12 Replies - 5461 Views - Last Post: 16 April 2012 - 05:30 PM

#1 yapcl90   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 04-October 11

Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 10:04 AM

Hi . My name is Hosuton, and im currently doing my final year project ,
i would like to develop a packet filtering system equip with the features such as port scanning and return with a list of available client in the LAN, and the user(admin) able to select some of them, and take further action such as block them from accessing the internet, or more specific, the user can filter the packet by entering a keywords such as "facebook", or select a category "social network"

I'm currently investigating which languages to use, and what tools to use, from what i got from the clouds, i found Wireshark, Nmap, WinPCAP, OpenBSD, and many other tools..but im not sure how these tools able to help me in developing such system, or i shall just rely on JAVA or C# to develop this system? Now is October, i will have to finalize everything by April 2012. Can anyone give me some ideas on what to do and how to start?
Thanks!
vivek


Is This A Good Question/Topic? 0
  • +

Replies To: Packet filtering system for LAN, how to develop?

#2 tlhIn`toq   User is offline

  • Xamarin Cert. Dev.
  • member icon

Reputation: 6534
  • View blog
  • Posts: 14,450
  • Joined: 02-June 10

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 10:15 AM

Language: Pick one you already know.

Using Wireshark as a reference really has nothing to do with your choice of coding language. So I'm not sure how seeing those finished applications applies to the statement "just rely on C#".

You want to filter a packet of data based on the word "Facebook"?
Do you have a conceptual idea of how you would implement that regardless of language? Because each packet doesn't have the word "Facebook" in it.
Was This Post Helpful? 0
  • +
  • -

#3 yapcl90   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 04-October 11

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 10:44 AM

hi..thanks for your reply
yea...what i mean is,once the user load the system, they have an option to customize what content to filter, For example, a website with the name "facebook",
but im not sure how to achieve this yet,
by filtering the packets ? or?
Please advice .~
thanks.
Was This Post Helpful? 0
  • +
  • -

#4 tlhIn`toq   User is offline

  • Xamarin Cert. Dev.
  • member icon

Reputation: 6534
  • View blog
  • Posts: 14,450
  • Joined: 02-June 10

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 11:08 AM

Ok. So you're basically wanting to write a 'net nanny' type program. Something to keep kids/employees from going to sites they aren't allowed on.

Just to get a baseline for everyone reading this that might have some ideas, let's start with the basics.

  • Do you know any programming language and if so, what?
  • How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
  • Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?

Was This Post Helpful? 0
  • +
  • -

#5 tlhIn`toq   User is offline

  • Xamarin Cert. Dev.
  • member icon

Reputation: 6534
  • View blog
  • Posts: 14,450
  • Joined: 02-June 10

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 11:21 AM

Of course a little bit of searching goes a long way.
Simply hitting Google with "C# network filter" gets a few samples:

http://www.daniweb.c...p/threads/50721

http://social.msdn.m...7-cdab7ddb03c9/

http://msdn.microsof...0(v=vs.85).aspx

http://www.codeproje...smfirewall.aspx
Was This Post Helpful? 0
  • +
  • -

#6 yapcl90   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 04-October 11

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 11:29 AM

View PosttlhIn`toq, on 04 October 2011 - 11:08 AM, said:

Ok. So you're basically wanting to write a 'net nanny' type program. Something to keep kids/employees from going to sites they aren't allowed on.

Just to get a baseline for everyone reading this that might have some ideas, let's start with the basics.

  • Do you know any programming language and if so, what?
  • How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
  • Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?

[*]Do you know any programming language and if so, what?
Yes, C,C++,Java,C#,Asp.net,SQL
[*]How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
To complete a web-based application by using ASP.net and SQL technology~
[*]Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?
Yes, i do and learn them before, will revised it again....
Was This Post Helpful? 0
  • +
  • -

#7 blackcompe   User is offline

  • D.I.C Lover
  • member icon

Reputation: 1159
  • View blog
  • Posts: 2,547
  • Joined: 05-May 05

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 01:46 PM

View Postyapcl90, on 04 October 2011 - 12:29 PM, said:

View PosttlhIn`toq, on 04 October 2011 - 11:08 AM, said:

Ok. So you're basically wanting to write a 'net nanny' type program. Something to keep kids/employees from going to sites they aren't allowed on.

Just to get a baseline for everyone reading this that might have some ideas, let's start with the basics.

  • Do you know any programming language and if so, what?
  • How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
  • Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?

[*]Do you know any programming language and if so, what?
Yes, C,C++,Java,C#,Asp.net,SQL
[*]How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
To complete a web-based application by using ASP.net and SQL technology~
[*]Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?
Yes, i do and learn them before, will revised it again....



This can all be accomplished with basic network programming. Like tlhIn`toq said, your building a "net nanny" application, which is really a web proxy. It can be programmed in any language with networking capabilities. Basically, you'll configure the user's web browser to use a proxy. The proxy will receive HTTP requests from the browser. It will forward those requests to the server and send the response back. If you want to deny certain requests you'll need to pull the request apart (look at the first line of the request) and get the URL. If it's on your black list, respond with a "cannot allow" message.

You'll also need to create an interface to your application, so that you can add URL's to block and to invoke the port scanner. A basic GUI will suffice.

To implement port scanning just try to create a TCP connection to every port.
Was This Post Helpful? 0
  • +
  • -

#8 tlhIn`toq   User is offline

  • Xamarin Cert. Dev.
  • member icon

Reputation: 6534
  • View blog
  • Posts: 14,450
  • Joined: 02-June 10

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 02:01 PM

Keep in mind though, this is really only a good idea for your homework assignment. And only if you can make adjustments to your professor's computer. If you can't change his browser settings, then your program won't filter anything. Sounds like an 'F' grade to me.

In the real world that approach is pointless. Just about anyone can figure out or Google how to change their browser off of the proxy. Then they have unfiltered internet access again.

And if they can't figure out how to change the current browser, they can always just install a different browser and it will work on the default settings. Or just carry in a self contained browser on a USB stick.
Was This Post Helpful? 0
  • +
  • -

#9 blackcompe   User is offline

  • D.I.C Lover
  • member icon

Reputation: 1159
  • View blog
  • Posts: 2,547
  • Joined: 05-May 05

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 02:56 PM

View PosttlhIn`toq, on 04 October 2011 - 03:01 PM, said:

Keep in mind though, this is really only a good idea for your homework assignment. And only if you can make adjustments to your professor's computer. If you can't change his browser settings, then your program won't filter anything. Sounds like an 'F' grade to me.

In the real world that approach is pointless. Just about anyone can figure out or Google how to change their browser off of the proxy. Then they have unfiltered internet access again.

And if they can't figure out how to change the current browser, they can always just install a different browser and it will work on the default settings. Or just carry in a self contained browser on a USB stick.


I see what you mean. Actually I want to address something else first: you won't be able filter a whole network (LAN) of hosts without running your software on a central proxy server/firewall that has access to all outgoing packets. So, lets assume the software filters packets for a single host.

tlhIn`toq, I suppose if you added the requirement of administrator privileges to terminate the software, like most "net nanny" applications, then your packet filter would be much more effective.

I wasn't thinking in those terms. If your not going to willingly hand your HTTP requests to a proxy, then the only other possibility I can think of is intercepting packets with the ability of dropping them. My research concludes that you need to use low-level libraries to accomplish that. yapcl90, you might want to look at this.

Another good idea I saw was to configure the OS to use a custom DNS server (that you write) that blocks certain URLs.
Was This Post Helpful? 0
  • +
  • -

#10 yapcl90   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 04-October 11

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 05:57 PM

View Postblackcompe, on 04 October 2011 - 01:46 PM, said:

View Postyapcl90, on 04 October 2011 - 12:29 PM, said:

View PosttlhIn`toq, on 04 October 2011 - 11:08 AM, said:

Ok. So you're basically wanting to write a 'net nanny' type program. Something to keep kids/employees from going to sites they aren't allowed on.

Just to get a baseline for everyone reading this that might have some ideas, let's start with the basics.

  • Do you know any programming language and if so, what?
  • How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
  • Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?

[*]Do you know any programming language and if so, what?
Yes, C,C++,Java,C#,Asp.net,SQL
[*]How much experience do you have at writing your own programs? Not following the directions of your text book, but actually architecting and then coding your own application from scratch?
To complete a web-based application by using ASP.net and SQL technology~
[*]Do you understand in detail how data is transmitted through the internet, TCP/ip, IP addressing, DNS, HTTP?
Yes, i do and learn them before, will revised it again....



This can all be accomplished with basic network programming. Like tlhIn`toq said, your building a "net nanny" application, which is really a web proxy. It can be programmed in any language with networking capabilities. Basically, you'll configure the user's web browser to use a proxy. The proxy will receive HTTP requests from the browser. It will forward those requests to the server and send the response back. If you want to deny certain requests you'll need to pull the request apart (look at the first line of the request) and get the URL. If it's on your black list, respond with a "cannot allow" message.

You'll also need to create an interface to your application, so that you can add URL's to block and to invoke the port scanner. A basic GUI will suffice.

To implement port scanning just try to create a TCP connection to every port.

Yea, all these can be done with network programming, however i have a very bad knowledge of network programming,
so you mean such application is just like a web proxy? is it possible to implement the system without configure user's web browser, meanwhile the server still able to capture the packet that being transmitted among the client and clouds. Whenever a packet consist keywords/information that match with the apply rules, it will respond with a cannot allow message.

Let me just share my scenario with you,
This system is proposed to used in a computer labs, or any small local area networks.
Assume in the labs environment, there are 21 PC,1 for lecturer, and the rest is for student,
these 21 PC having the same default proxy setting which all pointing to 10.2.1.4 port 8080~
and their IP address start from 10.21.12.4 to 10.21.12.25~

View PosttlhIn`toq, on 04 October 2011 - 02:01 PM, said:

Keep in mind though, this is really only a good idea for your homework assignment. And only if you can make adjustments to your professor's computer. If you can't change his browser settings, then your program won't filter anything. Sounds like an 'F' grade to me.

In the real world that approach is pointless. Just about anyone can figure out or Google how to change their browser off of the proxy. Then they have unfiltered internet access again.

And if they can't figure out how to change the current browser, they can always just install a different browser and it will work on the default settings. Or just carry in a self contained browser on a USB stick.

To operate this proposed system, is it a MUST to configure client computer?
One of the objective for this proposed system, is to filter target's computer without changing their current configuration and their attention~
Well, do you have any suggestion for a better approach?
Thanks for you sharing, appreciate it.

This post has been edited by yapcl90: 04 October 2011 - 05:57 PM

Was This Post Helpful? 0
  • +
  • -

#11 blackcompe   User is offline

  • D.I.C Lover
  • member icon

Reputation: 1159
  • View blog
  • Posts: 2,547
  • Joined: 05-May 05

Re: Packet filtering system for LAN, how to develop?

Posted 04 October 2011 - 07:15 PM

Quote

This system is proposed to used in a computer labs, or any small local area networks.
Assume in the labs environment, there are 21 PC,1 for lecturer, and the rest is for student,
these 21 PC having the same default proxy setting which all pointing to 10.2.1.4 port 8080~
and their IP address start from 10.21.12.4 to 10.21.12.25~


Let me remind you, I'm not a system administrator and what I have to say may or may not be helpful. I don't know the requirements of your software, nor do I know the network environment your working in.

tlhIn`toq was saying that any user can just re-configure their browser. In a corporate environment it's likely that policies are set. If the policy won't allow users to change their proxy settings, then a proxy would work. But, then tlhIn`toq said that a user could run a web browser from flash drive. If the policy disables any old executable from running, then the web browser can't be ran, so we can consider the proxy solution again.

I'm assuming that "Net Nanny" programs are a little different. I'm assuming they're designed for personal use, where there are no policies and users can change proxy settings, so that no proxy is used. In that case, the program would have to be much more complex.

Quote

Assume in the labs environment, there are 21 PC,1 for lecturer, and the rest is for student,
these 21 PC having the same default proxy setting which all pointing to 10.2.1.4 port 8080~
and their IP address start from 10.21.12.4 to 10.21.12.25~


Sounds like your environment is set up to use a proxy. See Proxy - content filtering.
Was This Post Helpful? 0
  • +
  • -

#12 yapcl90   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 04-October 11

Re: Packet filtering system for LAN, how to develop?

Posted 15 April 2012 - 09:48 PM

after about 4 or 5 months, im back!!
Im havent start my project..ok..
it seems like i confuse myself and you people,
so now just let me clarify the situation
again, i would like to proposed to develop a system which can control the network access in a computer lab
21PC,
1 for lecturer, 20 for student
The system shall able to BLOCK or UNBLOCK students PC from being access to rest of network!
Thats it..no more filtering the content!
So, does it still same with the "Net nanny"program ?
Thanks.

View Postblackcompe, on 05 October 2011 - 10:15 AM, said:

Quote

This system is proposed to used in a computer labs, or any small local area networks.
Assume in the labs environment, there are 21 PC,1 for lecturer, and the rest is for student,
these 21 PC having the same default proxy setting which all pointing to 10.2.1.4 port 8080~
and their IP address start from 10.21.12.4 to 10.21.12.25~


Let me remind you, I'm not a system administrator and what I have to say may or may not be helpful. I don't know the requirements of your software, nor do I know the network environment your working in.

tlhIn`toq was saying that any user can just re-configure their browser. In a corporate environment it's likely that policies are set. If the policy won't allow users to change their proxy settings, then a proxy would work. But, then tlhIn`toq said that a user could run a web browser from flash drive. If the policy disables any old executable from running, then the web browser can't be ran, so we can consider the proxy solution again.

I'm assuming that "Net Nanny" programs are a little different. I'm assuming they're designed for personal use, where there are no policies and users can change proxy settings, so that no proxy is used. In that case, the program would have to be much more complex.

Quote

Assume in the labs environment, there are 21 PC,1 for lecturer, and the rest is for student,
these 21 PC having the same default proxy setting which all pointing to 10.2.1.4 port 8080~
and their IP address start from 10.21.12.4 to 10.21.12.25~


Sounds like your environment is set up to use a proxy. See Proxy - content filtering.


Hi thanks for your precious feedback! appreciate it
now i changed my requirement.
No longer filter the content of the packet, well,
i just wish to develop a firewall like program, which can cut them off from accessing the network,
that would be good enough, as the previous scope was too large for me~
Please advice.
Thanks.

View PosttlhIn`toq, on 05 October 2011 - 05:01 AM, said:

Keep in mind though, this is really only a good idea for your homework assignment. And only if you can make adjustments to your professor's computer. If you can't change his browser settings, then your program won't filter anything. Sounds like an 'F' grade to me.

In the real world that approach is pointless. Just about anyone can figure out or Google how to change their browser off of the proxy. Then they have unfiltered internet access again.

And if they can't figure out how to change the current browser, they can always just install a different browser and it will work on the default settings. Or just carry in a self contained browser on a USB stick.

Was This Post Helpful? 0
  • +
  • -

#13 Lemur   User is offline

  • Pragmatism over Dogma
  • member icon


Reputation: 1439
  • View blog
  • Posts: 3,609
  • Joined: 28-November 09

Re: Packet filtering system for LAN, how to develop?

Posted 16 April 2012 - 05:30 PM

OpenBSD PF, just make a quick shell program to add/subtract rules based on hosts. Use that machine as a router for the rest of the network to access the internet and intercept forward traffic.

Now that may be a solution, but as to how to implement it, that's going to be quite difficult without some pretty heavy research into the following:

OpenBSD
PF Rules
Routing
Forwarding
OSI Level filtering (Hint: Primarily 2/3)

Now really the thing is that you have to hit this traffic but they could change IP, MAC, or any other number of things if they're clever. If they're locked down well you're set.

If the users are really clever (and pray none of them reach this level) they will find PuTTy and SSH for port forwarding to blast holes in anything you could possibly set up.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1