Transcript Communications Sniffer - ECE Users Pages

Communications Sniffer
Ed Paradise, Rob Lingle, Todd Hoffenberg,
Henry Barnes, Robert Brooke
Senior Design Proposal
ECE4006D Internetworking Design
Georgia Institute of Technology
Fall 2002
Proposal Overview
Introduction
 Project Organization
 Design Details
 Project Challenges
 Product Verification

Intro - Concept
Sniffing e-mail from network traffic
 Used to search for specific
threatening keywords
 Valuable to police organizations

Intro – Product
Back end – retrieve packets and
piece them together
 Database – store packets
 Front end – web-based access to
database

Intro – Competing Products

Carnivore


FBI use - intercepts large volumes of email
Data handled differently
Etherpeek
Admin.
use - capture packets of data from
many different sources
• AIM, Real Networks, Windows Media Player,
Yahoo! Instant Messenger, and MSN Messenger
Lacks
database features
Project Organization
Communications Sniffer
Sniffer Python Code
MySQL Database
PHP GUI
Sniffer Python Code: Ed, Rob, Hank
MySQL Database: Todd, Bobby, Hank
PHP GUI: Todd, Bobby
Project Organization
Week
Sniffer Task
4
Database/GUI Task
Preliminary GUI design
5
Architecture
Meet to discuss database organization
6
Architecture
Set up database and code search/scoring algorithm
7
Basic SMTP capture
Run tests to ensure algorithms are fast enough for high traffic
8
Advanced SMTP
Work on GUI/database interface
9
Basic POP capture / Python-MySQL Database
Work on GUI/database interface
10
Advanced POP
Work on GUI/database interface
11
Basic IMAP
Finishing touches/help database
12
Advanced IMAP
Work on security/SSL connections to interface
13
Testing
Work on security/SSL connections to interface
14
Interoperability of features with database/GUI
Testing/Additional Features
15
Interoperability of features with database/GUI
Testing/Additional Features
16
Documentation and paper
Testing/Additional Features
Design Details - Sniffer

Ideas: Ethereal, tcpdump, Sniffit

None written in Python
Translate
Starting
Tasks
code for tailored needs
point: Pylibpcab (sniff.py)
of code
Differentiate
emails from other traffic
Reassemble email
Design Details – Database/GUI

GUI is web-based


HTML
PHP interface to database
Email
separation
By
e-mail address
Scoring system for “offensive” emails –
separate table
GUI
highlights
Only
brief header information shown initially
Body, full header, etc. available on request
Design Details - Database
MySQL Database
E-mail address list
E-mail Storage Unit
E-mail address 1
E-mail address N
Scored e-mails
Scoring Rules
GUI config/help
Back-end table
Intermediate sorter table
GUI table
Back-end + sorter table
Sorter + GUI table
Challenges - Sniffer
Sorting messages from multiple
users
 Multi-packet messages
 Email attachments

Challenges – Database/GUI

PHP/Python Interface

Manipulation of filters during operation
Product Demonstration

Small network required
Mail server (Linux)
 “Listening post” system (Linux)

• System with communications sniffer
software package

End-user system (OS TBD)
Product Verification
Reconstruct single-packet messages
 Reconstruct multi-packet messages
 Reconstruct attachments
 Handle different protocols:

SMTP
 IMAP
 POP3
