I would like to know the network analysis in the network (traffic monitoring) eg: packet size, webites visited etc.
My requirement was met with wireshark. I would like to know that while using wireshark,
Does it capture the user credentials that are given by the user? (seen in certain websites).
If yes please suggest me any other tool that can do the same without violating any privacy policy.
It depends what options on wireshark you are using, but it can easily do full packet capture which will contain all kinds of sensitive data. If you are just looking at packet headers then you wouldn't have this issue. Wireshark is not really a monitoring tool, you might want to look at the open source tools like ntop/ntopng which will do a better job and be always on.
Why do you care about packet size? Never heard of anyone really wanting that data :)
Related
I'm looking for preferably a device, but I'll settle for an application. I'd like to get an idea of what is out there. Something just to get a total count from what computer, And maybe by common ports.
I'm not looking for a detailed reporting like wireshark, unless wireshark can do summaries and be running for a whole month without issues.
Essentially, I just want an idea of where my monthly bandwidth is going and by what computers / devices. I.e. computer A does a lot of website traffic, computer B gets a lot of steam downloads, device C has got some virus setting out on an unknown port. Now to be clear, I would only know that Device C has some virus on it as the logs would show either lots of bandwidth on a unknown port which then gets be to investigate.
Being able to ignore / filter any traffic that stays behind the router would be nice. This computer as of this post has over a gig of traffic, but mostly to the networked drive I have, I'm really only interested in what uses internet bandwidth, and who's using it... and if possible, what it is.
If you ask for some tools,maybe google/superuser is better for you.
If you ask how to program, you can use Raw Socket.
RawSocket is able to work as network sniffer. So you can get your networking bandwidth using.
Are there any libraries which put a reliability layer on top of UDP broadcast?
I need to broadcast large amounts of data to a large number of machines as quickly as possible, and generally it seems like such a problem must have already been solved many times over, but I wasn't able to find anything except for the Spread toolkit, which has a somewhat viral license (you have to mention it in all materials advertising the end product, which I'm not sure our customer will be willing to do).
I was already going to write such a thing myself (because it would be extremely fun to do!) but decided to ask first.
I looked also at UDT (http://udt.sourceforge.net) but it does not seem to provide a broadcast operation.
PS I'm looking at something as lightweight as a library - no infrastructure changes.
How about UDP multicast? Have a look at the PGM protocol for which there are several commercial and open source implementations.
Disclaimer: I'm the author of OpenPGM, an open source implementation of said protocol.
Though some research has been done on reliable UDP multicasting, I haven't yet used anything like that. You should take into consideration that this might not be as trivial as it first sounds.
If you don't have a list of nodes in the target network you have no idea when and to whom to resend, even if active nodes receiving your messages can acknowledge them. Sending to a large number of nodes, expecting acks from all of them might also cause congestion problems in the network.
I'd suggest to rethink the network architecture of your application, e.g. using some kind of centralized solution, where you submit updates to a server, and it sends this message to all connected clients. Or, if the original sender node's address is known a priori, then just let clients connect to it, and let the sender push updates via these connections.
Have a look around the IETF site for RFCs on Reliable Multicast. There is an entire working group on this. Several protocols have been developed for different purposes. Also have a look around Oracle/Sun for the Java Reliable Multicast Service project (JRMS). It was a research project of Sun, never supported, but it did contain Java bindings for the TRAM and LRMS protocols.
im looking for a way to detect, and capture data being sent TO and FROM a specific program, ive attempted to use something like wireshark but it all seems to be a bunch of nonsense to me, so i was wondering if anybody could help me get the data, translate it into text, to allow for editing, and then to resend the new edited information on its way.
Look for Capture TCP stream feature/menu item in Wireshark.
Edit: It's actually Follow TCP Stream.
Wireshark is definitely the way to go. It'll capture the data going to a specific port (which you can probably correlate to a the program fairly easily). I hope this isn't happening over SSL though (wireshark isn't going to help you much if it is).
But if you have to reverse engineer the server's communication protocol, capturing the network packets is the least of your problems. Reverse engineering is difficult and can be fairly error prone as it's often based on guess work. My suggestion is to do this as a last resort: if the server is intended to communicate with the outside world, there's probably some protocol documentation floating around somewhere that will be much more reliable than a wireshark trace.
I found Jpcap, however it only meets half my requirements - it does not allow me to block packets, as stated in the FAQ. I would prefer a cross-platform (Windows, Mac, Linux) solution, but if one does not exist, OS-specific solutions would be acceptable.
My goal is to, under certain conditions, block access to certain Internet and network resources by finding out where the packets are going and blocking the ones that meet specific criteria, regardless of how the resource was accessed. Perhaps I'm going about this the wrong way, so any advice would be appreciated.
My goal is to ... block access to certain Internet and network resources by ... blocking [packets] that meet specific criteria, regardless of how the resource was accessed.
that's only doable in the kernel, and as such is completely platform-specific.
There is also the libpcap, but I'm not sure it will exactly do what you're looking for ...
according to the sourceforce page:
libpcap is a system-independent interface for user-level packet capture. libpcap provides a portable framework for low-level network monitoring. Applications includenetwork statistics collection, security monitoring, network debugging, etc.
I have just started writing socket programs. Came to know that single UDP packet has source port destination port and some MAC address representing router..etc. I wonder why anybody cannot create custom packets with a fake information in and send it over internet. I would like to know how safe are our PCs. What should be done to secure it ?
There are a couple of different aspects to the answer.
One is that the web relies on TCP, not UDP. Which means that it is connection-oriented. Your package will be rejected, unless it appears to be part of an existing connection (which means, among other things, that it has to have the right source IP and port as well. And it has to have the right sequence number to fit into the receive window). This can still be faked without too much trouble, of course. But it does require you to know a bit about the packets being sent on the original connection.
Another part is that whenever we need to be sure that the sender of a packet is who they claim to be, we use encryption. :)
Most packets don't really need this. It's not a huge deal if someone sends a request to Google which appears to come from my IP. But when making credit card transactions, it becomes a bit more important.
Most of the TCP/IP stack "leaks trust", as I once put it -- and there isn't much that you, as a software developer (assuming you're looking for a programming solution, otherwise, stackoverflow's the wrong forum, go to serverfault or superuser;-) can do about it -- beyond choosing and carefully implemented protocols that are reasonable in terms of security expectation.
HTTPS (with strong checks of certificates, etc) is one reasonably strong approach; for stronger security, look into SSH and VPN-based approaches. Of course, nobody should assume privacy or strong authentication is in place unless they've taken specific steps towards it (if they HAVE taken such steps, they may be still subject to successful attacks, which is why using existing, more or less "proven" solutions such as HTTPS, SSH, VPNs, is advisable;-).
Yes, anyone can create packets with whatever data they want and send them out over the internet. Especially with UDP, you can pretend to be anyone you want (unless your ISP does egress filtering). Source addresses for UDP cannot be trusted. Source addresses for TCP can to an extent (you know the data has to be coming from the IP address in question, or someone along the route).
Welcome to the internet :)
Edit: just to clarify egress filtering is something the sending ISP would have to do. As a reciever, there's not really anything you can do to verify the address on a UDP packet without communicating back to the sender. The only reason you can at least partially trust an incoming TCP connection is that TCP requires certain control data flow back to the sender (and hence needs a valid IP address/port to set the connection up and maintain it).
Well, many many people create invalid packets and send them over Internet; for instance, read Ping of death.
A [completly] secure computer is a computer turned off. To make your running PC more secure from this thread kind, you should rely on firewall softwares/hardwares, which can detect that malformed packets.
Custom packets with fake information can easily be created. Therefore you have to make sure you're not vulnerable to them.