a

Passive Distributed Network Analysis Using Remote Packet Capture In Java

Thomas C.A. Judge

Year of Study: 2004-5

Supervisor: Daniel Spooner

Copyright ©2005 Thomas C.A. Judge

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the following Invariant Sections: "Introduction", "Assessment of the project", "Notes from SourceFire Seminar", "Conclusion", one Front-Cover Text: "Passive Distributed Network Analysis Using Remote Packet Capture In Java", no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

a

Abstract:

Intrusively monitoring the activity on a network can add extremely large load to a server, for example monitoring the web sites that users on a LAN visit without having the overhead of running a transparent proxy server. Another example would be to monitor the conversations that people on a LAN are having with the outside world via some form of instant messaging application (i.e. MSN Messenger). Both of these processes would traditionally require a proxy server to intercept the content of messages/pages between the source and the destination, adding extra overhead to systems that could be utilised else where in the organisation. By monitoring this content in a passive fashion it is possible to monitor systems without touching or reconfiguring them.

Keywords
Network, Packet Capture, IP, TCP, UDP, Analysis, Distributed