Even though use of upper layer encryption techniques make it difficult to gather data directly yet these tools are important in learning about existing sessions collecting encrypted data to launch offline attacks to generate the encryption key and any such attack limited only by ones imagination Hence packet sniffer software is one of the most essential tools required to get started to be able to perform any of the above mentioned activities The goal of our project is to write a packet sniffer Net Vigilant capable of sniffing across wired and wireless interfaces and provide additional packet aggregation filtering and analysis capabilities The goal of the project is not to provide a novel approach towards sniffing on the network but rather to provide a basic understanding to the challenges involved in writing such a software and also to build up from the knowledge and experience gained to design more advanced security tools 4 INTRODUCTION Packet sniffing is an essential activity for network engineers as well as security experts If used in a positive way it is the most essential tool for network analysis protocol analysis network troubleshooting intrusion detection and hundreds of such other applications The key challenge in writing such software is to collect raw packets directly from the interface cards and parsing them to reveal useful information In normal network programming through sockets a software module listens on a particular socket for packets intended for its use hence for a module wanting to sniff for all packets it shall have to listen on all the TCP ports so that TCP does not throw away packets on finding no module attached to the intended port number in the packet Also each protocol layer performs filtering of the traffic for example any TCP control packet will not be passes above the TCP layer any IP control packet is consumed by the IP layer and so on Moreover the hardware network interface does an initial filtering of packets not intended for it Hence it is almost certain that the normal programming methods will not allow for the capabilities that we seek to capture in a packet sniffing software The way out of this situation is to have some type of a software hook which can gather packets before it is passed through the protocol layer processing Also to be able to capture packets not intended for the current network interface the software should set the interface to the promiscuous mode provided such a mode is supported by the hardware and the device driver of the network card The software hook that we mentioned above exists in UNIX as the PF PACKET socket libpcap library and in Windows as the Winpcap library In our work we make use of the Winpcap library to be able to capture raw packets from the interface The story does not end at being able to capture raw packet In fact it is the most basic step There are certain hurdles in being able to analyze correctly the raw packets which are nothing but a set of hexadecimal gibberish to the uninformed There are challenges in being able to serialize the data coming in in network byte order for storage in the file systems Also a major task is to be able to 5 provide an easy to use and elegant user interface for running the software as well as present the packet data in a more human readable form With all this in mind we designed Net Vigilant a packet sniffer and analyzer tool for wired and wireless interfaces Net vigilant has a state of the art graphical user interface designed on the NET platform All the code has been written in C over the NET platform to ensure interoperability across windows systems It may be argued that such tools already exist in plenty and that a new endeavor may not be justified However Net Vigilant has been designed to be the stepping stone for further design of more complicated tools and also a learning experience for novice programmers to design and implement their own network software It is basically the foundation bed for more advanced innovations in the future 1 1 Product Overview The project will be implemented in Microsoft NET technologies using C language Following are some of the functionalities we will implement Basic Functionality 1 2 3 4 5 Network Monitor Basic packet capture Packet Filtering Network Utilities Ping TCP Statistics UDP Statistics Packet Analysis Graphical Interface Advanced Functionality Although the advanced functionalities are not a part of the project we plan to implement them in future 1 Port Scanner Port Scanner will provide basic functionality of searching a network host for open ports This will be used by administrators to check the security of their networks 2 Network Mapping 6 The network mapping functionality will map the network and provide a network map 3 Client Configuration Monitor Client configuration monitor will provide the list of processes resources and the status of a node on the network Please note that the advanced functionality is not a part of the project and will be implemented only if time permits 7 SPECIFIC REQUIREMENTS 8 2 SPECIFIC REQUIREMENTS 2 1 External Interface Requirements 2 1 1 User Interfaces Help and Tooltips are available for easy understanding Graphical interface is available for