SOFTWARE PROJECT MANAGEMENT PLAN

NET VIGILANT
NETWORK MONITOR

V1.1
Printed On: 3rd Dec 2007
C:\Washington University\ProjectDocument.doc

Department Of Computer Science & Engineering

Washington University in Saint Louis

Submitted By

Subharthi Paul
Madhuri Kulkarni

1
 Table of Contents

1 INTRODUCTION 3
1.1 Project Overview____________________________________________________ 4
1.2 Project Deliverables__________________________________________________ 5

2 PROJECT ORGANIZATION 8
2.1 Software Process Model______________________________________________ 9
2.2 Tools and Techniques________________________________________________ 9

3 PROJECT MANAGEMENT PLAN 12

3.1 Tasks______________________________________________________________ 13
3.1.1 Description__________________________________________________ 13
3.1.2 Deliverables and Milestones____________________________________ 13
3.1.3 Resources Needed____________________________________________ 13
3.1.4 Dependencies and Constraints___________________________________ 14
3.1.5 Risks and Contingencies________________________________________ 14
3.2 Schedule___________________________________________________________ 15

4 ADDITIONAL INFORMATION 16
4.1 Definitions, Acronyms and Abbreviations_________________________________ 17
4.2 References__________________________________________________________ 17

2
INTRODUCTION

3
1. INTRODUCTION

1.1 Project Overview:

Abstract:
Packet sniffing or packet capture software is extensively used as tools for protocol analysis and
security. In protocol design research, such a tool comes handy in analyzing, debugging and
testing of a new protocol implementation. In Security, as is true for any tools, it may be used
both as a positive way to detect intrusions or attacks on a system as well as in the malicious way
to hack for private and personal data of others. Even though use of upper layer encryption
techniques make it difficult to gather data directly, yet these tools are important in learning
about existing sessions, collecting encrypted data to launch offline attacks to generate the
encryption key and any such attack limited only by ones imagination. Hence, packet sniffer
software is one of the most essential tools required to get started to be able to perform any of
the above mentioned activities. The goal of our project is to write a packet sniffer “Net Vigilant”,
capable of sniffing across wired and wireless interfaces and provide additional packet
aggregation, filtering and analysis capabilities. The goal of the project is not to provide a novell
approach towards sniffing on the network but rather to provide a basic understanding to the
challenges involved in writing such a software and also to build up from the knowledge and
experience gained to design more advanced security tools.

Introduction:
Packet sniffing is an essential activity for network engineers as well as security experts. If, used
in a positive way, it is the most essential tool for network analysis, protocol analysis, network
troubleshooting, intrusion detection and hundreds of such other applications. The key challenge
in writing such software is to collect raw packets directly from the interface cards and parsing
them to reveal useful information. In normal network programming through sockets, a software
module listens on a particular socket for packets intended for its use, hence for a module
wanting to sniff for all packets, it shall have to listen on all the TCP ports so that TCP does not
throw away packets on finding no module attached to the intended port number in the packet.
Also, each protocol layer performs filtering of the traffic, for example, any TCP control packet
4
will not be passes above the TCP layer, any IP control packet is consumed by the IP layer and so
on. Moreover, the hardware network interface does an initial filtering of packets not intended
for it. Hence, it is almost certain that the normal programming methods will not allow for the
capabilities that we seek to capture in a packet sniffing software. The way out of this situation is
to have some type of a software hook which can gather packets before it is passed through the
protocol layer processing. Also, to be able to capture packets not intended for the current
network interface, the software should set the interface to the “promiscuous mode” provided
such a mode is supported by the hardware and the device driver of the network card.
The “software hook”, that we mentioned above, exists, in UNIX as the PF_PACKET socket
(libpcap library) and in Windows as the Winpcap library. In our work we make use of the
Winpcap library to be able to capture raw packets from the interface. The story does not end at
being able to capture raw packet. In fact, it is the most basic step. There are certain hurdles in
being able to analyze correctly the raw packets which are nothing but a set of hexadecimal
gibberish to the uninformed. There are challenges in being able to serialize the data coming in,
in network byte order, for storage in the file systems. Also, a major task is to be able to provide
an easy to use and elegant user interface for running the software as well as present the packet
data in a more human readable form.
With all this in mind, we designed “Net Vigilant”, a packet sniffer and analyzer tool for wired and
wireless interfaces. “Net vigilant” has a state-of-the-art graphical user interface, designed on the
.NET platform. All the code has been written in C# over the .NET platform to ensure
interoperability across windows systems.
It may be argued, that such tools already exist in plenty and that a new endeavor may not be
justified. However, “Net Vigilant” has been designed to be the stepping stone for further design
of more complicated tools and also a learning experience for novice programmers to design and
implement their own network software. It is basically the foundation bed for more advanced
innovations in the future.

5
1.2 Project Deliverables

The project deliverables that were agreed upon were as follows:

The project will be implemented in Microsoft ©.NET technologies using C# language.

Following are some of the functionalities we will implement:
 
Basic Functionality:

1 Network Monitor [Basic packet capture]. 

This feature will provide the facility to capture network packets. These packets will be
parsed and the packet header details will be listed in a table. The packets can be stored in
XML (Extensible Markup Language) serialized formats. These packets can be retrieved
later for viewing and analysis.

2 Packet Filtering
The packets can be filtered by protocol type TCP (Transmission Control Protocol), UDP
(User Datagram Protocol), ARP (Address Resolution Protocol), ICMP (Internet Control
Message Protocol) and IGMP (Internet Group Management Protocol).

3 Network Utilities [Ping, TCP Statistics, UDP Statistics]

The above mentioned utilities will be provided for network traffic analysis.

4 Graphical User Interface (GUI):

We will be implementing an easy to use Windows based GUI.

6
Advanced Functionality:

Although the advanced functionalities are not a part of the project we plan to implement them in
future.

1. Port Scanner
Port Scanner will provide basic functionality of searching a network host for open ports.
This will be used by administrators to check the security of their networks.

2. Network Mapping
The network mapping functionality will map the network and provide a network map.

3. Client Configuration Monitor.

Client configuration monitor will provide the list of processes, resources and status of a
node on the network.

Please note that the advanced functionality is not a part of the project and will be implemented
only if time permits.

7
PROJECT ORGANIZATION

8
2. PROJECT ORGANIZATION

2.1 Software Process Model

The Waterfall software process model was used for this project. The phases of this
model are:
A. Requirement analysis
The requirements for this project were identified and analyzed.

B. Design /Select an Approach

Design and Implementation details were finalized.

C. Code Development
Code development was done in C#.NET

D. Testing
Unit testing and peer testing were done.

E. Deployment
The software was deployed and tested on various machines.

F. Maintenance
Depending on feedback further changes to software will be made.

2.2 Tools and Techniques

Following tools were used for the development of the project:

1 .NET framework 2.0

9
 The .NET Framework is Microsoft's managed code programming model for building
applications on Windows clients, servers, and mobile or embedded devices. Developers
use .NET to build applications of many types: Web applications, server applications,
smart client applications, console applications, database applications, and more.
To support this variety, the .NET Framework includes a broad set of supporting class
libraries, including: Windows Presentation Foundation (WPF), for visually stunning user
experiences on Windows clients; Windows Communication Foundation (WCF), enabling
fast and flexible communications among applications across your enterprise; Windows
Workflow Foundation (WF), allowing developers to build workflows into any
application; ASP.NET, for high-performance and interactive Web-based applications;
Libraries for handling XML, data, IO, cryptography, text-to-speech, and more.[1]

2 Microsoft Visual studio 2005

Microsoft® Visual Studio® 2005 Professional Edition is a complete environment for

individual developers building Microsoft Windows®, Web, or mobile solutions. It
provides:
 Building high-performance solutions faster than ever.
 Easily create and deploy client applications. Automatically publish and maintain
applications and their dependencies with integrated ClickOnce support.
 Build fast, interactive Web applications. Take advantage of more than 50 new controls
and hundreds of built-in services for site security, personalization, look and feel, and
more.
 Develop faster with enhanced visual designers and editors. Streamline development of all
tiers of your application and improve XML editing and XSLT debugging with intuitive
visual designers.
 Create dynamic, data-enabled applications. Quickly create data-driven applications using
an integrated data access, design, and reporting environment.
 Provides a powerful, enterprise-class application platform.
 Easy Task development. Create robust applications using the Microsoft® .NET
Framework 2.0, the .NET Compact Framework 2.0, and native code—all supported by
Microsoft Visual Studio® 2005.
 Target high-performance computing architectures. Easily develop for 64-bit systems [2]
10
 3 DebugView

DebugView is an application that lets you monitor debug output on your local system, or any
computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-
mode and Win32 debug output, so you don't need a debugger to catch the debug output your
applications or device drivers generate, nor do you need to modify your applications or drivers to
use non-standard debug output APIs.
Use:
Simply execute the DebugView program file (dbgview.exe) and DebugView will immediately
start capturing debug output. [3]

4 SharpPcap V1.5:

SharpPcap is a packet capture framework for the .NET environment, based on the famous
WinPcap component. The purpose of this library is to provide an API for capturing, injecting,
analyzing and building packets using any .NET language such as C# and VB.NET. [4] This
library has been used for the functionality of packet capture and display. Other features of the
software are implemented using C#.NET

This dll can be downloaded from http://www.tamirgal.com/home/dev.aspx?Item=SharpPcap

5 WinPcap V4.0.1:

WinPcap is the industry-standard tool for link-layer network access in Windows environments: it
allows applications to capture and transmit network packets bypassing the protocol stack, and
has additional useful features, including kernel-level packet filtering, a network statistics engine
and support for remote packet capture.
WinPcap consists of a driver that extends the operating system to provide low-level network
access, and a library that is used to easily access the low-level network layers. [5]

11
PROJECT MANAGEMENT PLAN

12
 3 PROJECT MANAGEMENT PLAN

3.1 Tasks
Following tasks were identified:
a. Installation of .NET framework 2.0
b. Installation of Microsoft Visual Studio 2005
c. DebugView (optional)
d. Study of various .NET classes
e. Study of WinPcap, SharPcap.
f. Design and coding
g. Testing

3.2 Deliverables and Milestones

Deliverables Status
Graphical Interface: Completed
Network Monitor. [basic] Completed
Network Utilities [Ping, TCP Statistics, UDP Statistics] Completed
Packet Analysis Completed
Packet Filtering Completed
Testing Completed

3.3 Resources Needed

Hardware Resources:
 Pentium IV and upwards processor.
 1GB RAM.
 Monitor.
 Keyboard.
 2 /3 button Mouse.
 1.5MB Hard disk space

Software Resources:
13
  .NET Framework 2.0
 Microsoft Visual studio 2005
 Windows NT and upwards Operating System
 WinPcap V4.0.1
 SharpPcap V1.5

3.4 Dependencies and Constraints

 Software Dependencies:
Installation of .Net framework 2.0 and WinPcap is necessary for the software to work
on the computer.

 Hardware Constraints:
Not all wireless network adaptor cards support packet capture. Make sure your
wireless network interface card supports promiscuous mode for packet capture.
Hence this software may not work on all wireless network interface cards. But it will
capture packets on Ethernet networks.

3.5 Risks and Contingencies

The following risks were identified:
a) Many such applications available in market.
Contingency: Although many such applications are in market not all provide
both functionalities of capturing data on wired and wireless network. Also
these applications are not cost effective.
b) Wireless Network Interface Cards:
Since not all cards support promiscuous mode this application may not work
on all node
Contingency: The alternative to this risk is to write a device drive for the
network interface card that does not support wireless packet capture or simply
wait until existing drivers provide upgrades for this functionality.
3.6 Schedule

14
Topic Date Status
Feasibility study 3rd Nov 2007 Completed
Network monitor 20th Nov 2007 Completed
Network Utilities 27th Nov 2007 Completed
Packet Display 5th Dec 2007 Completed
Packet Filtering 5th Dec 2007 Completed
Testing 7th Dec 2007 Completed

15
 ADDITIONAL INFORMATION

4 ADDITIONAL INFORMAITON

16
4.1 Acronyms

UDP User Datagram Protocol

TCP Transmission Control Protocol
ARP Address Resolution Protocol
ICMP Internet Control Message Protocol
IGMP Internet Group Message Protocol
XML Extensible Markup Language
GB Gigabytes
MB Megabytes
RAM Random Access Memory
IP Internet Protocol
GUI Graphical User Interface
WCF Windows Communication Foundation
WPF Windows Presentation Foundation
WF Workflow Foundation
ASP Active Server Pages

4.2 References

[1] http://msdn2.microsoft.com/en-us/netframework/default.aspx
[2] http://www.microsoft.com/education/facultyconnection/software/softwaredetails.as
px?cid=1&c1=en-us&c2=0
[3] http://www.microsoft.com/technet/sysinternals/utilities/debugview.mspx
[4] www.tamirgal.com/home/dev.aspx?Item=SharpPcap
[5] http://www.winpcap.org/

17