DOC PREVIEW
WUSTL CSE 571S - NET VIGILANT

This preview shows page 1-2-3-4 out of 12 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 12 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 12 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 12 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 12 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 12 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

SOFTWARE REQUIREMENT SPECIFICATIONNETWORK MONITORDepartment Of Computer Science & EngineeringWashington University in Saint LouisSOFTWARE REQUIREMENT SPECIFICATIONNET VIGILANTNETWORK MONITORV1.1Printed On: 3rd Dec 2007C:\Washington University\ProjectDocument2.docDepartment Of Computer Science & EngineeringWashington University in Saint LouisSubmitted BySubharthi PaulMadhuri Kulkarni1Table of Contents1 INTRODUCTION 31.1 Abstract____________________________________________________________ 41.2 Introduction_________________________________________________________ 51.3 Product Overview____________________________________________________ 62 SPECIFIC REQUIREMENTS 82.1 External Interface Requirements_________________________________________ 92.1.1 User Interfaces_________________________________________________ 92.1.2 Hardware Interfaces_____________________________________________ 92.1.3 Software Interfaces______________________________________________ 92.1.4 Communications Protocols________________________________________ 92.2 Software Product Features______________________________________________ 92.3 Software System Attributes_____________________________________________ 102.3.1 Reliability_____________________________________________________ 102.3.2 Availability____________________________________________________ 102.3.3 Security_______________________________________________________ 102.3.4 Maintainability_________________________________________________ 102.3.5 Portability_____________________________________________________ 112.3.6 Performance___________________________________________________ 113 ADDITIONAL INFORMATION 123.1 Definitions, Acronyms and Abbreviations_________________________________ 133.2 References__________________________________________________________ 132INTRODUCTION3ABSTRACTPacket sniffing or packet capture software is extensively used as tools for protocol analysis andsecurity. In protocol design research, such a tool comes handy in analyzing, debugging andtesting of a new protocol implementation. In Security, as is true for any tools, it may be usedboth as a positive way to detect intrusions or attacks on a system as well as in the malicious wayto hack for private and personal data of others. Even though use of upper layer encryptiontechniques make it difficult to gather data directly, yet these tools are important in learning aboutexisting sessions, collecting encrypted data to launch offline attacks to generate the encryptionkey and any such attack limited only by ones imagination. Hence, packet sniffer software is oneof the most essential tools required to get started to be able to perform any of the abovementioned activities. The goal of our project is to write a packet sniffer “Net Vigilant”, capableof sniffing across wired and wireless interfaces and provide additional packet aggregation,filtering and analysis capabilities. The goal of the project is not to provide a novel approachtowards sniffing on the network but rather to provide a basic understanding to the challengesinvolved in writing such a software and also to build up from the knowledge and experiencegained to design more advanced security tools.4INTRODUCTIONPacket sniffing is an essential activity for network engineers as well as security experts. If,used in a positive way, it is the most essential tool for network analysis, protocol analysis,network troubleshooting, intrusion detection and hundreds of such other applications. Thekey challenge in writing such software is to collect raw packets directly from the interfacecards and parsing them to reveal useful information. In normal network programmingthrough sockets, a software module listens on a particular socket for packets intended for itsuse, hence for a module wanting to sniff for all packets, it shall have to listen on all the TCPports so that TCP does not throw away packets on finding no module attached to the intendedport number in the packet. Also, each protocol layer performs filtering of the traffic, forexample, any TCP control packet will not be passes above the TCP layer, any IP controlpacket is consumed by the IP layer and so on. Moreover, the hardware network interface doesan initial filtering of packets not intended for it. Hence, it is almost certain that the normalprogramming methods will not allow for the capabilities that we seek to capture in a packetsniffing software. The way out of this situation is to have some type of a software hookwhich can gather packets before it is passed through the protocol layer processing. Also, tobe able to capture packets not intended for the current network interface, the software shouldset the interface to the “promiscuous mode” provided such a mode is supported by thehardware and the device driver of the network card.The “software hook”, that we mentioned above, exists, in UNIX as the PF_PACKET socket(libpcap library) and in Windows as the Winpcap library. In our work we make use of theWinpcap library to be able to capture raw packets from the interface. The story does not endat being able to capture raw packet. In fact, it is the most basic step. There are certain hurdlesin being able to analyze correctly the raw packets which are nothing but a set of hexadecimalgibberish to the uninformed. There are challenges in being able to serialize the data comingin, in network byte order, for storage in the file systems. Also, a major task is to be able to5provide an easy to use and elegant user interface for running the software as well as presentthe packet data in a more human readable form.With all this in mind, we designed “Net Vigilant”, a packet sniffer and analyzer tool for wiredand wireless interfaces. “Net vigilant” has a state-of-the-art graphical user interface, designedon the .NET platform. All the code has been written in C# over the .NET platform to ensureinteroperability across windows systems.It may be argued, that such tools already exist in plenty and that a new endeavor may not bejustified. However, “Net Vigilant” has been designed to be the stepping stone for furtherdesign of more complicated tools and also a learning experience for novice programmers todesign and implement their own network software. It is basically the foundation bed for moreadvanced innovations in the future. 1.1 Product OverviewThe project will


View Full Document

WUSTL CSE 571S - NET VIGILANT

Documents in this Course
IP sec

IP sec

28 pages

Load more
Download NET VIGILANT
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view NET VIGILANT and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view NET VIGILANT 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?