LAYER TO FORWARD PROTOCOL

Implementation

Abstract
LAYER TO FORWARD PROTOCOL
The demand for cost and time saving technologies in combination
with competitive pressures within corporate environments has
made VPN (Virtual Private Network) technology an alternative
option for enterprise network connectivity. However the amount of
available information and the speed at which technical landscapes
are changing !uickly outpaces typical VPN solutions being
developed. "apid development and abundant options create
comple#ity for network designers with respect to choosing and
implementing the proper VPN technology.
$%&'" T( )("*%"+ P"(T(,($ is a -ava tool to observe network
tra.c virtually. Network administrators facilitate to monitor VPN
(PPTP / 0P1ec / 11H) and 11$ (HTTP1) connectivity of wire
line/wireless networks. The graphical representation makes it easy
to visuali2e messages being sent between computer nodes. 3sers
can also read messages not of the above types in plain te#t.
,onnection statistics can be used as a measure of network security.
The P"( edition allows network administrators to monitor multiple
and remote networks.
Modules:
Capturin Pac!ets
4y choosing a network card can capture packets from the
network.0t will list out all the network devices in the system
when we select one of those devices this application will
capture all the packets coming form that device.
Dra"in Connections
0n the network tra.c visuali2ation VPN and 11$ connections
are represented in colors other than black. *hen the packets
are captured from the network card then it will captures all
the 0P addresses of the systems which are connected in the
network.
Plottin #et"or!
'ach message captured by $ayer to )orward Protocol is
represented graphically by an edge connecting two
computers. 1ince messages are sent both ways when a
message is passing from one system to another system then
a edge connecting those two computers are drown
dynamically.
Dumpin Te$t
%ll messages not sent through VPN nor 11$ are printed onto
the screen. The latest arriving message will be appear at the
top of the table. +i5erent 6lters will be developed to locate
messages containing sensitive information.
Collectin %tatistics
+ynamic updating of the statistics table. The statistics table
collects the fractions of secure connections and packets in the
network. 0t will represent all the information how many
packets are transferred in the subnet.
Resol&in IP Address:
$ayer to )orward Protocol will support the functionalities of
resolving 0P addresses to hostnames depending on the
capturing device.
Introduction
This white paper reviews several important design issues
that should be considered when evaluating Virtual Private Network
(VPN) technology. Today each network manager is responsible for a
network that di5ers from other networks as much as individual
people di5er from one another. This uni!ueness invariably causes
issues when designing a VPN.
VPN technology is one of the most integrated technologies being
deployed on today7s networks. 'very VPN solution interacts with
e#isting sub8systems and crosses all business and operational
practices. 4ased on their speci6c e#posure and technological
predispositions people7s perceptions of VPN technologies di5er
signi6cantly.

The demand for cost and time saving technologies in combination
with competitive pressures within corporate environments has
made VPN technology an alternative option for enterprise network
connectivity. However the amount of available information and the
speed at which technical landscapes are changing !uickly outpaces
typical VPN solutions being developed. "apid development and
abundant options create comple#ity for network designers with
respect to choosing and implementing the proper VPN technology.
%t present many vendors7 VPN solutions are closer to using
common practices but interoperability issues with non8standards8
based solutions create awkward manageability issues. ,ommon
practices used to con6gure control and monitor must be
ree#amined during the design of a VPN.
The goal of a successful VPN is to provide authenticated and
authori2ed nodes with proper access to trusted networks in a
seamless and automated fashion. This interaction must include
client8to8client client8to8gateway or gateway8to8gateway
connections. % VPN solution must provide centrali2ed management
reliable service and ensure the integrity and privacy of data
transfers. These goals must be accomplished when traversing either
a public or private network infrastructure
Purpose
The purpose of this document is to give the overview of the pro9ect.
The main aim of this pro9ect is to observe network tra.c virtually.
Network administrators facilitate to monitor VPN (PPTP / 0P1ec /
11H) and 11$ (HTTP1) connectivity of wire line/wireless networks.
The graphical representation makes it easy to visuali2e messages
being sent between computer nodes. 3sers can also read messages
not of the above types in plain te#t. ,onnection statistics can be
used as a measure of network security. The P"( edition allows
network administrators to monitor multiple and remote networks.
$%&'" T( )("*%"+ P"(T(,($ will focus on number of
functionalities for monitoring network tra.c and security.
O&er&ie"
$%&'" T( )("*%"+ P"(T(,($ is a -ava tool to observe network
tra.c virtually. Network administrators facilitate to monitor VPN
(PPTP / 0P1ec / 11H) and 11$ (HTTP1) connectivity of wire
line/wireless networks. The graphical representation makes it easy
to visuali2e messages being sent between computer nodes. 3sers
can also read messages not of the above types in plain te#t.
,onnection statistics can be used as a measure of network security.
The P"( edition allows network administrators to monitor multiple
and remote networks.
:ain functional features of the $ayer to )orward Protocol on Private
Networks
.; ,apturing Packets
.< +rawing ,onnections
.= Plotting Network
.> +umping Te#t
.? ,ollecting 1tatistics
.@ "esolving 0P %ddresses
%'stem Anal'sis
E$istin %'stem
Restricted Access to Desirable %er&ices
% 6rewall may well restrict certain inherently dangerous services
which users of the protected network nevertheless want to use.
1ervices for which pro#y servers do not (yet) e#ist will e5ectively be
blocked by pro#y 6rewallsA newer services such as *%01 were not
designed to work with 6rewalls and by their very newness are
considered to be unsafe . ,ompromises by the designers of the
security policy may be necessary in order to prevent the users from
circumventing the 6rewall completely.
Decrease in T(rou(put
)irewalls may represent a signi6cant bottleneck in communication
between the protected network and the outside world. However
this is less of a problem than is generally assumed as most 6rewalls
can pass data at T; rates (;.? mpbs) while most sites are
connected at rates less than T;.
Concentrated %ecurit'
*hile having security concentrated on one host has its advantages
a compromise of the 6rewall could be disastrous to hosts which are
not running their own security softwareB. The !uestion is whether a
more likely but smaller security breach is better or worse than a
less likely large breach.
Complicanc'
4oth users and management may tend to become complacent
about security when a 6rewall is installed. 0nvesting time and
money in a 6rewall is not particularly useful if other methods for
stealing data or attacking systems are neglected. 3ser security
education is essential since legitimate users are already inside the
protected network. Physical security is also often neglected 8
implementing the most powerful 6rewalls and having the most
carefully designed security policy is useless if someone can simply
walk o5 with the server.
Proposed s'stem
(ur proposed system is $%&'" T( )("*%"+ P"(T(,($ 1ystem as
the popularity of the 0nternet grew businesses turned to it as a
means of e#tending their own networks. )irst came intranets
which are password8protected sites designed for use only by
company employees. Now many companies are creating their own
$ayer to )orward Protocol (&irtual pri&ate net"or!) to
accommodate the needs of remote employees and distant o.ces.
4asically a $ayer to )orward Protocol is a private network that uses
a public network (usually the 0nternet) to connect remote sites or
users together. 0nstead of using a dedicated real8world connection
such as leased line a V0"T3%$ N'T*("C uses DvirtualD connections
routed through the 0nternet from the companyEs private network to
the remote site or employee. 0n this article you will gain a
fundamental understanding of V0"T3%$ N'T*("k7s and learn
about basic V0"T3%$ N'T*("C components technologies
tunneling and security.
There are two common types of V0"T3%$ N'T*("C Remote)
access also called a &irtual pri&ate dial)up net"or! (*PD#) is
a user8to8$%N connection used by a company that has employees
who need to connect to the private network from various remote
locations.
Through the use of dedicated e!uipment and large8scale encryption
a company can connect multiple 6#ed sites over a public network
such as the 0nternet. 1ite8to8site $%&'" T( )("*%"+ P"(T(,($
can be one of two typesF
Intranet)based 8 0f a company has one or more remote
locations that they wish to 9oin in a single private network
they can create an intranet V0"T3%$ N'T*("C to connect
$%N to $%N.
E$tranet)based 8 *hen a company has a close relationship
with another company (for e#ample a partner supplier or
customer) they can build an e#tranet V0"T3%$ N'T*("C that
connects $%N to $%N and that allows all of the various
companies to work in a shared environment
% well8designed V0"T3%$ N'T*("C uses several methods for
keeping your connection and data secureF
)irewalls
'ncryption
0P1ec
%%% 1erver
+ Modules O, T(e Product
There are basically 6ve modules for developing
Capturin Pac!ets
4y choosing a network card can capture packets from the
network. 0t will list out all the network devices in the system
when we select one of those devices this application will
capture all the packets coming form that device.
Dra"in Connections
0n the network tra.c visuali2ation VPN and 11$ connections
are represented in colors other than black. *hen the packets
are captured from the network card then it will captures all
the 0P addresses of the systems which are connected in the
network.
Plottin #et"or!
'ach message captured by $ayer to )orward Protocol is
represented graphically by an edge connecting two
computers. 1ince messages are sent both ways when a
message is passing from one system to another system then
a edge connecting those two computers are drown
dynamically.
Dumpin Te$t
%ll messages not sent through VPN nor 11$ are printed onto
the screen. The latest arriving message will be appear at the
top of the table. +i5erent 6lters will be developed to locate
messages containing sensitive information.
Collectin %tatistics
+ynamic updating of the statistics table. The statistics table
collects the fractions of secure connections and packets in the
network. 0t will represent all the information how many
packets are transferred in the subnet.
Resol&in IP Address:
$%&'" T( )("*%"+ P"(T(,($ will support the
functionalities of resolving 0P addresses to hostnames
depending on the capturing device.
Operatin En&ironment
-+ .ARDWARE %PECIFICATIO#%:
Processor Name F Pentium8000
Processor 1peed F @GG :HH
"%: F <?@ :4
Hard +isk ,apacity F <I J4
+/ %OFTWARE %PECIFICATIO#%:
%pplication $anguage F -%V% ;.?.K
$ibraries F -P,%P *0NP,%P
(perating 1ystem F *0N+(*1 <III
P"()'110(N%$