Net Vigilant: Software Project Management Plan
Net Vigilant: Software Project Management Plan
Net Vigilant: Software Project Management Plan
NET VIGILANT
NETWORK MONITOR
V1.1
Printed On: 3rd Dec 2007
C:\Washington University\ProjectDocument.doc
Submitted By
Subharthi Paul
Madhuri Kulkarni
1
Table of Contents
1 INTRODUCTION 3
1.1 Project Overview____________________________________________________ 4
1.2 Project Deliverables__________________________________________________ 5
2 PROJECT ORGANIZATION 8
2.1 Software Process Model______________________________________________ 9
2.2 Tools and Techniques________________________________________________ 9
4 ADDITIONAL INFORMATION 16
4.1 Definitions, Acronyms and Abbreviations_________________________________ 17
4.2 References__________________________________________________________ 17
2
INTRODUCTION
3
1. INTRODUCTION
Abstract:
Packet sniffing or packet capture software is extensively used as tools for protocol analysis and
security. In protocol design research, such a tool comes handy in analyzing, debugging and
testing of a new protocol implementation. In Security, as is true for any tools, it may be used
both as a positive way to detect intrusions or attacks on a system as well as in the malicious way
to hack for private and personal data of others. Even though use of upper layer encryption
techniques make it difficult to gather data directly, yet these tools are important in learning
about existing sessions, collecting encrypted data to launch offline attacks to generate the
encryption key and any such attack limited only by ones imagination. Hence, packet sniffer
software is one of the most essential tools required to get started to be able to perform any of
the above mentioned activities. The goal of our project is to write a packet sniffer “Net Vigilant”,
capable of sniffing across wired and wireless interfaces and provide additional packet
aggregation, filtering and analysis capabilities. The goal of the project is not to provide a novell
approach towards sniffing on the network but rather to provide a basic understanding to the
challenges involved in writing such a software and also to build up from the knowledge and
experience gained to design more advanced security tools.
Introduction:
Packet sniffing is an essential activity for network engineers as well as security experts. If, used
in a positive way, it is the most essential tool for network analysis, protocol analysis, network
troubleshooting, intrusion detection and hundreds of such other applications. The key challenge
in writing such software is to collect raw packets directly from the interface cards and parsing
them to reveal useful information. In normal network programming through sockets, a software
module listens on a particular socket for packets intended for its use, hence for a module
wanting to sniff for all packets, it shall have to listen on all the TCP ports so that TCP does not
throw away packets on finding no module attached to the intended port number in the packet.
Also, each protocol layer performs filtering of the traffic, for example, any TCP control packet
4
will not be passes above the TCP layer, any IP control packet is consumed by the IP layer and so
on. Moreover, the hardware network interface does an initial filtering of packets not intended
for it. Hence, it is almost certain that the normal programming methods will not allow for the
capabilities that we seek to capture in a packet sniffing software. The way out of this situation is
to have some type of a software hook which can gather packets before it is passed through the
protocol layer processing. Also, to be able to capture packets not intended for the current
network interface, the software should set the interface to the “promiscuous mode” provided
such a mode is supported by the hardware and the device driver of the network card.
The “software hook”, that we mentioned above, exists, in UNIX as the PF_PACKET socket
(libpcap library) and in Windows as the Winpcap library. In our work we make use of the
Winpcap library to be able to capture raw packets from the interface. The story does not end at
being able to capture raw packet. In fact, it is the most basic step. There are certain hurdles in
being able to analyze correctly the raw packets which are nothing but a set of hexadecimal
gibberish to the uninformed. There are challenges in being able to serialize the data coming in,
in network byte order, for storage in the file systems. Also, a major task is to be able to provide
an easy to use and elegant user interface for running the software as well as present the packet
data in a more human readable form.
With all this in mind, we designed “Net Vigilant”, a packet sniffer and analyzer tool for wired and
wireless interfaces. “Net vigilant” has a state-of-the-art graphical user interface, designed on the
.NET platform. All the code has been written in C# over the .NET platform to ensure
interoperability across windows systems.
It may be argued, that such tools already exist in plenty and that a new endeavor may not be
justified. However, “Net Vigilant” has been designed to be the stepping stone for further design
of more complicated tools and also a learning experience for novice programmers to design and
implement their own network software. It is basically the foundation bed for more advanced
innovations in the future.
5
1.2 Project Deliverables
This feature will provide the facility to capture network packets. These packets will be
parsed and the packet header details will be listed in a table. The packets can be stored in
XML (Extensible Markup Language) serialized formats. These packets can be retrieved
later for viewing and analysis.
2 Packet Filtering
The packets can be filtered by protocol type TCP (Transmission Control Protocol), UDP
(User Datagram Protocol), ARP (Address Resolution Protocol), ICMP (Internet Control
Message Protocol) and IGMP (Internet Group Management Protocol).
6
Advanced Functionality:
Although the advanced functionalities are not a part of the project we plan to implement them in
future.
1. Port Scanner
Port Scanner will provide basic functionality of searching a network host for open ports.
This will be used by administrators to check the security of their networks.
2. Network Mapping
The network mapping functionality will map the network and provide a network map.
Please note that the advanced functionality is not a part of the project and will be implemented
only if time permits.
7
PROJECT ORGANIZATION
8
2. PROJECT ORGANIZATION
C. Code Development
Code development was done in C#.NET
D. Testing
Unit testing and peer testing were done.
E. Deployment
The software was deployed and tested on various machines.
F. Maintenance
Depending on feedback further changes to software will be made.
9
The .NET Framework is Microsoft's managed code programming model for building
applications on Windows clients, servers, and mobile or embedded devices. Developers
use .NET to build applications of many types: Web applications, server applications,
smart client applications, console applications, database applications, and more.
To support this variety, the .NET Framework includes a broad set of supporting class
libraries, including: Windows Presentation Foundation (WPF), for visually stunning user
experiences on Windows clients; Windows Communication Foundation (WCF), enabling
fast and flexible communications among applications across your enterprise; Windows
Workflow Foundation (WF), allowing developers to build workflows into any
application; ASP.NET, for high-performance and interactive Web-based applications;
Libraries for handling XML, data, IO, cryptography, text-to-speech, and more.[1]
DebugView is an application that lets you monitor debug output on your local system, or any
computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-
mode and Win32 debug output, so you don't need a debugger to catch the debug output your
applications or device drivers generate, nor do you need to modify your applications or drivers to
use non-standard debug output APIs.
Use:
Simply execute the DebugView program file (dbgview.exe) and DebugView will immediately
start capturing debug output. [3]
4 SharpPcap V1.5:
SharpPcap is a packet capture framework for the .NET environment, based on the famous
WinPcap component. The purpose of this library is to provide an API for capturing, injecting,
analyzing and building packets using any .NET language such as C# and VB.NET. [4] This
library has been used for the functionality of packet capture and display. Other features of the
software are implemented using C#.NET
5 WinPcap V4.0.1:
WinPcap is the industry-standard tool for link-layer network access in Windows environments: it
allows applications to capture and transmit network packets bypassing the protocol stack, and
has additional useful features, including kernel-level packet filtering, a network statistics engine
and support for remote packet capture.
WinPcap consists of a driver that extends the operating system to provide low-level network
access, and a library that is used to easily access the low-level network layers. [5]
11
PROJECT MANAGEMENT PLAN
12
3 PROJECT MANAGEMENT PLAN
3.1 Tasks
Following tasks were identified:
a. Installation of .NET framework 2.0
b. Installation of Microsoft Visual Studio 2005
c. DebugView (optional)
d. Study of various .NET classes
e. Study of WinPcap, SharPcap.
f. Design and coding
g. Testing
Deliverables Status
Graphical Interface: Completed
Network Monitor. [basic] Completed
Network Utilities [Ping, TCP Statistics, UDP Statistics] Completed
Packet Analysis Completed
Packet Filtering Completed
Testing Completed
Software Resources:
13
.NET Framework 2.0
Microsoft Visual studio 2005
Windows NT and upwards Operating System
WinPcap V4.0.1
SharpPcap V1.5
Hardware Constraints:
Not all wireless network adaptor cards support packet capture. Make sure your
wireless network interface card supports promiscuous mode for packet capture.
Hence this software may not work on all wireless network interface cards. But it will
capture packets on Ethernet networks.
14
Topic Date Status
Feasibility study 3rd Nov 2007 Completed
Network monitor 20th Nov 2007 Completed
Network Utilities 27th Nov 2007 Completed
Packet Display 5th Dec 2007 Completed
Packet Filtering 5th Dec 2007 Completed
Testing 7th Dec 2007 Completed
15
ADDITIONAL INFORMATION
4 ADDITIONAL INFORMAITON
16
4.1 Acronyms
4.2 References
[1] http://msdn2.microsoft.com/en-us/netframework/default.aspx
[2] http://www.microsoft.com/education/facultyconnection/software/softwaredetails.as
px?cid=1&c1=en-us&c2=0
[3] http://www.microsoft.com/technet/sysinternals/utilities/debugview.mspx
[4] www.tamirgal.com/home/dev.aspx?Item=SharpPcap
[5] http://www.winpcap.org/
17