THE DETECTION AND PREVENTION OF SNIFFING ON NETWORKS

0
582

ABSTRACT

With the presence of some faults in online protocols and operating systems, any person who is connected to a network, especially in a Local Area Network (LAN) can fall victim to his information getting monitored by another person that is connected to the same network. Due to this problem at hand, an uninformed person can have his private information endangered to getting exposed to other unknown persons. Such act is called “Sniffing” and mostly occurs on networks. By sniffing the network, a user can gain access into confidential documents and invade into anyone’s privacy. This project tends to curb the problem by developing an application called “Encrypto AntiSniff”. Encrypto AntiSniff is a packet sniffer that captures and analyses network traffic in real time. Coupled with the network analysis, Encrypto AntiSniff is able to detect for network intrusion automatically by immediately highlighting a captured packet it suspects malicious activities to be taking place in with a red colour and performing encryption on that packet in order to render the attacker’s aim of acquiring information from that packet useless. Encrypto AntiSniff combines multiple Sniffer detection and Intrusion detection techniques in its algorithm for detecting sniffers in order to achieve a more accurate result. This application was developed using Netbeans Integrated Development Environment (IDE) in Java programming language with WinPcap and Jpcap APIs. At the end of development, the application passed all tests given, despite that, development will still continue for future enhancements.

TABLE OF CONTENTS

ABSTRACT………………………………………………………………………………………………………. V

LIST OF TABLES…………………………………………………………………………………………. VIII

LIST OF FIGURES………………………………………………………………………………………… IX

LIST OF ABBREVIATIONS…………………………………………………………………………….. X

CHAPTER 1: INTRODUCTION…………………………………………………………………………. 1

CHAPTER 2: LITERATURE REVIEW……………………………………………………………… 5

  1. INTRODUCTION…………………………………………………………………………………………………………………… 5
    1. HISTORICAL OVERVIEW……………………………………………………………………………………………………. 5
    2. RELATED WORK…………………………………………………………………………………………………………………. 6
      1. Sniffing Types……………………………………………………………………………………. 6
      2. Sniffing Detection Techniques……………………………………………………………… 7
      3. Intrusion Detection Techniques……………………………………………………………. 9
      4. Sniffing Detection Research Works……………………………………………………….. 9
    3. SUMMARY…………………………………………………………………………………………………………………………. 11

CHAPTER 3: REQUIREMENTS, ANALYSIS, AND DESIGN…………………………….. 12

3.2.3    Iterative Incremental Methodology…………………………………………………….. 16

  1. APPROACH TO CHOOSEN METHODOLOGY…………………………………………………………. 17
    1. Phases……………………………………………………………………………………………. 17
    2. Iterations………………………………………………………………………………………… 19
    3. TOOLS AND TECHNIQUES……………………………………………………………………………………………….. 20
    4. ETHICAL CONSIDERATION……………………………………………………………………………………………… 21
    5. REQUIREMENT ANALYSIS………………………………………………………………………………………………. 21
    6. REQUIREMENTS SPECIFICATIONS………………………………………………………………………………….. 22
      1. Functional Requirement Specifications……………………………………………….. 22
      2. Non-Functional Requirement Specifications…………………………………………. 23
    7. SYSTEM DESIGN………………………………………………………………………………………………………………. 23
      1. Application Architecture…………………………………………………………………… 24
      2. Use Case………………………………………………………………………………………… 24
      3. Activity Diagram……………………………………………………………………………… 25
      4. Entity-Relationship Diagram (ERD)…………………………………………………….. 26
      5. User Interface Design………………………………………………………………………. 27
    8. SUMMARY……………………………………………………………………………………….. 33

CHAPTER 4:  IMPLEMENTATION AND TESTING…………………………………………. 34

CHAPTER 5:  DISCUSSION, CONCLUSION, AND RECOMMENDATIONS………. 72

REFERENCES…………………………………………………………………………………………………. 75

APPENDICES………………………………………………………………………………………………….. 78

LIST OF TABLES

TABLE 3.1   FUNCTIONAL REQUIREMENT SPECIFICATIONS……………………………………………………………………. 22

TABLE 3.2  NON-FUNCTIONAL REQUIREMENT SPECIFICATIONS……………………………………………………………. 23

TABLE 4.1  TEST SUITE FOR SELECTING INTERFACE…………………………………………………………………….. 42

TABLE 4.2  TEST SUITE FOR CAPTURING PACKETS…………………………………………………………………………. 46

TABLE 4.3  TEST SUITE FOR STOP CAPTURING PACKETS………………………………………………………………. 52

TABLE 4.4  TEST SUITE FOR ADDING FILTERS…………………………………………………………………………………. 53

TABLE 4.5 TEST SUITE FOR PACKET DETAILS AND HEX DUMP PANE…………………………………………. 57

TABLE 4.6  TEST SUITE FOR CLEARING CAPTURED PACKETS………………………………………………………. 59

TABLE 4.7  TEST SUITE FOR SAVING AND OPENING PACKETS………………………………………………………. 62

TABLE 4.8  TEST SUITE FOR SNIFFER DETECTION AND ENCRYPTION…………………………………………. 66

TABLE 4.9   TEST TRACEABILITY MATRIX……………………………………………………………………………………….. 69

TABLE 4.10 TEST REPORT SUMMARY………………………………………………………………………………………………… 70

LIST OF FIGURES

FIGURE 3.1       WATERFALL METHODOLOGY…………………………………………………………………………………… 13

FIGURE 3.2      AGILE METHODOLOGY……………………………………………………………………………………………….. 15

FIGURE 3.3      PROTOTYPE METHODOLOGY…………………………………………………………………………………….. 16

FIGURE 3.4       ITERATIVE INCREMENTAL METHODOLOGY…………………………………………………………. 17

FIGURE 3.5      ENCRYPTO ANTISNIFF ARCHITECTURE………………………………………………………………….. 24

FIGURE 3.6      USE CASE DIAGRAM…………………………………………………………………………………………………….. 25

FIGURE 3.7       ACTIVITY DIAGRAM……………………………………………………………………………………………………. 26

FIGURE 3.8      ENTITY RELATIONSHIP DIAGRAM…………………………………………………………………………… 27

FIGURE 3.9.1   SPLASH SCREEN……………………………………………………………………………………………………………. 28

FIGURE 3.9.2   MAIN WINDOW……………………………………………………………………………………………………………… 29

FIGURE 3.9.3   INTERFACE WINDOW………………………………………………………………………………………………….. 30

FIGURE 3.9.4   ADDING FILTERS………………………………………………………………………………………………………….. 30

FIGURE 3.9.5   VULNERABILITY CHART WINDOW…………………………………………………………………………… 31

FIGURE 3.9.6   HELP WINDOW………………………………………………………………………………………………………………. 32

FIGURE 3.9.7   ABOUT WINDOW…………………………………………………………………………………………………………… 33

FIGURE 4.1       SPLASH SCREEN DESIGN VIEW PROPERTIES………………………………………………………….. 38

FIGURE 4.2       MAIN WINDOW DESIGN VIEW , CAPTURE BUTTON PROPERTIES…………………………. 39

FIGURE 4.3       CAPTURE BUTTON ON CLICK PROPERTIES……………………………………………………………… 39

FIGURE 4.4       MAIN WINDOW BEFORE SELCTING INTERFACE……………………………………………………. 43

FIGURE 4.5       INTERFACE WINDOW ACCEPTING USER INPUT…………………………………………………….. 44

FIGURE 4.6       ON USER INPUT WITHIN INTERFACE RANGE…………………………………………………………. 45

FIGURE 4.7       ON USER INPUT EXCEEDING INTERFACE RANGE………………………………………………….. 46

FIGURE 4.8       CAPTURING PACKETS WITH CAPTURE BUTTON…………………………………………………… 48

FIGURE 4.9       VERIFYING HOW ACCURATE THE PACKET CAPTURING IS WITH YOUTUBE .49 FIGURE 4.10          USING COMMAND PROMPT TO GET YOUTUBE’S IP ADDRESS………………………………………………………………….. 50

FIGURE 4.11     GETTING THE IP ADDRESS OF THE WIFI THAT IS PROVIDING CONNECTION 51 FIGURE 4.12                            APPLICATIONS ACCURACY………………………………………………………………………………………. 52

FIGURE 4.13     ADDING FILTERS…………………………………………………………………………………………………………. 55

FIGURE 4.14     TCP PROTOCOL SELECTED………………………………………………………………………………………… 56

FIGURE 4.15     UDP PROTOCOL SELECTED……………………………………………………………………………………….. 57

FIGURE 4.16     PACKETS DETAILS AND HEX DUMP…………………………………………………………………………. 59

FIGURE 4.17     CLEAR BUTTON DIALOG BOX…………………………………………………………………………………… 61

FIGURE 4.18     ALL CAPTURED PACKETS CLEARED……………………………………………………………………….. 62

FIGURE 4.19     SAVING A FILE……………………………………………………………………………………………………………… 64

FIGURE 4.20     OPENING A FILE…………………………………………………………………………………………………………… 65

FIGURE 4.21     SAVE BUTTON GENERATED “CAPTURED DATA”……………………………………………………. 66

FIGURE 4.22     SNIFFER DETECTION AND ENCRYPTION………………………………………………………………… 68

LIST OF ABBREVIATIONS

LANLocal Area Network
NICNetwork Interface Card
ARPAddress Resolution Protocol
DNSDomain Name System
RTTRound Trip Time
TCPTransmission Control Protocol
UDPUser Datagram Protocol
ICMPInternet Control Message Protocol
ERDEntity Relationship Diagram
IDEIntegrated Development Environment

CHAPTER 1: INTRODUCTION

               OVERVIEW

Sniffing is a technique of monitoring network traffic. Network administrators use this technique with a program called a packet sniffer which would help them monitor a network, find faults in it, and know the necessary actions to take. However, it has a negative effect. A person can use this technique to acquire confidential information from another person’s computer when connected to the same network. Hence the need to curb this problem arises. In order to detect when one is sniffing your network, a packet sniffer is used which would monitor the network traffic and detect if someone is using another packet sniffer to acquire your personal information. The rest of this chapter talks about the background and motivation behind this topic, a proposed solution designed to curb the problem and why it is significant to develop this system.

               BACKGROUND AND MOTIVATION

A Packet Sniffer is a program running in a network-attached device that inactively receives all data link layer frames that passes through the device’s network adapter. (Henry et al, 2019noted that a packet sniffer is a software tool that is used in monitoring network activities which captures all the packets on the network without any regard of the final destination of the packet. It can also be called a Network/Protocol Analyzer. The packet sniffer records the data that is addressed to other computers, and will save it for future analysis. It can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic (Fuentes, 2016). With the information that is captured by the packet sniffer, a system administrator can detect erroneous packets and then use the data to pinpoint illegitimate data, thereby helping to maintain a proficient network data transmission. The actual motif behind implementing Packet Sniffers was to provide security for computers that are connected to networks and also to monitor network traffic. However, as computer systems continue to evolve and provide benefits for mankind such as entertainment, ease of jobs, better research, good marketing, etc. there are still those who desire to use the computer system for crimes.

The act of sniffing has been a major string in local networks. Without any much effort, confidential documents, photos, passwords, anyone’s private information in general can be stolen by malicious users just by sniffing the network. Sniffing can be done simply by downloading a free sniffer software (packet sniffers) from the Internet and installing them into personal computers(Oluwabukola et al., 2013). Since Packet Sniffers do not interfere with the network traffic at all, the sniffing attack on a network are usually difficult to detect. System administrators are having tough times in detecting and dealing with sniffing attacks.

The driving force behind implementing another system that would detect and prevent sniffing attacks on network is to overcome the downsides of some already existing systems which would be discussed in chapter 2 and to provide a better user experience for system administrators when trying to detect and prevent sniffing on networks.

               STATEMENT OF THE PROBLEM

Sniffing has been a long-standing problem in the networking environment. Sniffers can intercept and log traffic passing over a digital network or part of a network. Packets are captured by sniffers when the sniffers set the Network Interface Card (NIC) in promiscuous mode, the sniffers then proceed to decodes them. The decoded information can then be used in any aspect depending on the intention of the person behind the attack. With this, the person could commit common and very dangerous crimes such as the Identity Theft (Lisa, 2018). The affected would be framed victims for crimes they did not commit or use their private information like their names and details to acquire financial benefits. Depending on the structure of the network, an attacker can sniff some parts of or all of the traffic from a single computer within the network. In past cases, there have been records of loss of data, security card numbers getting compromised, unauthorized users accessing data, bank details being discovered etc. all due to sniffing attacks.

Sniffing attacks also occur at the hubs and switches. When a sniffer device is placed at the hub, all the network traffic can be captured directly by the sniffer. This implies that the sniffer can go undetected for a long period of time and spy on the network. It would also affect all connected devices.

               AIM AND OBJECTIVES

This project is aimed at developing an application that will detect if a sniffer is running on a network and prevent the attacker from gaining any information from it. The following objectives were laid out in order to achieve the stated aim:

  1. Find a more accurate and efficient method of detecting sniffers running on networks
    1. Find a method of protecting the packet that a sniffer is being run on.

Develop an application that will handle i and ii and also monitor network activities by capturing packets sent and received by the computer in a user friendly manner.

DOWNLOAD PROJECT

RELATED ARTICLESMORE FROM AUTHOR