REAL TIME PASSIVE NETWORK MONITORING ON SWITCHED NETWORKS

Abstract

Without strong motivation for change, insecure network protocols and their implementations often go uncorrected, leaving much of the Internet vulnerable to attacks the research community has warned about for years. In a non-switched network environment, sniffing and packet monitoring is an easy thing to do. This is because in non-switched networks, the network traffic is sent to a hub, which broadcasts it to everyone. Switched networks are completely different in the way they operate; switches work by sending traffic to the destination host only. A switched network does not lend itself to sniffing as easily as a non-switched network does since it does not broadcast most frames. This creates difficulty in sniffing switched networks. The development of switched networks was driven by the need for more bandwidth, not for the need of more secure networks. Indeed, investigation reveals that several methods are now available to sniff switched networks. But we cannot just sniff the packets from the wire and get into the switch. The reason being, we are in switched network and switches do not do any favor to the hackers. They transmit data only between the talking machines. The purpose of this project is to capture the traffic on a switched network passively and to direct it to the front-end where users can monitor and manipulate the captured data. The system is divided into two basic parts; a sniffing device and a front end processor. The sniffing device is connected to the LAN, from where it passively sniffs and sends the iv captured packets to the front-end processor. The front-end processor is used for remote access of the sniffing device, monitoring the captured packets and displaying them in a user-friendly GUI. Different techniques like ARP Cache Poisoning, CAM Table Flooding and DNS Cache Poisoning have been used for redirecting etwork traffic towards us. At the front-end, a user-friendly GUI has been made for easy interaction, analyzing and manipulation of data. For capturing packets without the loss of information, and for its optimization, filtering