NETWORK PACKET SNIFFER ANALYZER

A MINI PROJECT REPORT

Submitted by

KALAISELVAN S 20P320
SANTHOSH G 20P343
ARUN PRASANTH B 21P701
THARUN KUMAR A 21P706

In partial fulfillment for the award of the degree of

BACHELOR OF ENGINEERING

in
COMPUTER SCIENCE AND ENGINEERING

ANNA UNIVERSITY, CHENNAI 600 025

APRIL 2023
 KARPAGAM COLLEGE OF ENGINERING
(Autonomous)
COIMBATORE – 641 032

NETWORK PACKET SNIFFER ANALYZER

Bonafide record of the work done by

KALAISELVAN S 20P320
SANTHOSH G 20P343
ARUN PRASANTH B 21P701
THARUN KUMAR A 21P706

Dissertation submitted in partial fulfillment of the requirement for the degree of

BACHELOR OF ENGINEERING

COMPUTER SCIENCE AND ENGINEERING

of Anna University, Chennai

APRIL 2023

Mr.S.RAMARAJ,AP/CSE Dr.T.RAVICHANDRAN
Project Guide Head of the Department

Certified that the candidate was examined in the viva-voce examination held
on ………………….

……………………..
(Internal Examiner)
 ACKNOWLEDGEMENT

We express our sincere thanks to Karpagam educational and charitable trust for
providing necessary facilities to bring out the project successfully. We felt
greatness to record our thanks to the chairman Dr. R. VASANTHAKUMAR,
B.E., (Hons),D.Sc. for all his support and ray of strengthening hope extended.

It is a moment of immense pride for us to reveal our profound thanks to our

respected Principal, Dr. P. KARTHIGAIKUMAR, M.E., Ph.D., who happens to
be striving force in all our endeavors.

We express our sincere thanks to our Dr. T. RAVICHANDRAN, M.E., PhD.

Head of the Department of Computer Science and Engineering for providing an
opportunity to work on this project. His valuable suggestions helped us a lot to do
this project.

A word of thanks would not be sufficient for the work of our project guide
Mr.S.RAMARAJ., ME. Department of Computer Science and Engineering,
whose efforts and inspiration lead us through every trying circumstance.

We would also like to recollect the courage and enthusiasm that was inculcated in
us by our mini project coordinator, Ms. SUBHASHREE K, M.E. Department of
Computer Science and Engineering for valuable guidance and support through the
tenure of our project.

We express our gratitude to all the members of the faculty of the Department of
Computer Science and Engineering for the encouragement which we received
throughout the semester.
 TABLE OF CONTENTS

CHAPTE
TITLE PAGE NO.
RNO.
ABSTRACT I
LIST OF FIGURES II
LIST OF ABBREVIATIONS III
1 INTRODUCTION 1
1.1 DEFINITION 1
1.2 OBJECTIVE 1
2 SYSTEM OVERVIEW 2
2.1 EXISTING SYSTEM 2
2.2 PROPOSED SYSTEM 2
3 SYSTEM REQUIREMENTS 3
3.1 HARDWARE REQUIREMENTS 3
3.2 SOFTWARE REQUIREMENTS 3
4 SYSTEM DESIGN 4
4.1 SYSTEM ARCHITECTURE DESIGN 4
4.2.ER DIAGRAM-1 5
4.3 ER DIAGRAM-2 6
5 SYSTEM ANALYSIS 7
5.1 MODULE 7
5.1.1.USER INTERFACE MODULE 7
5.1.2.PACKET ANALYSIS MODULE 8
5.1.3.STATISTICS MODULE 8
6 SYSTEM IMPLEMENTATION 9
7 OUTPUT 16
8 CONCLUSION 18
9 REFERENCES 19
 ABSTRACT

The main objective of this project shows how network connection

information can be modeled as chromosomes. The objective of the system is to
create a new set of rules during run time. So the intruder cannot be able to attack
the system with virus.

In recent years, Intrusion Detection System (IDS) has become one of the
hottest research areas in Computer Security. It is an important detection technology
and is used as a countermeasure to preserve data integrity and system availability
during an intrusion.

An Intrusion Detection System is a system for detecting intrusions and

reporting them accurately to the proper authority. Intrusion Detection Systems are
usually specific to the operating system that they operate in and are an important
tool in the overall implementation an organization’s information security policy,
which reflects an organization's statement by defining the rules and practices to
provide security.

A methodology of applying genetic algorithm into network intrusion

detection technique is unique as it considers both temporal and spatial information
of network connections during the encoding of the problem; therefore, it should be
more helpful for identification of network anomalous behaviors .

i
LIST OF FIGURES:

Fig No Name Page.No

1 System Architecture Design 4
2 ER Diagram-1 5
3 ER Diagram-2 6
4 User Interface Module 7
5 Packet Analysis Module 8
6 Statistics Module 8

ii
LIST OF ABBREVIATIONS:

MySQL My Structured Query Language

OS Operating System

URL Uniform Resource Locator

XML Extensible Markup Language.

iii
 CHAPTER 1

INTRODUCTION

1.1 DEFINITION

This project aims at developing a Network Packet Sniffer. Network

Packet Sniffer is a piece of software that monitors all network traffic. This is
unlike standard network hosts that only receive traffic sent specifically to them.
As data streams flow across the network, the sniffer captures each packet and
eventually decodes and analyzes its content. For network monitoring purposes
it may also be desirable to monitor all data packets in a LAN and to mirror all
packets passing through a shared bus.

1.2 OBJECTIVE

This project will be comprised of three modules namely the User

Interface module, Statistics module and Packet Analysis module. User Interface
module provides all the Graphical Interface components necessary for the user
to interact with the System. The Analysis Module will analyze the incoming
packets into a computer, identify them and passes the information into the
Statistics module.

This system is a network analyzer (also known as protocol analyzer &

packet sniffer), it performs real-time packet capturing, 24x7 network
monitoring, advanced protocol analyzing, in-depth packet decoding, and
automatic expert diagnosing. It allows you to get a clear view of the complex
network, conduct packet level analysis, and troubleshoot network problems.

1
 CHAPTER 2

SYSTEM OVERVIEW

2.1 EXISTING SYSTEM

As a network administrator who needs to identify, diagnose, and solve

network problems, a company manager who wants to monitor user activities on
the network and ensure that the corporation's communications assets are safe, or
a consultant who has to quickly solve network problems for clients. It is difficult
to identify the problems if the network traffic is not tracked, as an administrator
in general we depend on the analyzer provided by the operating system (if any)
or the anti0virus software that is installed to provide real-time network security.
However, it is identified that these systems provide specific set of reports which
may not be enough for an administrator to trace all the problems. To handle
these types of issues we want to implement a specific network analyzer that can
track all the incoming and outgoing calls.

2.2 PROPOSED SYSTEM

As a network analyzer (as a. packet sniffer), this system make it easy

for us to monitor and analyze network traffic in its intuitive and information-
rich tab views. With this system network traffic monitor feature, we can quickly
identify network bottleneck and detect network abnormities.

The Protocols view will list all protocols applied in network

transmission. In Protocols view we can monitor network traffic by each
protocol. By analyzing network traffic by protocol, we can understand what
applications are using the network bandwidth, for example "http" protocol
stands for website browsing, "pop3" stands for email, etc.

2
 CHAPTER 3

SYSTEM REQUIREMENTS

3.1 AT DEVELOPER SIDE

During system development, have to design both static and dynamic

website interfaces, create website functions and a database system, edit photos
and pictures, so it has a set of software and hardware requirements.

Hardware Used Software Used

• Intel Dual Core Processor • WAMP SERVER

• 160 GB Hard Disk Drive. • MYSQL
• 1GB RAM. • NOTEPAD
• O.S. – Windows XP SP2 • VS CODE

3.2 AT SYSTEM USER SIDE

The following is the requirements for the system users including
members and administrators.

Hardware Requirements Software Requirements

• Intel Pentium 4 Processor • Browser (IE 7.0 or Above, Mozilla

• 20 GB Hard Disk Drive. Firefox, Google Chrome, Opera)
• 256MB RAM. • Command prompt
• O.S. – Windows XP

3
 CHAPTER 4

SYSTEM DESIGN

4.1 SYSTEM ARCHITECTURE DESIGN

Figure-1

4
4.2 ER DIAGRAM 1

Figure-2

5
4.3.ER DIAGRAM 2

Figure-3

6
 CHAPTER 5

SYSTEM ANALYSIS

5.1 MODULE

The system after careful analysis has been identified to be presented with
the following modules and roles. The modules involved are.

• User Interface Module

• Packet Analysis Module
• Statistics Module

5.1.1. USER INTERFACE MODULE

A packet sniffer, sometimes called a packet analyzer, is composed of two

main parts. First, a network adapter that connects the sniffer to the existing
network. Second, software that provides a way to log, see, or analyze the data
collected by the device. It provides all the Graphical Interfaces components required
by the user to interact with the system. Network packet sniffing can help enhance
your security, performing network penetration testing by monitoring the data and
ensuring it is encrypted. Other positive uses of network sniffers include: Tracking
down network traffic bottlenecks. Testing firewalls for network security efficacy.

7
5.1.2 PACKET ANALYSIS MODULE

A packet analyzer, also known as packet sniffer, protocol analyzer, or

network analyzer, is a computer program or computer hardware such as a packet
capture appliance, that can intercept and log traffic that passes over a computer
network or part of a network.Packet analysis is a primary traceback technique in
network forensics, which, providing that the packet details captured are sufficiently
detailed, can play back even the entire network traffic for a particular point in time.
Network packet sniffing can help enhance your security, performing network
penetration testing by monitoring the data and ensuring it is encrypted. Other
positive uses of network sniffers include: Tracking down network traffic
bottlenecks. Testing firewalls for network security efficacy.

5.1.3 STATISTICS MODULE

A network is a collection of nodes, such as personal computers, servers, and

networking hardware that are connected. The network connection allows data to be
transferred between these devices. The connections can be physical with cables, or
wireless with radio signals. Networks can also be a combination of both types. As
nodes send data across the network, each transmission is broken down into smaller
pieces called packets. The defined length and shape allows the data packets to be
checked for completeness and usability. Because a network's infrastructure is
common to many nodes, packets destined for different nodes will pass through
numerous other nodes on the way to their destination. To ensure data is not mixed
up, each packet is assigned an address that represents the intended destination of
that packet.

8
 CHAPTER 6

SYSTEM IMPLEMENTATION

6.1 Source Code:

import javax.swing.*;
import jpcap.*;

public class InterfacesWindow extends javax.swing.JFrame {

public InterfacesWindow() {
initComponents();
ListNetworkInterfaces();
textField1.requestFocus();
setVisible(true);
setDefaultCloseOperation(DISPOSE_ON_CLOSE);
}

public void ListNetworkInterfaces() {

sniffer.NETWORK_INTERFACES = JpcapCaptor.getDeviceList();
jTextArea1.setText("");
for (int i = 0; i < sniffer.NETWORK_INTERFACES.length; i++) {
jTextArea1.append(
"\n\n----------------------------------------------------------------
-------Interface (" + i
+ ") ----------------------------------------------------------------
-------");
jTextArea1.append("\nInterface Number: " + i);
jTextArea1.append("\nDescription: "
+ sniffer.NETWORK_INTERFACES[i].name + "("
+ sniffer.NETWORK_INTERFACES[i].description + ")");
jTextArea1.append("\nDatalink Name: "
+ sniffer.NETWORK_INTERFACES[i].datalink_name + "("
+ sniffer.NETWORK_INTERFACES[i].datalink_description + ")");
jTextArea1.append("\nMac Address: ");

byte[] R = sniffer.NETWORK_INTERFACES[i].mac_address;
for (int A = 0; A < sniffer.NETWORK_INTERFACES.length; A++) {
jTextArea1.append(Integer.toHexString(R[A] & 0xff) + ":");
}

9
 NetworkInterfaceAddress[] INT = sniffer.NETWORK_INTERFACES[i].addresses;
jTextArea1.append("\nIP Address: " + INT[0].address);
jTextArea1.append("\nSubnet Mask: " + INT[0].subnet);
jTextArea1.append("\nBroadcast Address: " + INT[0].broadcast);

sniffer.COUNTER++;
}
}

public void ChooseInterface() {

int TEMP = Integer.parseInt(textField1.getText());

if (TEMP > -1 && TEMP < sniffer.COUNTER) {

sniffer.INDEX = TEMP;
sniffer.captureButton.setEnabled(true);
sniffer.filter_options.setEnabled(true);
sniffer.stopButton.setEnabled(true);
sniffer.saveButton.setEnabled(true);
} else {
JOptionPane.showMessageDialog(null, "Outside the RANGE. # interfaces = 0-" +
(sniffer.COUNTER - 1) + ".");
InterfacesWindow nw = new InterfacesWindow();

textField1.setText("");

@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-
BEGIN:initComponents
private void initComponents() {

jScrollPane1 = new javax.swing.JScrollPane();

jTextArea1 = new javax.swing.JTextArea();
jButton1 = new javax.swing.JButton();
textField1 = new java.awt.TextField();
jLabel1 = new javax.swing.JLabel();

setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setTitle("Interfaces List");
setName("Interfaces list"); // NOI18N

jTextArea1.setEditable(false);
jTextArea1.setColumns(20);
jTextArea1.setRows(5);
10
 jScrollPane1.setViewportView(jTextArea1);

jButton1.setText("Select");
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});

textField1.addKeyListener(new java.awt.event.KeyAdapter() {
public void keyPressed(java.awt.event.KeyEvent evt) {
textField1KeyPressed(evt);
}
});

jLabel1.setText("Please select the interface number!");

javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());

getContentPane().setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()

.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGap(0, 249, Short.MAX_VALUE)
.addComponent(jLabel1, javax.swing.GroupLayout.PREFERRED_SIZE,
224, javax.swing.GroupLayout.PREFERRED_SIZE)

.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(textField1, javax.swing.GroupLayout.PREFERRED_SIZE,
70, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(47, 47, 47)
.addComponent(jButton1, javax.swing.GroupLayout.PREFERRED_SIZE,
75, javax.swing.GroupLayout.PREFERRED_SIZE))
.addComponent(jScrollPane1))
.addContainerGap())
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 352,
javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED,
javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)

11
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(textField1, javax.swing.GroupLayout.Alignment.TRAILING,
javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE,
Short.MAX_VALUE)
.addComponent(jButton1, javax.swing.GroupLayout.Alignment.TRAILING,
javax.swing.GroupLayout.PREFERRED_SIZE, 33, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(jLabel1, javax.swing.GroupLayout.DEFAULT_SIZE,
javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addContainerGap())
);

pack();
}// </editor-fold>//GEN-END:initComponents

private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-

FIRST:event_jButton1ActionPerformed
// TODO add your handling code here:
ChooseInterface();
setVisible(false);
}//GEN-LAST:event_jButton1ActionPerformed

private void textField1KeyPressed(java.awt.event.KeyEvent evt) {//GEN-

FIRST:event_textField1KeyPressed
// TODO add your handling code here:
if (evt.getExtendedKeyCode() == KeyEvent.VK_ENTER) {
ChooseInterface();
setVisible(false);
}
}//GEN-LAST:event_textField1KeyPressed

public static void main(String args[]) {

try {
for (javax.swing.UIManager.LookAndFeelInfo info :
javax.swing.UIManager.getInstalledLookAndFeels()) {
if ("Nimbus".equals(info.getName())) {
javax.swing.UIManager.setLookAndFeel(info.getClassName());
break;
}
}
} catch (ClassNotFoundException ex) {

java.util.logging.Logger.getLogger(InterfacesWindow.class.getName()).log(java.util.loggin
g.Level.SEVERE, null, ex);
} catch (InstantiationException ex) {

12
java.util.logging.Logger.getLogger(InterfacesWindow.class.getName()).log(java.util.loggin
g.Level.SEVERE, null, ex);
} catch (IllegalAccessException ex) {

java.util.logging.Logger.getLogger(InterfacesWindow.class.getName()).log(java.util.loggin
g.Level.SEVERE, null, ex);
} catch (javax.swing.UnsupportedLookAndFeelException ex) {

java.util.logging.Logger.getLogger(InterfacesWindow.class.getName()).log(java.util.loggin
g.Level.SEVERE, null, ex);
}
//</editor-fold>
//</editor-fold>

/* Create and display the form */

java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
new InterfacesWindow().setVisible(true);
}
});
}

// Variables declaration - do not modify//GEN-BEGIN:variables

private javax.swing.JButton jButton1;
private javax.swing.JLabel jLabel1;
private javax.swing.JScrollPane jScrollPane1;
private javax.swing.JTextArea jTextArea1;
private java.awt.TextField textField1;
// End of variables declaration//GEN-END:variables
}

public static TCPPacket tcp;

public static UDPPacket udp;
public static ICMPPacket icmp;

public static List<Object[]> rowList = new ArrayList<Object[]>();

public void recievePacket(Packet packet) {

}

@Override
public void receivePacket(Packet packet) {

if (packet instanceof TCPPacket) {

tcp = (TCPPacket) packet;

13
 Object[] row = {sniffer.No, tcp.length, tcp.src_ip,
tcp.dst_ip, "TCP"};

rowList.add(new Object[]{sniffer.No, tcp.length, tcp.src_ip,

tcp.dst_ip, "TCP", tcp.src_port, tcp.dst_port,
tcp.ack, tcp.ack_num, tcp.data, tcp.sequence,
tcp.offset, tcp.header});

DefaultTableModel model = (DefaultTableModel)

sniffer.jTable1.getModel();
model.addRow(row);
sniffer.No++;

} else if (packet instanceof UDPPacket) {

udp = (UDPPacket) packet;

Object[] row = {sniffer.No, udp.length, udp.src_ip,

udp.dst_ip, "UDP"};
rowList.add(new Object[]{sniffer.No, udp.length, udp.src_ip,
udp.dst_ip, "UDP", udp.src_port, udp.dst_port,
udp.data, udp.offset, udp.header});

DefaultTableModel model = (DefaultTableModel)

sniffer.jTable1.getModel();
model.addRow(row);
sniffer.No++;

} else if (packet instanceof ICMPPacket) {

icmp = (ICMPPacket) packet;

Object[] row = {sniffer.No, icmp.length, icmp.src_ip,

icmp.dst_ip, "ICMP"};
rowList.add(new Object[]{sniffer.No, icmp.length,
icmp.src_ip, icmp.dst_ip, "ICMP", icmp.checksum, icmp.header,
icmp.offset, icmp.orig_timestamp, icmp.recv_timestamp,
icmp.trans_timestamp, icmp.data});

DefaultTableModel model = (DefaultTableModel)

sniffer.jTable1.getModel();
model.addRow(row);
sniffer.No++;

}
}
}

14
 THREAD = new jpcap_thread() {

public Object construct() {

try {

CAP = JpcapCaptor.openDevice(NETWORK_INTERFACES[INDEX],
65535, false, 20);
//writer = JpcapWriter.openDumpFile(CAP,
"captureddata");
if
("UDP".equals(filter_options.getSelectedItem().toString())) {
CAP.setFilter("udp", true);
} else if
("TCP".equals(filter_options.getSelectedItem().toString())) {
CAP.setFilter("tcp", true);
} else if
("ICMP".equals(filter_options.getSelectedItem().toString())) {
CAP.setFilter("icmp", true);
}

while (CaptureState) {

CAP.processPacket(1, new PacketContents());

packetList.add(CAP.getPacket());
}
CAP.close();

} catch (Exception e) {
System.out.print(e);
}
return 0;
}

public void finished() {

this.interrupt();
}
};

THREAD.start();

15
 CHAPTER 7

OUTPUT

NETWORK PACKET SNIFFER:

CHOOSING THE INTERFACE

16
 PAYLOAD:

STATISTICS:

17
 CHAPTER 8

CONCLUSION

A network sniffer “sniffs” or monitors network traffic for

information (e.g., where it's coming from, which device, the protocol used, etc.).
Network administrators can use this information to help optimize their environment.
Packet sniffing is a technique whereby packet data flowing across the network is
detected and observed. Network administrators use packet sniffing tools to monitor
and validate network traffic, while hackers may use similar tools for nefarious
purposes. Packet analysis is key because it provides a detailed overview of traffic
across a network. It allows admins to both focus on a slowdown in packet response
times between two managed nodes and better understand network performance.
Most network monitoring solutions provide packet sniffing as one of the functions
of their monitoring agents. Packet Sniffing allows you to monitor your network
traffic and gives you valuable insights about your infrastructure and performance.
The main advantage of such packet sniffers is that they can "see" the network traffic
not only from the computer, it's working on but from all computers in the same
network segment. The main disadvantage of such packet sniffer is that it cannot
decrypt the SSL traffic without retrieving the server certificate.

18
 CHAPTER 9

REFERENCES

[1]

Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and

Applications. IGI Global. 2019. p. 58. ISBN 978-1-5225-8898-6. Packet Sniffing: A
packet analyzer, also called as a network analyzer, protocol analyzer or packet
sniffer

[2]

Mc GrawHill’s , Java : The complete reference 7thEdition, Herbert

Schildit

[3]

"Network Segment Definition". www.linfo.org. Retrieved January 14, 2016.

[4]

http://www.w3schools.com/html/defualt.asp,http://www.w3schools.com/css/
default.asp,http://www.w3schools.com/js/default.asp

[5]
Java Enlightenment,Cody Lindley-First Edition, based on JavaScript1.5,
ECMA-262, Edition

19