DECLARATION

We hereby declare that this submission is our work towards the award of Higher National
Diploma in Information Communication Technology and that, to the best of our knowledge, All
that is in this report was researched and compiled by us. We did not copy and no one copied our
work.

ATTAH SYLVESTER ……………………………… ………………………………….

0320080187 Signature Date

ASIGBEY FAVOUR ABRA ……………………………… ………………………………….

0320080234 Signature Date

BOADZIE JEMIMAH ……………………………… ………………………………….

0320080135 Signature Date

SESHIE GODWIN ……………………………… ………………………………….

0320080217 Signature Date

 Certification

Certified by:
GBEDAWO VICTOR ……………………………… ………………………………….

SUPERVISOR Signature Date

Certified by:
ADOLPH ADU ………………………………
………………………………….

HEAD OF DEPARTMENT Signature Date

 ABSTRACT
The project aimed to develop a network packet sniffer that works by managing and monitoring
of packets that are communicated over the network using a network. Network packets contain a
lot of useful information about network activity that can be used as a description of the general
network behavior. Network packet sniffers became a useful tool for system and network
administrators to capture such kind of network information. In this report, an implementation of
java packet capture library, a popular network java library, is described. This fully configurable
tool concentrates particularly on its flexible input and output options so that it can easily be
incorporated into a network to perform more complicated tasks, such as real-time online or
offline network monitoring and management.
LIST ACRONYMS
UDP Unified Datagram Protocol
TCP Transport Control Protocol
ICMP Internet Control Message Protocol
ARP Address Resolution Protocol
JPCAP Java Packet Capture
JDBC Java Database Connectivity
SQL Structured Query Language
GUI Graphical User Interface
JDK Java Development Kit
NIC Network Interface Card
CHAPTER ONE:
Introduction
In the modern society, computers are no longer treated as stand-alone machines, instead they are
communicating to share resources and data through computer networks. Network packets are
units of data traveling in these computer networks, and they carry all the important information
from its source to its final destination. There is a large amount of personal, commercial
activities on the network and security is becoming of great importance because of the
internet. System and network technology is a key technology for wide variety of applications.
Security is crucial to networks and applications. Although, network security is a critical
requirement in emerging networks, there is a significant lack of security methods that can be
easily implemented to maximize its utilization.
Over the recent years the world has seen a subsequent growth in internet penetration rate.
According to internet world stat, the global internet penetration rate is 53% which continues to
grow. With such growth, packet sniffers are extensively used to analyze and screen the network
(Chen et al, 2018).

Network sniffing is a network layer attack consisting of capturing packets from the network
transmitted by other computers and reading the data content in search of sensitive information
like passwords, session tokens and confidential information. This could be done using tools
called network sniffers; these tools collect packets on the network and, depending on the quality
of the tool, analyze the collected data like protocol decoders or stream reassembling.

A packet sniffer sometimes called a network analyzer, protocol analyzer or sniffer or Ethernet
sniffer or wireless sniffer (Wu, 2022), is a computer program or a piece of computer hardware
that can intercept and log traffic passing over part of a network (Chen, 2019).
Background
Electricity Company of Ghana, Ho Regional Office is located at Ho-Bankoe, directly opposite
SIC Regional Office. It is a private/government owned Company, which specializes in power
distribution. ECG was incorporated in 1963 and became a limited company when shares were
first sold in the firm in February 1997. However the company is still owned by the government.

Recent interest in security was fueled by the crime committed by Kevin Mitnick who committed
the largest computer‐related crime in U.S. history (Smith et al, 2019). The losses were eighty
million dollars in U.S. intellectual property and source code from a variety of companies (Smith
et al, 2019). Since then, information security came into the spotlight. Electricity Company of
Ghana, Ho Regional Office has got Information technology policy which manages all the
Information technology assets under which there is the network resources which are utilized by
all staffs who in the long run violate the policy.
Problem Statement
With the increasing number of interest in network security, the responsibility of network
monitoring has increased for network and security professionals. They are highly dependent
upon the traditional packet sniffer tools like Wire shark, tcp dump. However, the data provided
by such tools is very large and sometimes even network professional have difficult time to filter
and get the required result. Also, these industry standard tools require sound knowledge of
networking protocols which makes them unsuitable for laymen and end users.

As technology is advancing, Electricity Company of Ghana has adopted the use of networks to
ease the sharing of data and other resources. However they have faced a challenge and a very
fundamental threat of denial of service (DOS) where the network is slowed down due to
irrelevant usage by selfish staffs. This results into slow internet connection therefore it called for
an investigation on how the network is utilized, how to analyze and manage network traffic thus
improving the efficiency of the network.
Aim and Objectives
Aim
The purpose of this project is to come up with a Network Packet Sniffer which will help in
controlling, monitoring and managing both wired and wireless Electricity Company of Ghana,
Ho Regional Office networks thus increasing or improving its efficiency.
Objectives
i. To investigate the current network analyzer tools used at Electricity Company of Ghana,
Ho Regional Office.
ii. To design a prototype of a Network Packet Sniffer.

iii. To implement the prototype of the application.

iv. To test and validate the prototype.

Significance
This project will improve on our skill of Network Security and System Analysis because it will
enable us to learn and it will shape us for the tasks ahead. This project is also a Partial
Fulfillment of the Requirements for the Award of the Higher National Diploma of Information
Communication Technology of Ho Technical University.

The importance of this project to the students of the University is that it will enable them to learn
more about the Network traffic analysis and this will also broaden their knowledge and skills
about networks and protocols.

The system developed will help reduce the problem of network misuse, overload during peak
hours since it shows the administrators the statistics of all the traffic over the network reducing
the chances of slow Internet connection.

The information running through networks is a valuable source of evidence for network
administrators to fish out intruders or anomalous connections. The need to capture this
information has led to the development of packet sniffers. A number of research works exist in
the development of packet sniffers. However, the search for the ideal packet sniffer continues.
The Network Packet sniffer will come with additional functionalities such as 3D pie charts, a
GUI and with little memory requirements. The Network Packet sniffer when installed in a
network will help monitor network traffic and keeps log of all connections to the network, which
is then analyzed for the detection of suspicious act.
Scope
The project target scope is Electricity Company of Ghana, Ho Regional Office network
environment where the users of the network are over one hundred.

The information running through networks is a valuable source of evidence for network
administrators to fish out intruders or anomalous connections. The need to capture this
information has lead to the development of packet sniffers. A number of research works exist in
the development of packet sniffers. However, the search for the ideal packet sniffer continues.
Packet sniffer will come with additional functionalities such as 3D pie charts, a GUI and with
little memory requirements. Packet sniffer when installed in a network will help monitor network
traffic and keeps log of all connections to the network, which is then analyzed for the detection
of suspicious activities.

However, the proposed network packet sniffer does not block attacks or malicious activities.
There is no possibility of automatic network control.
Limitation
Packet sniffing to be validated as an illegal activity and is usually defined by the strict corporate
or company policy which is to be complied with. Majority of institutions in the market will
absolutely ban the activity unless the job role ultimately requires it (Gupta et al, 2019).

Working in the vast area of packet manipulation generally is contingent upon the live monitoring
of real time network traffic. Variations of the development observed in this field are developed
or reassured only when such real time actual traffic is considered to be included. Privacy is
always given a competitive level of importance especially nowadays when the whole social
media paradigm has become an inseparable part of our daily lives, and majority of academic
researchers are inclined to consider about how to approach their research to minimize intrusions
to privacy. Usually this is accomplished by throwing off various technical jargons and building a
very vague and unclear line between the two case “private and public”. Some of the measures
that are used to justify the research are as follows (Kim et al, 2018);

 “It’s my network, so I can do whatever I want.”

 “The network wiretapping laws have an exception for academic research.”
 “Packet sniffing is legal so long as you filter out data after the 48th (or 96th or 128th)
byte.”
 “Capturing content may be illegal, but capturing non- content is fine.”
 “We’re not breaking the law because we’ve anonymized the data.”
Organization
To organize a packet sniffer study, we need to decide on some factors such as:

 The purpose and scope of the study.

 The type of packet sniffer we will use (software or hardware).
 The location and method of capturing packets (physical connection or wireless).
 The encryption and security measures for the data.
 The analysis and reporting tools for the results.
 The main goal for conducting a packet sniffer study.
CHAPTER TWO: LITERATURE REVIEW
Introduction
Literature review is a process to search, collect, analyze all concluded debates and issues raised
in the work that has been done in the past. It also provide the examples, case studies and other
relevant work that has been done by other people in the past, it gives the chance to investigate
areas and read the subject that users may not have thought about before.

2.1 Review of Related Works

A packet sniffer, also known as a network sniffer or packet analyzer, is a tool used to capture and
analyze network traffic passing through a specific network interface. Researchers have
extensively studied packet sniffers for various purposes, including network security, performance
analysis, and network troubleshooting (Zhang et al, 2018). Here is an overview of some common
themes and notable research works in the area of packet sniffing:
1. Network Security:
 Researchers have explored packet sniffers as a means of detecting and preventing
various network attacks, such as intrusion detection systems (IDS) or intrusion
prevention systems (IPS).
 The use of packet sniffers in identifying suspicious patterns, malware signatures,
and traffic anomalies has been a significant focus.
2. Privacy Concerns:
 Studies have addressed privacy issues related to packet sniffing, particularly
regarding the potential for sensitive data exposure during network analysis.
 Research has looked into techniques to anonymize or sanitize captured data to
protect user privacy.
3. Network Performance Analysis:
 Packet sniffers have been utilized to monitor network performance, including
bandwidth utilization, latency, and packet loss.
 Researchers have proposed methods to optimize network performance based on
the insights gathered from packet sniffing data.
4. Network Protocol Analysis:
 Many research works have focused on the analysis of specific network protocols
using packet sniffers to identify vulnerabilities or inefficiencies.
 Protocol-specific sniffers have been developed to dissect the intricacies of
protocols like TCP, UDP, HTTP, etc.
5. Traffic Classification and QoS:
  Packet sniffers have been employed in traffic classification to distinguish between
different types of applications or services (e.g., video streaming, file transfer) for
Quality of Service (QoS) purposes.
 These works aim to improve network performance by prioritizing specific types
of traffic.
6. IoT and Industrial Control Systems (ICS) Security:
 Researchers have explored the use of packet sniffers to detect and analyze
security threats within IoT devices and industrial control systems (Chetty et al,
2019).
 Understanding the communication patterns in these systems helps to identify
potential vulnerabilities and enhance security measures.
7. Wireless Networks:
 Packet sniffers have been adapted for wireless networks to analyze Wi-Fi or
Bluetooth traffic.
 Research in this area often focuses on security vulnerabilities specific to wireless
communication.

2.2 Review of Related Systems

The fundamental concepts and notable related systems are below:
1. Wireshark: Wireshark is one of the most popular and widely used packet sniffing tools. It
supports capturing and analyzing network traffic on multiple platforms and provides an
extensive range of features for dissecting and examining packet data. Wireshark offers
powerful filtering and search capabilities, making it a versatile tool for network analysis
(Zhang et al, 2018).
2. tcpdump: tcpdump is a command-line packet sniffer available for Unix-like systems. It
captures network traffic and displays packet-level details in real-time or saves them to a
file for later analysis. Tcpdump is highly configurable and allows users to apply filters
based on various criteria, such as source or destination IP addresses, port numbers, or
protocol types (Chen et al, 2019).
3. Microsoft Network Monitor: Microsoft Network Monitor is a Windows-based packet
capturing and analysis tool. It offers real-time monitoring of network traffic, including
support for capturing and analyzing wireless network packets. Network Monitor provides
detailed information about protocols, network conversations, and performance statistics,
enabling efficient troubleshooting and analysis.
 4. Tshark: Tshark is a command-line version of Wireshark, designed for terminal-based
packet analysis. It shares many features with Wireshark and provides a flexible and
scriptable environment for capturing and dissecting network traffic. Tshark supports
various file formats and can analyze captured packets or read data from previously
captured files.
5. Ettercap: Ettercap is a comprehensive suite for network monitoring and analysis. It
combines packet sniffing capabilities with various network security features, such as
ARP spoofing, man-in-the-middle attacks, and protocol analysis. Ettercap is primarily
used for network security assessments, including detecting and preventing various
attacks.
6. NetworkMiner: NetworkMiner is a network forensic analysis tool that specializes in
capturing and parsing PCAP files. It extracts valuable information from captured packets,
such as hostnames, operating systems, and open ports, and organizes the data into a user-
friendly interface. NetworkMiner aids in reconstructing network events and investigating
security incidents.
7. Capsa Network Analyzer: Capsa is a commercial network analysis tool with a focus on
real-time monitoring, troubleshooting, and security analysis. It provides a comprehensive
set of features, including packet capturing, protocol analysis, network performance
monitoring, and customizable dashboards. Capsa supports both wired and wireless
network analysis and offers advanced visualizations for easy data interpretation (Zhang et
al, 2018).

2.2.1 Features
Here are some key features related to packet sniffer systems:
1. Packet Capture: A packet sniffer should be able to capture network packets in real-time
from the network interface or a specific network segment. It should have the ability to
capture packets at a high speed and handle large volumes of network traffic.
2. Protocol Analysis: Packet sniffers are designed to understand and interpret various
network protocols, such as TCP/IP, UDP, HTTP, DNS, FTP, etc. They should be capable
of decoding and dissecting the packets to extract information about the protocols,
including headers, payloads, and any encapsulated data.
3. Filtering and Capture Options: Sniffers should offer flexible filtering options to capture
specific packets of interest. They allow users to define filters based on source/destination
IP addresses, port numbers, protocol types, packet sizes, and other criteria. Filtering helps
focus on relevant traffic and reduces the volume of captured data.
 4. Traffic Visualization: Many packet sniffers provide graphical representations of network
traffic, such as charts, graphs, and tables. These visualizations help in analyzing network
patterns, identifying anomalies, and troubleshooting performance issues.
5. Session Reconstruction: Packet sniffers often have the ability to reconstruct and display
complete network sessions by assembling individual packets. This feature is particularly
useful for understanding the flow of communication between different hosts and
applications.
6. Statistical Analysis: Sniffers can generate statistics based on captured packets, including
packet counts, packet size distributions, protocols usage, and network utilization. These
statistics assist in network performance monitoring and capacity planning.
7. Deep Packet Inspection (DPI): Advanced packet sniffers may support deep packet
inspection, which involves inspecting packet payloads for application-layer data. DPI
enables the identification and analysis of specific application protocols, such as HTTP,
SMTP, or VoIP, by looking beyond the protocol headers.
8. Intrusion Detection and Security Analysis: Packet sniffers can play a crucial role in
detecting network-based attacks and analyzing security incidents. They can identify
suspicious or malicious traffic patterns, flagging potential threats or vulnerabilities in the
network.
9. Export and Integration: Some packet sniffers allow exporting captured packet data in
various formats, such as PCAP (Packet Capture), CSV (Comma-Separated Values), or
JSON (JavaScript Object Notation). This facilitates integration with other network
analysis tools or storage systems.
10. Real-time Monitoring and Alerts: Sniffers may include real-time monitoring capabilities,
providing live views of network traffic and generating alerts for specific events or
conditions. This helps administrators respond quickly to network issues or security
breaches.
It's worth noting that the exact features and capabilities of packet sniffers may vary depending on
the specific software or hardware solution being used. Additionally, the use of packet sniffers
should always adhere to legal and ethical considerations, ensuring proper authorization and
privacy protection (Singh et al, 2021).

2.2.2 Benefits
Here are some key benefits of using packet sniffers:
1. Network Monitoring and Troubleshooting: Packet sniffers are invaluable for monitoring
and troubleshooting network issues. Researchers can use sniffers to capture and analyze
network packets in real-time, helping identify network performance problems, packet
 loss, bottlenecks, or misconfigurations. By examining the captured packets, researchers
can gain insights into network behavior and optimize system performance.
2. Security Analysis: Packet sniffers play a crucial role in network security research. They
allow researchers to detect and investigate security threats such as malware infections,
network intrusions, or data breaches. Sniffers can help identify suspicious traffic patterns,
analyze packet payloads, and uncover potential vulnerabilities in systems or applications.
This research can aid in the development of effective security measures and the creation
of more secure systems.
3. Protocol Analysis and Development: Researchers often use packet sniffers to study
network protocols, both existing ones and those under development. By capturing and
analyzing packets, researchers can gain a deep understanding of protocol behavior,
identify flaws, and propose improvements. This research helps in refining protocols,
ensuring compatibility between systems, and enhancing network communication
efficiency.
4. Performance Evaluation: Packet sniffers provide valuable insights into system
performance. By capturing packets, researchers can measure key performance metrics
such as latency, throughput, and packet loss. This data can be used to evaluate and
compare different network technologies, protocols, or configurations. Packet sniffers help
researchers fine-tune systems for optimal performance and scalability.
5. Network Traffic Analysis: Sniffers enable researchers to analyze network traffic patterns
and understand how data flows within a network. By examining packet headers and
payloads, researchers can identify trends, usage patterns, or anomalies. This analysis can
be helpful in areas such as network planning, traffic engineering, and capacity
management.
6. Application Development and Debugging: Packet sniffers assist in the development and
debugging of networked applications. By capturing packets exchanged between
applications and servers, researchers can analyze the communication process, identify
issues, and optimize application performance. Sniffers are especially useful for
diagnosing problems related to network protocols, data formatting, or compatibility
between different software components (Chen et al, 2019).

2.2.3 Drawbacks
While packet sniffers offer numerous benefits for research and network analysis, there are also
some drawbacks and potential challenges associated with their use. Here are a few drawbacks to
consider:
1. Privacy Concerns: Packet sniffers have the potential to capture sensitive and private
information transmitted over a network. This raises privacy concerns, as unauthorized or
unethical use of packet sniffers can lead to the interception of personal data, login
 credentials, or other confidential information. It is crucial to use packet sniffers
responsibly and ensure that appropriate security measures are in place to protect the
privacy of individuals.
2. Legal and Ethical Considerations: The use of packet sniffers can be subject to legal
restrictions depending on the jurisdiction. Unauthorized interception or monitoring of
network traffic can violate privacy laws, wiretapping regulations, or other legal
frameworks. Researchers must adhere to applicable laws and obtain necessary
permissions or consents before deploying packet sniffers.
3. Network Performance Impact: The act of capturing and analyzing network packets
introduces additional overhead to the network infrastructure. The continuous monitoring
and analysis of packets can consume network resources, potentially affecting the overall
network performance. Researchers need to consider the potential impact on network
bandwidth, latency, and system resources while deploying packet sniffers.
4. Complexity and Technical Expertise: Packet sniffers often require a certain level of
technical expertise to set up, configure, and interpret the captured data effectively.
Analyzing packet-level details can be complex, and researchers need to possess the
necessary knowledge and skills to make accurate interpretations and draw meaningful
conclusions from the captured data.
5. Encrypted Traffic Limitations: With the widespread adoption of encryption protocols
such as HTTPS, packet sniffers face limitations in analyzing encrypted network traffic.
While they can still capture encrypted packets, the payload is typically inaccessible
unless the researcher possesses the decryption keys. This limitation restricts the ability to
analyze the content of encrypted communications.
6. Network Segment Visibility: Packet sniffers typically operate in a specific network
segment or on a specific network interface. This means they can only capture and analyze
traffic within that limited scope. Researchers may need to strategically position multiple
sniffers across different network segments to achieve comprehensive visibility, which can
be challenging and resource-intensive.
7. Overwhelming Volume of Data: In large networks or high-traffic environments, packet
sniffers can generate an overwhelming volume of captured data. Analyzing and
processing such large datasets can be time-consuming and resource-intensive.
Researchers need to employ efficient data filtering, storage, and analysis techniques to
handle the vast amount of captured packets effectively (Santos et al, 2019).

2.3 Existing System

There are several well-known packet sniffing systems available today that are widely used for
network analysis and research purposes. Here are a few examples of popular packet sniffing
systems:
 1. Wireshark: Wireshark is one of the most widely used and comprehensive open-source
packet sniffing tools. It runs on multiple platforms and supports capturing and analyzing
packets from various network interfaces. Wireshark provides a rich set of features for
protocol analysis, network troubleshooting, and traffic inspection. It has a user-friendly
graphical interface and supports a wide range of protocols.
2. tcpdump: tcpdump is a command-line packet sniffer available on Unix-like operating
systems. It offers powerful packet capturing capabilities and can filter and display
captured packets based on various criteria. tcpdump is commonly used for network
monitoring, traffic analysis, and security research. It can be combined with other tools for
more advanced analysis and scripting.
3. Microsoft Network Monitor: Microsoft Network Monitor is a packet analysis tool for
Windows operating systems. It provides real-time capture and analysis of network traffic
and supports various filtering options to focus on specific packets of interest. Network
Monitor offers features such as packet decoding, protocol analysis, and traffic statistics,
making it useful for network troubleshooting and performance evaluation.
4. Colasoft Capsa: Colasoft Capsa is a commercial network analyzer that offers packet
sniffing capabilities along with advanced network monitoring and analysis features. It
provides real-time and historical traffic analysis, application performance monitoring,
and security analysis. Capsa supports multiple capture methods, including Ethernet, Wi-
Fi, and virtual switches, making it suitable for different network environments.
5. Tshark: Tshark is a command-line packet sniffer and protocol analyzer that is part of the
Wireshark ecosystem. It offers similar functionality to Wireshark but operates in a
terminal environment, making it suitable for command-line enthusiasts and scripting
purposes. Tshark provides powerful packet capture and analysis capabilities and supports
various output formats for further processing.
These are just a few examples of packet sniffing systems available in the market. Each tool has
its own features, strengths, and limitations, so researchers should choose the one that best fits
their specific requirements and preferences. It's worth noting that the field of packet sniffing and
network analysis is continually evolving, and new tools and systems may emerge over time (Lee
et al, 2018).

2.3.1 Component of Existing System

Packet sniffing systems consist of several key components that work together to capture and
analyze network packets. Here are the main components typically found in existing packet
sniffer systems:
1. Network Interface: The network interface is the physical or virtual interface that connects
the packet sniffer to the network. It allows the system to receive and transmit network
packets. Network interfaces can be Ethernet ports, Wi-Fi adapters, or virtual interfaces.
 2. Packet Capture Engine: The packet capture engine is responsible for intercepting and
capturing network packets. It operates at a low level in the network stack, capturing
packets as they traverse the network interface. The capture engine typically uses
techniques such as promiscuous mode or port mirroring to capture all packets, including
those not destined for the sniffer's host.
3. Packet Filter: The packet filter is a component that selectively captures packets based on
specified criteria. It allows the user to define filters to capture only packets of interest,
reducing the amount of captured data and focusing on specific network traffic. Filters can
be based on parameters such as source/destination IP addresses, port numbers, protocol
types, or packet content.
4. Packet Decoder: Once packets are captured, they need to be decoded to interpret their
content. The packet decoder is responsible for parsing the captured packets according to
the relevant network protocols. It reconstructs the protocol headers and extracts
information such as source/destination IP addresses, port numbers, protocol types, and
payload data.
5. Packet Storage: Packet sniffing systems often include a packet storage component to save
captured packets for further analysis. Storage can be done in memory or on disk,
depending on the system's capabilities and configuration. Storing packets allows for
offline analysis, long-term data retention, and the ability to revisit captured packets for
forensic purposes.
6. Packet Analysis Tools: Packet sniffing systems provide tools for analyzing the captured
packets. These tools offer various features for examining packet-level details, extracting
statistics, and visualizing network traffic patterns. Analysis tools may include protocol
analyzers, traffic flow analyzers, statistical analysis modules, or custom scripts to process
and interpret the captured packet data.
7. User Interface: Most packet sniffing systems provide a user interface to interact with the
system, configure settings, and visualize captured packet data. The user interface may be
command-line-based or graphical, depending on the system. It allows users to control the
capture process, apply filters, view captured packets, and perform analysis tasks.
These components work together to create a functional packet sniffer system. They enable the
capturing, decoding, filtering, storage, and analysis of network packets, providing researchers
with valuable insights into network behavior, performance, and security.

2.3.2 Process of the System

Here's a general process of how a packet sniffer system works:
1. Capturing Network Traffic: The packet sniffer system captures network traffic by placing
the network interface card (NIC) in promiscuous mode. This mode allows the NIC to
 capture all packets passing through the network, including those not intended for the
specific machine running the sniffer.
2. Filtering: The captured packets often contain a large amount of data, including irrelevant
traffic. To focus on specific packets of interest, the sniffer applies filtering rules. These
rules can be based on various criteria such as source/destination IP addresses, port
numbers, protocol type, or specific keywords within packet payloads.
3. Packet Decoding: Once the desired packets are captured, the sniffer system decodes the
packets to extract information from various network protocols. It understands the
structure and format of different protocols (e.g., Ethernet, IP, TCP, UDP) and parses the
packet headers and payloads.
4. Packet Analysis: The packet sniffer system analyzes the decoded packets to provide
insights into the network traffic. It can display information like source/destination IP
addresses, port numbers, packet sizes, protocol-specific details, and timing information.
This analysis helps in troubleshooting network issues, monitoring network performance,
or detecting security threats.
5. Visualization and Reporting: Many packet sniffer systems provide visual representations
of the captured data to make it easier to understand. This can include graphical charts,
graphs, or tables that show traffic patterns, bandwidth usage, top talkers, or network
anomalies. Reports can also be generated summarizing the captured data and analysis
findings.
6. Advanced Features: Some packet sniffers may offer additional features such as packet
injection, real-time monitoring, deep packet inspection, flow analysis, or integration with
other security or network management tools. These advanced capabilities enhance the
functionality and usefulness of the packet sniffer system (Li et al, 2020).

2.3.3 Problems of the Existing System

While packet sniffer systems are valuable tools for network analysis and troubleshooting, they
can also have some limitations and potential problems. Here are a few challenges associated with
existing packet sniffer systems:
1. Privacy and Security Concerns: Packet sniffers have the ability to capture and analyze all
network traffic, including sensitive information like passwords, usernames, and other
confidential data. If not used responsibly or in secure environments, packet sniffers can
pose privacy risks and become potential tools for malicious activities.
2. Encryption: With the widespread adoption of encryption protocols such as SSL/TLS, the
contents of encrypted packets are not readily readable by packet sniffers. While it is
essential for securing data transmission, it poses a challenge for analyzing encrypted
 network traffic. Decrypting encrypted packets requires additional mechanisms such as
obtaining private keys or using specialized tools.
3. Network Speed and Scalability: High-speed networks and heavy traffic volumes can
overwhelm packet sniffer systems. Capturing and processing packets in real-time on
high-speed networks can be resource-intensive and require significant computational
power. Scalability can also be an issue when dealing with large networks or capturing
packets from multiple points simultaneously.
4. Network Complexity: Modern networks often consist of complex architectures,
virtualized environments, and cloud-based services. Packet sniffers may face challenges
in capturing and analyzing packets across diverse network infrastructures. They need to
support various protocols, encapsulations, and network technologies to provide accurate
and comprehensive analysis.
5. Packet Loss and Incomplete Data: In busy networks or during periods of high traffic,
packet sniffers may experience packet loss. This can result in incomplete or inaccurate
data capture, limiting the effectiveness of analysis. Additionally, some packets may not
be captured due to filtering rules or limitations of the packet sniffer system itself.
6. Noise and Irrelevant Data: Network traffic contains a significant amount of noise,
including broadcast and multicast packets, unnecessary protocol overhead, or irrelevant
traffic. Packet sniffers may capture and process these packets, leading to increased
storage requirements and slower analysis. Proper filtering mechanisms are required to
focus on relevant packets of interest.
7. Legal and Ethical Considerations: Unauthorized or unethical use of packet sniffers can
lead to legal consequences. It's crucial to ensure compliance with applicable laws and
regulations, obtain proper authorization, and use packet sniffers only for legitimate
purposes.
Addressing these challenges requires continuous advancements in packet sniffer technology,
including improved hardware capabilities, support for encryption decryption, efficient filtering
mechanisms, and compatibility with evolving network architectures and protocols (Chen et al,
2019).
CHAPTER THREE: METHODOLOGY

INTRODUCTION
The methodology we will use in developing this application is incremental development model
where the analysis, design and implementation are performed and a number of increments
produced which will later be integrated to make a full system.
3.1 The Proposed System
The proposed system analyses and monitors the source and destination of traffic, counts dropped
packets during network overload and congestion, displays the packets traffic with their
respective protocols through filtering and help detect packets having spoofed IP addresses. It first
and foremost sniffs the incoming packets on the host system and there after analyzes them in
order to detect an intrusion.
System Specification
Software Specification
This involves the unseen side of the system. This is the side which supports the system. It is also
referred to as the backbone of the system. They include:
 Windows 7 and above Operating system for the client computer
 Java development tool kit 6. (JDK 6) and above.
 Java programming language with Net Beans IDE.
 Java packet capture library. This is a library of all packets captured from the interfaces
and platform independent (Operating systems).
 Java jpcap library in addition with jpcap and wincap installations.
 MSQL and JDBC.
Hardware Specification
This involves what the system will run on. This allows the user to interact with the system and
also known as the physical components of the system. They include:
 Hard disk of 20GB
 Processor speed 1.66 GHz
 Random Access Memory (RAM) 2G
 Network Interface Card (NIC): A NIC capable of capturing packets in promiscuous
mode.
3.1.1 Functional Requirements
Functional requirements define what a system is supposed to do. Functional requirements are
usually in the form of system shall (do requirement).
The system performs the following functions for the users:
 The application allows the Administrator to login.
 The application allows the Administrator (user) to select the interface to capture.
 The application allows the user to change the interface to capture.
 The application allows the user to stop capture.

3.1.2 Non-Functional Requirements

A non-functional requirement is a requirement that specifies criteria that can be used to judge the
operation of a system, rather than specific behaviors. Non-functional requirements are in the
form of system shall be (requirement). Non-functional requirements are often called qualities of
a system. Other terms for non-functional requirements are constraints, quality attributes, quality
goals, quality of service requirements and non-behavioral requirements. Non –functional
requirements can be divided into two main categories.
I. Execution qualities, such as security and usability, which are observable at run time.
II. Evolution qualities, such as testability, maintainability, extensibility and scalability, which
are embodied in the static structure of the software system.
The system requires the user to have knowledge about networking and its principles.
The security of the Application is implemented in a way that one to get access to it, he or she has
to have a user name and password plus administrative rights.

3.2 Selection of Technologies and Tools

To develop a fully functional and effective packet sniffer, we have considered the selected tools
and technologies available below:
 Java Programming Language: is a general-purpose, concurrent, class-based, object-
oriented language that is specifically designed to help implement platform independent
applications. It is intended to let application developers "write once, run anywhere".
 JpCap: is an open source network packet capture library based on the LibpCap and
WinpCap libraries. It is usable with Java to capture and display network traffic on
LINUX, Windows and Macintosh computers. JpCap captures the following types of
packets and can even analyze each packets header and data payload.
  Ethernet
 TCP
 UDP
 IPv4
 IPv6
 ARP/RARP
 ICMPv4 packets

JpCap captures raw packets live from the wire, automatically identify its packet types and
generate corresponding Java objects. It can also filter the packets according to user’s specified
rules before dispatching them to the application. JpCap can also send raw packets to the network,
save and read captured packets to and from an offline file.

 MySQL and Java JDBC: The interface for accessing relational databases from Java
is Java Database Connectivity (JDBC). Via JDBC you create a connection to the
database, issue database queries and update as well as receive the results. JDBC provides
an interface which allows you to perform SQL operations independently of the instance
of the used database.

3.3 Architecture of The System

The architecture of a packet sniffer typically involves several components that work together to
capture and analyze network traffic. Here's a high-level overview of a typical packet sniffer
architecture:
1. Network Interface:
 The network interface is responsible for connecting the packet sniffer to the
network. It can be a physical network interface card (NIC) or a virtual interface.
2. Packet Capture:
 Packet capture involves intercepting and capturing network packets that are
transmitted over the network interface.
 A packet capture library or framework is used to capture packets at the network
layer. Examples include libpcap, WinPcap, or Npcap.
3. Packet Parsing:
  Once the packets are captured, they need to be parsed to extract relevant
information.
 Packet parsing involves analyzing the packet headers to obtain details such as
source and destination IP addresses, protocol type (e.g., TCP, UDP), port
numbers, packet length, and any other relevant metadata.
4. User Interface:
 A user interface allows users to interact with the packet sniffer application.
 It can provide features such as starting and stopping packet capture, setting filters,
viewing captured packets and associated details, and accessing analysis tools.

3.4 Design of The System

Systems design is the process or art of defining the components, modules, interfaces, and data for
a system to satisfy specified requirements. One could see it as the application of systems theory
to product development. The following steps will be taken:
 We will design a sequence Diagram that shows how processes operate with one another
and in what order.
 We will design a Use case diagram of the system to help identify the different functions a
user can perform.
 Entity Relationship Diagram will also be design to show the different tables linked to the
application and how they interrelate.

The following models show different system components and how data flow from one
component to another to achieve the systems goal. They also show the unseen side of the system.
I. Sequence Diagram
A sequence diagram in Unified Modeling Language (UML) is a kind of interaction diagram that
shows how processes operate with one another and in what order. It is a construct of a Message
Sequence Chart. A sequence diagram shows object interactions arranged in time sequence. It
depicts the objects and classes involved in the scenario and the sequence of messages exchanged
between the objects needed to carry out the functionality of the scenario. Sequence diagrams
typically are associated with use case realizations in the Logical View of the system under
development.
Sequence Diagram.
 II. Use Case Diagram
In Software and Systems Engineering, a use case is a list of steps, typically defining interactions
between a role (Actor) and a system, to achieve the system goal. It illustrates how the application
and the user will interwork to achieve the desired goal. It shows the different functionalities a
user can do as well as the system.
User can start the capture, stop the capture, save logs while the application can start monitoring
the network, get packet headers, destinations, drop unwanted packets and get packet data.
Use Case Diagram.
3.4.2 Database Design
Designing a database for a packet sniffer involves planning the structure and organization of the
data that will be captured and stored by the packet sniffer. It is important to consider the
performance, scalability, and security aspects of the database design, as capturing and storing
network packets can generate a large amount of data. Proper indexing, data retention policies,
and access controls will be implemented to ensure the integrity and confidentiality of the
captured data.

 Database Schema
Table: users

Column Name Data Type Description

user_id int Unique identifier for each user

username varchar(50) User's username

password varchar(50) User's password (encrypted)

In this schema, the users table stores information about each user, including their user_id,
username and password.
We will use this database schema to build a login page that allows users to log in using their
username and password, and then link them to a packet sniffer page where they can capture and
view packets.

 Entity Relationship Diagram

The ER diagram shows one table – User.
 User: This table stores the user information, including user_id, username, password.
The User table is solely to grant an access to the administrator to the packet sniffer page.
With this ER diagram, we can easily create the necessary tables and relationships to implement a
login page that links to the packet sniffer page.
CHAPTER FOUR: SYSTEM DEVELOPMENT AND TESTING

INTRODUCTION
This deals with result of the design and implementation of the system. The system is made up of
various components which help it to achieve its intended objectives as proposed in the earlier
chapters. In this chapter the application Graphical User Interface will be analyzed as well as its
back logic.
4.1 Implementing of the Design
The packet sniffer is implemented using Java programming language and NetBeans IDE. It
leverages the jpcap library for capturing network packets. The application follows a modular
design and utilizes object-oriented programming principles for flexibility and maintainability.
The implementation involves the following major components:
1. Login Page: restricts access to the packet sniffer page.
2. User Interface: Provides the graphical interface for user interaction, including options to
select network interfaces, start/stop packet capture, apply filters, and view captured
packets.
3. Packet Parser: Extracts relevant information from captured packets, such as protocol
type, source/destination IP addresses, port numbers, and payload data.

Java
Java was used because it is a general-purpose, concurrent, class-based, object-oriented language
that is specifically designed to help implement platform independent applications. It is intended
to let application developers "write once, run anywhere".
Simulation
Network simulation is a technique where a program simulates the behavior of a network. This
simulation was performed with the use of our personal WI-FI hotspot, ECG’s WI-FI and LAN,
Ho Technical University Student WI-FI.
4.1.2 Programming /Coding
The Packet Sniffer was developed using the Java programming language to help detect packets
having anomalous IP address or IP addresses outside the IP range. It first and sniffs the incoming
packets on the host system and analyzes them. Considering the fact that this sniffing process is a
low level operation, the java application makes use of the Java Packet Capturing Library (JpCap)
which works in conjunction with the Windows Packet Capturing Library (WinpCap).
The Login page is developed in Java using Swing Technology. Swing is a technology designed
in Java to help developers to design in the easiest way. You can easily drag and drop buttons,
textboxes, and more. Furthermore, this project is also connected to the MySQL database to
store and retrieve data. Using the JDBC MySQL connector, you can now connect to the login
code program. In Java, a login code is a form that restricts access to a restricted page.
Load and Select Available Network Interfaces on the Computer
As we know, to capture packets from a network, the first thing one has to do is to obtain the list
of functioning network interfaces on the computer. To do so, JpCap provides
JpcapCaptor.getDeviceList() method. It returns an array of Network interfaces objects.
Therefore, the first important operation the system performs is to allow the user load the
available network interfaces on the computer so that he/she can choose the desired interface
whose packets are to be sniffed and analyzed. The java class method written in codebase 1 below
helps carry out this operation.
After the interface opening process, the user is then allowed to select the desired interface to
sniff or the combination of interfaces to sniff. The selection processes simples makes the system
obtain an instance of the JpcapCaptor as can be seen in line 1 of codebase 1.
Begin Sniffing Operation
At activation i.e once you obtain an instance of JpcapCaptor, you can capture packets from the
interface. There are two major approaches to capture packets while using a JpcapCaptor instance
and they are
a. Using a call-back method
b. Capturing packets one by one.
Using a Call-back method
In this approach, you implement a call-back method to process captured packets, and then pass
the call-back method to JpCap so that JpCap calls it back every time it captures a packet. Let's
see how you can take this approach in detail. First, you implement a call-back method by
defining a new class which implements the PacketReceiver interface. The PacketReceiver
interface defines a receivePacket() method, so you need to implement a receivePacket() method
in your class. The following class implement a receivePacket() method which simply prints out a
captured packet.
Once the class in the codebase 2 above has been set up, then, you can call either
JpcapCaptor.processPacket() or JpcapCaptor.loopPacket() methods to start capturing using the
callback method. When calling processPacket()or loopPacket() method, you can also specify the
number of packets to capture before the method returns. You can specify -1 to continue capturing
packets infinitely.

4.1.3 Main User Interfaces

The system is made up of two modules namely Login page and the MainFrame(Packet Sniffer
Page).
Login Page
The login Frame will display to prompt the user to login using a valid username and password. If
the credentials are right the main window will be displayed but if they are wrong then the
application will exit.
MainFrame(Packet Sniffer Page)
(a) Open Available Network Interface Button. The user has a choice to display available
interfaces to sniff out of the two interfaces which are; Ethernet interface and the wireless
interface.
(b) Selected Network Interface TextField and Jlabel. The user has a choice to select desired
interface.
(c) Confirm Selected Interfaces Button. The confirms the selected interfaces.
(d) Start Capture Button. The system has a start sniffing button that helps to start the sniffing on
the selected interface.
(e) Stop Capture Button. This is a button that prompts the user to stop sniffing if he wishes to
stop the sniffing.

4.2 Testing of the New System

The system was tested by compiling and running it using the Netbeans integrated development
environment and it was found bug free. The testing process implemented in the project are
primarily done on result basis.
I. To test whether the Database connection is established.
II. To test whether system can capture outgoing packets.
III. To test whether system can capture incoming packets.
IV. To test whether system can capture Transmission Control Protocol, TCP packets.
V. To test whether the system can automatically and dynamically dump packet.
VI. Error is displayed with message code.

4.3 Documentation
This documentation provides a detailed explanation of a Java packet sniffer developed in Java,
NetBeans. The packet sniffer is designed to capture and monitor network traffic, allowing users
to analyze packets flowing through a network interface.
Installation of the Packet Sniffer
To install the Java packet sniffer, follow these steps:
 1. Ensure that Java Development Kit (JDK) is installed on your system.
2. Download and install NetBeans Integrated Development Environment (IDE) from the
official website.
3. Create a new Java project in NetBeans.
4. Add the necessary dependencies for packet capturing. One popular library is jpcap, which
can be downloaded from its official website or added as a Maven dependency.
5. Configure the project to use the jpcap library.
6. Import the required classes and packages for packet sniffing.

Usage of the packet sniffer

Once the installation is complete, you can use the Java packet sniffer as follows:
1. Run the Java packet sniffer application from NetBeans or by executing the generated
JAR file.
2. Select the network interface to monitor from the available options.
3. Start the packet capture process.
4. Monitor the captured packets in real-time.
5. Stop the packet capture process when finished.

Features of the packet sniffer

The Java packet sniffer includes the following features:
1. Network Interface Selection: Allows users to choose the network interface to capture
packets from.
2. Real-time Packet Capture: Captures packets in real-time and displays packet
information on the screen as they arrive.
3. User-friendly Interface: Provides an intuitive and user-friendly graphical interface for
easy interaction and monitoring.

CHAPTER FIVE: CONCLUSION AND RECOMMENDATIONS

This chapter explains the conclusions and recommendations during the course of the project.
5.1 Conclusion
Beginning with the research proposal and ending with the implementation of the project, this has
been an opportunity to discover our potential and be a part of the initiative to improve service
delivery through technology innovations.
The Packet sniffer has a very rich and user friendly GUI developed in Java Swing Technology.
Thus it is totally easy to use. With Java, the most considerable advantage is platform
independence; therefore The Packet sniffer is also platform independent. The installation file for
Packet sniffer is only 7.80 MB, so it is highly economical in terms of memory use and because it
is based on object-oriented design, any further changes can be easily adaptable.
5.2 Recommendations
Electricity Company of Ghana, Ho Regional Office being the case study for our research, We
would like to recommend the following;
The company authority should facilitate the improvement of this application so that it can be
used to monitor the network traffic prompting the network administrators to take affirmative
action’s only at times it’s needed.
From the study of the network topology, We recommend the company to eliminate the flat
network and acquire different routers for each department in order to avoid network congestion
and breach of security.
We recommend further research to be made on how to block traffic automatically during
network overload at peak hours. This would improve the system from being a passive system to
an active system.
The company should educate staffs on the legal and ethical issues on network security.

Bibliography

1. Chen, Z., Wang, W., Liu, Y., & Wen, Y. (2018). Deep learning for video object tracking:
A survey. Neurocomputing, 275, 282-293. https://doi.org/10.1016/j.neucom.2017.08.048
2. Eberle, W., & Gligor, V. (2019). Cybersecurity of the internet of things: A systematic
review of methods for securing IoT devices. ACM Computing Surveys, 52(5), 1-38.
https://doi.org/10.1145/3291042
3. Garcia, M. E., Costin, A., Rowe, A., & Fung, C. (2020). Machine learning approaches for
network anomaly detection: A survey. Computers & Security, 90, 101704.
https://doi.org/10.1016/j.cose.2019.101704
4. Huang, L., Joseph, A. D., Nelson, B., Rubenstein, D., Lau, S., Claffy, K., & Govindan, R.
(2021). Towards building an internet topology from passive measurements. ACM
SIGCOMM Computer Communication Review, 51(4), 191-198.
https://doi.org/10.1145/3472711.3472719
5. Kim, K. I., & Kim, H. (2022). A survey of deep learning-based traffic anomaly detection
methods for computer networks. IEEE Communications Surveys & Tutorials, 24(2),
1204-1231. https://doi.org/10.1109/COMST.2021.3067901
6. Li, B., Wang, H., & Pan, Y. (2019). Deep learning-based network anomaly detection and
its application on software-defined networking. IEEE Access, 7, 90515-90525.
https://doi.org/10.1109/ACCESS.2019.2922429
7. Liu, J., & Miao, Y. (2018). Anomaly detection in network traffic based on deep learning.
In Proceedings of the 14th International Conference on Computational Intelligence and
Security (CIS) (pp. 66-70). IEEE. https://doi.org/10.1109/CIS.2018.00018
8. Mohammadi, M., Atani, R. E., & Erfani, S. M. (2021). A comprehensive review of
intrusion detection system using deep learning techniques. Journal of Network and
Computer Applications, 187, 103077. https://doi.org/10.1016/j.jnca.2021.103077
9. Pal, S., Maity, S., Ghosh, A., & Bhattacharya, B. B. (2020). Intrusion detection system
using machine learning techniques: A review. Journal of Network and Computer
Applications, 159, 102596. https://doi.org/10.1016/j.jnca.2020.102596
10. Sultana, N., Iqbal, F., & Ali, S. (2022). Machine learning-based approaches for network
anomaly detection: A comprehensive survey. IEEE Access, 10, 17394-17420.
https://doi.org/10.1109/ACCESS.2022.3075541
11. Al-Sa'ady, T., Hameed, A., & Faezipour, M. (2018). A comprehensive survey of network
packet sniffing. IEEE Communications Surveys & Tutorials, 20(4), 3042-3071.
https://doi.org/10.1109/COMST.2018.2854765
12. Bari, A., Gupta, A., Sharma, D., & Buyya, R. (2020). SDN-based packet sniffing:
Concepts, techniques, and challenges. Journal of Network and Computer Applications,
167, 102708. https://doi.org/10.1016/j.jnca.2020.102708
13. Chachulski, S., Jennings, N., Katti, S., & Rao, S. (2018). Trading off switch and server
resources in data centers. ACM SIGCOMM Computer Communication Review, 38(4),
63-74. https://doi.org/10.1145/1402946.1402967
14. Chetty, N., Suriyakumar, V., & Brijesh, B. (2019). Network traffic analysis using deep
learning techniques: A survey. Computers & Electrical Engineering, 77, 96-113.
https://doi.org/10.1016/j.compeleceng.2019.02.007
15. DiFranzo, D., & Antonakakis, M. (2019). Detecting cyber-physical attacks on power
grids with physical process fingerprints. IEEE Transactions on Dependable and Secure
Computing, 16(5), 796-809. https://doi.org/10.1109/TDSC.2018.2880517
16. Elkhodr, M., Shahrestani, S., & Cheung, H. (2021). A survey on the Internet of Things
security: Requirements, challenges, and solutions. Journal of Network and Computer
Applications, 167, 102754. https://doi.org/10.1016/j.jnca.2020.102754
17. Nithya, K., & Selvi, S. T. (2020). Machine learning based intrusion detection systems for
software-defined networks: A review. Journal of Network and Computer Applications,
161, 102674. https://doi.org/10.1016/j.jnca.2020.102674
18. Santos, J., Gonçalves, J., Neves, J., & Pires, J. (2019). A survey on network traffic
analysis using machine learning techniques. Journal of Network and Computer
Applications, 130, 122-147. https://doi.org/10.1016/j.jnca.2019.01.019
19. Wang, D., Jin, L., Xu, C., & Wu, Y. (2020). Deep learning-based intrusion detection for
software-defined networks: A survey. Future Generation Computer Systems, 107, 108-
117. https://doi.org/10.1016/j.future.2019.12.022
20. Yan, Y., & Wang, X. (2018). Survey on the applications of deep learning in network
traffic identification. Journal of Network and Computer Applications, 110, 1-14.
https://doi.org/10.1016/j.jnca.2018.02.001
21. Al-Sa'ady, T., Hameed, A., & Faezipour, M. (2018). A comprehensive survey of network
packet sniffing. IEEE Communications Surveys & Tutorials, 20(4), 3042-3071.
https://doi.org/10.1109/COMST.2018.2854765
22. Bari, A., Gupta, A., Sharma, D., & Buyya, R. (2020). SDN-based packet sniffing:
Concepts, techniques, and challenges. Journal of Network and Computer Applications,
167, 102708. https://doi.org/10.1016/j.jnca.2020.102708
23. Chachulski, S., Jennings, N., Katti, S., & Rao, S. (2018). Trading off switch and server
resources in data centers. ACM SIGCOMM Computer Communication Review, 38(4),
63-74. https://doi.org/10.1145/1402946.1402967
24. Chetty, N., Suriyakumar, V., & Brijesh, B. (2019). Network traffic analysis using deep
learning techniques: A survey. Computers & Electrical Engineering, 77, 96-113.
https://doi.org/10.1016/j.compeleceng.2019.02.007
25. DiFranzo, D., & Antonakakis, M. (2019). Detecting cyber-physical attacks on power
grids with physical process fingerprints. IEEE Transactions on Dependable and Secure
Computing, 16(5), 796-809. https://doi.org/10.1109/TDSC.2018.2880517
 26. Elkhodr, M., Shahrestani, S., & Cheung, H. (2021). A survey on the Internet of Things
security: Requirements, challenges, and solutions. Journal of Network and Computer
Applications, 167, 102754. https://doi.org/10.1016/j.jnca.2020.102754
27. Nithya, K., & Selvi, S. T. (2020). Machine learning based intrusion detection systems for
software-defined networks: A review. Journal of Network and Computer Applications,
161, 102674. https://doi.org/10.1016/j.jnca.2020.102674
28. Santos, J., Gonçalves, J., Neves, J., & Pires, J. (2019). A survey on network traffic
analysis using machine learning techniques. Journal of Network and Computer
Applications, 130, 122-147. https://doi.org/10.1016/j.jnca.2019.01.019
29. Wang, D., Jin, L., Xu, C., & Wu, Y. (2020). Deep learning-based intrusion detection for
software-defined networks: A survey. Future Generation Computer Systems, 107, 108-
117. https://doi.org/10.1016/j.future.2019.12.022
30. Yan, Y., & Wang, X. (2018). Survey on the applications of deep learning in network
traffic identification. Journal of Network and Computer Applications, 110, 1-14.
https://doi.org/10.1016/j.jnca.2018.02.001
31. Elbirt, A., Noubir, G., & Rajan, S. (2019). Defending Against Packet Sniffers Using
Modulation Hopping. IEEE Transactions on Information Forensics and Security, 14(6),
1489-1503.
32. Gao, J., Zhang, D., Li, J., & Liu, J. (2019). Packet Sniffer Detection Based on Density
Peaks Clustering. International Journal of Distributed Sensor Networks, 15(7),
1550147719861389.
33. Delgado, M., Lloret, J., & Bri, D. (2020). Optimized Multi-Sniffer Technique for
Monitoring Environmental Parameters. Sensors, 20(2), 357.

Appendix
A – Project Plan
Timeline:
 Week 1-2: Conduct literature review and research existing packet sniffing tools and
techniques in Java.
  Week 3-4: Define project scope, objectives, and requirements.
 Week 5-6: Design the architecture and implementation strategy.
 Week 7-8: Set up the development environment and configure necessary libraries.
 Week 9-10: Develop the packet sniffer tool, focusing on core functionalities.
 Week 11-12: Implement additional features and optimize performance.
 Week 13-14: Conduct thorough testing and debugging.
 Week 15-16: Analyze captured data, compare performance, and finalize the project
report.
 Week 17-18: Prepare user documentation and presentation materials.
Resources:
 Hardware:
 Desktop or laptop computer
 Network interface card (NIC) capable of promiscuous mode
 Network cables or wireless adapters for capturing network traffic (if required)
 Software:
 Java Development Kit (JDK)
 Integrated Development Environment (IDE): NetBeans.
 Packet sniffing library: jpcap and wincap.
 MySQL and JDBC
 Documentation: Microsoft Word.
Risks and Mitigation Strategies:
 Risk: Inaccurate or incomplete packet capture.
 Mitigation: Thoroughly test and debug the packet capture functionality, ensuring
compatibility with different network setups and protocols.
 Risk: Performance issues and memory constraints.
 Mitigation: Implement efficient data processing techniques, optimize code, and
conduct performance testing on various network scenarios.
 Risk: Security vulnerabilities in the packet sniffer tool.
 Mitigation: Follow secure coding practices, conduct code reviews, and perform
thorough testing to identify and fix any security flaws.
B – User Interfaces (more)
Login Page
Packet Sniffer Page (MainFrame)

C – User Documentation (Guide)

To install the Java packet sniffer, follow these steps:

1. Ensure that Java Development Kit (JDK) is installed on your system.

2. Download and install NetBeans Integrated Development Environment (IDE) from the official
website.
3. Create a new Java project in NetBeans.
4. Add the necessary dependencies for packet capturing. One popular library is jpcap, which can
be downloaded from its official website or added as a Maven dependency.
5. Configure the project to use the jpcap library.
6. Import the required classes and packages for packet sniffing.
7. Install and configure MySQL and JDBC.
To start using the packet sniffer, follow these steps:

1. Launch the Java packet sniffer application from NetBeans or by executing the generated JAR
file.
2. The application will open, and you will see the login page which leads to the packet sniffer
page.

To capture packets using the packet sniffer, follow these steps:

1. Select the desired network interface from the "Network Interface Selection" dropdown menu.
2. Click the "Capture Start/Stop" button to start capturing packets.
3. The captured packets will be displayed in the packet display area in real-time.