Академический Документы
Профессиональный Документы
Культура Документы
INTRODUCTION
1.1 ABSTRACT
This project is intended to develop a tool called Packet Sniffer. The Packet
Sniffer allows the computer to examine and analyze all the traffic passing by its
network connection. It decodes the network traffic and makes sense of it.
When it is set up on a computer, the network interface of the computer is set
to promiscuous mode, listening to all the traffic on the network rather than just those
packets destined for it. Packet Sniffer is a tool that sniffs without modifying the
networks packet in anyway. It merely makes a copy of each packet flowing through
the network interface and finds the source and destination Ethernet addresses of the
packets. It decodes the protocols in the packets given below:
IP (Internet Protocol), TCP (Transmission Control Protocol), UDP (User
Datagram Protocol).
The output is appended into normal text file, so that the network administrator
can understand the network traffic and later analyze it.
2. SYSTEM STUDY
2.1 Introduction to Packet Sniffers:
A Packet Sniffer is a program that can see all of the information passing over
the network it is connected to. A Packet Sniffer is a Wire-tapping device that plugs
into computer Networks and eavesdrop on the network traffic.
A packet sniffer (also known as a network analyzer or protocol analyzer or, for
particular types of networks, an Ethernet sniffer or wireless sniffer) is computer
software that can intercept and log traffic passing over a digital network or part of a
network. As data streams flow across the network, the sniffer captures each packet
and eventually decodes and analyzes its content.
Most Ethernet networks use to be of a common bus topology, using either
coax cable or twisted pair wire and a hub. All of the nodes (computers and other
devices) on the network could communicate over the same wires and take turns
sending data using a scheme known as carrier sense multiple access with collision
detection (CSMA/CD). Think of CSMA/CD as being like a conversation at a loud
party, you may have to wait for quite a spell for your chance to get your words in
during a lull in everybody elses conversation. All of the nodes on the network have
their own unique MAC (media access control) address that they use to send packets of
information to each other. Normally a node would only look at the packets that are
destined for its MAC address. However, if the network card is put into what is known
as promiscuous mode it will look at all of the packets on the wires it is hooked to.
layer protocols (such as TCP and IP), but it also specifies common applications such
as electronic mail, terminal emulation, and file transfer. This document provides a
broad introduction to specifications that comprise the Internet protocols.
Internet protocols were first developed in the mid-1970s, when the Defense
Advanced Research Projects Agency (DARPA) became interested in establishing a
packet-switched network that would facilitate communication between dissimilar
computer systems at research institutions. With the goal of heterogeneous
connectivity in mind, DARPA funded research by Stanford University and Bolt,
Beranek, and Newman (BBN). The result of this development effort was the Internet
protocol suite, completed in the late 1970s.
Documentation of the Internet protocols (including new or revised protocols)
and policies are specified in technical reports called Request for Comments (RFCs),
which are published and then reviewed and analyzed by the Internet community.
Protocol refinements are published in the new RFCs. To illustrate the scope of the
Internet protocols, Figure 1. Maps many of the protocols of the Internet protocol suite
and their corresponding OSI layers.
OSI model
NFS
Application
FTP,
Presentation
Session
Transport
Network
Data Link
Physical
RPC
Telnet,
XDR
SMTP,
SNMP
TCP, UDP
IP
ICMP
ARP
RARP
Not Specified
Fig 1: Internet protocols span the complete range of OSI model layers.
The Internet Protocol (IP) is a network-layer (Layer 3) protocol that contains
addressing information and some control information that enables packets to be
routed. IP is the primary network-layer protocol in the Internet protocol suite. Along
with the Transmission Control Protocol (TCP), IP represents the heart of the Internet
protocols. IP has two primary responsibilities: providing connectionless, best-effort
delivery of data grams through an inter-network; and providing fragmentation and
reassembly of data grams to support data links with different maximum-transmission
unit (MTU) sizes.
IP Packet Format:
An IP packet contains several types of information, as illustrated in
5
Version
IHL
Time to live
Type of Service
Protocol
Identification
Total length
Header checksum
Flags Fragment Offset
Source Address
Destination Address
Options (+padding)
Data (variable)
Flags Consists of a 3-bit field of which the two low-order (leastsignificant) bits control fragmentation. The low-order bit specifies whether the
packet can be fragmented. The middle bit specifies whether the packet is the
last fragment in a series of fragmented packets. The third or high-order bit is
not used.
Fragment Offset Indicates the position of the fragment's data relative to the
beginning of the data in the original datagram, which allows the destination IP
process to properly reconstruct the original datagram.
IP Addressing:
As with any other network-layer protocol, the IP addressing scheme is integral
to the process of routing IP datagram through an inter-network. Each IP address has
specific components and follows a basic format. These IP addresses can be subdivided
and used to create addresses for sub-networks.
Each host on a TCP/IP network is assigned a unique 32-bit logical address that
is divided into two main parts: the network number and the host number. The network
number identifies a network and must be assigned by the Internet Network
Information Center (InterNIC) if the network is to be part of the Internet. An Internet
Service Provider (ISP) can obtain blocks of network addresses from the InterNIC and
can itself assign address space as necessary. The host number identifies a host on a
network and is assigned by the local network administrator.
IP Address Format:
The 32-bit IP address is grouped eight bits at a time, separated by dots, and
represented in decimal format (known as dotted decimal notation). Each bit in the
octet has a binary weight (128, 64, 32, 16, 8, 4, 2, 1). The minimum value for an octet
is 0, and the maximum value for an octet is 255. Figure.3 illustrates the basic format
of an IP address.
Fig 3: An IP address consists of 32 bits, grouped into four octets.
32Bits
Network
Host
8bits
8bits
8bits
8bits
IP Address Classes:
IP addressing supports five different address classes: A, B, C, D, and E. only
classes A, B, and C are available for commercial use. The left-most (high-order) bits
indicate the network class.
Fig 4: IP address formats A, B, and C are available for commercial use.
No. of bits
Class A
Class B
24
0 Networks
1 0 Network
Host
Host
Host
Network
Host
Host
14
Class C
1 1 0 Network
16
Network
Network
21
Host
The class of address can be determined easily by examining the first octet of
the address and mapping that value to a class range in the following table. In an IP
address of 172.31.1.2, for example, the first octet is 172. Because 172 falls between
8
128 and 191, 172.31.1.2 is a Class B address. Figure 5 summarizes the range of
possible values for the first octet of each address class.
Fig 5: A range of possible values exists for the first octet of each address class.
Address Class
First Octet in
High-order Bits
Decimal
Class A
1 D 126
Class B
128 D 191
10
Class C
192 D 223
110
Class D
224 D 239
1110
Class E
240 D 254
1111
IP Subnet Addressing:
IP networks can be divided into smaller networks called sub-networks (or
subnets). Sub-netting provides the network administrator with several benefits,
including extra flexibility, more efficient use of network addresses, and the capability
to contain broadcast traffic (a broadcast will not cross a router).
Subnets are under local administration. As such, the outside world sees an
organization as a single network and has no detailed knowledge of the organization's
internal structure.
A given network address can be broken up into many sub networks. For
example, 172.16.1.0, 172.16.2.0, 172.16.3.0, and 172.16.4.0 are all subnets within
network 171.16.0.0. (All 0s in the host portion of an address specifies the entire
network.)
Address Resolution Protocol (ARP) Overview:
For two machines on a given network to communicate, they must know the
other machine's physical (or MAC) addresses. By broadcasting Address Resolution
10
IP Routing:
IP routing protocols are dynamic. Dynamic routing calls for routes to be
calculated automatically at regular intervals by software in routing devices. This
contrasts with static routing, where routers are established by the network
administrator and do not change until the network administrator changes them.
An IP routing table, which consists of destination address/next hop pairs, is
used to enable dynamic routing. An entry in this table, for example, would be
interpreted as follows: to get to network 172.31.0.0, send the packet out Ethernet
interface 0 (E0).
IP routing specifies that IP datagrams travel through internetworks one hop at
a time. The entire route is not known at the onset of the journey, however. Instead, at
each stop, the next destination is calculated by matching the destination address
within the datagram with an entry in the current node's routing table.
Each node's involvement in the routing process is limited to forwarding
packets based on internal information. The nodes do not monitor whether the packets
get to their final destination, nor does IP provide for error reporting back to the source
when routing anomalies occur. This task is left to another Internet protocol, the
Internet Control-Message Protocol (ICMP), which is discussed in the following
section.
Internet Control Message Protocol (ICMP):
The Internet Control Message Protocol (ICMP) is a network-layer Internet
protocol that provides message packets to report errors and other information
regarding IP packet processing back to the source. ICMP is documented in RFC 792.
ICMP Messages:
ICMPs generate several kinds of useful messages, including Destination
Unreachable, Echo Request and Reply, Redirect, Time Exceeded, and Router
Advertisement and Router Solicitation. If an ICMP message cannot be delivered, no
second one is generated. This is to avoid an endless flood of ICMP messages.
11
13
Each host randomly chooses a sequence number used to track bytes within the
stream it is sending and receiving. Then, the three-way handshake proceeds in the
following manner:
The first host (Host A) initiates a connection by sending a packet with the
initial sequence number (X) and SYN bit set to indicate a connection request. The
second host (Host B) receives the SYN, records the sequence number X, and replies
by acknowledging the SYN (with an ACK = X + 1). Host B includes its own initial
sequence number (SEQ = Y). An ACK = 20 means the host has received bytes 0
through 19 and expects byte 20 next. This technique is called forward
acknowledgment. Host A then acknowledges all bytes Host B sent with a forward
acknowledgment indicating the next byte Host A expects to receive (ACK = Y + 1).
Data transfer then can begin.
Positive Acknowledgment and Retransmission (PAR):
A simple transport protocol might implement a reliability-and-flow-control
technique where the source sends one packet, starts a timer, and waits for an
acknowledgment before sending a new packet. If the acknowledgment is not received
before the timer expires, the source retransmits the packet. Such a technique is called
positive acknowledgment and retransmission (PAR).
By assigning each packet a sequence number, PAR enables hosts to track lost
or duplicate packets caused by network delays that result in premature retransmission.
The sequence numbers are sent back in the acknowledgments so that the
acknowledgments can be tracked.
PAR is an inefficient use of bandwidth, however, because a host must wait for
an acknowledgment before sending a new packet, and only one packet can be sent at a
time.
TCP Sliding Window:
A TCP sliding window provides more efficient use of network bandwidth than
PAR because it enables hosts to send multiple bytes or packets before waiting for an
acknowledgment.
14
In TCP, the receiver specifies the current window size in every packet.
Because TCP provides a byte-stream connection, window sizes are expressed in bytes.
This means that a window is the number of data bytes that the sender is allowed to
send before waiting for an acknowledgment. Initial window sizes are indicated at
connection setup, but might vary throughout the data transfer to provide flow control.
A window size of zero, for instance, means "Send no data."
In a TCP sliding-window operation, for example, the sender might have a
sequence of bytes to send (numbered 1 to 10) to a receiver who has a window size of
five. The sender then would place a window around the first five bytes and transmit
them together. It would then wait for an acknowledgment.
The receiver would respond with an ACK = 6, indicating that it has received
bytes 1 to 5 and is expecting byte 6 next. In the same packet, the receiver would
indicate that its window size is 5. The sender then would move the sliding window
five bytes to the right and transmit bytes 6 to 10. The receiver would respond with an
ACK = 11, indicating that it is expecting sequenced byte 11 next. In this packet, the
receiver might indicate that its window size is 0 (because, for example, its internal
buffers are full). At this point, the sender cannot send any more bytes until the
receiver sends another packet with a window size greater than 0.
Source port
Destination port
Sequence number
Acknowledge number
Data offset
Reserved
Flags
Checksum
Window
Urgent pointer
Options (+padding)
Data (variable)
15
Destination Port
Length
checksum
17
Protocols
File transfer
FTP
Terminal emulation
Telnet
Electronic mail
SMTP
Network management
SNMP
Conversion of data to human readable formats so that people can read the
traffic.
Network traffic logging, to create logs that hacker's can't break into and
erase.
Example Uses:
A packet sniffer for a token ring network could detect that the token has
been lost or the presence of too many tokens (verifying the protocol).
A packet sniffer could detect that messages are being sent to a network
adapter; if the network adapter did not report receiving the messages then
this would localize the failure to the adapter.
A packet sniffer could be used to analyze data sent to and from secure
systems in order to understand and circumvent security measures, for the
purposes of penetration testing or illegal activities.
A packet sniffer can passively capture data going between a web visitor
and the web servers decode it at the HTTP and HTML level and create
web log files as a substitute for server logs and page tagging for web
analytics.
21
3. SYSTEM ANALYSIS
3.1 Project Description:
This Project deals with a packet capture utility and Network monitoring. This
Project is useful to the Network Administrators to observe each and every incoming
packet for security enhancements. Irrespective of the Destination IP of incoming
packet the machine on which this project is running captures all packets .This Project
Keeps on differentiating the type of the entities which are there in Ethernet header.
The main program will have an infinite loop which keeps an eye on each and
every incoming packet. The moment it collects that packet it starts invoking
respective modules and those modules will internally redirects that information to
respective text files. The utilities used in this project are WinPcap and PacketX.
WinPcap:
22
PacketX:
PacketX class library integrates WinPcap packet capture functionality with
ActiveX programming and scripting languages. PacketX hides the low level
programming details by implementing simple class framework that can be used to
build networking applications with minimum effort and time. In brief, PacketX uses
WinPcap libraries to capture (and optionally filter) network packets. In addition to
standard capture mode you can collect network statistics and send raw packets. All
captured packets or statistics are encapsulated inside wrapper class and returned to
client as events. PacketX uses WinPcap Packet Driver API implemented by packet.dll
and BPF filtering support from pcap.dll. This means that you can use PacketX to
capture, send (and optionally filter) packets and collect network statistics. PacketX
cannot be used to block network traffic to build a firewall. The library contains an
ActiveX control that can be used from
RAD development tools like Microsoft Visual Basic or Borland Delphi. For
scripting languages there are corresponding lightweight COM classes.
Some of the classes are
PacketXClass
AdapterCollection
Adapter
Packet
_IPktXPacketXEvents_OnPacketEventHandler
3.2 Modules:
3.2.1
Admin. Required username and password for security purpose just to identify them
selves.
3.2.2
24
This is for the Admin, member of the Application have access to the
management administration Form. Management Admin can provide the IP Addresses
or Domain Name (Example news.microsoft.com) to connect Network news transfer
Protocol server,
3.2.3
Ping Information:
The ping utility is essentially a system administrator's tool that is used to see if
a computer is operating and if network connections are intact. Ping uses the Internet
Control Message Protocol (ICMP) Echo function which The ping utility verifies
connections to a remote computer or computers. You can use ping to test both the
computer name and the IP address. If the IP address is verified, but the computer
name is not, you may have a name resolution problem. In this case, make sure the
computer name you are querying is in either the local host file or in the DNS
database.
3.2.4
Hop Information:
Definition: In computer networking, a hop represents one portion of the path
between source and destination. When communicating over the Internet, for example,
data passes through a number of intermediate devices (like routers) rather than
flowing directly over a single wire. Each such device causes data to "hop" between
one point-to-point network connection and another.
3.2.5
Packet Information:
A packet is the unit of data that is routed between an origin and a destination on
the Internet or any other packet-switched network. When any file (e-mail message,
HTML file, Graphics Interchange Format file, Uniform Resource Locator request, and
so forth) is sent from one place to another on the Internet, the Transmission Control
Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for
routing. Each of these packets is separately numbered and includes the Internet
address of the destination. The individual packets for a given file may travel different
25
routes through the Internet. When they have all arrived, they are reassembled into the
original file (by the TCP layer at the receiving end).
3.2.6
NetStat Information:
The netstat command displays the protocol statistics and current TCP/IP
connections on the local system. Used without any switches, the netstat command
shows the active connections for all outbound TCP/IP connections. In addition,
several switches are available that change the type of information netstat displays.
Table 5 shows the various switches available for the netstat utility.
3.2.7 Trace Route Information:
The traceroute application will print the route that packets take in order to
arrive at a network host. It works by trying to elicit an ICMP TIME_EXCEEDED
response from each gateway along the path to a particular host. For this reason, the
times, which are actually returned
in the traceroute readout, are not actually reflective of the times that it requires
packets from another protocol such as telnet, SMTP, or FTP to arrive at the
destination and gateways along the route.
Usage:
This application is useful for determining whether a host is up and running on
the network and/or whether there is a host or gateway along the path that is not
passing along packets properly.
26
Introduction:
Purpose:
To develop a tool that easily analyzes the network traffic flow on that
particular system and to show the information for the administrator in human readable
format.
Scope:
This can be used by network administrators, organizations and by common
man who want to know the network flow, in and out, of the system and also save the
file for later analysis such as load on the system, network intrusion detection etc.
Developers Responsibilities Overview:
The developer is responsible for:
General Description:
Product Functions Overview:
In a computer network every system can see all the packets flowing in the
network, but can capture the packets that are addressed to that particular system only.
But the product must be able to make a copy of all the packets flowing in the network,
which are address to it and also not address to it. The packet copied must be stored in
a buffer. Each packet has headers in which information about the packet will be stored
in a specified format. This information must be extracted and if necessary covert into
human readable form and store it in the output files.
User Characteristics:
The user of the system will be the systems administrator who controls and
configures the network traffic through the server.
27
General Constraints:
The system should have winpcap & packetx installed.
General assumptions and dependencies:
The assumption is that the packets moving in the networking are coming from
only Ethernet and not from any other like FDDI, etc.
3.3.1 Specific Requirements:
Inputs and Outputs:
Inputs: Raw packets flowing in the network of the system on which the Packet
Sniffer is installed.
Outputs: The output is stored in a file.
Functional Requirements:
Capture the packets in the network at the data link layer before they are passed
to the protocols implemented in the kernel.
Strip off the various headers in each packet and analyze the information in it.
Append the information in the headers of the packet into output file in a specified
format.
Performance Constraints:
The maximum size of the buffer to hold the packet is 2000 bytes. The speed of
the networks should not exceed 100Mbps if it exceeds this speed all the packets may
not be analyzed.
Operational feasibility:
In this test, the operational scope of the system is checked. The system under
consideration should have enough operational research. It is observed that proposed
system is very user friendly and since the system is built with enough help, even
persons with little knowledge of windows can find the system very easy.
Technical feasibility:
This test includes a study of function, performance and constraints that may
affect the ability to achieve an acceptable system. This test begins with an assessment
of the technical viability of the proposed system. One of the main factors to be
accessed is the need of various kinds of resources for the successful implementation
of the proposed system.
Economical feasibility:
An evaluation of development cost weighed against the ultimate income of
benefit from the development of the proposed system is made. Care must be taken
regarding the costs that incur in the development process of the proposed system.
WINDOWS XP
Front End
Back End
Language
C# .NET
Processor
Pentium IV
RAM
512MB RAM
Hardware Environment:
29
HDD
5 GB
LAN
Enabled
Acceptance Criteria:
Before accepting the system, the developer will have to demonstrate how the
system works on the given data. The developer will have to show by suitable test
cases that all conditions are satisfied.
4. SYSTEM DESIGN
Software Engineering is the systematic approach to the development,
operation, maintenance, and retirement of software.
All Software products can be developed with the help of a Software Process
i.e. Software Life Cycle. This Software Process is nothing but a series of identifiable
stages that a software product undergoes during its lifetime. And this series basically
starts with a Feasibility Study Stage, Requirement Analysis and Specification, Design,
Coding, Testing and Maintenance. Each of these phases is called the Life Cycle
Phase. And this Software process is achieved, with the help of software life cycle
model (or process model). A Process Model is a descriptive and diagrammatical
model of a software Process. A process model identity all the activities required to
develop and maintain a software product, and establish a precedence ordering among
the different activities.
30
A process model defines entry and exit criteria for every phase. e.g. the
corresponding phase-entry criteria for the Software Requirement Specification phase
can be that the software Requirement Specification document has been completed,
internally reviewed, and approved by the customer. With such well-defined entry and
exit criteria for various phases, it becomes easier to manage and monitor the progress
of the project. Thus, we can say that life cycle models encourage development of
software in a systematic and disciplined manner. Due to the above fact, the developer
should adhere to well-defined life cycle model. Thus, a major advantage of adhering
to a well-defined life cycle model is that it helps to control and organize
systematically various activities of the product, which is taken to develop. When a life
cycle model is adhered to, the developer can easily tell at which stage (e.g. design,
code, testing) of development, the project currently is. If no life cycle model is
adhered to, it becomes very difficulty to chart the progress of the project and the
developer may face a problem known as the 99% complete syndrome. In this
syndrome, which appears when there is no definite way to access the progress of the
project, the optimistic developer feels that the project is 99% complete, even when the
project is far from its completion. Success or completion of project is heavily
dependent upon which type of life cycle model the developer is going to adhere. So a
life cycle model plays an important role in the successful completion of a project.
Basically five types of life cycle models are used, while developing a software
product.
Evolutionary Model
Prototyping Model.
Spiral Model.
During the development of the project Packet Sniffer, I followed the Classical
Waterfall Model. This model divides the life cycle of a software development process
into the phases, shown below:
31
the first step in the structured design method. In the project, the inputs are the packets
that are flowing in the network interface that is set to promiscuous mode. The output
is the information contained in the packets in human readable form, which is stored in
the output file.
The context diagram and data flow diagram of the proposed system are given
as follows:
Network
interface
card
Protocol
Packets
Analyzer
Repor
ts
Administrato
r
Promiscuous
mode
Ip
header
.
packets
Separat
e
headers
dtl
header
dtl
header
analysi
s
dtl header
info
ip
header
analysi
s
ip &dtl
Headers
Info
tl
heade
r
analys
is
Transport layer
header
33
output
The data flow diagrams for the current project are show in the following
figure. It is the data flow diagram for the entire process. It specifies the major
transform centers in the approach to be followed for producing the software. This is
the first step in the structured design method. In the project, the inputs are the packets
that are flowing in the network interface that is set to promiscuous mode. The output
is the information contained in the packets in human readable form, which is stored in
the output file.
Packets
Get
packet
s
Buffer
with
packets
Separat
e
headers
hdrs
Analyz
e
header
s
Info in
headers
Update
output
file
Explanation:
In the diagram the input is obtained as packets from the network interface by
the Get packets process. For that this process defines a packet socket and obtains the
raw packets from the network interface and stores them into a buffer. The buffer
containing the packets is passed to the separate header process, which strips off
various headers of the packet and passes them to analyze headers process where they
will be analyzed and the information is passed on to the update output file process.
Here the output file will be updated with the latest information obtained from the later
processes.
The most abstract inputs are the stripped off headers and the most abstract
output is the information in the headers in human readable form.
together with the interconnections between modules. The structure chart of a program
is a graphic representation of its structure. In a structure chart, a box represents a
module with the module name written in the box. The parameters returned as output
by a module.
MAIN
hdrs
info
info
hdrs
Get Input
Protocol Analysis
Output
hdr
s
Get Input
hdr
s
buf
buf
Adapter
receive
Strip off
35
packetf
d
packetf
d
hdr
s
info
Protocol Analyzer
ip hdr
arp or rarp
hdr
ARP &RARP
ip
info
info
info
info
ICMP
IGMP
TCP
UDP
36
info
Output
ofstream
ofstream
Print reports
module updates the output files with the input obtained by the main module and
passes back the file pointers to the output module. These file streams are passed to
the print reports module where the reports are printed.
Requirements
Architecture
Design
Source code
Project plans
Tests
Prototypes
Releases
38
Telecommunications
Transportation
Defense/aerospace
Retail
Medical electronics
Scientific
to model non-software systems, such as workflow in the legal system, the structure
and behavior of a patient healthcare system, and the design of hardware.
A Conceptual Model of the UML:
To understand the UML, you need to form a conceptual model of the
language, and this requires learning three major elements: the UML's basic building
blocks, the rules that dictate how those building blocks may be put together, and some
common mechanisms that apply throughout the UML. Once you have grasped these
ideas, you will be able to read UML models and create some basic ones. As you gain
39
more experience in applying the UML, you can build on this conceptual model, using
more advanced features of the language.
Building Blocks of the UML:
The vocabulary of the UML encompasses three kinds of building blocks:
Things
Relationships
Diagrams
Things are the abstractions that are first-class citizens in a model; relationships
tie these things together; diagrams group interesting collections of things.
Things in the UML:
There are four kinds of things in the UML:
Structural things
Behavioral things
Grouping things
Annotational things
These things are the basic object-oriented building blocks of the UML. You
use them to write well-formed models.
Structural Things:
Structural things are the nouns of UML models. These are the mostly static
parts of a model, representing elements that are either conceptual or physical. In all,
there are seven kinds of structural things.
First, a class is a description of a set of objects that share the same attributes,
operations, relationships, and semantics. A class implements one or more interfaces.
Graphically, a class is rendered as a rectangle, usually including its name, attributes,
and operations.
40
CLASS:
NewClass
window
origin
size
open()
close()
move()
NewInterfac
e
UseCase
NewComponent
Seventh, a node is a physical element that exists at run time and represents a
computational resource, generally having at least some memory and, often, processing
capability. A set of components may reside on a node and may also migrate from node
to node. Graphically, a node is rendered as a cube, usually including only its name.
Behavioral Things:
Behavioral things are the dynamic parts of UML models. These are the verbs
of a model, representing behavior over time and space. In all, there are two primary
kinds of behavioral things.
First, an interaction is a behavior that comprises a set of messages exchanged
among a set of objects within a particular context to accomplish a specific purpose.
The behavior of a society of objects or of an individual operation may be specified
with an interaction. An interaction involves a number of other elements, including
messages, action sequences (the behavior invoked by a message), and links (the
connection between objects). Graphically, a message is rendered as a directed line,
almost always including the name of its operation.
Second, a state machine is a behavior that specifies the sequences of states an
object or an interaction goes through during its lifetime in response to events, together
with its responses to those events. The behavior of an individual class or a
collaboration of classes may be specified with a state machine.
A state machine involves a number of other elements, including states,
transitions (the flow from state to state), events (things that trigger a transition), and
43
Grouping Things:
Grouping things are the organizational parts of UML models. These are the
boxes into which a model can be decomposed. In all, there is one primary kind of
grouping thing, namely, packages.
A package is a general-purpose mechanism for organizing elements into
groups. Structural things, behavioral things, and even other grouping things may be
placed in a package. Unlike components (which exist at run time), a package is purely
conceptual (meaning that it exists only at development time). Graphically, a package
is rendered as a tabbed folder, usually including only its name and, sometimes, its
contents.
PACKAGE:
Packages are the basic grouping things with which you may organize a UML
model. There are also variations, such as frameworks, models, and subsystems (kinds
of packages).
Annotational Things:
44
Annotational things are the explanatory parts of UML models. These are the
comments you may apply to describe, illuminate, and remark about any element in a
model. There is one primary kind of annotational thing, called a note. A note is simply
a symbol for rendering constraints and comments attached to an element or a
collection of elements. Graphically, a note is rendered as a rectangle with a dog-eared
corner, together with a textual graphical comment.
NOTES:
This element is the one basic annotational thing you may include in a UML
model. You'll typically use notes to adorn your diagrams with constraints or
comments that are best expressed in informal or formal text. There are also variations
on this element, such as requirements (which specify some desired behavior from the
perspective of outside the model).
Relationships in the UML :
There are four kinds of relationships in the UML:
1. Dependency
2. Association
3. Generalization
4. Realization
These relationships are the basic relational building blocks of the UML. You
use them to write well-formed models.
First, a dependency is a semantic relationship between two things in which a
change to one thing (the independent thing) may affect the semantics of the other
thing (the dependent thing). Graphically, a dependency is rendered as a dashed line,
possibly directed, and occasionally including a label.
45
DEPENDANCY:
ASSOCIATION:
Employer
employee
Names
Scope
Visibility
Integrity
Execution
Elided
Incomplete
Inconsistent
Class diagram
Sequence diagram
Collaboration diagram
Activity diagram
Component diagram
Deployment diagram
Object diagram
A class diagram shows a set of classes, interfaces, and collaborations and their
relationships. These diagrams are the most common diagram found in modeling
object-oriented systems. Class diagrams address the static design view of a system.
Class diagrams that include active classes address the static process view of a system.
48
A use case diagram shows a set of use cases and actors (a special kind of class)
and their relationships. Use case diagrams address the static use case view of a
system. These diagrams are especially important in organizing and modeling the
behaviors of a system. Both sequence diagrams and collaboration diagrams are kinds
of interaction diagrams. Shows an interaction, consisting of a set of objects and their
relationships, including the messages that may be dispatched among them. Interaction
diagrams address the dynamic view of a system.
A sequence diagram is an interaction diagram that emphasizes the timeordering of messages; a collaboration diagram is an interaction diagram that
emphasizes the structural organization of the objects that send and receive messages.
Sequence diagrams and collaboration diagrams are isomorphic, meaning that you can
take one and transform it into the other.
A state chart diagram shows a state machine, consisting of states, transitions,
events, and activities. State chart diagrams address the dynamic view of a system.
They are especially important in modeling the behavior of an interface, class, or
collaboration and emphasize the event-ordered behavior of an object, which is
especially useful in modeling reactive systems.
An activity diagram is a special kind of a state chart diagram that shows the
flow from activity to activity within a system. Activity diagrams address the dynamic
view of a system. They are especially important in modeling the function of a system
and emphasize the flow of control among objects.
A component diagram shows the organizations and dependencies among a set
of components. Component diagrams address the static implementation view of a
system. They are related to class diagrams in that a component typically maps to one
or more classes, interfaces, or collaborations.
A deployment diagram shows the configuration of run-time processing nodes
and the components that live on them. Deployment diagrams address the static
deployment view of architecture. They are related to component diagrams in that a
node typically encloses one or more components.
49
Start Monitoring
Start Capture
Capture Packets
User
Display Graph
Save/Open Packets
Stop Capturing
50
Add/removeIPs:
View report:
Save/print reports:
Admin functions
Participant
Administrator
actor:
Flow of events:
Class diagram:
51
A class diagram describes the static structure of the symbols in your new
system. It is a graphical presentation of the static view that shows a collection of
declarative (static) model elements, such as classes, types, and their contents and
relationships.
PacketSniffer
tcp header
ip header
ethernet header
data
Dynamic graph
surf
surfing()
get()
separate headers()
Surface
ascent
descent
ptnum
thread
usedstr
getminimumsize()
getprefferedsize()
getmaxsize()
surface()
Sequence diagram:
52
UML sequence diagrams model the flow of logic within your system in a
visual manner, enabling you both to document and validate your logic, and are
commonly used for both analysis and design purposes. Sequence diagrams are the
most popular UML artifacts for dynamic modeling, which focuses on identifying the
behavior within your system.
Sequence diagram for Administrator:
start capture
button
packet capture
control
reports
IP Address
: administrator
press
invokes
generates
view
save/print
add/remove
53
1: press
start capture
button
: administrator
6: add/remove
IP
Address
2: invokes
4: view
5: save/print
reports
packet capture
control
3: generates
54
open tool
5. SOFTWARE OVERVIEW
55
Versioning support, so that your base and derived classes templates that
define how an object performs remain compatible as you develop them.
Events, so that your program can notify clients of a class about something
that has happened to an object.
Type safety and verification that increases reliability and ensures code
security.
Garbage collection, so that your program can identify objects that your
program can no longer reach.
Unsafe mode, where you can use pointers to manipulate memory outside
the garbage collectors control, including methods and properties.
You can call overridden base class members from derived classes.
57
Support of the new ref and out method parameters that are used instead
of pointers for passing parameters by reference.
Microsoft .NET:
Microsoft announced the .NET initiative in July 2000. The .NET
platform is a new development framework with a new programming
interface to Windows services and APIs, integrating a number of
technologies that emerged from Microsoft during the late 1990s.
Incorporated into .NET are COM+ component services; the ASP web
development framework; a commitment to XML and object-oriented
design; support for new web services protocols such as SOAP,
WSDL, and UDDI; and a focus on the Internet.
The platform consists of four separate product groups:
Development tools:
A set of languages, including C# and VB.NET; a set of development
tools, including Visual Studio.NET; a comprehensive class library for
building web services and web and Windows applications; as well as
the Common Language Runtime to execute objects built within this
framework.
58
Specialized servers:
A set of .NET Enterprise Servers, formerly known as SQL Server
2000, Exchange 2000, BizTalk 2000, and so on, that provide
specialized functionality for relational data storage, email, and B2B
commerce.
Web services:
An offering of commercial web services, recently announced as
project Hailstorm; for a fee, developers can use these services in
building applications that require knowledge of user identity.
Devices:
New .NET-enabled non-PC devices, from cell phones to game boxes.
The .NET Platform:
The Microsoft .NET Platform consists of five main components, as shown in
Figure 1 -1. At the lowest layer lies the operating system (OS), which can be one of a
variety of Windows platforms, including Windows XP, Windows 2000, Windows Me,
and Windows CE. As part of the .NET strategy, Microsoft has promised to deliver
more .NET device software to facilitate a new generation of smart devices.
On top of the operating system is a series of .NET Enterprise Server products
that simplify and shorten the time required to develop and manage large-scale
business systems. These server products include Application Center 2000, BizTalk
Server 2000, Commerce Server 2000, Exchange Server 2000, Host Integration Server
2000, Internet Security and Acceleration Server 2000, and SQL Server 2000.
Since Web Services are highly reusable across the Web, Microsoft plans to
provide a number of building-block services that application developers can use, for a
fee. An example of building block service is Microsoft Passport, which allows you to
use a single username and password at all web sites that support Passport
authentication. On March 19, 2001, Microsoft announced another set of Web Services
with the codename Hailstorm. This product encompasses a set of building block
59
At the top layer of the .NET architecture is a brand new development tool
called Visual Studio.NET (VS.NET), which makes possible the rapid development of
Web Services and other applications. A successor of Microsoft Visual Studio 6.0,
VS.NET is an Integrated Development Environment (IDE) that supports four different
languages and features such as cross-language debugging and the XML Schema
Editor.
And at the center of .NET is the Microsoft .NET Frameworkthe main focus
of this book. The .NET Framework is a new development and runtime infrastructure
that will change the development of business applications on the Windows platform.
It includes the Common Language Runtime (CLR) and a common framework of
classes that can be used by all .NET languages.
Visual Studio .net:
Visual Studio .NET contains a graphical programming environment called the
Microsoft Development Environment (MDE). The MDE enables you to create
programs in Visual C# and other Visual Studio .NET languages.
Security:
60
Computer networks let programmers share Visual Studio .NET code including
C# programs across the network. This collaborative effort lets you and your
programming team creates C# programs much more quickly than one person alone.
The problem with collaborating over a network is that unauthorized users from within
or outside your network may try to gain access to your C# program code. Visual
Studio .NET provides built-in security features so you or the leader of your
programming team can determine who on your network gets access to your C#
program code and resources. You can also set different levels of security for different
people in case you want only certain people to have access to certain program code.
DLLs:
The advent of Windows brought dynamic link libraries (DLLs) to
programmers. DLLs are small, independent programs that contain executable routines
that programs can use to produce a certain result in Windows. For example, if a
program needs to open a file, you can write your C# program that uses the code in the
DLL to open the file. Using DLLs frees up your time to work on your program
without having to reprogram the same code in your C# program over and over again.
You can access DLLs from your C# program, and create DLLs in C# for your C#
program to refer to when necessary. C# has full COM/Platform support, so you can
integrate C# code with any programming language that can produce COM DLLs such
as Visual C++.
XML:
Extensible Markup Language (XML) is a more powerful version of Hypertext
Markup Language (HTML), the standard Web page language. Visual Studio .NET and
C# let you document your program using XML and then extract the XML code into a
separate file. Visual Studio .NET supports XML so that you can integrate your C#
programs with the World Wide Web. You can document your C# code using XML and
then use XML for creating Web Services and Web controls that let you and your code
interact with a Web site. For example, you may have an inventory system written in
C# that interacts with the order-taking page on your companys Web site.
Windows Operating System:
61
6. SAMPLE CODING
62
using System;
using System.Drawing;
using System.Collections;
using System.ComponentModel;
using System.Windows.Forms;
using System.Net;
using System.Net.Sockets;
using Sniffer;
using System.Threading;
using System.Text;
namespace SnifferUI
{
public delegate void DoubleClickCallback();
public delegate void TabPageCallback(TabPage tp);
/// <summary>
/// Summary description for SnifferUI.
/// </summary>
public class SnifferUI : System.Windows.Forms.Form
{
private Thread thrdTrv;
private Thread thrd;
private Thread thrdC;
bool isPaused = false;
int MouseX=0;
int MouseY=0;
int
totalCount=0,tcpCount=0,udpCount=0,icmpCount=0,otherCount=0;
int totalByte=0,tcpByte=0,udpByte=0,icmpByte=0,otherByte=0;
private treeViewFuncs objTVF;
private SnifferSocket Socket_
public Hashtable
= null;
Counter_ =null;
63
public Hashtable
IdentTable_ =null;
private Hashtable
TabPageTable_ =null;
private Hashtable
CurrentSniffing_=null;
65
{
if( disposing )
{
if(components != null)
{
components.Dispose();
}
}
base.Dispose( disposing );
}
this.pnlBottomRight.SuspendLayout();
this.pnlBottomRightSub.SuspendLayout();
this.pnlRichText.SuspendLayout();
this.pnlPacket.SuspendLayout();
this.pnlAscii.SuspendLayout();
this.pnlTV.SuspendLayout();
this.pnlBottomLeft.SuspendLayout();
this.pnlUp.SuspendLayout();
this.pnlUpRight.SuspendLayout();
this.pnlUpLeft.SuspendLayout();
this.contextMenuStrip1.SuspendLayout();
this.SuspendLayout();
//
// lstwMain
//
this.lstwMain.Columns.AddRange(new
System.Windows.Forms.ColumnHeader[] {
this.Count_,
this.Source_,
this.SourceName_,
this.SPort_,
this.Destination_,
this.DestName_,
this.DPort_,
this.Protocol_,
this.Process_,
this.ProcessId_});
this.lstwMain.ContextMenu = this.CnmLstwMain;
this.lstwMain.Dock = System.Windows.Forms.DockStyle.Fill;
this.lstwMain.Location = new System.Drawing.Point(0, 0);
this.lstwMain.MultiSelect = false;
this.lstwMain.Name = "lstwMain";
this.lstwMain.Size = new System.Drawing.Size(904, 176);
69
this.lstwMain.SmallImageList = this.imlMain;
this.lstwMain.TabIndex = 5;
this.lstwMain.UseCompatibleStateImageBehavior = false;
this.lstwMain.View = System.Windows.Forms.View.Details;
this.lstwMain.SelectedIndexChanged += new
System.EventHandler(this.lstwMain_SelectedIndexChanged);
this.lstwMain.DoubleClick += new
System.EventHandler(this.lstwMain_DoubleClick);
this.lstwMain.ColumnClick += new
System.Windows.Forms.ColumnClickEventHandler(this.lstwMain_ColumnClick);
//
// Count_
//
this.Count_.Text = "Count";
this.Count_.Width = 56;
//
// Source_
//
this.Source_.Text = "Source";
this.Source_.Width = 94;
//
// SourceName_
//
this.SourceName_.Text = "Name";
this.SourceName_.Width = 68;
//
// SPort_
//
this.SPort_.Text = "Source Port";
this.SPort_.Width = 150;
//
// Destination_
//
70
this.Destination_.Text = "Destination";
this.Destination_.Width = 102;
//
// DestName_
//
this.DestName_.Text = "Name";
this.DestName_.Width = 64;
//
// DPort_
//
this.DPort_.Text = "Dest. Port";
this.DPort_.Width = 162;
//
// Protocol_
//
this.Protocol_.Text = "Protocol";
//
// Process_
//
this.Process_.Text = "Process";
this.Process_.Width = 74;
//
// ProcessId_
//
this.ProcessId_.Text = "PID";
this.ProcessId_.Width = 50;
//
// CnmLstwMain
//
this.CnmLstwMain.MenuItems.AddRange(new
System.Windows.Forms.MenuItem[] {
this.miStartSniffing,
this.miStopSniffing,
71
this.miConCheck,
this.midelete,
this.mideleteall});
//
// miStartSniffing
//
this.miStartSniffing.DefaultItem = true;
this.miStartSniffing.Index = 0;
this.miStartSniffing.Text = "Start Sniffing";
this.miStartSniffing.Click += new
System.EventHandler(this.miStartSniffing_Click);
//
// miStopSniffing
//
this.miStopSniffing.Index = 1;
this.miStopSniffing.Text = "Stop Sniffing";
this.miStopSniffing.Click += new
System.EventHandler(this.miStopSniffing_Click);
//
// miConCheck
//
this.miConCheck.Index = 2;
this.miConCheck.Text = "Check Connection";
this.miConCheck.Click += new
System.EventHandler(this.miConCheck_Click);
//
// midelete
//
this.midelete.Index = 3;
this.midelete.Text = "Delete";
this.midelete.Click += new System.EventHandler(this.midelete_Click);
//
// mideleteall
72
//
this.mideleteall.Index = 4;
this.mideleteall.Text = "Delete All";
this.mideleteall.Click += new System.EventHandler(this.mideleteall_Click);
//
// imlMain
//
this.imlMain.ImageStream = ((System.Windows.Forms.ImageListStreamer)
(resources.GetObject("imlMain.ImageStream")));
this.imlMain.TransparentColor = System.Drawing.Color.Transparent;
this.imlMain.Images.SetKeyName(0, "");
this.imlMain.Images.SetKeyName(1, "");
this.imlMain.Images.SetKeyName(2, "");
this.imlMain.Images.SetKeyName(3, "");
this.imlMain.Images.SetKeyName(4, "");
this.imlMain.Images.SetKeyName(5, "");
this.imlMain.Images.SetKeyName(6, "");
this.imlMain.Images.SetKeyName(7, "");
this.imlMain.Images.SetKeyName(8, "");
this.imlMain.Images.SetKeyName(9, "");
this.imlMain.Images.SetKeyName(10, "");
this.imlMain.Images.SetKeyName(11, "");
//
// imltblTreeView
//
this.imltblTreeView.ImageStream =
((System.Windows.Forms.ImageListStreamer)
(resources.GetObject("imltblTreeView.ImageStream")));
this.imltblTreeView.TransparentColor = System.Drawing.Color.Transparent;
this.imltblTreeView.Images.SetKeyName(0, "");
this.imltblTreeView.Images.SetKeyName(1, "");
this.imltblTreeView.Images.SetKeyName(2, "");
this.imltblTreeView.Images.SetKeyName(3, "");
73
this.imltblTreeView.Images.SetKeyName(4, "");
this.imltblTreeView.Images.SetKeyName(5, "");
this.imltblTreeView.Images.SetKeyName(6, "");
//
// statusBar1
//
this.statusBar1.Location = new System.Drawing.Point(0, 428);
this.statusBar1.Name = "statusBar1";
this.statusBar1.Size = new System.Drawing.Size(1190, 22);
this.statusBar1.TabIndex = 8;
//
// Source
//
this.Source.Text = "Source";
this.Source.Width = 98;
//
// Destination
//
this.Destination.Text = "Destination";
this.Destination.Width = 115;
//
// Identification
//
this.Identification.Text = "Identification";
this.Identification.Width = 111;
//
// Protocal
//
this.Protocal.Text = "Protocal";
this.Protocal.Width = 130;
//
// tcSniffing
//
74
this.tcSniffing.Dock = System.Windows.Forms.DockStyle.Fill;
this.tcSniffing.Location = new System.Drawing.Point(0, 0);
this.tcSniffing.Name = "tcSniffing";
this.tcSniffing.SelectedIndex = 0;
this.tcSniffing.Size = new System.Drawing.Size(536, 191);
this.tcSniffing.TabIndex = 11;
//
// tcMain
//
this.tcMain.Controls.Add(this.tpSniffing);
this.tcMain.Controls.Add(this.tpCtrl);
this.tcMain.Controls.Add(this.tabPage1);
this.tcMain.Dock = System.Windows.Forms.DockStyle.Fill;
this.tcMain.Location = new System.Drawing.Point(0, 0);
this.tcMain.Name = "tcMain";
this.tcMain.SelectedIndex = 0;
this.tcMain.Size = new System.Drawing.Size(544, 249);
this.tcMain.TabIndex = 12;
this.tcMain.SelectedIndexChanged += new
System.EventHandler(this.tcMain_SelectedIndexChanged);
//
// tpSniffing
//
this.tpSniffing.Controls.Add(this.pnlSniffing);
this.tpSniffing.Location = new System.Drawing.Point(4, 22);
this.tpSniffing.Name = "tpSniffing";
this.tpSniffing.Size = new System.Drawing.Size(536, 223);
this.tpSniffing.TabIndex = 0;
this.tpSniffing.Text = "Current Sniffing";
this.tpSniffing.UseVisualStyleBackColor = true;
//
// pnlSniffing
//
75
this.pnlSniffing.Controls.Add(this.pnlSubTab);
this.pnlSniffing.Controls.Add(this.pnlToolBarTab);
this.pnlSniffing.Dock = System.Windows.Forms.DockStyle.Fill;
this.pnlSniffing.Location = new System.Drawing.Point(0, 0);
this.pnlSniffing.Name = "pnlSniffing";
this.pnlSniffing.Size = new System.Drawing.Size(536, 223);
this.pnlSniffing.TabIndex = 0;
//
// pnlSubTab
//
this.pnlSubTab.Controls.Add(this.tcSniffing);
this.pnlSubTab.Dock = System.Windows.Forms.DockStyle.Fill;
this.pnlSubTab.Location = new System.Drawing.Point(0, 32);
this.pnlSubTab.Name = "pnlSubTab";
this.pnlSubTab.Size = new System.Drawing.Size(536, 191);
this.pnlSubTab.TabIndex = 14;
//
// pnlToolBarTab
//
this.pnlToolBarTab.Controls.Add(this.tlbSniffing);
this.pnlToolBarTab.Dock = System.Windows.Forms.DockStyle.Top;
this.pnlToolBarTab.Location = new System.Drawing.Point(0, 0);
this.pnlToolBarTab.Name = "pnlToolBarTab";
this.pnlToolBarTab.Size = new System.Drawing.Size(536, 32);
this.pnlToolBarTab.TabIndex = 13;
}
7. TESTING
7.1 Introduction:
76
Unit Testing:
Unit Testing is done on individual modules as they are completed and become
executable. It is confined only to the designer's requirements. Unit Testing focuses on
77
verification of the smallest unit of software design module. Using the detailed design
description as a guide, important control paths are tested to uncover errors within the
boundary of the module .Unit testing is essentially for verification of the code
produced during the coding phase and hence the goal is to test the internal logic of the
module.
Integrating Testing:
Integration testing ensures that software and subsystems work together as a
whole. It tests the interface of all the modules to make sure that the modules behave
properly when integrated together.
System Testing:
System testing involves in-house testing of the entire system before delivery to
the user. Its aim is to satisfy the user the system meets all requirements of the client's
specifications.
Acceptance Testing:
It is a pre-delivery testing in which entire system is tested at client's site on
real world data to find errors.
78
Description
Expected
Outcome
The
requirement
in RS that is
being tested
Result
Test the
functionality of
a file
downloaded
from internet
Test that GUI is
able to show
network traffic
Test the
mapping of files
to the
destination IP
address
Test the
functionality of
a file
downloaded
from internet
Test the
functionality of
a file
downloaded
from internet
Test the
decoded
information of
the selected file.
File is saved
RS4
Passed
Successful
representation
of traffic.
Correct IP
address is
mapped to the
file
RS1
Passed
RS2
Passed
File is opened
RS5
Passed
The file is
printed on the
default printer.
RS6
Passed
The output is
displayed
correctly
RS3
Passed
Validation:
The system has been tested and implemented successfully and thus ensured
that all the requirements as listed in the software requirements specification are
completely fulfilled. In case of erroneous input corresponding error messages are
displayed.
79
8. SAMPLE SCREENS
80
81
82
83
84
85
86
87
9. CONCLUSION
88
10. BIBLIOGRAPHY
89
O'Reilly - Programming C#
Websites
-www.beesync.com
- www.cacetech.com
- Behrouz A. Forouzan
90