The Internet is fast becoming one of the most popular means of communication because it is fast, cheap and accessible. Its low cost and pervasiveness also make it attractive for use by criminals and terrorists. Thus there is a need to monitor network traffic. However, this monitoring should not be at the cost of the privacy of individuals. PickPaket is a flexible network monitoring tool that achieves these conflicting aims. It is a passive monitoring tool that sniffs online packets on the network and captures packets that match the criteria specified by the user. It then analyzes the captured packets offline based on the application level protocol that the packet payload belongs to. It reconstructs the original connections from the captured data and displays them in a user-friendly format. While PickPacket has a built-in support for several application level protocols like HTTP, FTP, SMTP, POP, IMAP, Telnet, Yahoo chat and IRC, it can also filter and capture traffic belonging to unsupported protocols.
While PickPacket supports capture and analysis of HTTP traffic, one important class of HTTP traffic needs further attention. Web-based email, which is basically email transfer using HTTP, is one of the most popular forms of email communication today. While PickPacket can be configured to capture all web-based email data, displaying this captured data to the PickPacket user in its original form is a challenging problem. This is because not all data gets transferred as simple HTTP pages that can be displayed as is. Also, PickPacket captures a lot of web-based email data, most of which is not of interest to the user. Some mechanism for automatic classification of the captured data is needed. This thesis investigates the problems involved in reconstruction of web-based email traffic and describes the solution implemented.
Back to the list of MTech theses
Vinaya Natarajan can be reached at vinaya.natarajan[AT]gmail.com.