Sunday, March 22, 2009

Capturing Network Packets

A Capturing Network Packets (also known as sniffer or packet analyzer) is computer software that can intercept and log traffic passing over a digital network or part of a network.As data streams flow across the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC(request for comments ) or other specifications.


How it works

Let’s say your computer is in network #1 and it was connected to a hub. All computers in your network receive same signal. It means your computer sockets receive all signals in the network.

But operating system is extract only massagers address to you (your computer).


Depth


Your computer is connecting to #1 network; they you can see all packets sending and receiving to 192,168.1.1 …5.

Your computer is connecting to #2 network; they you can see all packets sending and receiving to 192,168.1.6 and 7 + packet sending and receiving to #1 and other..

Lets say you send a message from 192.168.1.1 to 192.168.1.5; (a feature of switching hub) that message will route directly to it and not visible to network #2.

How packet behaves






What type of packet can be identified?

Ethernet
IPv4
IPv6
ARP/RARP
TCP
UDP
ICMPv4


What kind of applications can we develop


Network and protocol analyzers
Monitor network usage
Traffic loggers
User-level bridges and routers
Network intrusion detection systems (NIDS)
Network scanners
Security tools
Gather and report network statistics
Filter suspect content from network traffic
Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use)
Reverse engineer proprietary protocols used over the network
Debug client/server communications
Debug network protocol implementations

Is network is secure

Most of the stuff going through internet is going as plan text. It means other people can see. Mostly login and authentication related stuff is encrypted and rests of the things are going as plan text or with simple encoding. Especially chat massagers are moving as plan text.

Why can’t make it secure



Security makes more cost, traffic and more processing power. So it becomes slower and inefficient.

Next: how to read packet using java
Keep in touch

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)