Comparative Study of Packet Sniffing Tools and Its Importance in Network Monitoring

1)   Your main research (Sub) Questions (each can become a chapter): 

but few questions that are identified during the initial process of literature are,

1. How does a packet sniffer work?
2. How a packet sniffer helps in network monitoring and network security area?
3. What are the other uses of packet sniffers?
4. What are the Criteria used to evaluate a packet sniffer?
5. Is there any law restricting the use of packet sniffing or packet analysis?
6. How a packet sniffer detects the attacks such as denial of service (ping flood, SYN flood and network flooding attacks), IP spoofing attacks?

These are the basic questions that need to be understood and should be addressed in this research work. To answer the above, a packet sniffer is a piece of software or hardware capable of monitoring all network traffic.

When compared to ETHERNET the use of wireless LANS is increased these days, unlike Ethernet sniffers there exist wireless sniffers to analyse the network data. This research work compares the several types of wireless packet sniffing tools like Tcpdump, Ettercap, Dsniff, Wireshark, Kismet etc, analysis includes usage of tool that is tested with a case study. Several issues related to the standards related to the wireless technologies also addressed in case studies. Aim and objectives of the project include,  

1. The main aim of the research work is to analyze the WLAN packet sniffing tools that exist in market to monitor the wireless network to observe the malicious activity.
2. A detailed study related to the wireless standards starting from WEP to WPA-2 to understand the wireless communication process and the flaws in these standards. 
3. To identify various packets sniffing tools and compares them according the quality of service when deployed over a WLAN.
4. To research on topics to gather the data to prepare a research document that is useful for future reference. 
5. A Critical analysis of the work done and validation of the report, produced as a result of research. 

2)   What Research has been done previously in this area: 

By making use of digital library and other online journal sources I’ll find the network security related news, articles and journals to gather the information related to the network monitoring tools, as a part of proposal work I referred the books related to the cryptography and network security and some documents about the sniffing tools. To prepare later part of the document i.e, in literature review I’ll refer various journals and information in online resources.

During initial literature review I have identified the key journals and research papers related to the WLAN standards and WLAN sniffing. Some of the identified papers in EBSCO HOST data base are described below.

With the help of Google I found basic information related to WEP, WPA and WPA-2 from the huge internet data source known as Wikipedia. 

3)   How you will measure the success of your dissertation? 

In order to measure the success of the dissertation, what ever data I gathered related to the previous literature and other working papers and I’ll evaluate critically those data. What ever problems I will encounter during the initial literature process will be discussed briefly with my supervisor. I’ll assess the progress of dissertation by verifying it with the aims & objectives defined in the proposal. Any experience gained by doing the process and the problems encountered during the process will be well documented. The success of this dissertation will wholly depend on the analysis and understanding various attack types in networked environment. These include Denial of service attacks, Spoofing attacks etc. 

4)   Methodology- what will be your approach to completing this dissertation?   

My approach to complete the dissertation paper is to use waterfall methodology. This methodology is the basic method involving research, analysis, reading and consulting vendors those who deals with development of security tools. Another approach is the referral model. I’ll care the words of professor and seniors in the field of cybercrime. If they refer something to Do, I’ll consider their valuable advice and will do the same to get a good result. 

5)   What will be the practical element? 

As this is primarily a research based project, the practical element of this dissertation will be 25%, the research methodology utilised to complete the practical will be in the form evaluating the open source packet sniffing tools. Other part of practical element is to analyse various type of attacks and detecting these attacks using the few packet sniffing tools. 

6)   What data/examples will you use? 

I’ll use the data examples such as windows security and other online websites to check the latest information or news; even I’ll be using the online data by accessing the online resources such as internet, journals, and security tool specification documents.

Hardware requirement

A personal computer or a LAPTOP with minimum configuration

Software requirements

• Windows XP professional/VISTA 
• Sniffing Tools. (Wireshark, Ehtersnoop etc.)  

 7)   What knowledge and skills do you have that will be most relevant here? 

As I was doing my masters in Information security and computer forensics I come across few basics in networking and security subjects such as computer security. I got interest in one particular subject area known as Computer security. Since then I was researching on the issues related to computer networks. Most of the tools are practiced in university laboratory during the module SDM-025 Computer security. I practiced some of the tools to identify the protocols and the communication process. One of the tool I am familiar is Wireshark and even a proficient knowledge in using the other packet analysers or sniffing tools. Am quite familiar using windows operating systems, I’ll deploy the tool in my own PC and analyse the networked data in wireless medium.

8)   Indicative References: 

9)   Time Plan with Main Milestones: 

Dissertation Start Date: 7^th June 2010 

Initial study to prepare proposal – 1^st week- 7^th June 2010 to 15^th June 2010  

Literature Review– 2^nd Week, 3^rd Week and 4^th Week- 16^th June 2010 to 6^th July 2010 

Tool collection and analysis– 5^th Week and 6^th Week- 7^th July 2010 to 20^th July 2010   

Preparing attack types and detection using sniffing tools- 7^th week and 8^th week- 21^st July 2010 to 3^rd August 2010 

Documenting the Results and analysing the data collected– 9^th week- 4^th August 2010 to 10^th August 2010. 

Preparing a draft report – 10^th week- 11^th August 2010 to 17^th August 2010 

Final report- 11^th week and 12^th week- 18^th August 2010 to 31^st August 2010 

Proof reading and final submission- 13^th week and 14^th week- 1^st September to 14^th September