WIXLIB

International Journal of Computer Applications (0975 – 8887)Volume 181 – No. 32, December 2018SPA: A Smart Packet Analyzer for Network TrafficAnalysis on SmartphonesDilip SinghAnkit Kumar SinghShabnam SharmaChandan PrasadAjeenkya D Y PatilUniversity, PuneAjeenkya D Y PatilUniversity, PuneiNurture EducationSolutions, BangaloreAndroid FacilitatorTata Strive, PuneABSTRACTThe intensifying growth of the internet and machinerywhether its mobile or computer technology has broughtcountless good and proficient things for people such as Ecommerce, E-mail, Cloud Computing, Data Sharing,Application and many more but there are also a dark andunseen sides of it such as Network Hacks, Computer hacks,Mobile Breach, Backdoors etc. In today’s era, Cybercrimebeen one of the communal practices made by the computerspecialists and is growing swiftly in numbers. Networkmonitoring performance of mobiles or computer are becomingincreasingly significant for the security protection withintoday’s organizational, ISP and carriers. There are thenumerous tools which are available for network analysis,packet analysis such as Wireshark, Netresec, Termux. In thispaper propose system is about an application idea throughwhich user can analyze the network traffic, detect maliciouspacket, MAC spoofing, ARP spoofing, protocol filtering.Which will assist the user to identify the malicious packet thatcan cause damage to user’s assets.KeywordsAndroid, Network Monitoring, Packet Analysis, Termux,Wireshark.1. INTRODUCTIONThe usage of internet via mobile phones has already exceededthat of PC. In the meantime, the security problem of mobilephone and by mobile phone has become a general concern ofthe industry. Nowadays hackers are increasingly targetingmobile devices to perform various malicious through variousmobile application, Phishing, Social Engineering.Thepervasiveness of mobile devices mounts great pressure on today’s network security infrastructures. Just like other desktopor web applications, mobile apps are supposed to be under themonitoring and safeguard of the security systems insideenterprise, ISP or carriers. Particularly, with the risk ofpotentially-harmful apps (PHAs) [24] [21] [22] on the growth,there is a robust demand for identifying them at the networklevel, using the anti-malware systems deployed by individualorganizations or mobile carriers (through their ManagedSecurity Services [23]). Smart analyzer will detect themalicious packet, applications in network by simply usingpacket filter technique. Smart analyzer provides user friendlyenvironment to user, to revel the risk in an existing network.1.1 Network Monitoring & AnalysisNetwork monitoring is a tough and challenging task that is avital part of a Network Administrators job. NetworkAdministrators are repetitively pushy to maintain smoothprocess of their networks. If a network were to be down evenfor a slight period of time, throughput within a companywould decline, and in the case of public service divisions theability to provide vital services would be compromised. Inorder to be upbeat rather than volatile, administrators need tomonitor traffic movement and performance during thenetwork and verify that security fissures do not occur withinthe network.1.2 Packet AnalyzerA packet analyzer is also identified as a network analyzer,protocol analyzer or packet sniffer or for specific categories ofnetworks, an Ethernet sniffer or wireless sniffer. It is acomputer program that can capture and log traffic that passesover a digital network or portion of a network. As datastreams flow transversely the network, the sniffer captureseach packet and, if needed, decodes the packet's raw data,showing the values of various fields in the packet, andanalyses its content.1.3 Network Packet Analyzer1.3.1 WiresharkIt is a free and open source packet analyzer. It is used unications protocol development, and education.Formerly named Ethereal, the project was renamed Wiresharkin May 2006 due to trademark issues.1.3.1.1 The following are some of the manyfeatures Wireshark providesi.Existing for UNIX and Windows.ii.Capture live packet data from a network interface.iii.Open files containing packet data captured withtcpdump/WinDump, Wireshark, and a number ofother packet capture programs.iv.Import packets from text files containing hex dumpsof packet data.v.Display packets with very detailed protocolinformation.vi.Save packet data captured.vii.Export some or all packets in a number of capturefile formats.viii.Filter packets on many criteria.ix.Search for packets on many criteria.1.3.2 Netresec Network Miner Packet TracerNetresec is an autonomous software vendor with emphasis onthe network security field. This software is used for networkforensics and analysis of network traffic. The most eminentproduct is NetworkMiner, which is accessible in aspecialize0d as well as free open source version. They alsodevelop and preserve other software tools, such as CapLoader(for big pcap files) and RawCap (a lightweight sniffer).NetworkMiner is a Network Forensic Analysis Tool (NFAT)for Windows (but also works in Linux / Mac OS X /28

International Journal of Computer Applications (0975 – 8887)Volume 181 – No. 32, December 2018FreeBSD). It makes it easy to perform advanced NetworkTraffic Analysis (NTA) by providing mined artifacts in anintuitive user interface. The way data is obtainable not onlymakes the analysis simpler, it also saves valuable time for theanalyst or forensic investigator.1.3.2.1 Features in Netresec Network Mineri.ii.iii.iv.v.vi.vii.viii.Obtainable for Windows only.Capture live packet data from a network interfacebut not able to save the packets in any format forlater use, it can analyses any packets file which issaved by any other software, then it can analyses thefile only.Open files containing packet data captured.Wireshark, and a number of other packet captureprograms.Export results to CSV / Excel / XML onlyDisplay packets with protocol information.Can’t filter packets on many criteria.No search for packets on many criteria.Colorize packet display based on filters but only onpaid version.1.4 TermuxTermux is an android terminal emulator and linuxenvironment application that works directly without rootingandroid device. A nominal base system is installed inevitably,supplementary packages are offered to download using theAdvance Package Tool (APT) package manager. It is apowerful terminal emulation with a wide-range of linuxpackage collection. Pcap stands for “packet capture”. Aacquired file saved by Wireshark in the .pcap format. This filecan be read by applications that recognize that format, such astcpdump.1.4.1 Features of Termuxi.ii.iii.iv.v.User can edit the files using nano and vim.User can connect to server over SSH.It provides ability to compile code using gcc andclang.It also provides git cloning.Works only on android with command interface.1.5 Android OverviewAndroid is a mobile operating system developed by google,based on a modified version of the Linux kernel and otheropen source software[26]. The Linux kernel locates in thelowest layer of android system, while the Applications locatein the top layer. Android Applications can be written inKotlin, java or C languages. The Android SDK toolscompile code along with any data and resource files into anAPK, an Android package, which is an archive file with an.apk suffix[25]. Every Android App runs in its own Linuxprocess, and it secured by permissions and security sandbox.Each process has a unique user identifier (UID) and its ownvirtual machine (VM), so an App’s code runs in isolationfrom other Apps. One android App comprises of four kinds ofcomponents: Activities, Services, Broadcast receivers andContent providers. Each kind has a different purpose and canby interconnect through Intent [27].2. LITERATURE SURVEYThe goal of packet sniffing is to monitor network resources todetect anomalous behavior and misuse. This idea has beenaround for nearly 20 years but only recently has it seen adramatic growth in popularity and incorporation into theoverall information security infrastructure. Beginning in 1980,with James Anderson’s inspiring paper [1], written for agovernment organization, familiarized the notion that audittrails contained vital information that could be treasured intracking misuse and thoughtful user behavior. His work wasthe flinch of host-based intrusion detection and IDS inuniversal. In 1988, the Haystack project [2] releasedadditional variety of intrusion detection for the US Air Force.This project shaped an IDS that analyzed audit data byequating it with defined patterns. In a conference, CrosbyMarks, a prior Haystack Project team member and HaystackLabs employee said that,” searching through this large amountof data for one specific misuse was equivalent to looking for aneedle in a haystack.” In 1990, Heberlein [3] introduced theawareness of network intrusion detection. Haystack Labs wasthe initial commercial vendor of IDS tools, with its Stalkerline of host-based products. Nonetheless, commercialintrusion detection systems technologically advancedgradually during these years and only truly blossomedtowards the latter half of the decade. In the last two decades,several network traffic classification techniques [4] [5] havebeen proposed to classify unknown classes. The primary oneis Port Based Technique. It is a great technique for networktraffic classification / identification. This practice includes aport, which is firstly registered in Internet Assign NumberAuthority (1ANA) [6]. Though, this system failed due toincrease of Peer-to-Peer applications (P2P) in [7], which usedynamic port numbers. Dynamic port number meansunregistered number with Internet Assign Number Authority(1ANA). Then second, one is Payload Based technique. Thistechnique gives accurate results in network trafficclassification. This practice is Deep Packet Inspection (DPI).Though, the problem is that it cannot be used for encrypteddata network applications as several network applications useencrypted methods to protect data from detection. Therefore,this practice also failed due to use of encrypted flow ofapplications. Thereafter, the researchers proposed anothermethod called Machine Learning Technique (ML) tocategorize internet traffic as well as to know what type ofapplications flow in the network. Machine LearningTechnique gives very capable accuracy results in networktraffic classification. This practice is based on training andtesting data sets to categorize unknown network classes. Inpaper [8] author defines the routing protocols using sameOpponent software while they considered point to pointthroughput, querying delay and convergence time to comparethe protocols. They both suggested EIGRP protocols for finestchoice. In paper [9] they study performance of Virtual privateLan service network using Kerberos-enabled protocols(alternative authentication protocols) to degree the throughputvalue with respect to Normal VPLS network using Wiresharksoftware IO graph. However, some other parameters likeDelay, time factor, transmission efficiency is also important toprecisely degree the concert of an authentication protocols inVPLS network. In paper [10] evaluated the routing protocolswhile they also measured combined routing protocolsperformance in IPv6 network using iperf software whichmeasured the throughput, jitter and packet loss value in asame network’s platform. In the paper [11], author scrutinizedthe performance of Ipv4 and Ipv6 when routing protocolshave been utilized in both Ipv4 and Ipv6 virtual networksusing GNS3.In this survey conclude that the Smart Analyzerapplication offers all those features which are not obtainableby existing applications as shown in fig.1 given below:29