Project Presentation

on

Network Packet Sniffer

By
Ayush Kumar,2001320130031
Shivansh Shrivastva,20013201300

Under the guidance of

Dr. Ajay kumar Sahu

Assistant Proff , Dept. of IT

Greater Noida Institute of Technology

 Outline of Presentation
 Introduction
 Objective
 Literature Survey
 Methodology
 Hardware/Software requirement
 Experimentation
 Result
 Conclusion
 Future Scope
 Introduction
The Network Packet Sniffer Project is a software application designed to monitor
and analyze network traffic by capturing and inspecting packets of data
transmitted over a computer network. It provides network administrators,
security analysts, and developers with valuable insights into network behavior,
troubleshooting capabilities, and the ability to detect and investigate potential
security threats
.
One of the key features of the Network Packet Sniffer Project is its ability to
capture packets from one or multiple network interfaces. Network administrators
have the flexibility to choose specific interfaces or perform full-packet captures,
thereby enabling comprehensive monitoring of network traffic. The captured
packets are then dissected and analyzed to extract valuable information about the
underlying network protocols being used, such as IP, TCP, UDP, HTTP, DNS,
and more. This analysis assists in identifying anomalies, protocol violations, and
performance issues, enabling prompt and efficient troubleshooting.
 Introduction
To enhance usability and efficiency, the Network Packet Sniffer Project
incorporates packet filtering capabilities. Users can set up filters based on
criteria such as IP address, port number, protocol type, and packet content.
This feature allows network administrators to focus on specific network
traffic of interest, minimizing noise and enabling them to concentrate on
relevant data and potential security threats.

The Network Packet Sniffer Project provides a powerful and comprehensive

solution for network monitoring, analysis, and troubleshooting. By
capturing, decoding, and analyzing network packets, it equips network
administrators, security analysts, and developers with essential tools to gain
valuable insights into network behavior, diagnose issues, and enhance
network security. The project contributes to the efficient management of
computer networks, ensuring their smooth operation, and maintaining the
integrity and confidentiality of transmitted data.
 Objective
The objective of the Network Packet Sniffer Project is to develop a robust and
feature-rich desktop application that captures and analyzes network packets
transmitted over a computer network. The project aims to achieve the
following objectives:
• Network Monitoring: Enable administrators to monitor network
traffic in real-time, providing insights into network protocols, traffic
patterns, and data exchanges between devices.
• Troubleshooting and Performance Optimization: Facilitate the
identification and resolution of network issues, such as protocol violations,
performance bottlenecks, or anomalies, to optimize network performance
and ensure smooth data transmission.
• Security Analysis: Detect and mitigate potential security threats by
analyzing captured packets for suspicious activities, intrusion attempts, or
 Objective
• anomalies, enhancing network security and protecting against unauthorized
access or data breaches.
• Protocol Analysis: Provide detailed analysis of network protocols,
including IP, TCP, UDP, HTTP, DNS, and more, to understand and
troubleshoot protocol-related issues and ensure proper protocol adherence.
• Packet Filtering: Allow administrators to set up filters based on various
criteria, such as IP addresses, port numbers, protocol types, and packet
content, to focus on specific network traffic of interest, reducing noise and
improving efficiency in network analysis.
• Real-time Monitoring and Reporting: Provide administrators
with real-time monitoring of network traffic, including packet statistics,
bandwidth usage, and other important metrics. Generate comprehensive
reports for analysis, historical data tracking, trend identification, and
sharing with colleagues or security teams.
 Literature Survey
• Packet Sniffing Basics:
• Cheswick, W. R., & Bellovin, S. M. (2003). Firewalls and Internet Security:
Repelling the Wily Hacker. Addison-Wesley Professional.
• Northcutt, S., & Zeltser, L. (2004). Network Intrusion Detection: An Analyst's
Handbook. New Riders Publishing.
These resources provide a comprehensive introduction to packet sniffing,
covering the fundamentals of network protocols, capturing techniques, and
analysis approaches.

• Network Protocols and Standards:

• Stevens, W. R. (1994). TCP/IP Illustrated, Volume 1: The Protocols. Addison-
Wesley Professional.
• Comer, D. E. (2014). Internetworking with TCP/IP, Vol. 1: Principles,
Protocols, and Architecture. Pearson Education.
These books delve into the details of various network protocols and standards,
including TCP/IP, Ethernet, IP, ICMP, UDP, and more. Understanding these
protocols is essential for implementing an effective packet sniffer.
 Literature Survey
3. Packet Capture and Analysis Tools:
• Bejtlich, R. (2005). The Tao of Network Security Monitoring: Beyond Intrusion
Detection. Pearson Education.
• Chappell, L. (2012). Wireshark Network Analysis: The Official Wireshark
Certified Network Analyst Study Guide. Laura Chappell University.
These resources focus on popular packet capture and analysis tools such as
Wireshark, Tcpdump, and Snort. They provide practical guidance on using these
tools to capture, analyze, and interpret network traffic.

4. Sniffer Architectures and Implementation Techniques:

• McCubbin, G., & Zobrist, B. (1999). Practical Packet Analysis: Using
Wireshark to Solve Real-World Network Problems. No Starch Press.
• Oppenheimer, P., & Singh, G. (2004). Topology discovery for large Ethernet
networks. ACM SIGCOMM Computer Communication Review, 34(4), 29-34.
These sources discuss different sniffer architectures, such as promiscuous mode
sniffing, passive network monitoring, and distributed sniffing. They also
explore techniques for efficient packet capture, filtering, and storage.
 Literature Survey
5. Sniffing in Wireless Networks:
• Bisdikian, C. (2001). The Bluetooth radio system. IEEE Communications
Magazine, 39(10), 86-94.
• Singh, S., & Singh, M. P. (2012). Survey on wireless packet sniffing.
International Journal of Engineering Research and Applications (IJERA), 2(1),
111-115.
These resources focus on the challenges and techniques specific to sniffing in
wireless networks, including topics like Bluetooth radio systems, Wi-Fi sniffing,
and wireless network security.
6. Sniffer Applications in Security and Forensics:
• Engebretson, P. (2012). The Basics of Digital Forensics: The Primer for Getting
Started in Digital Forensics. Elsevier.
• Carvey, H. (2014). Windows Forensic Analysis Toolkit: Advanced Analysis
Techniques for Windows 8. Syngress.
 Methodology
• Create GUI: Make a Swing-based GUI for the sniffer that shows statistics
on the packets it has caught. we can add functions like highlighting,
filtering, and searching.
Start packet capture: Start the capture by launching a network interface
and establishing user-input-based filters.
 Start capturing packets by utilising the chosen library. Parse packets as
they come in and store the results in memory.
• Show packets: It Provide information about the recorded packets to the
GUI. we can mention information like the protocol type, source and
destination IP addresses, and packet type.
 Handle any issues that may arise during packet capture, such as parsing or
network interface errors.
 Close the network interface and free up any resources needed by the
packet capture library when the user has done using the sniffer.

Overall, GUI design and low-level network programming are needed to

construct a network packet sniffer in Java Swing.
 Methodology
The network packet sniffer uses HTML, CSS and Bootstrap in frontend and
java(swing) in backend.
• We have created a Table using HTML to represent the network packet
sniffer which is captured and stored in data structure that represent the
component of packets such as source and destination address, protocol
used and the data payload.
• We have also created user interface using HTML which allow user to
interact with the software and view captured data.
• we have used CSS to style the elements of the user interface , such as
changing the font, colour, and size of text and adding backgrounds and
borders to the elements.
• HTML and CSS can be used in a network packet sniffer project to create a
visually appealing and responsive user interface.
 Methodology
• A responsive layout that automatically adjust to different screen size which helps the user to
access the software from different devices is created using bootstrap.

• In the network packet sniffer Desktop application a visually appealing interface across
different platform and device is created using bootstrap.

• Bootstrap is a popular CSS framework that have provided a collection of pre-built CSS
components that has been used to quickly create responsive and visually appealing web pages.

• In a network packet sniffer, we have used bootstrap to enhance the user interface of the packet
sniffer programme.

• In the network packet sniffer Desktop application a visually appealing interface across
different platform and device is created using bootstrap.
 Software Requirement
Frontend : HTML , CSS , BOOTSTRAP

Backend : JAVA(Swing)

JDK Version : JDK 14.0.2

IDE : Apache NetBeans IDE 12.1

Operating Systems : Windows 7 or above

 Experimentation
We have set up a test network environment where we can manage the
devices and traffic to get started. This might be a virtual network using
software like VirtualBox or VMware, or it can be a physical network.
It starts the packet sniffer and begin collecting packets. To only capture a
given kind of traffic, we can establish filters or choose particular network
interfaces. If we want to record HTTP activity or packets between
particular IP addresses.
Once you have captured packets, analyze them using the features provided
by the packet sniffer. We can examine protocols size, length, hex view,
source and destination into the network traffic.
Results
 Results
It is four network status like Bluetooth, VMware, adapter and wifi. List
interface is the hardware and is collection of packets or packet-related data
can be stored and manipulated using the List interface. The List interface in
Java provides an ordered collection with methods for adding, retrieving,
removing, and manipulating entries.
Filtering is an important feature that allows you to collect or process
certain packets based on established criteria. Packet capture filter: Using a
filter immediately during the packet capture process is a typical strategy.
This is usually accomplished with the use of a library, such as libpcap or
jpcap, which provide APIs for setting filters based on packet attributes
such as source/destination IP addresses, ports, protocols, or packet kinds.
You can reduce the quantity of network traffic that has to be handled by
specifying the criteria for the packets you want to capture by using
a capture filter.
 Conclusion
When PCs communicate over networks, they frequently pay attention to
the traffic that is specifically for them. However, network cards have the
ability to go into an unrestricted mode, allowing them to listen to any
organized traffic regardless of whether it is directed at them. Passwords
and usernames in clear text as well as other sensitive data can be captured
by packet sniffers. As a result, packet sniffers are important for network
security. As sniffing is a possibility for both traded and non-exchanged
organizations, encoding your information exchanges is a good idea. The
client might employ a variety of techniques to spot sniffers on the setup
and protect the information from them.
 Future Scope
The project is provided as open source so any further relevant needs can be
further added to this application like, capturing the wi-fi networks packets
(with the help of other library) ,or detecting torrent and vrml packets.
There are a number of new features that could potentially be added and
should be investigated. Among these are:
1.Add the ability to identify gateways and name servers.
2.Add the ability to cache routing information and build a route table.
3.Add the ability to log and display current DHCP leases.
4.Add the ability to track website usage by each host on the network.
5. Allow audio eavesdropping on VoIP phone calls.
The field of intrusion detection is still in its infancy and there are many areas
that require further work. Some of the main problems that need to be
addressed in the field are as follows:-
1. It is currently impossible to detect misuse in encrypted network traffic.
Increasingly, secure protocols such as secure shell (SSH) and secure HTTP
 Future Scope
(http) are being used. When using these protocols network traffic
is encrypted to defeat the use of packet sniffers on systems between the
client and server. Unfortunately, this also means that an IDS cannot use
attack signatures to detect misuse. This is because the IDS requires access
to the data part of the packets, not just the headers, to detect intrusions.
2. There is a need to make the IDS itself more resistant to attack. As
the popularity and awareness of intrusion detection systems rises, attackers
will concentrate on ways of either evading or disabling the IDS itself
before attacking the rest of the network.

3. Currently most IDS products react to detected attacks merely by logging

them or contacting the system administrator. Ideally, the IDS should be
able to take the necessary actions to deal with the attack itself. This could
involve terminating network connections, blocking IP addresses at the
firewall, or, in a military context, launching an attack against the intruder.
Presently, intrusion detection systems are not sufficiently accurate to trust
them with this power. Attackers could actually use the IDS to help with the
attack by tricking it into throwing specific users off the system or closing
 References
[1]Ryan Spangler, “Packet Sniffing on layer 2 switched local area networks”,
Packet watch research , December 2003.
[2]Thomas M. Chen, Lucia Hu, “Internet Performance Monitoring”,
Proceedings of the IEEE, pp. 15921603, VOL.90,NO.9, September 2002.

[3]Aaron Lanoy and W. Romney, “A Virtual Honey Net as a Teaching

Resources”, 7th International Conference on Information Technology
Based Higher Education and Training, (ITHET ’06), IEEE, July 2006.

[4]Greg Bamett, Daniel Lopez, Shana Sult, Michael Vanderford, “Packet

Sniffing: Network Wiretappin0g”, Group project, INFO 3229-001,2002.

[5]A. Meehan, G. Manes, L. Hale, S. Shenoi, “Packet Sniffing for Automated

Chat Room Monitoring and Evidence Preservation”, Proceedings of the
Second annual IEEE Systems, Man and Cybernetics Information
Assurance Workshop, New York, pp. 285-288, June 2001.
 References
[6]Sabeel Ansari, Rajeev S.G., Chadrashekhar H.S, “Packet Sniffing: A Brief
Introduction”, VOL. 21,pp. 1719, IEEE, December 2002.
[7]Chris Senders, Practical Packet Analysis, using Wireshark to solve real-
world network problems, No Starch Press Inc, San Francisco,2007.

[8]Raed Alomoudi, Long Trinh, Darleen Spivey, “Protecting Vulnerabilities or

Online Intrusion: The Efficacy of Packet Sniffing in the Workplace”,
Florida Atlantic University ISM 4320,2004.

[9]Dick Hazeleger, “Packet Sniffing: A Crash Course”, Netherlands, 2001.

[10]Ryan Spangler, “Packet Sniffer Detection with Antisniff”. University of

Wisconsin, Department of Computer and Network Administration, May
2003.
 References
[11] www.packet-sniffer.net
[12] http://www.webopedia.com/TERM/I/intrusion detection system. html
[13] http://sectools.org/sniffers.html
[14] en.wikipedia.org/packetsniffing
[15] http://www.extrahop.com/category/blog/?p=189
[16] D. M. Carlo Ghezzi, Mehdi Jazayeri, Fundamentals of Software
Engineering. Hall, 2003.
[17] B. A. Forouzan, Data Communications and Networking. The McGraw-
Hill Companies, 2006.
[18] H. Schildt, The Complete Reference Java 2. Tata McGraw Hill, 2002.
[19] B.M.Harwani, Java Server Faces. PHI Learning Pvt.Limited, 2009.
[20] http://www.realtek.com.tw/
[21] http://www.webopedia.com/TERM/N/network interface card NIC. html
[22] http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/
[23] Online 1911 Encyclopedia Britannica (jrank.org)
 Research paper published by us

DOI : https://www.doi.org/10.56726/IRJMETS38713

Status : Published