Free Essay

Packet Sniffer Report

In: Computers and Technology

Submitted By bebopmad
Words 8200
Pages 33

Project Report Submitted in Partial Fulfillment of the Requirement for the Award of Degree of Bachelor of Engineering in Computer Science Engineering of Rajiv Gandhi Proudyogiki Vishwavidalaya, Bhopal (MP)


Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084)

Department of Computer Science Engineering
Jai Narain College of Technology, Bhopal
June – 2012


We, Siddharth Pateriya and Swarna Swaminathan, the students of Bachelor of Engineering (Computer Science Engineering), Jai Narain College of Technology, Bhopal hereby declare that the work presented in this Major Project is an authentic record of our own and has been carried out taking care of Engineering Ethics under the guidance of Prof. Manish Mishra.

Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084)


This is to certify that the work embodied in this Major Project entitled “Implementation of Packet Sniffing in Java using Jpcap Library” has been satisfactorily completed by the students of final year, Mr. Siddharth Pateriya and Ms.Swarna Swaminathan. The work was carried out satisfactorily under the supervision and guidance of the undersigned in the Department of Computer Science Engineering, Jai Narain College of Technology and Science, Bhopal for the partial fulfillment of the requirement of degree of Bachelor of Engineering during the Academic year 2011-2012

Manish Mishra
Professor and Project Guide Computer Science Engineering Department

Approved By

Dr. Bhupesh Gour Dr.D.A.Hindoliya Professor and Head Principal/ Director
Computer Science Engineering Department JNCT, Bhopal JNCT, Bhopal


This gives us a great pleasure to express our deep sense of gratitude to our project supervisor Prof. Vishwa Gupta, Associate Professor of Computer Science Engineering for guidance, suggestion, support, help and constructive criticisms throughout the period of project work. Without his able guidance it would not have been possible to complete the project in time.

We are greatly indebted to Prof. Bhupesh Gaur, Head, Department of Computer Science Engineering for his keen interest in this work and time to time guidance, encouragement and providing required facilities for completing the project work. We are grateful to Dr. D. A. Hindoliya, Principal, JaiNarain College of Technology for his guidance and critical comments which improved the quality of this report. Thanks are due to Dr. Vijay Kumar, Director, JNCT for providing necessary help and time to time necessary guidance in completion of this task.

We would also like to thank Prof. Manish Mishra, our Project Guide for his valuable help and guidance in the project.

Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084)


2.1 TCP/IP Protocols … 06
2.2 IP Addressing … 09
2.3 Internet Routing … 12
2.4 IP Routing … 12
2.5 Transmission Control Protocol … 13
2.6 User Datagram Protocol (UDP) … 16
2.7 Address Resolution Protocol (ARP) … 18
2.8 Internet Control Message Protocol (ICMP) … 20
2.9 Importance of Packet Sniffers … 22
2.10 Uses of Sniffers … 23
3.1 Technology Used … 25
3.2 Software Model … 34
3.3 Hardware and Software Requirements … 39
3.4 Control Flow Diagram … 40
3.5 Data Flow Diagram … 41
3.6 Coding … 42



Figure 2.1 Internet protocols span the complete range of OSI model layers … 07
Figure 2.2 Fourteen fields comprise an IP packet. … 08
Figure 2.3 An IP address consists of 32 bits, grouped into four octets … 10
Figure 2.4 IP address formats A, B, and C are available for commercial use … 10
Figure 2.5 A range of possible values exists for the first octet of each address class … 11 Figure 2.6 TCP Packet Format … 15 Figure 2.7 UDP Packet Format … 17 Figure 2.8 ARP Packet Format … 20 Figure 2.9 ICMP Packet Format … 22 Figure 3.1 NetBeans IDE … 33 Figure 3.2 Incremental Model … 34 Figure 3.3 Iterative Development … 36 Figure 3.4 Waterfall Model … 37 Figure 3.5 Control Flow Diagram … 40 Figure 3.6 Data Flow Diagram … 41 Figure 4.1 Window of our project … 90 Figure 4.2 Displaying NIC information … 91 Figure 4.3 Options under the “Options” menu … 92 Figure 4.4 Showing options under the menu item Display Output … 93 Figure 4.5 Showing the information of the captured packets in the table and the … 94 data of the selected packet in characters in the text area below it. Figure 4.6 Showing the information of the captured packets in the table and the … 95 data of the selected packet in hexadecimals in the text area below it Figure 4.7 Showing the options under “Save to File” menu item … 96 Figure 4.8 Showing saved file containing selected packet … 97


This project is intended to develop a tool called Packet Sniffer. The Packet Sniffer allows the computer to examine and analyze all the traffic passing by its network connection. Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. When it is set up on a computer, the network interface of the computer is set to promiscuous mode, listening to all the traffic on the network rather than just those packets destined for it. It is a tool that sniffs without modifying the network’s packet in anyway. It merely makes a copy of each packet flowing through the network interface and finds the source and destination. It decodes the protocols in the packets given below: i) IP (Internet Protocol), ii) TCP (Transmission Control Protocol), iii) UDP (User Datagram Protocol), iv) ICMP ( Internet Control Message Protocol), v) ARP (Address Resolution Protocol). The output is appended into normal text file, so that the network administrator can understand the network traffic and later analyze it. Most Ethernet networks use to be of a common bus topology, using either coax cable or twisted pair wire and a hub. All of the nodes (computers and other devices) on the network could communicate over the same wires and take turns sending data using a scheme known as carrier sense multiple access with collision detection (CSMA/CD). All of the nodes on the network have their own unique MAC (media access control) address that they use to send packets of information to each other. Normally a node would only look at the packets that are destined for its MAC address. However, if the network card is put into what is known as “promiscuous mode” it will look at all of the packets on the wires it is hooked to. Packet Sniffers operate differently for a Shared Ethernet and Switched Ethernet. i. Shared Ethernet - a) All packets are transmitted to all computers on a network within a shared Ethernet. b) Computers quietly discard data packets that do not match their MAC and IP address. c) A machine running a sniffer breaks this rule and accepts all data packets. d) Sniffing in a shared Ethernet is totally passive and very hard to detect. ii. Switched Ethernet- a) In a switched Ethernet a switch maintains a table of each computers MAC address and the physical port on the switch to which the MAC address is connected and delivers packets destined for that machine. This happens because switches have CAM tables. These tables store information like MAC addresses, switch ports, and VLAN information. Before sending traffic from one host to another on the same local area network, the host ARP cache is first checked. If the destination host isn’t in the ARP cache, the source host sends a broadcast ARP request looking for the host. When the host replies, the traffic can be sent to it. The traffic goes from the source host to the switch, and then directly to the destination host. This description shows that traffic isn’t broadcast out to every host, but only to the destination host, therefore it’s harder to sniff traffic. b) This makes the switched network more secure, but there are still two methods for packet sniffing in a switched Ethernet. i.) ARP Spoofing ii.) MAC Flooding ARP Spoofing: Address Resolution Protocol is used on the network layer to map IP addresses to MAC addresses. ARP is stateless, therefore, a computer at anytime can respond with its MAC address belonging to an IP address. In ARP Spoofing, you poison the ARP cache of a transmitting machine thereby forcing all traffic to route through your machine with the installed packet sniffer. MAC Flooding: This is when the attacking computer bombards the switch with fake MAC addresses. The switch will become overloaded and fail into the “failopen mode”. Once the switch is operating in failopen mode if operates exactly like a hub, transmitting all packets to all addresses in the network. Packet sniffer has the following components: i. Hardware Most sniffing products can work by standard adapters. Some sniffers only support Ethernet or wireless adapters whereas some others support multi adapters and allow users to customize. ii. Drive program This is the core of a sniffer. Each sniffing product has its own drive program, only after completing installation can a sniffer start to capture traffic and data from network. iii. Capture filter This is the most important part. It captures the network traffic from the wire, filters it for the particular traffic you want, and then stores the data in the buffer. iv.Buffer A buffer is a storage device for captured data from network. In general, there are two modes of buffers: keep capturing until the storage place full, or keep capturing and overflowing as the latest captured data keep replacing the oldest data. The size of a buffer depends on a computer's EMS memory that is, the bigger EMS memory is, the more data can be stored in the buffer. v. Packets analysis Capture and analysis are both the most basic and important features of a sniffer. Most sniffing products can provide real-time analysis of captured packets, which is the main reason why they are good assistants of network administrators: record the errors and abnormity while they happening. There are three types of sniffing methods. Some methods work in non-switched networks while others work in switched networks. The sniffing methods are: IP-based sniffing, MAC-based sniffing, and ARP-based sniffing.

i. IP-based sniffing- This is the original way of packet sniffing. It works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter. Normally, the IP address filter isn’t set so it can capture all the packets. This method only works in non-switched networks. ii) MAC-based sniffing- This method works by putting the network card into promiscuous mode and sniffing all packets matching the MAC address filter. iii) ARP-based sniffing- This method works a little different. It doesn’t put the network card into promiscuous mode. This isn’t necessary because ARP packets will be sent to us. This happens because the ARP protocol is stateless. Because of this, sniffing can be done on a switched network. To perform this kind of sniffing, you first have to poison the ARP cache1 of the two hosts that you want to sniff, identifying yourself as the other host in the connection. Once the ARP caches are poisoned, the two hosts start their connection, but instead of sending the traffic directly to the other host it gets sent to us. We then log the traffic and forward it to the real intended host on the other side of the connection. This is called a man-in-the-middle attack. Sniffing programs are found in two forms - i) Commercial packet sniffers are used to help maintain networks. ii) Underground packet sniffers are used by attackers to gain unauthorized access to remote hosts. Listed below are some common uses of sniffing programs: • Searching for clear-text usernames and passwords from the network.
• Conversion of network traffic into human readable form.
• Network analysis to find bottlenecks.
• Network intrusion detection to monitor for attackers. Using a sniffer in an illegitimate way is considered a passive attack. It does not directly interface or connect to any other systems on the network. However, the computer that the sniffer is installed on could have been compromised using an active attack. The passive nature of sniffers is what makes detecting them so difficult.The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and user names or other sensitive material. In theory, it’s impossible to detect these sniffing tools because they are passive in nature, meaning that they only collect data. While they can be fully passive, some aren’t therefore they can be detected. The following list describes a few reasons why intruders are using sniffers on the network: 1. Capturing clear-text usernames and passwords 2. Compromising proprietary information 3. Capturing and replaying Voice over IP telephone conversations 4. Mapping a network 5. Passive OS fingerprinting


Packet Sniffing In Various Networks


For most organizations, packet sniffing is largely an internal threat. A third party on the Internet, for instance, could not easily use packet sniffing software to eavesdrop on traffic on a corporate LAN. But since the greatest threat to corporate systems frequently is internal [1], we should not take comfort from this. There are many reasons that businesses are updating their network infrastructure, replacing aging hubs with new switches. A frequently stated driver for moving to a switched environment is that “it increases security”. However, the thinking behind this is somewhat flawed. Packet sniffing in a switched environment is possible -- anyone equipped with a laptop (and armed with a selection of freely available software) may be able to monitor communication between machines on a switched network. Packet sniffing tools have been available from the early days of networked computing environments. The tools are powerful software, which facilitate troubleshooting for network administrators. However, in the hands of a malicious third party, they are a devastating hacking tool, which can be used to glean passwords and other sensitive information from a LAN.

Traditionally, packet sniffers have been regarded as fairly obscure tools that require a certain technical competence to operate -– dangerous utilities, perhaps, but not easy to guide or operate. All this has changed in the last few years, with specialized, easy to use password-detecting sniffers becoming widely obtainable. Many of these “new generation”, specially tailored tools are freely available on the Internet. With built-in logic allowing many network protocols to be decoded, they have the capability to filter the sniffed traffic on the fly, and highlight sensitive information such as usernames and passwords. Packet sniffing in a non-switched environment is a well understood technology. A large number of commercial and non-commercial tools enable eavesdropping of network traffic. The idea is that to eavesdrop on network traffic, a computer’s network card is put into a special “promiscuous” mode. Once in this mode, all network traffic (irrespective of its destination) that reaches the network card can be accessed by an application (such as a packet sniffing program). A detailed explanation of how packet sniffing works may be found in Robert Graham’s excellent FAQ on sniffing [2].
In a switched environment, it is more of a challenge to eavesdrop on network traffic. This is because usually switches will only send network traffic to the machine that it is destined for [3]. However, there are a number of techniques that enable this functionality to be usurped. Tools exist that combine the ability of sniffing on a switched network with the capability of filtering the traffic to highlight sensitive information.

Packet Sniffing in a non-switched environment

In a non-switched environment, the latest generation of packet sniffing tools is highly effective at reaping passwords and other sensitive information from the network. A large number of commonly used protocols either transmit data in plaintext (which can easily be sniffed), or they do not use strong enough encryption to prevent a sniffing and cracking attack. Examples of plaintext protocols include smtp, pop3, snmp, ftp, telnet and http. Perhaps the best known encrypted protocol that is vulnerable to sniffing and cracking attacks is Microsoft’s LM (LAN Manager) protocol, used for authenticating Windows clients. Microsoft has tried to address the glaring weaknesses in LM, with the introduction of NTLM (V1 and V2). NTLM is an improvement, but is still susceptible to a sniffing and cracking attack. Hidenobu Seki, the author of ScoopLM and BeatLM tools (qv) gave a fascinating presentation [4] covering the detail of LM, NTLM v1 and v2 and how it can be cracked at BlackHat’s “Windows Security 2002 Briefings and Training”. Since the first draft of this paper, Kerberos has become widely used as the authentication protocol of choice in modern Windows environments (Windows XP clients, Windows 2003 servers). The move from LANMAN/ NTLM to Kerberos was widely thought to cure the problem of sniffing (then cracking) Microsoft passwords [5]. This is not the case, however. Tools such as KerbCrack [6] enable cracking of Kerberos logins.

Tools to sniff in a non-switched environment

A quick search on the Internet will reveal a large number of freely available sniffing tools. In this section, I focus on two tools, dsniff and ScoopLM, which excel at sniffing sensitive information.


For plaintext protocols, to eavesdrop on username, password and other sensitive information, a very useful tool is dsniff from Dug Song [7]. The dsniff tool is available for various flavours of Unix, and there is a port (of an older version of the software) for Windows [8]. In addition to sniffing the plaintext protocols mentioned above (and others), dsniff is exceptionally good at filtering the sniffed traffic to display only “interesting” information such as usernames and passwords. In their esteemed Hacking Exposed book [9], McClure, Scambray and Kurtz describe dsniff as offering “passwords on a silver platter”. It makes eavesdropping on sensitive information a trivial exercise. A sample run of dsniff is depicted in Figure 1, showing the Windows port of dsniff harvesting passwords on a small network.

Figure 1 - dsniff sniffing plaintext protocols in a non-switched environment


L0phtcrack is a well-known password sniffing and cracking tool, which is capable of eavesdropping Windows NT/ 2000 usernames and encrypted passwords from a network. It is a commercial tool, available from @Stake [10]. However, there are other freely available tools that can perform a similar job, and are very simple to use. A great example is the ScoopLM tool [11], which is freeware and downloadable from the Internet. ScoopLM will sniff NT/ 2000 usernames and LM/ NTLM encrypted passwords. Its brother, BeatLM [12], enables cracking of encrypted passwords that ScoopLM has harvested by brute-force or dictionary attacks. Together, they are a significant threat to the security of Microsoft networking in a non-switched environment.

Figure 2 shows a sample run of ScoopLM, sniffing NT usernames and encrypted passwords. The sniffed usernames and passwords can then be saved to a temporary file, and loaded into BeatLM to be cracked.

Figure 2 - ScoopLM in action, sniffing NT usernames and encrypted passwords

The above examples demonstrate how simple it is to discover sensitive information by eavesdropping on a non-switched network. This fact has helped drive businesses to replace hubs in their network by switches. There are many other good reasons for doing this -- increasing network performance, for example. Replacing hubs by switches in the belief that it will cure the problem of sniffing is misguided. The following section will demonstrate why.

Packet Sniffing in a switched environment


On the surface, it would seem that replacing hubs by switches will mitigate the packet sniffing threat to a large extent. The fact that switches will only send network traffic to the machine that it is destined for implies that if machine A is communicating with machine B, machine C will not be able to eavesdrop on their conversation.

In the situation depicted above, Machine C cannot easily see the network traffic for the telnet session passing between machines A and B. The switch ensures that this traffic does not travel over any unnecessary ports – it only flows over the ports that machines A and B are connected to. However, a number of techniques exist that will subvert the above, enabling C to snoop on the network traffic between A and B.


First, we cover ettercap, a tool that describes itself as “a powerful and flexible tool for man-in-the-middle attacks”. It runs on many of the leading platforms including Windows, Linux, xBSD and Mac OS X. ettercap was downloaded from then installed on machine C. Before running ettercap, the ARP cache on machines A and B were checked, via the arp /a command. As expected, the ARP cache on A was storing the true IP and MAC addresses of B and C:

Figure 5 - the ARP cache on machine A prior to running ettercap

Similarly, the ARP cache on B was storing the true IP and MAC addresses of A and C.

Figure 6 - the ARP cache on machine B prior to running ettercap
Next, ettercap was run on machine C, and set to sniff traffic between A and B. At this stage, ettercap performs ARP spoofing to set up the man-in-the-middle attack. Re-examining the ARP caches on A and B is illuminating: note how machine
C’s MAC address replaces the true MAC addresses for machines A and B:

Figure 7 - the ARP cache on machine A now ettercap is running

Now traffic between A and B was being intercepted by C. Similar to dsniff, ettercap has in-built knowledge of a large number of network protocols. It can highlight interesting areas of sniffed traffic, such as usernames and passwords. The following diagram depicts ettercap eavesdropping the start of a telnet session between A and B:

Figure 8 - ettercap sniffing a telnet session between A and B

During a sniffing session, ettercap may detect a large number of usernames and passwords. The data may be saved to a simple ASCII file for examination at a later date. Cain
Another tool that is capable of sniffing in a switched environment is Cain23. Available for Windows only, this tool can do far more than just sniff traffic on a switched network.
In a similar vein to dsniff and ettercap, Cain has built-in knowledge of various network protocols, and can highlight interesting areas of sniffed traffic. Cain also has built in cracking technology to enable brute-force and dictionary attacks against encrypted passwords that it sniffs from the network. In a similar manner to BeatLM, Cain can attempt attacks against Microsoft’s authentication protocols (including LM, NTLMv1, NTLMv2). However, it goes further than BeatLM by offering the facility of cracking Cisco MD5 hashes, encrypted APOP passwords and others.

Highlights of other facilities built in to Cain include various networking utilities (including traceroute and tools to analyze routing protocols), and the capability of enumerating NT users and shares from remote machines. The breadth of functionality covered by Cain is impressive. It is amazing that a single tool can cover most of the key roles offered by better known sniffing/ enumeration/ password cracking tools such as L0phtcrack, Revelation24, userdump25, pwltool26, john the ripper27 and ettercap. Cain was downloaded from, and installed onto machine C. The ARP caches on machines A and B were checked, and found to contain the expected data (as in Figures 5 and 6). Next, Cain was configured to use ARP spoofing - referred to as APR (ARP poisoned routing) within the application – to intercept network traffic between machines A and B. This is depicted in Figure 9:

Figure 9 - Cain uses ARP spoofing to intercept data between machines A and B

Once this had been done, Cain used its built-in knowledge of network protocols to enable key data to be displayed. As with the test with ettercap, a telnet session between machines A and B was initiated. For many protocols, Cain simply captures the username and password. For telnet sessions, the entire session (including the username and password) is captured and logged to a text file.

Figure 10 - Cain recording a telnet session between two machines

The above tests demonstrate that tools such as ettercap and Cain present a very real threat to many network environments.


Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.
Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.


Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options. Wireshark allows the user to put the network interfaces that support promiscuous mode into that mode, in order to see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast traffic. However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all of the traffic traveling through the switch will necessarily be sent to the port on which the capture is being done, so capturing in promiscuous mode will not necessarily be sufficient to see all traffic on the network. Port mirroring or various network taps extend capture to any point on net; simple passive taps are extremely resistant to malware tampering.
On Linux, BSD, and Mac OS X, with libpcap 1.0.0 or later, Wireshark 1.4 and later can also put Wi-Fi adapters into monitor mode.


In the late 1990s, Gerald Combs, a computer science graduate of the University of Missouri-Kansas City, was working for a small Internet service provider. The commercial protocol analysis products at the time were priced around $1500 and did not run on the company's primary platforms (Solaris and Linux), so Gerald began writing Ethereal and released the first version around 1998.The Ethereal trademark is owned by Network Integration Services.
In May 2006, Combs accepted a job with CACE Technologies. Combs still held copyright on most of Ethereal's source code (and the rest was re-distributable under the GNU GPL), so he used the contents of the Ethereal Subversion repository as the basis for the Wireshark repository. However, he did not own the Ethereal trademark, so he changed the name to Wireshark. In 2010 Riverbed Technology purchased CACE and took over as the primary sponsor of Wireshark. Ethereal development has ceased, and an Ethereal security advisory recommended switching to Wireshark.

Wireshark has won several industry awards over the years, including eWeek,InfoWorld, and PC Magazine. It is also the top-rated packet sniffer in the Insecure.Org network security tools survey and was the SourceForge Project of the Month in August 2010.
Combs continues to maintain the overall code of Wireshark and issue releases of new versions of the software. The product website lists over 600 additional contributing authors.


Wireshark is software that "understands" the structure of different networking protocols. Thus, it is able to display the encapsulation and the fields along with their meanings of different packets specified by different networking protocols. Wireshark uses pcap to capture packets, so it can only capture the packets on the types of networks that pcap supports. 1. Data can be captured "from the wire" from a live network connection or read from a file that recorded already-captured packets. 2. Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback. 3. Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, TShark. 4. Captured files can be programmatically edited or converted via command-line switches to the "editcap" program. 5. Data display can be refined using a display filter. 6. Plug-ins can be created for dissecting new protocols. 7. VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played. 8. Raw USB traffic can be captured.

Wireshark's native network trace file format is the libpcap format supported by libpcap and WinPcap, so it can exchange files of captured network traces with other applications using the same format, including tcpdump and CA NetMaster. It can also read captures from other network analyzers, such as snoop, Network General's Sniffer, and Microsoft Network Monitor.

3.1 Technology Used
3.1.1 Java:
A high-level programming language developed by Sun Microsystems. Java was originally called OAK, and was designed for handheld devices and set-top boxes. Oak was unsuccessful so in 1995 Sun changed the name to Java and modified the language to take advantage of the burgeoning World Wide Web. It implements a strong security model, which prevents compiled Java programs from illicitly accessing resources on the system where they execute or on the network. Almost all major operating system developers (IBM, Microsoft, and others) have added Java compilers as part of their product offerings.

Java is an object-oriented language similar to C++, but simplified to eliminate language features that cause common programming errors. Java source code file (files with a .java extension) are compiled into a format called bytecode (files with a .class extension), which can then be executed by a Java interpreter. Compiled Java code can run on most computers because Java interpreters and runtime environments, known as Java Virtual Machines (JVMs), exist for most operating systems, including UNIX, the Macintosh OS, and Windows. Bytecode can also be converted directly into machine language instructions by a just-in-time compiler (JIT).

Following are some of the features of java -
i) PORTABILITY: The programs you create are portable in a network. Your source program is compiled into what Java calls bytecode, which can be run anywhere in a network on a server or client that has a Java virtual machine. The Java virtual machine interprets the bytecode into code that will run on the real computer hardware. This means that individual computer platform differences such as instruction lengths can be recognized and accommodated locally just as the program is being executed. Platform-specific versions of your program are no longer needed. ii) DISTRIBUTED:
Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed to have the "look and feel" of the C++ language, but it is simpler to use than C++ and enforces an object-oriented programming model. Java can be used to create complete applications that may run on a single computer or be distributed among servers and clients in a network. iii) ROBUST:
The code is robust, here meaning that, unlike programs written in C++ and perhaps some other languages, the Java objects can contain no references to data external to themselves or other known objects. This ensures that an instruction cannot contain the address of data storage in another application or in the operating system itself, either of which would cause the program and perhaps the operating system itself to terminate or "crash." The Java virtual machine makes a number of checks on each object to ensure integrity. iv) SIMPLE:
Relative to C++, Java is easier to learn.
Java is object-oriented, which means that, among other characteristics, an object can take advantage of being part of a class of objects and inherit code that is common to the class. Objects are thought of as "nouns" that a user might relate to rather than the traditional procedural "verbs." A method can be thought of as one of the object's capabilities or behaviors vi) APPLET:
Applets are small programs written in java executed in browser. Most common example is yahoo chatting box. In addition to being executed at the client rather than the server, a Java applet has other characteristics designed to make it run fast. It makes it possible for a Web page user to interact with the page.

3.1.2 Netbeans
NetBeans refers to both a platform framework for Java desktop applications, and anintegrated development environment (IDE) for developing with Java, JavaScript, PHP,Python (no longer supported after NetBeans 7), Groovy, C, C++, Scala , Clojure, and others.
NetBeans began in 1996 as Xelfi, a Java IDE student project under the guidance of the Faculty of Mathematics and Physics at Charles University in Prague. In 1997 Roman Staněk formed a company around the project and produced commercial versions of the NetBeans IDE until it was bought by Sun Microsystems in 1999. Sun open-sourced the NetBeans IDE in June of the following year. Since then, the NetBeans community has continued to grow.[9] In 2010, Sun (and thus NetBeans) was acquired by Oracle.
The NetBeans IDE is written in Java and can run on Windows, Mac OS, Linux, Solaris and other platforms supporting a compatible JVM. A pre-existing JVM or a JDK is not required.TheNetBeans platform allows applications to be developed from a set of modular software components called modules. Applications based on the NetBeans platform (including the NetBeans IDE) can be extended by third party developers.[5]
i) NetBeans Platform
The NetBeans Platform is a reusable framework for simplifying the development of Java Swing desktop applications. The NetBeans IDE bundle for Java SE contains what is needed to start developing NetBeans plugins and NetBeans Platform based applications; no additional SDK is required.
Applications can install modules dynamically. Any application can include the Update Center module to allow users of the application to download digitally-signed upgrades and new features directly into the running application. Reinstalling an upgrade or a new release does not force users to download the entire application again.
The platform offers reusable services common to desktop applications, allowing developers to focus on the logic specific to their application. Among the features of the platform are: i. User interface management (e.g. menus and toolbars) ii. User settings management iii. Storage management (saving and loading any kind of data) iv. Window management v. Wizard framework (supports step-by-step dialogs) vi. NetBeans Visual Library vii. Integrated Development Tools

ii)Netbeans IDE
Netbeans IDE is a free, open-source, cross-platform IDE with built-in-support for Java Programming Language.
NetBeans IDE is an open-source integrated development environment. NetBeans IDE supports development of all Java application types Java SE including JavaFX, Java ME ME web, EJB andmobile applications) out of the box.
Modularity: All the functions of the IDE are provided by modules. Each module provides a well defined function, such as support for the Java language, editing, or support for the CVS versioning system, and SVN. NetBeans contains all the modules needed for Java development in a single download, allowing the user to start working immediately. Modules also allow NetBeans to be extended. New features, such as support for other programming languages, can be added by installing additional modules. For instance, Sun Studio, Sun Java Studio Enterprise, and Sun Java Studio Creator from Sun Microsystems are all based on the NetBeans IDE.
License: From July 2006 through 2007, NetBeans IDE was licensed under Sun's Common Development and Distribution License (CDDL), a license based on the Mozilla Public License (MPL). In October 2007, Sun announced that NetBeans would henceforth be offered under a dual license of the CDDL and the GPL version 2 licenses, with the GPL linking exception for GNU Classpath.

Fig. 3.1NetBeans IDE


Step no. 1 Get the list of available Network Interface Devices on the system.
When you want to capture packets from a network, the first thing you have to do is to obtain the list of network interfaces on your machine. To do so, Jpcap provides JpcapCaptor.getDeviceList() method. It returns an array of NetworkInterface objects.

NetworkInterface[] devices = JpcapCaptor.getDeviceList();

Step no. 2 Open the selected device for capturing of packets.
Once you obtain the list of network interfaces and choose which network interface to capture packets from, you can open the interface by using JpcapCaptor.openDevice() method.

captor = JpcapCaptor.openDevice(devices[index], 65535, promisc, -1);

Step no. 3 (optional) Turn on the promiscuous mode.
Set the parameter ‘promisc’ to true if you want to open the interface in promiscuous mode, and otherwise false.In promiscuous mode, you can capture packets every packet from the wire, i.e., even if its source or destination MAC address is not same as the MAC address of the interface you are opening.

Step no.4 (optional) Set capture filter.
Set the filter so that Jpcap doesn't capture unwanted packets.By properly setting a filter, you can reduce the number of packets to examine, and thus can improve the performance of your application. captor.setFilter(filter, true);

Step no. 5 Capture the packets.
Once an instance of JpcapCaptor is obtained, you can capture packets from the interface.There are two major approaches to capture packets using a JpcapCaptor instance: using a callback method, and capturing packets one-by-one.
You implement a callback method to process captured packets, and then pass the callback method to Jpcap so that Jpcap calls it back every time it captures a packet. Callback method can be implemented by defining a new class which implements the PacketReceiver interface. public class PacketPrinter implements PacketReceiver{}
The PacketReceiver interface defines a receivePacket() method, so you need to implement a receivePacket() method in your class. public void receivePacket(Packet packet) {}
Then, either processPacket() or loopPacket() methods can be called to start capturing using the callback method. When calling processPacket() or loopPacket() method, you can also specify the number of packets to capture before the method returns. You can specify -1 to continue capturing packets infinitely. captor.loopPacket(-1,new PacketPrinter());

Step no. 6 Stop capturing packets
Capturing of packets can be stopped by breaking the loop by calling the breakLoop() method. captor.breakLoop(); Step no.7 Convert binary data to charactersor hexadecimals form.
Since the data in the packets are in binary form which is not understandable, convert the data of the packets into characters or hexadecimals so that it becomes human readable.
Step no. 8 Save the packets into a file.
Captured packets can be saved into a file containing both characters and hexadecimals, so that they can be used for later analysis.

Get Device List
Select NIC
Select Filter

Promiscuous Mode ON/OFF

Start Capture
Save Packet(s)

Stop Capture
3.3 Control Flow Diagram

Fig 3.2 Control Flow Diagram 3.4 Data Flow Diagram

Update output file
Buffer with packets
Get packets

Separate headers
Analyze headers
Info in headers

Fig 3.3 Data Flow Diagram


Iterative and Incremental development is at the heart of a cyclic software development process developed in response to the weaknesses of the waterfall model. It starts with an initial planning and ends with deployment with the cyclic interactions in between.

Fig. 3.4 Incremental Model

Iterative and incremental development are essential parts of the Rational Unified Process, Extreme Programming and generally the various agile software development frameworks.It follows a similar process to the plan-do-check-act cycle of business process improvement. A common mistake is to consider "iterative" and "incremental" as synonyms, which they are not. In software/systems development, however, they typically go hand in hand. The basic idea is to develop a system through repeated cycles (iterative) and in smaller portions at a time (incremental), allowing software developers to take advantage of what was learned during development of earlier parts or versions of the system. Learning comes from both the development and use of the system, where possible key steps in the process start with a simple implementation of a subset of the software requirements and iteratively enhance the evolving versions until the full system is implemented.

The procedure itself consists of the initialization step, the iteration step, and the Project Control List. The initialization step creates a base version of the system. The goal for this initial implementation is to create a product to which the user can react. It should offer a sampling of the key aspects of the problem and provide a solution that is simple enough to understand and implement easily. To guide the iteration process, a project control list is created that contains a record of all tasks that need to be performed. It includes such items as new features to be implemented and areas of redesign of the existing solution. The control list is constantly being revised as a result of the analysis phase.

The iteration involves the redesign and implementation of a task from the project control list, and the analysis of the current version of the system. The goal for the design and implementation of any iteration is to be simple, straightforward, and modular, supporting redesign at that stage or as a task added to the project control list. The level of design detail is not dictated by the interactive approach. In a light-weight iterative project the code may represent the major source of documentation of the system; however, in a critical iterative project a formal Software Design Document may be used.

The analysis of iteration is based upon user feedback, and the program analysis facilities available. It involves analysis of the structure, modularity, usability, reliability, efficiency, & achievement of goals. The project control list is modified in light of the analysis results.


Fig 3.5The first look of our project

This figure shows the main window of our project. On this window, following elements are present- i. Title bar- which displays the title of our project “Basic Application Example”. ii. Menu Bar- contains two menus: Fileand Help. iii. Buttons- There are buttons for: Get Device List, Start Capture, Save output to file. iv. Choice Box- which displays a list for NICs on the computer. v. Text area- for displaying the captured packets’ data.

On clicking on the Start capture button, 20 packets will be captured and the data will be displayed in the text box. To save the data in a file, the button ‘save output to file’ have to be clicked.

Fig 3.6 Addition of some features to the previous one

Additional features include –

i. A button to set Filter. In the text field, type in the type of packet you want to capture and then click on Filter. ii. The number of packets to be captured is not fixed, as the packets are captured, the data will be displayed in the text area simultaneously. iii. A button to Stop Capture. Clicking on this button will stop the capturing of packets. iv. A button to Clear Output. Clicking on this button will clear the choice box, text field and the text area.

Fig 3.7 Window of our final project

This figure shows the main window of our project. On this window, following elements are present- i. Title bar- which displays the title of our project “Implementation of Packet Sniffing in JAVA using Jpcap library”. ii. Menu Bar- contains three menus: File, Options and Help. iii. Buttons- There are buttons for: Get Device List, Start Capture, Stop Capture and Reset. iv. Choice Box- which displays a list for NICs on the computer. v. Table- which displays the information of the captured packets under respective column headings. vi. Text areas- There are two text areas- one for displaying the information about the selected NIC and for displaying the selected packet’s data.

Fig 3.8 Displaying NIC information

This figure shows the Choice Box containing a list of NICs on the system, and the information about the selected NIC in the Text Area below the list.
By clicking on the button “Get Device List”, we get the names of all the NICs on the system listed in the choice box. User may select any of the NIC from the displayed ones.
On selecting one the NIC from the list displayed, the information of the selected NIC will be displayed in the text area which is black in color. The information consists of the MAC address and IP address of the system.

Fig 3.9 Options under the “Options” menu

On clicking on the Options menu, three menu items appear- i. Set filter ii. Display output iii. Promiscuous mode

The Set Filter menu contains various Filter options which may be used to set the filter while capturing the packets. The various filter options are- i. No filter – which is selected by default. If this is selected, then all type of packets will be captured. ii. TCP – If this is selected, then only TCP packets will be captured. iii. UDP – If this is selected, then only UDP packets will be captured. iv. ARP – If this is selected, then only ARP packets will be captured. v. ICMP – If this is selected, then only ICMP packets will be captured. vi. TCP & UDP – If this is selected, then both TCP & UDP packets will be captured.

The third item under the Options menu is the Promiscuous mode. On selecting this, the promiscuous mode will be turned ON, and all the packets in the network will be captured.

Fig 3.10 Showing options under the menu item Display Output

The menu item Display Output under the Options menu contains two ways to display the output. These are as under – i. Show Characters – This option is selected by default. If this one is selected, then the data of the selected packet from the table will be displayed in characters in the text area below the table. ii. Show Hexadecimals – If this is selected, then the data of the selected packet from the table will be displayed in hexadecimals in the text area below the table. Fig 3.11Showing the information of the captured packets in the table and the data of the selected packet in characters in the text area below it.

After selecting one of the NIC from the list of NICs, the information about the MAC address and IP address is displayed in the black text area.
Then, on clicking on the Start Capture button, the capturing of the packets will start. As the packets will be captured, the information about them will be displayed in the table under the respective headings.
The table consists of the following column headings – i. No. – This displays the packet number. ii. Source MAC – This displays the source MAC address of the packet. iii. Destination MAC – This displays the destination MAC address of the packet. iv. Source IP – This displays the source IP address of the packet. v. Destination IP – This displays destination IP address of the packet. vi. Captured Time – This shows the date and the time at which the packet is captured. vii. Length – This displays the length of the captured packet. On selecting a packet from the table, the data of the selected packet will be displayed in the text area below it. In the above fig., the 29th packet is selected, and the data of this packet is shown in characters in the text area.

Fig 3.12 Showing the information of the captured packets in the table and the data of the selected packet in hexadecimals in the text area below it.

For displaying the data in hexadecimals, the “show hexadecimals” option under the menu item Display Output have to be selected.
Then on selecting one of the packets form the table, the data of the selected packet will be shown in hexadecimals in the text area below it. In the above fig., the 29th packet is selected, and the data of this packet is shown in hexadecimals in the text area. Fig 3.13 Showing the options under “Save to File” menu item

On clicking on File menu, four menu items appear- i. Start Capture – by clicking on it, the capturing of the packets will start. ii. Stop Capture – By clicking on it, the capturing of packets will be stopped. iii. Save to File – This menu item gives further options for saving the packets to file. iv. Exit – By clicking on it, the user will exit from the software.
The “Save to File” menu item further contains two options – a) Save Selected Packet – By selecting this option, only the selected packet will be saved to file. b) Save All Packets – By selecting this option, all the captures packets will be saved to file.
Fig 3.14 Showing saved file containing selected packet

This figure shows the file which contains the data of the selected packet. The file will be saved in .rtf format and will open with MS Word by default.…...

Similar Documents

Premium Essay

Packet Switching

... Алматы 2012 СОДЕРЖАНИЕ 1 Annotation 3 2 PACKET SWITCHING 3 3 КОММУТАЦИЯ ПАКЕТОВ 6 ТЕРМИНОЛОГИЧЕСКИЙ СЛОВАРЬ 10 СПИСОК ЛИТЕРАТУРЫ 11 Annotation This text describes packet switching, its modes and history. The main topic of this text is how packet switching works. Packet switching is a digital networking communications method that groups all transmitted data – regardless of content, type, or structure – into suitably sized blocks, called packets. The concept of switching small blocks of data was first explored by Paul Baran in the early 1960s. Independently, Donald Davies at the National Physical Laboratory (NPL) in the UK had developed the same ideas a few years. Two major packet switching modes exist; (1) connectionless packet switching, also known as datagram switching, and (2) connection-oriented packet switching, also known as virtual circuit switching. In the first case each packet includes complete addressing or routing information. 1 PACKET SWITCHING Packet switching is a digital networking communications method that groups all transmitted data – regardless of content, type, or structure – into suitably sized blocks, called packets. First proposed for military uses in the early 1960s and implemented......

Words: 3704 - Pages: 15

Premium Essay


...Chapter 2 Packet 4 Review notes: Internal rhyme: __________________________________________________ ____________________________________________________________________ Ex: _________________________________________________________________ Alliteration: ___________________________________________________ ____________________________________________________________________ Ex: _________________________________________________________________ Onomatopoeia:___________________________________________________ ____________________________________________________________________ Ex: _________________________________________________________________ Read the biography of Edgar Allan Poe on pages 253-4 and list 4 facts about his life. a. b. c. d. “The Raven” p. 274-277 1. What is the setting of the poem (time and place)? 2. What is the rhyme scheme in the first stanza? Does Poe maintain this rhyme scheme? 3. List all the questions that the narrator asks the raven. 4. What does the narrator say he is trying to do in lines 9-10? 5. In the third stanza, list all the words that are examples of alliteration. What effect does this alliteration have on the poem? 6. How does the significance of the word “nevermore” change throughout the poem? 7. What is the mood throughout the poem? What images help establish this mood? 8. In line 101, what do you think the narrator means when he begs the bird to “Take thy beak from out...

Words: 294 - Pages: 2

Free Essay


... ABSTRACT Packet sniffing or packet capture software is extensively used as tools for protocol analysis and security. In protocol design research, such a tool comes handy in analyzing, debugging and testing of a new protocol implementation. In Security, as is true for any tools, it may be used both as a positive way to detect intrusions or attacks on a system as well as in the malicious way to hack for private and personal data of others. Even though use of upper layer encryption techniques make it difficult to gather data directly, yet these tools are important in learning about existing sessions, collecting encrypted data to launch offline attacks to generate the encryption key and any such attack limited only by ones imagination. Hence, packet sniffer software is one of the most essential tools required to get started to be able to perform any of the above mentioned activities. The goal of our project is to write a packet sniffer “Net Vigilant”, capable of sniffing across wired and wireless interfaces and provide additional packet aggregation, filtering and analysis capabilities. The goal of the project is not to provide a novel approach towards sniffing on the network but rather to provide a basic understanding to the challenges involved in writing such a software and also to build up from the knowledge and experience gained to design more advanced security tools. INTRODUCTION Packet sniffing is an essential activity for......

Words: 1548 - Pages: 7

Free Essay

Packet Sniffing

... A SEMINAR REPORT ON | PACKET SNIFFER | SUBMITTED BY SUBMITTED ONKUNAL GOPAL THAKUR MAY 14,2010VISHAL SHIRGUPPIJUSTIN FRANCISSHAZIA ALIUNDER THE GUIDANCE OF MR. SUNIL SURVEFR. CONCEICAO RODRIGUES COLLEGE OF ENGINEERINGBANDRA(W)MUMBAI – 400 050 | CERTIFICATE This is to certify that, Mr. KUNAL GOPAL THAKUR , Mr. VISHAL SHIRGUPPI ,Mr. JUSTIN FRANCIS and Ms. SHAZIA ALI have completed their project on PACKET SNIFFER satisfactorily in partial fulfillment under the department of Computer Engineering during academic year 2009-2010. ____________________________ Teacher In-Charge ACKNOWLEDGEMENT We would like to express our sincere thanks and gratitude to our guide Mr. Sunil Surve for his valuable guidance and suggestions. We are highly indebted to him for providing us an excellent opportunity to learn and present our studies in the form of this seminar report. We take this opportunity to thank the members of the teaching and non-teaching staff of Fr.CRCE for the timely help extended by them. Lastly thanking our parents, for their morale support and encouragement. Kunal Gopal Thakur Vishal Shirguppi Justin Francis Shazia Ali ABSTRACT: Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or......

Words: 3356 - Pages: 14

Free Essay

Hiring Packet

...INC. Instructions for New Hire Packet – Applicant Directions 1. Page 2 – Checklist - Fill in or verify your name and social security number. Supervisor to fill in the date of hire & Company assigned (EID) employee identification number. 2. Pages 3 – 7 – DOT Application - must all be completed including 10 years (if CDL holder); 3 years (if non-CDL holder) of previous work history, addresses, & phone numbers. ** If there is any time frame for unemployment or selfemployment please list. DOT is looking for a complete trail of information provided by the driver representing where they have been from date to date. Please complete this form and provide a signature/ date at bottom of page 7. Read “Driver Rights” provided by your company. 3. Page 8 - Previous Employer form – Only sign the top box on the first page where it states Applicant signature and date. Company / Supervisors will send out to the previous employers listed on driver’s application. 4. Page 9 – DISCLOSURE - sign and date bottom *Company is required to order and obtain a current MVR for driver prior to hiring or being moved into a driving position. Driver written authorization is required. 5. Page 10 top Record of Violations form – Fill in any moving traffic violations you have had within the past 12 months; provide a signature & date. If no violations check box. Page 10 bottom – Annual Review (SKIP) to be completed by supervisor with a current MVR. MVR=Motor Vehicle Report 6. Page 11 - Data Driver Sheet......

Words: 8061 - Pages: 33

Free Essay


...Analysis Using Packet Sniffer Pallavi Asrodia*, Hemlata Patel** *(Computer Science, dept., Jawaharlal Institute of Technology, Borawan, Khargone (M.P.) India.) ** (Computer Science, dept., Jawaharlal Institute of Technology, Borawan, Khargone (M.P.) India) ABSTRACT In the past five decades computer networks have kept up growing in size, complexity and, overall, in the number of its users as well as being in a permanent evolution. Hence the amount of network traffic flowing over their nodes has increased drastically. With the development and popularization of network Technology, the management, maintenance and monitoring of network is Important to keep the network smooth and improve Economic efficiency. For this purpose packet sniffer is used. Packet sniffing is important in network monitoring to troubleshoot and to log network. Packet sniffers are useful for analyzing network traffic over wired or wireless networks. This paper focuses on the basics of packet sniffer; it’s working Principle which used for analysis Network traffic. Keywords- Packet capture, Traffic analysis, Libpcap, Network Monitoring, NIC, Promiscuous mode, Berkeley Packet Filter, Network analyzer, Packet sniffer. unresponsive to those packets do not belong to themselves by just ignoring. However, if the network interface of a machine is in promiscuous mode, the NIC of this machine can take over all packets and a frame it receives on network, namely this machine (involving its software) is a sniffer [1].......

Words: 2215 - Pages: 9

Premium Essay

Trainee Pre-Packet 2013

...will have acquired tools that will help you in conducting research and managing ethical dilemmas. Contents of this Packet: This training packet contains materials that will introduce you to ethical decision-making in research and will be used throughout the training. Please bring your completed packet with all of the enclosed materials to each training session. This packet contains a number of items including: 1) Training Agenda & Packet Instructions 2) Ethical Guidelines for the Conduct of Research 3) Cases & Questions Packet If you have any questions concerning the training, the materials in this packet, or scheduling, please e-mail at Block 1 3 Training Agenda Day 1 Registration 8:30 - 9:00 I. Complexity in Ethical Decision-Making § 9:00 – 10:30 II. Personal Biases § 10:30 – 12:00 Lunch 12:00 – 1:00 III. Problems in Decision-Making § 1:00 – 2:30 IV. EDM Model & Strategies § 2:30 – 4:00 Sign-in 8:30 - 9:00 Day 2 V. Sensemaking § 9:00 – 10:30 VI. Field Differences § 10:30 – 12:00 Lunch 12:00 – 1:00 VII. Viewpoints § 1:00 – 2:30 VIII. Training Review § 2:30 – 4:00 Packet Instructions Given the nature of the materials that will be covered in training, it is important that you begin the training with some general knowledge of institutional, governmental, and professional research guidelines. This packet provides an overview of this general information. Please follow the instructions below and complete the activities......

Words: 7845 - Pages: 32

Premium Essay

Packet Tracer

...Packet T P Tracer - Connec a Router to a LAN ct Topology T Addressing Table A g Device Interface G0 0/0 R1 R G0 0/1 S0 0/0/0 (DCE) G0 0/0 R2 R G0 0/1 S0 0/0/0 PC1 P PC2 P PC3 P PC4 P NIC NIC NIC NIC IP Addr ress 192.168.10 0.1 192.168.11 1.1 209.165.20 00.225 209.165.20 00.226 192.168.10 0.10 192.168.11 1.10 Subnet Mask S 255 255 255 255 255 255 255 255 255 255 Default G Gateway N/A N/A N/A N/A N/A N/A Objectives O Part 1: Di isplay Route Information er Part 2: Co onfigure Rou uter Interface es Part 3: Ve erify the Con nfiguration © 2013 Cisco and its affiliates. All rights reserve This docume is Cisco Public. d/or ed. ent Page 1 of 5 Packet Tracer - Connect a Router to a LAN Background In this activity, you will use various show commands to display the current state of the router. You will then use the Addressing Table to configure router Ethernet interfaces. Finally, you will use commands to verify and test your configurations. Note: The routers in this activity are partially configured. Some of the configurations are not covered in this course, but are provided to assist you in using verification commands. Part 1: Display Router Information Step 1: Display interface information on R1. Note: Click a device and then click the CLI tab to access......

Words: 1346 - Pages: 6

Free Essay

Packet Switching

...Packet Switching The concept of packet switching was first developed in the early 1960s, by researchers at the Massachusetts Institute of Technology. Packet switching is the dividing of messages into packets before they are sent, transmitting each packet individually, and then reassembling them into the original message once all of them have arrived at the intended destination. Packets are the fundamental unit of information transport in all modern computer networks, and increasingly in other communications networks as well. Each packet, which can be of fixed or variable size depending on the protocol, consists of a header, body, and a trailer. The body contains a segment of the message being transmitted. The header contains a set of instructions regarding the packet's data, the number of packets into which the message has been divided, the identification number of the particular packet, the protocol, packet length and synchronization. Packets are typically routed from source to destination using network switches and routers. Each packet contains address information that identifies the sending computer and intended recipient. Using these addresses, network switches and routers determine how best to transfer the packet to its destination Pros and Cons of Packet Switching Packet switching is the alternative to circuit switching protocols used historically for telephone (voice) networks and sometimes with ISDN connections. Compared to circuit switching, packet......

Words: 307 - Pages: 2

Premium Essay

Packet Tracer

...------------------------------------------------- Name: Amanpreet Singh Date: 05/31/2015 Week# 4 ------------------------------------------------- Activity# – Skills Integration Challenge ------------------------------------------------- Activity Report 1. Write a short paragraph (minimum five college-level sentences) below that summarizes what was accomplished in this lab, what you learned by performing it, what challenges you faced. ------------------------------------------------- This week’s packet tracer was arguably difficult but at the same time, they were very informative and educational. I had to refer to the book several times to learn the commands for configuration. In the end, it was a long packet tracer but it surely helped and I am glad I learned from it. ------------------------------------------------- Packet Tracer – Skills Integration Challenge Addressing Table Device | Interface | IP Address | Subnet Mask | Default Gateway | VLAN | R1 | S0/0/0 | | | N/A | N/A | | G0/0.10 | | | N/A | 10 | | G0/0.20 | | | N/A | 20 | | G0/0.30 | | | N/A | 30 | | G0/0.88 | | | N/A | 88 | | G0/0.99 | | | N/A | 99 | S1 | VLAN 88 | | | | 88 | PC-A | NIC | | | | 10 | PC-B | NIC |......

Words: 493 - Pages: 2

Premium Essay

Acme Packet

...accounting conventions. These figures are bound to follow the concepts of Prudence and Accruals. Which says that expense should be recorded when it can be foresee. Whereas cash flows statement only consists of all the cash movements within the business. Cash flow tends to deduct or add any movements which cannot be justifiable in monetary term or within which the cash is not involved. ii. Provide a likely and economically sound reason why this company has both an extremely high Gross Margin and a negative Operating Margin. Acme Packet is in session delivery network solutions and is vulnerable to both technological advancement and marketing its product. The fact that Gross Margin is high because the cost of providing this service is low but generates high profit margin. But however due to vulnerability to technological advancements they must incur tons of money into their research and development program in order to upgrade its solutions. Acme Packet must also have to incur heavy marketing cost in order to showcase their solutions due to fierce competition among the players in IT industry. Gross Margin is (Total Revenue minus Total Cost of Goods Sold) divided by Total Revenue. Operating Margin is (Total Revenue minus Total Operating Expenses) divided by Total Revenue. Mechanics: iii. Why do we add back a decrease to Accounts Receivable? A decrease in Accounts Receivable indicates that one of our customer had paid his owed account. When a customer pay his /......

Words: 420 - Pages: 2

Free Essay

Packet Sniffing Prevention

...Packet Sniffing Prevention Blocking a Wireless Sniffer-Public Connection • Disable the automatic connection feature in wireless settings • Configure a firewall that is automatically installed with Window updates. Enhance the strength of the firewall and increase security settings to “block all incoming connections” • Confirm the public network’s home page includes a privacy policy. (Networks that use encryption to protect other users from accessing files on the computer will come complete with a privacy policy. Networks that don’t have a privacy statement on the home page do not use encryption.) • Use sites with ‘https’ at the beginning of the URL instead of ‘http’. The ‘s’ = security Tips to Defend against Sniffing • Restrict the physical access to the network media to ensure that a packet sniffer is not able to be installed • Use encryption to protect confidential information • Permanetly add MAC address to the gateway to the ARP cache • Use static IP and static ARP table –prevents attackers from adding the spoofed ARP entries • Turn off network identification broadcast and restrict the network to authorized users • Use IPv6 instead of IPv4 • Use encrypted sessions like: SSh, SCP, SSL • Use security :PGP and S/Mipe, VPN, IPsec, TLS and OTP Packet Sniffing Prevention • Best way – Use Encryption • Secure Socket Layer –encapsulates data with help of original certificates and digital signatures • IP Security- adds security at packet......

Words: 551 - Pages: 3

Free Essay

Sniffer Technology for Detecting Lost Mobiles

...A Technical Seminar Report On “Sniffer Technology For Detecting Lost Mobiles” Submitted to JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY, HYDERABAD (T.S) In partial fulfilment of the requirement for the award of Degree of BACHELOR OF TECHNOLOGY In “Computer Science and Engineering” By N.KIRTHI [11D61A0554] Under the guidance of Mr S.Srinivas Associate Professor C.S.E Dept . Department of Computer Science and Engineering RAJA MAHENDRA COLLEGE OF ENGINEERING AND TECHNOLOGY (Affiliated to JNTU Hyderabad) Ibrahimpatnam, Hyderabad-501506 RAJA MAHENDRA COLLEGE OF ENGINEERING (Affiliated to JNTU Hyderabad) Ibrahimpatnam, Hyderabad-501506 CERTIFICATE This is to certify that the Technical seminar entitled “SNIFFER TECHNOLOGY FOR DETECTING LOST MOBILES” which is being submitted by N.KIRTHI(11D61A0554), in partial fulfillment for the award of degree of BACHELOR OF TECHNOLOGY in COMPUTER SCIENCE AND ENGINEERING of JAWAHARLAL NEHRU TECHNOLOGICAL UNIVERSITY, is a record of benefited work carried out by them under our supervision. InternalGuide ...

Words: 651 - Pages: 3

Free Essay

Optimal Packet Routing

...OPTIMAL PACKET ROUTING Abstract- The optimal routing is the determination of the optimal routing policy that is the set of routes on which packets need to be transmitted in order to reduce the delay, cost and throughput. The routing optimization problem is an important tool in the optimization of both the operational capabilities and the design of large scale commuter communications networks. Resource requirements are not taken into account for conventional routing algorithms. The problem of finding optimal routes in a packet switched computer can be done using non linear multi commodity flow problem. The mathematical programming technique which is applied for the solution of routing problem for large networks is inefficient output. By using Heuristic methods satisfactory results can be obtained. But using Heuristic technique the results are not always optimal and may have some limitations. To overcome all this we can use decomposition method which is very efficient for computation and results are nearly exact. Introduction- Routers are basically classified into two types- Oblivious and Adaptive. In oblivious routing the path is completely determined by the sources and destination. Whereas Deterministic routing is the same path is chosen between a source and destination. The nature of deterministic routing is distributed that is each node makes its routing decisions independent of others which make routing simple and fast and this is widely used in most of the......

Words: 1064 - Pages: 5

Free Essay

Packet Filtering

...Packet Filtering Index Should arriving packet be allowed in? Should a departing packet be let out? Filter packet-by-packet, making decisions to forward/drop a packet based on: Functions of Packet Filter Control: Allow only those packets that you are interested in to pass through. Security: Reject packets from malicious outsiders Watchfulness: Log packets to/from outside world In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). There are three ways in which a packet filter can be configured, once the set of filtering rules has been defined. In the first method, the filter accepts only those packets that it is certain are safe, dropping all others. This is the most secure mode, but it can cause inconvenience if legitimate packets are inadvertently dropped. In the second method, the filter drops only the packets that it is certain are unsafe, accepting all others. This mode is the least secure, but is causes less inconvenience, particularly in casual Web browsing. In the third method, if the filter encounters a packet for which its rules do not provide instructions, that packet can be quarantined, or the user can be specifically queried concerning what should be done with it. This can be inconvenient if it causes numerous dialog boxes to......

Words: 256 - Pages: 2