Synopsis On
MONITORING AND PROTOCOL ANALYSIS TOOL FOR LAN
Class: B.E.I.T Presented By: Sanket Patil Pravin Sawant Danish Shaikh
�ABSTRACT
Communication networks are all about providing means to communicate that is for (exchanging the user information). The user information can be viewed as user traffic akin to the traffice on the road that moves across the road network.The fastest growth of data communication networks over the past decades has resulted in the development of sophisticated tools to diagnose ,debug and analyse such networks This project illustrate the Monitoring the Ethernet Network Traffic. We have developed a toolkit called MENeT (Monitor for Ethernet network traffic).MeNet is an extension of earlier developed utility for Traffic Monitoring. This project basically helps to monitor the network links of the company.Our project basically does the work of monitoring the links in the network. It calculates the latency and the availability of the links. It calculates the total number of packets transmitted through a particular link and also keeps an account of the number of defects observed and various other aspects of links. MENeT (Monitor for Ethernet network traffic) partition the aggregate network traffic. MENeT (Monitor for Ethernet network traffic) is very accurate in forecasting the network traffic because of randomness of the network traffic.
�System Overview
In the above System Overview Diagram as we can observe at the user level there exits MENeT.At the kernel level the protocol driver is a TCP/IP stack.at the hardwarelevel there is a Network Interface Card used to capture frames traveling on the Network. The packet capture driver lies at the kernel level.Now we cannot directly access the kernel level part of the operating system.In order to get access to the packet placed at kernel level, we use PACKET.DLL . The PACKET.DLL has two basic objectives .at the lower layer it acts like a interface to the packet capture driver .it reads the packet stored at kernel through operating system routines .At the lower layer it acts like a interface to the packet capture driver .It reads the packet stored at kernel through operating system routines.At the higher layer it provides a set of methods to access those packets. In our application ,the methods of PACKET.DLL are used to perform packet capturing and other specific tasks.The utility then reads captured packet and partition into a set of classes. The packet capture driver forwards the incoming frames to the application
�through the interface of PACKET.DLL which allows the application to read the frames in Hex decimal Format.
Flow chart
Flow Chart MENeT Algorithm setup
How the complete working of the MENeT can be traced. The MENeT starts with allocating the Adapter Structure which contains all the necessary data structure to handle adapter calls. Next it queries the Network Interface Card (NIC) to get the adapter address. After receiving the address of the address ,we than open the adapter and set its mode PROMOSCIOUS.
�In this mode the adaptrt captures all the incoming traffic coming from all directions .Once this is done the other part will be division of aggregate traffic,for this purpose we have added a packet capture driver. Literature Survey: Noman Junejo, Naveed Ahemed Junejo, muktiar A. Unar MENeT: A Monitoring and Protocol Analysis tool for LAN [2004]. [1] The fastest growth of data communication networks over the past decades has resulted in the development of sophisticated tools to diagnose, debug and analyse such networks.We have developed a toolkit called MeNet.
A.J.McGreor, H-W Infrastructure[2000][2]
Brawn,
The
NLANR
Network
Analysis
The National Laboratory for Applied Network Research (NLANR) is a distributed research and Focused on the high performance connection (HPC) community in the United States. This community is served by Two National Science Foundation (NSF) approved high performance research networks. Currently these are the VBNS1 and Abilene2 networks. The Measurement and Operations Analysis Team within NLANR is developing a Network Analysis Infrastructure (NAI). It is intended that this infrastructure will provide both engineering and research support for the HPC community. Specially the goal of the NAI project is to create an infrastructure that will support measurements and analysis through the collection and publication of raw data, visualization and analysis of network measurement. Currently the main focus is on: Passive collection of header traces Active measurement SNMP derived data BGP Router Based Data Presenting the results of analysis to the HPC community to these ends, there are two well established projects and a number projects that are in the early stages of development. The remainder of this paper reports on these projects and is structured as follows: section 2 gives an overview of the network analysis infrastructure, which supports the other projects and is also made available to support other researchers. This section includes a description of the Cichlid visualization engine which is used to visualize the data collected in other parts of the project. Section 3 describes NLANR's passive measurement project, Oxon, this is followed, in section 4, by a description of the Active Measurement Program, AMP. The
�following Section describes some of the other measurement projects that are being developed by NLANR including those based on BGP and SNMP. The paper concludes with a summary of the NAI projects and brief discussion of some of the most important future directions for the project.
What is jp cap :
Jpcap is a Java library for capturing and sending networks packet .Using jpcap ,We can develop applications to capture from a network interface and visualize/analyse them in java .We can develop java application to send arbitrary packets visualize/analyse them in java . We can also develop Java applications to send arbitrary packets through a network interface. Jpcap has been tested on Microsoft Windows(98/2000/XP/Vista),Linux (Fedora , Mandriva Ubuntu ),Mac OS X(Darwin),FreeBSD and solaris.Jpcap can capture Ethernet ,IPv4 , IPv6 , ARP/RARP , TCP , UDP and ICM Pv4 packets .Jpcap is open source and is licensed under GNU LGPL
What is Network Monitoring : System & Service monitoring -Reachability, availability Resource measurement/monitoring - Capacity planning, availability Performance monitoring (RTT, throughput) Statistics & Accounting/Metering Fault Management (Intrusion Detection) - Fault detection, troubleshooting, and tracking Change management & configuration monitoring
�MODULES
The projects consist of following modules:What is Jpcap
Jpcap is an open source library for capturing and sending network packets from Java applications. It provides facilities to:
capture raw packets live from the wire. save captured packets to an offline file, and read captured packets from an offline file. automatically identify packet types and generate corresponding Java objects (for Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP, and ICMPv4 packets). filter the packets according to user-specified rules before dispatching them to the application. send raw packets to the network.
Obtain the list of network interfaces
When you want to capture packets from a network, the first thing you have to do is to obtain the list of network interfases on your machine. To do so, Jpcap provides JpcapCaptor.getDeviceList() method. It returns an array of NetworkInterface objects. A NetworkInterface object contains some information about the corresponding network
�interface, such as its name, description, IP and MAC addresses, and datatlink name and description.
Open a network interface
Once you obtain the list of network interfaces and choose which network interface to captuer packets from, you can open the interface by using JpcapCaptor.openDevice() method. The following piece of code illustrates how to open an network interface.
Capture packets from the network interface
Once you obtain an instance of of JpcapCaptor, you can capture packets from the interface. There are two major approaches to capture packets using a JpcapCaptor instance: using a callback method, and capturing packets one-by-one.
Using a callback method
In this approach, you implement a callback method to process captured packets, and then pass the callback method to Jpcap so that Jpcap calls it back every time it captures a packet. Let's see how you can do this approach in detail. First, you implement a callback method by defining a new class which implements the PacketReceiver interface. The PacketReceiver interface defines a receivePacket() method, so you need to implement a receivePacket() method in your class.
Set capturing filter
In Jpcap, you can set a filter so that Jpcap doesn't capture unwanted packets. For example, if you only want to capture TCP/IPv4 packets, you can set a filter for that.
Save captured packets into a file
You can save captured packets into a binary file so that you can later retrieve them using Jpcap or other applications which supports reading a tcpdump format file.
�SEQUENCE DIAGRAM
Administrator computer Network
Ask for packets available on the network
Send packets
�DATA FLOW DIAGRAM
LEVEL 0[HIGH LEVEL]
Select type of Traffic Plotted graph
Monitori ng tool
LEVEL 1[MEDIUM LEVEL]
Administrator
MENe T tool
Monitoring graph
Database
�LEVEL2[LOW LEVEL]
MENeT tool Administrator Select type of graph
Database Related graph
