www.jntuworld.

com

www.jwjobs.net

CS0120

A STATISTICAL MONITORING OF OVERALL NETWORK PERFORMANCE WITH TRAFFIC EVALUATION IN COMPUTER NETWORK
1.

Mr B.V.Vamshidhar

2.

Ms N.Gayathri

Abstract:
In the fields of networking and communications, there is a continual concern over poor bandwidth utilization. This paper is mainly aimed at monitoring of different network statistics those are, Bandwidth monitoring in Kbps along with transfer /send or receive data and network connectivity speed. As it shows bandwidth, it categorizes bandwidth and display incoming /outgoing packet information of different protocols, those are TCP, UDP, ICMP and IP. Feature includes Scanning, Open port on the system irrespective of whichever application is being used and determines the IP address along with subnet mask, number in decimal, number in bit format, broadcast address and number of machines possible in the same range.

Keywords: Bandwidth,migration,connectivity Conclusion:

The network part, the subnet part (now often considered part of the network part, although originally it was part of the rest part), and the host part. There are three classes of IP address which determine how much is whichClassfull addressing IP addresses, when started a few decades ago, used the concept of classes. This architecture is called classful addressing. In the mid-1990s, a new architecture, called classless addressing, was introduced and will eventually supersede the original architecture. However, part of the Internet is still using classful addressing, but the migration is very fast. In this example two bits were borrowed from the original host portion. This is beneficial because it allows a single network portion to be split into several smaller network portions. By design IPv4 address are limited in number and each classful network portion is capable of supporting a finite number of hosts.

1.III/IV B.Tech C.S.E Gurunanak Engineering College

2.II/IV B.Tech C.S.E

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

INTRODUCTION Bandwidth is a key concept in many applications. In radio communications, for example, bandwidth is the range of frequencies occupied by a modulated carrier wave, whereas in optics it is the width of an individual spectral line or the entire spectral range. There is no single universal precise definition of bandwidth, as it is vaguely understood to be a measure of how wide a function is in the frequency domain.

For different applications there are different precise definitions. For example, one definition of bandwidth could be the range of frequencies beyond which the frequency function is zero. This would correspond to the mathematical notion of the support of a function (i.e., the total "length" of values for which the function is nonzero). Another definition might not be so strict and ignore the frequencies where the frequency function is small. Small could mean less than 3 dB below (i.e., less than half of) the maximum value, or it could mean below a certain absolute value. As with any definition of the width of a function, there are many definitions available, which are suitable for different applications. According to the ShannonHartley theorem, the data rate of reliable communication is directly proportional to the frequency range of the signal used for the communication. In this context, the word bandwidth can refer to either the data rate or the frequency range of the communication system (or both). DIGITAL SYSTEM When used to discuss digital communication, the meaning of "bandwidth" is clouded by metaphorical use. Technicians sometimes use it as slang for baud rate, the rate at which symbols may be transmitted through the system. It is also used more colloquially to describe channel capacity, the rate at which bits may be transmitted through the system (see Shannon Limit). Hence, a digital data bus with a bit rate of 66 Mbps on each of 32 separate data lines may properly be said to have a bandwidth of 33 MHz and a capacity of 2.1 Gbit/s but it would not be surprising to hear such a bus described as having a "bandwidth of 2.1 Gbit/s." Similar confusion exists for voiceband modems, where each symbol carries multiple bits of information so that a modem may transmit 56 kbit/s of information over a phone line with a bandwidth of only 4 kHz and a symbol rate of 8 Kbaud. A related metric which is used to measure the aggregated bandwidth of a whole network is bisection bandwidth.

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

Bandwidth is also used in the sense of commodity, referring to something limited or something costing money. Thus, communication costs bandwidth, and improper use of someone else's bandwidth may be called bandwidth theft. In discrete time systems and digital signal processing, bandwidth is related to sampling rate according to the Nyquist-Shannon sampling theorem. When Additive white Gaussian noise is present in a digital communication channel, the ShannonHartley theorem gives the relationship between the channel's bandwidth, the channel's capacity, and the Signal-to-noise ratio (SNR) ratio of the system. MEANING OF BANDWIDTH IN WEB HOSTING In website hosting, the term "bandwidth" is often incorrectly used to describe the amount of data that can be transferred to or from the website or server, measured in bytes transfered over a prescribed period of time. A web hosting company using the correct term "Monthly Data Transfer" is often a good sign to watch out for when shopping for hosting. Web hosting companies often quote a monthly bandwidth limit for a website, for example 100 gigabytes per month. If visitors to the website download a total greater than 100 gigabytes in one month, the bandwidth limit will have been exceeded. PORT SCANNING A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by crackers to compromise it. To portscan a host is to scan for multiple listening ports on a single target host. To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used in searching for a specific service. For example, a SQL based computer worm may port sweep looking for hosts listening on TCP/UDP port 1433. TCP/IP EDIFICE The TCP/IP protocol suite is made of five layers: physical, data link, network, transport, and application. The first four layers provide physical standards, network interface, internetworking, and transport functions that correspond to the first four layers of the OSI model. The three topmost layers in the OSI model, however, are represented in TCP/IP by a single layer called the application layer. The protocol stack that is most common on the Internet today is TCP/IP. In this system, hosts and host services are referenced using two components: an address and a port number. There are 65535 distinct and usable port numbers. Most services use a limited range of numbers; these numbers will eventually become assigned by the IANA when the service becomes important enough. TCP is connection-oriented. A connection-oriented transport protocol establishes a virtual path between the source and destination. All of the segments belonging to a message are then sent over this virtual path. A connection-oriented transmission requires three phases: connection establishment, data transfer, and connection termination. Some port scanners only scan the most common, or most commonly vulnerable, port numbers on a given host. The result of a scan on a port is usually generalized into one of the three categories: Open or Accepted: The host sent a reply indicating that a service is listening on the port. Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port. Filtered, Dropped or Blocked: There was no reply from the host.

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

Open ports present two vulnerabilities of which administrators must be wary: 1. Security and stability concerns associated with the program responsible for delivering the service. 2. Security and stability concerns associated with the operating system that is running on the host. Closed ports only present the latter of the two vulnerabilities that open ports do. Blocked ports do not present any reasonable vulnerabilities. Of course, there is the possibility that there are no (yet) known vulnerabilities in either the software or operating system. The information gathered by a port scan has many legitimate uses, including the ability to verify the security of a network. Port scanning can however also be used by those who intend to compromise security. Many exploits rely upon port scans to find open ports and send large quantities of data in an attempt to trigger a condition known as a buffer overflow. Such behavior can compromise the security of a network and the computers therein, resulting in the loss or exposure of sensitive information and the ability to do work. TCP SCANNING The simplest port scanners use the operating system's network functions. Nmap calls this mode connect scan, named after the Unix connect() system call. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. This scan mode has the advantage that the user doesn't require special privileges. However, using the OS network functions prevents low-level control, so this scan type is less commonly used. SYN scan is the most popular form of TCP scanning. Rather than use the operating system's network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as "half-open scanning," because it never actually opens a full TCP connection. The port scanner generates a SYN packet. If the target port is open, it will respond with a SYN-ACK packet. The scanner host responds with a RST packet, closing the connection before the handshake is completed. The use of raw networking has several advantages, giving the scanner full control of the packets sent and the timeout for responses, and allowing detailed reporting of the responses. There is debate over which scan is less intrusive on the target host. SYN scan has the advantage that the individual services never actually receive a connection; some services can be crashed with a connect scan. However, the RST during the handshake can cause problems for some network stacks, particularly simple devices like printers. There are no conclusive arguments either way. UDP SCANNING UDP scanning is also possible, although there are technical challenges. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. Most UDP port scanners use this scanning method, and use the absence of a response to infer that a port is open. However, if a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open. This method is also affected by ICMP rate limiting. An alternative approach is to send application-specific UDP packets, hoping to generate an application layer response. For example, sending a DNS query to port 53 will result in a response, if a DNS server is present. This method is much more reliable at identifying open ports. However, it is limited to scanning ports for which an application specific probe packet is available. Common tools (e.g. nmap, nessus) generally have probes for less than 20 UDP services. In some cases, a service may be listening on the port, but configured not to respond to the particular probe packet. OTHER SCAN TYPES

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

Some more unusual scan types exist. These have various limitations and are not widely used. Nmap supports most of these. ACK scan - can find packets allowed through a stateless packet filter. FIN scan - can determine if ports are open/closed, even if SYN packets are filtered. Protocol scan - determines what IP level protocols (TCP, UDP, GRE, etc.) are enabled. Proxy scan - a proxy (SOCKS or HTTP) is used to perform the scan. The target will see the proxy's IP address as the source. This can also be done using some FTP servers. Idle Scan - Another method of scanning without revealing your IP address, taking advantage of the predictable ipid flaw. ICMP scan - determines if a host responds to ICMP requests, such as echo (ping), netmask, etc. PACKET CAPTURING A packet sniffer (also known as a network analyzer or protocol analyzer or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications. On wired broadcast LANs, depending on the network structure (hub or switch), one can capture traffic on all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network (e.g. ARP spoofing). For network monitoring purposes it may also be desirable to monitor all data packets in a LAN by using a network switch with a so-called monitoring port, whose purpose is to mirror all packets passing through all ports of the switch. On wireless LANs, one can capture traffic on a particular channel. On wired broadcast and wireless LANs, in order to capture traffic other than unicast traffic sent to the machine running the sniffer software, multicast traffic sent to a multicast group to which that machine is listening, and broadcast traffic, the network adapter being used to capture the traffic must be put into promiscuous mode; some sniffers support this, others don't. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the service set for which the adapter is configured will usually be ignored; in order to see those packets, the adapter must be put into monitor mode. The versatility of packet sniffers means they can be used to: Analyse network problems. Detect network intrusion attempts. Gain a network intrusion. Monitor network usage. Gather and report network statistics. Filter suspect content from network traffic. Spy on other network users and collect sensitive information such as passwords (depending on any content encryption methods which may be in use) Reverse engineer protocols used over the network. Debug client/server communications Example uses: A packet sniffer for a token ring network could detect that the token has been lost or the presence of too many tokens (verifying the protocol). A packet sniffer could detect that messages are being sent to a network adapter; if the network adapter did not report receiving the messages then this would localize the failure to the adapter.

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

A packet sniffer could detect excessive messages being sent by a port, detecting an error in the implementation. A packet sniffer could collect statistics on the amount of traffic (number of messages) from a process detecting the need for more bandwidth or a better method. A packet sniffer could be used to extract messages and reassemble into a complete form the traffic from a process, allowing it to be reverse engineered. SUBNETWORK

A graphic representation of relationships and source of the various variables representing a chunk of C subnets In computer networks, a subnetwork or subnet is a range of logical addresses within the address space that is assigned to an organization. Subnetting is a hierarchical partitioning of the network address space of an organization (and of the network nodes of an autonomous system) into several subnets. Routers constitute borders between subnets. Communication to and from a subnet is mediated by one specific port of one specific router, at least momentarily. A typical subnet is a physical network served by one router, for instance an Ethernet network (consisting of one or several Ethernet segments or local area networks, interconnected by switches and bridges) or a Virtual Local Area Network (VLAN). However, subnetting allows the network to be logically divided regardless of the physical layout of a network, since it is possible to divide a physical network into several subnets by configuring different host computers to use different routers. The address to all nodes in a subnet starts with the same binary sequence, which is its network id and subnet id. In IPv4, the subnet may be identified by its base address and subnet mask. Subnetting simplifies routing, since each subnet typically is represented by one row in the routing tables in each connected router.

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

Subnetting was originally introduced before the introduction of classful network addresses in IPv4, to allow a single larger network to have a number of smaller networks within it, controlled by several routers. Subnetting made classless Inter-Domain Routing possible. NETWORK ADDRESS AND LOGICAL ADDRESS The term network address sometimes refers to logical address, i.e. network layer address such as the IP address, and sometimes to the first address (the base address) of a classful address range to an organization. Computer and devices that are part of internetworking network such as the Internet all have a logical address. The network address is unique to that device and can either be dynamically or statically configured. This address allows the device to communicate with other devices connected to the network. The most common network addressing scheme is IPv4. The IPv4 network address consists of a 32 bit address divided into 4 octets and a subnet mask of like size. In order to facilitate the routing process the address is divided into two pieces. The network address and the host address. This works much like a postal address where the network address would represent the city and the host address would represent the street address. The subnet mask is used in conjunction with the network address to determine which part of the address is the network address and which part is the host address. BINARY SUBNET MASKS While subnet masks are often represented in dot-decimal form their use becomes clearer in binary. Looking at a network address and a subnet mask in binary a device can determine which part of the address is the network address and which part is the host address. To do this, it performs a bitwise "AND" operation. Subnet masks consist of a series of 1s in binary followed by 0s. The 1s designate that part of the address as being part of the network portion and the 0s designate that part as being part of the host address. Subnet masks do not have to fill a given octet. This allows a classful network to be broken down into subnets. A classful network is a network that has a subnet mask of 255.0.0.0, 255.255.0.0 or 255.255.255.0. Subnet masks can also be expressed in a shorter form, known as Classless Inter-Domain Routing (CIDR) notation, which gives the network number followed by a slash ("/") and the number of 'one' bits in the binary notation of the netmask (i.e. the number of relevant bits in the network number). For example, 192.0.2.96/24 indicates an IP address where the first 24 bits are used as network address (same as 255.255.255.0). IPV4 CLASSES IPv4 addresses are broken down into three parts: the network part, the subnet part (now often considered part of the network part, although originally it was part of the rest part), and the host part. There are three classes of IP address which determine how much is which Classfull addressing IP addresses, when started a few decades ago, used the concept of classes. This architecture is called classful addressing. In the mid-1990s, a new architecture, called

www.jntuworld.com

www.jntuworld.com

www.jwjobs.net

classless addressing, was introduced and will eventually supersede the original architecture. However, part of the Internet is still using classful addressing, but the migration is very fast. Subnetting is the process of allocating bits from the host portion as a network portion. The above example shows the bitwise "AND" process being performed on a classful network. The following example shows bits being borrowed to turn a classful network into a subnet.

Subnetting EXAMPLE In this example two bits were borrowed from the original host portion. This is beneficial because it allows a single network portion to be split into several smaller network portions. By design IPv4 address are limited in number and each classful network portion is capable of supporting a finite number of hosts. A classful C address for example has space for 254 hosts. If a network were to be split into four parts using classful address four different class C addresses would have to be used to serve those networks. Using the subnetting example above if each subnetwork were to have 62 hosts or less (see below for math) a single class C address could be split up to service the entire network while wasting the fewest host addresses.

www.jntuworld.com