1 / 39

Implementation of a JAVA-based tool for Protocol Analysis, Network Diagnose, and Data Reassembly Advisor

This research implements a system that provides protocol analysis, network diagnosis, and data reassembly capabilities, along with information retrieval and recovery from captured data packets on networks.

saml
Download Presentation

Implementation of a JAVA-based tool for Protocol Analysis, Network Diagnose, and Data Reassembly Advisor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. JPANDDR-Implementation of a JAVA based tool for Protocol Analysis, Network Diagnose, and Data Reassembly Advisor: Dr. Kai-Wei Ke Speaker: Jaw-Woei Ma Date:2007 07/28

  2. Outline • Introduction • Protocol • JPANDDR • Test Result • Conclusions • Future Work • References • Demo

  3. Introduction • JAVA • JVM • Object-Oriented • Mobility (Byte Code) • Support Network Programming • JPANDD is based on JAVA programming language

  4. Introduction • JAVA API • Application Programming Interface • Reuse and Extend • Easy and fast to implement • JPANDDR uses JMF and JPcap Java 2的三大部份主要的API

  5. JMF • Java Media Framework • enables audio, video and other time-based media to be added to applications and applets built on Java technology • JMF API 可分為兩部份 : 單純的 JMF 及架構在 RTP 上的JMF 。

  6. JMF • JMF Process Model

  7. JPcap • Java Package for Packet Capture • allows Java applications to capture and/or send packets to the network • based onlibpcap/winpcap and Raw Socket API

  8. JPcap • JPcap Process Model

  9. JPcap • Network Interface : represents a network interface • Jpcap Captor : capture packets or read packets from a captured file • Jpcap Sender : send packets • Packet : This is a root class of all the packets captured by Jpcap

  10. Protocol • TCP • Transmission Control Protocol • Connection-Oriented • Reliable transmission • Flow Control and Congestion Control • ACK and Retransmission

  11. Protocol • TCP Header Format

  12. Protocol • Three-Way Handshake Diagram

  13. Protocol • FTP • File Transfer Protocol • 2 TCP connection • Port 21 for control • Port 20 for data

  14. Protocol • FTP command

  15. Protocol • SIP • Session Initiation Protocol • Client/Server Mode • Request/Response Message

  16. Protocol • Session Establishment System Sequence Diagram

  17. JPANDDR • JAVA for Protocol Analysis, Network Diagnose, and Data Reassembly • Network Protocol Analyzer • Based on JAVA • JPcap and JMF API

  18. JPANDDR • Function - 1 (1) Capture Packets and Header Analysis (2) Protocol Analysis (3) Packet Handshaking (4) Protocol Statistics and Analysis

  19. JPANDDR • Function – 2 (5) Data Reassembly and Replay (6) Network Debug and Diagnose (7) Make up Packets (8) Additional Function

  20. JPANDDR • System Architecture • Packet Maker Subsystem • Protocol Process Subsystem • Network Diagnosis and Debug Subsystem • Additional Function Subsystem

  21. JPANDDR • Subsystem • Protocol Process Subsystem - Analytic Processor

  22. JPANDDR – Data Reassembly and Replay • FTP Data Reassembly • For Stream Mode • Remove Packet Header • Packet Reorder and Reassembly

  23. JPANDDR - Data Reassembly and Replay • pseudo Code

  24. JPANDDR - Data Reassembly and Replay • VoIP Data Reassembly • RTP Transmission • For PCM encode

  25. JPANDDR - Data Reassembly and Replay • PCM decode (1/2)

  26. JPANDDR - Data Reassembly and Replay • PCM decode (2/2)

  27. JPANDDR - Network Diagnose • ICMP Echo Request • Parse information in “ICMP Echo Replay” • TCP/IP協定測試 – 127.0.0.1 • 網卡測試 - IP • 自動搜索網段鄰居 – xxx.xxx.xxx.1~253 • 連外路由器(Gateway)測試 – xxx.xxx.xxx.254 (default) • DNS伺服器測試 – 168.95.1.1 (default) • ping Internet上某一主機的網址– www.google.com

  28. JPANDDR - Network Diagnose

  29. Test Result - Network Diagnose • Network Diagnose Report

  30. Test Result - Network Diagnose • Two test Result (1) No IP (2) No gateway

  31. Test Result - Data Reassembly and Replay • Use LeapFTP • Stream Mode

  32. Test Result - Data Reassembly and Replay • Sample Rate - 8kHZ • Sample Bits - 16bits • Little Endian • .wav file

  33. System Compare • Sniffer、ClearSight與Ethereal,其中又以Ethereal最為被廣泛使用 • JPANDDR – Network Protocol Analyzer • Ethereal – Network Packet Analyzer

  34. System Compare

  35. Conclusions • This research implements a system that provides not only the basic function such as protocol tracking、monitoring and analyzing network diagnosis capability ,but also information retrieval and recovery from the captured data packets on the networks.

  36. Future Work JPANDDR • 無線網路協定的擴充 • IPv6協定的擴充 • 還原語音編碼格式的擴充 Goal: The world’s popular network protocol analyzer

  37. References • http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html • http://java.sun.com/products/java-media/jmf/reference/api/index.html • http://www.ethereal.com/

  38. Demo

More Related