NETWORK PACKET SNIFFER

1. INTRODUCTION

This project aims at developing a Network Packet Sniffer. Network Packet Sniffer is a
piece of software that monitors all network traffic. This is unlike standard network hosts that
only receive traffic sent specifically to them. As data streams flow across the network, the sniffer
captures each packet and eventually decodes and analyzes its content. For network monitoring
purposes it may also be desirable to monitor all data packets in a LAN and to mirror all packets
passing through a shared bus. This project will be comprised of three modules namely the User
Interface module, Statistics module and Packet Analysis module. User Interface module provides
all the Graphical Interface components necessary for the user to interact with the System. The
Analysis Module will analyze the incoming packets into a computer, identify them and passes
the information into the Statistics module. Finally the statistics module does the necessary
calculation based on the information and produce information that can be understood by the user.
This system is thus very useful to the users and a network administrator in particular who is
generally responsible for monitoring things on a network.
This system is a network analyzer (also known as protocol analyzer & packet sniffer), it
performs real-time packet capturing, 24x7 network monitoring, advanced protocol analyzing, in-
depth packet decoding, and automatic expert diagnosing. It allows you to get a clear view of the
complex network, conduct packet level analysis, and troubleshoot network problems.

1.1 Abstract:
The project shows how network connection information can be modeled as
chromosomes. It creates a new set of rules during run time. So the intruder cannot be able to
attack the system with virus. In recent years, Intrusion Detection System (IDS) has become one
of the hottest research areas in Computer Security. It is an important detection technology and is
used as a countermeasure to preserve data integrity and system availability during an intrusion.

1
An Intrusion Detection System is a system for detecting intrusions and reporting them accurately
to the proper authority. Intrusion Detection Systems are usually specific to the operating system
that they operate in and are an important tool in the overall implementation an organization’s
information security policy, which reflects an organization's statement by defining the rules and
practices to provide security.
A methodology of applying genetic algorithm into network intrusion detection technique
is unique as it considers both temporal and spatial information of network connections during the
encoding of the problem; therefore, it should be more helpful for identification of network
anomalous behaviors.

1.2 Synopsis:
Network Packet Sniffer is one of the most useful software tool for windows operating
system. Sniffer software works as a windows analyzer and maintain system information like
network status, drivers updates, running services, running drivers and handles information of
every feature in windows. which will be useful for administrator to easily monitor system status.
Network sniffer software required manual work to configure required settings. Using this settings
admin can analyze system details based on settings he configured. This application uses inbuilt
features on windows operating system like windows management instrumentation which is used
to communicate with all lower level systems. Based on the configuration
settings performance is depended.

This project is intended to develop a tool called Packet Sniffer. The Packet Sniffer allows
the computer to examine and analyze all the traffic passing by its network connection. It decodes
the network traffic and makes sense of it. When it is set up on a computer, the network interface
of the computer is set to promiscuous mode, listening to all the traffic on the network rather than
just those packets destined for it. Packet Sniffer is a tool that sniffs without modifying the
network’s packet in anyway. It merely makes a copy of each packet flowing through the network
interface and finds the source and destination Ethernet addresses of the packets. It decodes the
protocols in the packets given below:

IP (Internet Protocol), TCP (Transmission Control Protocol), UDP (User Datagram Protocol).

2. REQUIREMENT SPECIFICATIONS
2
2.1 Hardware Specification:
The hardware specification is necessary to support the proposed system, which have
been identified, ordered, delivered, installed and tested at the time of installation.

 Processor : Pentium IV
 Hard Disk : 40GB
 RAM : 512MB or more
 Mouse : Optical
 Printer : HP Laser

2.2 Software Specification:

The software specification is the one says about the development environment of the
package.

 Operating System : Windows 7

 Programming Language : VB.Net
 IDE Tool : Micro Soft Visual Studio 2010

 Database : MS SQL

3. SYSTEM STUDY
3
Introduction to Packet Sniffers:
A Packet Sniffer is a program that can see all of the information passing over the network
it is connected to. A Packet Sniffer is a Wire-tapping device that plugs into computer Networks
and eavesdrop on the network traffic. A packet sniffer (also known as a network analyzer or
protocol analyzer or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is
computer software that can intercept and log traffic passing over a digital network or part of a
network. As data streams flow across the network, the sniffer captures each packet and
eventually decodes and analyzes its content.

Most Ethernet networks use to be of a common bus topology, using either coax cable or
twisted pair wire and a hub. All of the nodes (computers and other devices) on the network could
communicate over the same wires and take turns sending data using a scheme known as carrier
sense multiple access with collision detection (CSMA/CD). Think of CSMA/CD as being like a
conversation at a loud party, you may have to wait for quite a spell for your chance to get your
words in during a lull in everybody else’s conversation. All of the nodes on the network have
their own unique MAC (media access control) address that they use to send packets of
information to each other. Normally a node would only look at the packets that are destined for
its MAC address. However, if the network card is put into what is known as “promiscuous
mode” it will look at all of the packets on the wires it is hooked to.

TCP/IP Protocols:
Background:
The Internet protocols are the world's most popular open-system (nonproprietary)
protocol suite because they can be used to communicate across any set of interconnected
networks and are equally well suited for LAN and WAN communications. The Internet protocols
consist of a suite of communication protocols, of which the two best known are the Transmission
Control Protocol (TCP) and the Internet Protocol (IP). The Internet protocol suite not only
includes lower-layer protocols (such as TCP and IP), but it also specifies common applications
such as electronic mail, terminal emulation, and file transfer. This document provides a broad
introduction to specifications that comprise the Internet protocols.

4
 Internet protocols were first developed in the mid-1970s, when the Defense Advanced
Research Projects Agency (DARPA) became interested in establishing a packet-switched
network that would facilitate communication between dissimilar computer systems at research
institutions. With the goal of heterogeneous connectivity in mind, DARPA funded research by
Stanford University and Bolt, Beranek, and Newman (BBN). The result of this development
effort was the Internet protocol suite, completed in the late 1970s.
Documentation of the Internet protocols (including new or revised protocols) and policies
are specified in technical reports called Request for Comments (RFCs), which are published and
then reviewed and analyzed by the Internet community. Protocol refinements are published in the
new RFCs. To illustrate the scope of the Internet protocols, Fig 1. Maps many of the protocols of
the Internet protocol suite and their corresponding OSI layers.

Fig 1: Internet protocols span the complete range of OSI model layers.
OSI model Internet protocol suite

Application NFS
FTP,
Presentation RPC
Telnet,

Session SMTP, XDR

SNMP
Transport TCP, UDP

Network IP ICMP

ARP RARP
Data Link

Physical Not Specified

5
The Internet Protocol (IP) is a network-layer (Layer 3) protocol that contains addressing
information and some control information that enables packets to be routed. IP is the primary
network-layer protocol in the Internet protocol suite. Along with the Transmission Control
Protocol (TCP), IP represents the heart of the Internet protocols. IP has two primary
responsibilities: providing connectionless, best-effort delivery of data grams through an inter-
network; and providing fragmentation and reassembly of data grams to support data links with
different maximum-transmission unit (MTU) sizes.

3.1 Existing System:

As a network administrator who needs to identify, diagnose, and solve network problems,
a company manager who wants to monitor user activities on the network and ensure that the
corporation's communications assets are safe, or a consultant who has to quickly solve network
problems for clients. It is difficult to identify the problems if the network traffic is not tracked, as
an administrator in general we depend on the analyzer provided by the operating system (if any)
or the antivirus software that is installed to provide real-time network security.
However, it is identified that these systems provide specific set of reports which may not
be enough for an administrator to trace all the problems. To handle these types of issues we want
to implement a specific network analyzer that can track all the incoming and outgoing calls. The
Conversations tab allows us to monitor network traffic by each conversation and the figure out
which conversation has generated the largest network traffic.

Drawbacks with the Existing System:

 Administrators need to put lot of efforts to identify the traffic
 Time taking process.
 No possibility of automatic network control.
 Presence of administrator is compulsory.

6
3.2 Proposed System:
As a network analyzer (as a. packet sniffer), this system make it easy for us to monitor
and analyze network traffic in its intuitive and information-rich tab views. With this system
network traffic monitor feature, we can quickly identify network bottleneck and detect network
abnormities. This article is to discuss how we can monitor network traffic with this network
traffic monitor feature.
This system provides a Summary view that provides general information of the entire
network or the selected node in the explorer. In Summary view we can get a quick view of the
total traffic, real-time traffic, broadcast traffic, multicast traffic and so on. When we switch
among the node from the explorer, corresponding traffic information will be provided.
The Endpoints view; we can monitor network traffic information of each node, both local
and remote. With its easy sorting feature we can easily find out which host is generating or has
generated the largest traffic.
The Protocols view will list all protocols applied in network transmission. In Protocols
view we can monitor network traffic by each protocol. By analyzing network traffic by protocol,
we can understand what applications are using the network bandwidth, for example "http"
protocol stands for website browsing, "pop3" stands for email, etc.

Advantages with the proposed system:

 Network Admin can monitor the packets any where throughout the world.
 Traffic can be controlled
 System performance will be increased
 Immediate generation of reports on demand.
 Graphical data is available to analyze the network.

7
3.3 SYSTEM DEVELOPMENT:
3.3.1 Module Description:
 Login/logout for Admin:
Required to login and logout before and after access the Application for Admin. Required
username and password for security purpose just to identify themselves.

 Connecting with Different Server:

This is for the Admin, member of the Application have access to the management
administration Form. Management Admin can provide the IP Addresses or Domain Name to
connect Network news transfer Protocol server.

 Ping Information:

It is used to see if a computer is operating and if network connections are intact. Ping uses
the Internet Control Message Protocol (ICMP) Echo function which The ping utility verifies
connections to a remote computer or computers. You can use ping to test both the computer name
and the IP address. If the IP address is verified, but the computer name is not, you may have a
name resolution problem. In this case, make sure the computer name you are querying is in either
the local host file or in the DNS database.

 Packet Information:

A packet is the unit of data that is routed between an origin and a destination on the Internet
or any other packet-switched network. When any file is sent from one place to another on the
Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks"
of an efficient size for routing. Each of these packets is separately numbered and includes the
Internet address of the destination.

4. SYSYTEM ANALYSIS
8
 This Project deals with a packet capture utility and Network monitoring. This Project is
useful to the Network Administrators to observe each and every incoming packet for security
enhancements. Irrespective of the Destination IP of incoming packet the machine on which this
project is running captures all packets .This Project Keeps on differentiating the type of the
entities which are there in Ethernet header.
The main program will have an infinite loop which keeps an eye on each and every
incoming packet. The moment it collects that packet it starts invoking respective modules and
those modules will internally redirects that information to respective text files. The utilities used
in this project are WinPcap and PacketX.

WinPcap:
In the field of computer network administration, pcap consists of an application
programming interface (API) for capturing network traffic. Unix-like systems
implement pcap in the Libpcap library; Windows uses a port of Libpcap known
as WinPcap. Monitoring software may use Libpcap and/or WinPcap to capture
packets traveling over a network and, in newer versions, to transmit packets on a
network at the link layer, as well as to get a list of network interfaces for
possible use with Libpcap or WinPcap.
Libpcap and WinPcap also support saving captured packets to a file, and reading files
containing saved packets; applications can be written, using Libpcap or WinPcap, to be able to
capture network traffic and analyze it, or to read a saved capture and analyze it, using the same
analysis code. A capture file saved in the format that Libpcap and WinPcap use can be read by
applications that understand that format.
Libpcap and WinPcap provide the packet-capture and filtering engines of many open-
source and commercial network tools, including protocol analyzers (packet sniffers), network
monitors, network intrusion detection systems, traffic-generators and network-testers.

9
WinPcap consists of:
 drivers for Windows 95/98/Me, and for the Windows NT family (Windows NT 4.0,
Windows 2000, Windows XP, Windows Server 2003, Windows Vista, etc.), which use
NDIS to read packets directly from a network adapter;

 Implementations of a lower-level library for the listed operating systems, to communicate

with those drivers;

 A port of Libpcap that uses the API offered by the low-level library implementations.

PacketX:
PacketX class library integrates WinPcap packet capture functionality with ActiveX
programming and scripting languages. PacketX hides the low level programming details by
implementing simple class framework that can be used to build networking applications with
minimum effort and time. In brief, PacketX uses WinPcap libraries to capture (and optionally
filter) network packets. In addition to standard capture mode you can collect network statistics
and send raw packets. All captured packets or statistics are encapsulated inside wrapper class and
returned to client as events. PacketX uses WinPcap Packet Driver API implemented by packet.dll
and BPF filtering support from pcap.dll. This means that you can use PacketX to capture, send
(and optionally filter) packets and collect network statistics. PacketX cannot be used to block
network traffic to build a firewall. The library contains an ActiveX control that can be used from
RAD development tools like Microsoft Visual Basic or Borland Delphi. For scripting
languages there are corresponding lightweight COM classes.
Some of the classes are as follows:

 PacketXClass

 AdapterCollection

 Adapter

 Packet

 _IPktXPacketXEvents_OnPacketEventHandler

10
4.1 Feasibility Study:

It is necessary and prudent to evaluate the feasibility of a project at the earliest possible time.
There may be different ways of checking whether a system is feasible or not. Feasibility study
can be divided into three basic forms as follows.

Operational feasibility:

In this test, the operational scope of the system is checked. The system under consideration
should have enough operational research. It is observed that proposed system is very user
friendly and since the system is built with enough help, even persons with little knowledge of
windows can find the system very easy.

Technical feasibility:

This test includes a study of function, performance and constraints that may affect the ability to
achieve an acceptable system. This test begins with an assessment of the technical viability of the
proposed system. One of the main factors to be accessed is the need of various kinds of resources
for the successful implementation of the proposed system.

Economical feasibility:

An evaluation of development cost weighed against the ultimate income of benefit from the
development of the proposed system is made. Care must be taken regarding the costs that incur
in the development process of the proposed system.

11
4.2 Software Overview:

Microsoft .NET:

Microsoft announced the .NET initiative in July 2000. The .NET platform is a
new development framework with a new programming interface to Windows
services and APIs, integrating a number of technologies that emerged from
Microsoft during the late 1990s. Incorporated into .NET are COM+ component
services; the ASP web development framework; a commitment to XML and
object-oriented design; support for new web services protocols such as SOAP,
WSDL, and UDDI; and a focus on the Internet.

The platform consists of four separate product groups:

Development tools:

A set of languages, including C# and VB.NET; a set of development tools,

including Visual Studio.NET; a comprehensive class library for building web
services and web and Windows applications; as well as the Common Language
Runtime to execute objects built within this framework.

Specialized servers:

A set of .NET Enterprise Servers, formerly known as SQL Server 2000,

Exchange 2000, BizTalk 2000, and so on, that provide specialized functionality
for relational data storage, email, and B2B commerce.

Web services:

An offering of commercial web services, recently announced as project

Hailstorm; for a fee, developers can use these services in building applications
that require knowledge of user identity.

Devices:

New .NET-enabled non-PC devices, from cell phones to game boxes.

12
The .NET Platform:

The Microsoft .NET Platform consists of five main components, as shown in Figure 1 -1.
At the lowest layer lies the operating system (OS), which can be one of a variety of Windows
platforms, including Windows XP, Windows 2000, Windows Me, and Windows CE. As part of
the .NET strategy, Microsoft has promised to deliver more .NET device software to facilitate a
new generation of smart devices.

On top of the operating system is a series of .NET Enterprise Server products that
simplify and shorten the time required to develop and manage large-scale business systems.
These server products include Application Center 2000, BizTalk Server 2000, Commerce Server
2000, Exchange Server 2000, Host Integration Server 2000, Internet Security and Acceleration
Server 2000, and SQL Server 2000.

Since Web Services are highly reusable across the Web, Microsoft plans to provide a
number of building-block services that application developers can use, for a fee. An example of
building –block service is Microsoft Passport, which allows you to use a single username and
password at all web sites that support Passport authentication. On March 19, 2001, Microsoft
announced another set of Web Services with the codename Hailstorm. This product encompasses
a set of building –block services that support personalization, centered entirely on consistent user
experiences. Microsoft plans to add newer services, such as calendar, directory, and search
services. Third-party vendors are also creating new Web services of their own.

Fig. The Microsoft .NET platform

13
 At the top layer of the .NET architecture is a brand new development tool called Visual
Studio.NET (VS.NET), which makes possible the rapid development of Web Services and other
applications. A successor of Microsoft Visual Studio 6.0, VS.NET is an Integrated Development
Environment (IDE) that supports four different languages and features such as cross-language
debugging and the XML Schema Editor.

And at the center of .NET is the Microsoft .NET Framework—the main focus of this
book. The .NET Framework is a new development and runtime infrastructure that will change
the development of business applications on the Windows platform. It includes the Common
Language Runtime (CLR) and a common framework of classes that can be used by all .NET
languages.

Visual Studio .net:

Visual Studio .NET contains a graphical programming environment called the Microsoft
Development Environment (MDE). The MDE enables you to create programs in Visual C# and
other Visual Studio .NET languages.

Security:

Computer networks let programmers share Visual Studio .NET code including C#
programs across the network. This collaborative effort lets you and your programming team
creates C# programs much more quickly than one person alone. The problem with collaborating
over a network is that unauthorized users from within or outside your network may try to gain
access to your C# program code. Visual Studio .NET provides built-in security features so you or
the leader of your programming team can determine who on your network gets access to your C#
program code and resources. You can also set different levels of security for different people in
case you want only certain people to have access to certain program code.

DLLs:

The advent of Windows brought dynamic link libraries (DLLs) to programmers. DLLs
are small, independent programs that contain executable routines that programs can use to
produce a certain result in Windows. For example, if a program needs to open a file, you can

14
write your C# program that uses the code in the DLL to open the file. Using DLLs frees up your
time to work on your program without having to reprogram the same code in your C# program
over and over again. You can access DLLs from your C# program, and create DLLs in C# for
your C# program to refer to when necessary. C# has full COM/Platform support, so you can
integrate C# code with any programming language that can produce COM DLLs such as Visual
C++.

XML:

Extensible Markup Language (XML) is a more powerful version of Hypertext Markup

Language (HTML), the standard Web page language. Visual Studio .NET and C# let you
document your program using XML and then extract the XML code into a separate file. Visual
Studio .NET supports XML so that you can integrate your C# programs with the World Wide
Web. You can document your C# code using XML and then use XML for creating Web Services
and Web controls that let you and your code interact with a Web site. For example, you may have
an inventory system written in C# that interacts with the order-taking page on your company’s
Web site.

Windows Operating System:

Windows operating system is no longer a stranger to people; it is a fast growing fully

fledged powerful operating system with enhanced networking features, popular among home
hobbyists and small network users. Connecting a Windows operating system to the networks is
much like advertising an open house to the public, leaving your front door wide open and going
on an extended vacation. Without precautions unwanted intruders will enter in both cases, and it
will happen sooner than later. Microsoft Windows is the name of several families of software
operating systems by Microsoft. Microsoft first introduced an operating environment named
Windows in November 1985 as an add-on to MS-DOS in response to the growing interest in
graphical user interfaces (GUIs). Microsoft Windows eventually came to dominate the world's
personal computer market, overtaking Mac OS, which had been introduced previously. At the
2004 IDC Directions conference, IDC Vice President Avneesh Saxena stated that Windows had
approximately 90% of the client operating system market.

15
 5. SYSTEM DESIGN

Software Engineering is the systematic approach to the development, operation,

maintenance, and retirement of software. All Software products can be developed with the help
of a Software Process i.e. Software Life Cycle. This Software Process is nothing but a series of
identifiable stages that a software product undergoes during its lifetime. And this series basically
starts with a Feasibility Study Stage, Requirement Analysis and Specification, Design, Coding,
Testing and Maintenance. Each of these phases is called the Life Cycle Phase. And this Software
process is achieved, with the help of software life cycle model (or process model). A Process
Model is a descriptive and diagrammatical model of a software Process. A process model identity
all the activities required to develop and maintain a software product, and establish a precedence
ordering among the different activities.

Input Design:

The input design is the process of entering data to the system. The input design goal is to
enter to the computer as accurate as possible. Here inputs are designed effectively so that errors
made by the operations are minimized. The inputs to the system have been designed in such a
way that manual forms and the inputs are coordinated where the data elements are common to
the source document and to the input. The input is acceptable and understandable by the users
who are using it. Once identified, appropriate input media are selected for processing.

The input design also determines the user to interact efficiently with the system. Input
design is a part of overall system design that requires special attention because it is the common
source for data processing error. The goal of designing input data is to make entry easy and free
from errors.

The main objectives that are done during the input design are:

 Data is collected from the source

 Transfer of data to an input form is done
 Data is converted to a computer acceptable form
 The converted data is verified

16
  Data is checked for its accuracy
 Data is transmitted to the computer
 Validation of input data is done

Output Design:

Computer output is most important and direct source of information to the user. Efficient
of intelligible output should improve the system relationship with the user and help in decision-
making. Major forms of output are hard copy from the printer and soft copy from the CRT unit.

The output design was done so that results of processing could be communicated to the
users. The various outputs have been designed in such a way that they represent the same format
that the office and management used to.

Computer output is the most important and direct source of information to the user. Efficient,
intelligible output design should improve the systems relationships with the user and help in
decision making. A major form of output is the hardcopy from the printer.

 Scalability of the device according to the output format required

 The need of hard copy
 The response time taken
 The detail specification needed

5.1 System Flow Chart

This is a diagrammatic representation that illustrates the sequence of operations to be

performed to get a solution to a problem. Different shaped symbols are used with different
meanings. The symbols are linked with directed lines (lines with arrows) showing the flow of
data through the system.

When the application is started the user is prompted to select the network interface whose
traffic is to captured. Then the host machine will be put into promiscuous mode and it will be
able to capture all the traffic via its Network card.

17
 All TCP, ARP, UDP and ICMP, traffic will be captured and executed thus transformed
into understandable language which will be displayed on the capture window.

If the number of packets to a given destination exceeds the set value they will be dropped
.this is done by blocking the destination name from communicating with the local hosts this is
done using AnyWebLock.

18
19
5.2 Data Flow Diagram:

Fig 5.2 Data Flow Diagram

20
 Data flow diagram illustrates the different process and how data flows from one process
to another. Here the administrator runs the application then after he is required to login with
valid username and password. After he has to select the network interface whose traffic is to be
captured. When the interface is selected and the capture started, the host machine will be put in a
promiscuous mode (a network device is able to intercept and read each network packet that
arrives in its entirety.).Now the host machine is able to capture all network traffic on that
particular interface.
Then the administrator is able to determine the network traffic flow and the different
protocols used at that particular time since the host machine or device is able to capture all traffic
from and to the entire hosts on the network. The Administrator now is able to determine the
different irrelevant destinations by matching the different Internet Protocols captured and those
stored in the database after which all packets to that given destination can be blocked hence
improving the efficiency of the network. After all the captures the administrator is able to save
the captures for further analysis.

5.3 Entity Relationship Diagram:

They provide the data at the logical level. They are characterized by that fact that they
provide fairly flexible structuring capabilities and allow data constraints to be specified
explicitly. The entity relationship data model is based on a perception of a real world that
consists of a set of basic object entities and relationships among the objects. It was developed to
facilities database design.

The ER data model is one of several semantic data model. The semantic aspect of model
lies in the attempt to represent the meaning of data .ER model is externally used in meaning and
interactive of real world enterprises. ER Model has some means of describing the physical
database model, it is basically useful in the design & communication of the logical database
model. In this model, objects of similar structure are collected into an entity set.

The relationship between entity sets is requested by a named ER relationship. The

database structure employing the ER model is usually shown pictorially using entity –
relationship (ER) diagrams.

21
5.4 Use Case Diagram:

A use case describes a sequence of actions that provide something measurable value to an actor
and is drawn as a horizontal ellipse an actor is a person, organization or external system that
plays a role in one or more interactions with your system. Fig. 5.4 illustrates how the application
and the user will interwork to achieve the desired goal. It shows the different functionalities a
user can do as well as the system. User can start the capture, stop the capture, save logs while the

22
application can start monitoring the network, display graphs, get packet headers, destinations,
drop unwanted packets and get packet data.

23
 6. TEST REPORT

6.1 System Testing:

The most important phase in system development life cycle is system testing. The
number and nature of errors in a newly designed system depends on the system specification and
the time frame given for the design. A newly designed system should have all the subsystems
working together, but in reality each subsystems work independently. During the phase, all the
subsystems are gathered into one pool and tested to determine whether it meets the user
requirements.
Testing is done in two level-Testing of individual modules and test the entire system.
During the system testing, the system is used experimentally to ensure the software will run
according to the specifications and in the way the user expects. Each test case is designed with
the intent of finding errors in the way the system will process. Testing is vital to the success of
the system. System testing makes a logical assumption that if all the parts of the system are
correct; the goal will be successfully achieved non- testing leads to error that may not appear
until months later. This creates two problems.

 The time lag between the cause and appearance of the problem.
 The effort of system error on files and records within the system.

The Testing Steps are:

 Unit Testing
 Integrated Testing
 Validation Testing
 White Box Testing
 Black Box Testing

24
Unit Testing: Testing of individual programs or modules is known as unit testing. Unit testing is
done both during documentation and testing phase. Unit testing focuses on verification of effort
on the smallest of software design. Modules using the detailed design description as a guide,
important control paths are tested to uncover errors within the boundary of the module. The
relative complexity is test and errors detected as a result are limited by the constraints scope
established for unit testing. Unit testing is always white box oriented and the step can be
conducted in parallel for multiple modules.

Integration Testing: Integration testing is a systematic technique for constructing the program
structure while at the same time conducting test to uncover errors associated with interfacing.
The objective is to take unit - tested modules and build a program structure that has been
dictated by design. Careful test planning is required to determine the extent and nature of
system testing to be performed and to establish criteria by which the result will be evaluated.
All the modules were integrated after the completion of unit test. While Top - Down
Integration was followed, the modules are integrated by moving downward through the control
hierarchy, beginning with the main module. Since the modules were unit - tested for no errors,
the integration of those modules was found perfect and working fine. As a next step to
integration, other modules were integrated with the former modules.

Validation Testing: The most common web application security weakness is the failure to
properly validate input coming from the client or environment before using it. The weakness
leads to almost all of the major vulnerabilities in web applications, such as cross site
scripting, SQL injection, interpreter injection.
Data from an external entity or client should never be trusted, since it can be arbitrarily
tampered with by an attacker. Validation doesn't just mean putting your pages through some web
driven testers. It also means test-driving it with friends, relatives, co-workers, and strangers.
Everyone has a different system and way of working, so ask for others to test-drive your styles or
themes before you make them public.

25
White Box Testing: White box testing is a test case method that uses control structure and
procedural design to drive test cases using white box testing method. Software engineer can test
cases that:
 Exercise all logical decisions on their true or false sites.
 Guarantee that all independent paths with a module have been exercised at least once.
 Exercise internal data structure to ensure validity.
 Execute all loops at their boundaries and their operational bounds.

White box testing sometimes called as glass box testing is a test case design method that uses
the control structures of the procedural design to derive test cases. Using White Box testing
methods, the software engineer can derive test case, that guarantee that all independent paths
with in a module have been exercised at least once, exercise all logical decisions on the true and
false sides, execute all loops at their boundaries and within their operational bounds, exercise
internal data structures to ensure their validity. “Logic errors and incorrect assumptions are
inversely proportional to the probability that a program path will be executed“.

Black Box Testing: Black box testing, also called as behavioral testing, focuses on the
functional requirements of the software. That is, black box testing enables the software
engineer to derive sets of input conditions that will fully exercise all functional requirements
for a program.
Black box testing focuses on the fundamental requirements on software and on input
and output of the module. It enables the software engineers to derive set of input condition that
will truly exercise all functional requirements of a program. Black box testing is rather a
contemporary approach that is likely to uncover different class of errors.

It attempts to find out errors in the following category:

 Incorrect and missing functions

 Performance errors
 Initialization and termination errors

26
6.2 Test Cases:

Login
Serial Module Test Expected Refer
Expected Input Remark
No. description Case Output GUI

Attempt to
User authenticate with Login to
1. Login Fig 1 Successful
login valid username home page
and password

Attempt to Redirected to
User authenticate with same page
2. Login Fig 1 Failed
login invalid username with error
and password message

Attempt to
User authenticate with Login to
3. Login Fig1 Successful
Login valid username home page
and password

Attempt to Redirected to
User authenticate with same page
4. Login Fig 1 Failed
Login invalid username with error
and password message

27
Network Traffic
The
Expected requirement
No. Test case Title Description Result
Outcome in RS that is
being tested
1 Test the User saves the File is saved RS4 Passed
functionality of a file and views it
file downloaded later
from internet

2 Test that GUI is User sees the Successful RS1 Passed

able to show traffic in representation
network traffic graphical form. of traffic.
3 Test the mapping User views the Correct IP RS2 Passed
of files to the destination IP address is
destination IP address attached mapped to the
address to each file. file

4 Test the User opens the File is opened RS5 Passed

functionality of a saved file for
file downloaded viewing it.
from internet

5 Test the User prints the The file is RS6 Passed

functionality of a file. printed on the
file downloaded default
from internet printer.

6 Test the decoded User chooses The output is RS3 Passed

information of the from the list to displayed
selected file. view packet correctly
information.

28
Register
Serial Module Expected Refer
Test Case Expected Input Remark
No. description Output GUI

If no values are Error

Registratio
entered in any message-
1. Register n for a new Fig 3 Passed
field/any field is Enter data in
user
kept blank all fields

Incorrect re- Error

Registratio entering of message-
2. Register n for a new password in Password Fig 3 Failed
user confirm password’ doesn’t
field match

Registratio If new user enters

Username
3. Register n for a new existing username Fig 3 Failed
not available
user during registration

29
 8. CONCLUSION

In practice, there is not a typical network problem that can’t be discovered and solved
using packet sniffer technology. Sniffers can be used as the first method of attack on a number of
issues that vary from overloaded networks to unresponsive switches to lost packets. As a number
of networks and nodes continue to grow and as network speeds accelerate, it becomes more and
more difficult to monitor a LAN by using traditional tools, such as RMON (Remote Monitoring)
probes. Packet sniffers, by contrast, monitor traffic on network right down to the Header
information on each series of data. This means that u can actually track data from starting point
to its end point. Packet sniffers can also be used to identify the types of packets on a network and
discover whether or not the specific packet has any errors.

30
 9. BIBLIOGRAPHY

[1] Micheal Colline et al, (2006) ’ HANDBOOK SiLK version 0.10.3 , PA 15213-3890

[2] Shrirom Sarvotham et al, (2001) Connection-level Analysis and Modeling of network Traffic

[3] Seong Soo Kim et al (2004) A Study of Analyzing Network Traffic as Images in Real-Time

[4] Jean-Francois Raymond (2000) Traffic Analysis: Protocols, Attacks, Design Issues and Open
Problems, Zero-Knowledge Systems, Inc.

[5] Lizhi Charlie Zhong et al (2003) Network Traffic Model

[6] Robert Geist and James Westal (2002) Simulation Modeling of self-similarity in Network
Traffic Department of Computer Science, Clemson University, Lucent Technologies.

[7] Steven L. Scott and Padhraic Smyth, “The Markov Modulated Poisson Process and Markov
Poisson Cascade with Applications to Web Traffic Modeling”

http://www.datalab.uci.edu/papers/ScottSmythV7.pdf

[8] Andrew S. Tanenbaum, Computer Networks, Third Edition, Prentice Hall International

Editions, 1996.http://ieeexplore.ieee.org/iel5/35/13111/00601746.pdf?
isnumber=&arnumber=601746

[9] R.Jain (1991) The Art of Computer Systems Performance Analysis, John Wiley and sons
New York

31
 [10] Balakrishnan Chandrasekaran (2006) Survey of Network Traffic Models
http://www.cse.wustl.edu/~jain/cse567-06/ftp/traffic_models3/index.html

32