Control, File Name and File Transfer. FTP offers many facilities beyond the
and it accounts for much network traffic. Originally defined as part of the
ARPANET protocols, FTP predates both TCP & IP. These early versions of file
transfer software evolved into a current standard known as the FTP. We have
to do this Transfer in secured way for this we use network intrusion detection
system(nids).
operating system. The application has two main subdivisions, the client and the
server. The server side program of the application mainly deals with basis
connectivity for the client to the server. The client mainly consists of the user
private sector companies marinating there own local area networks in which may
computers are connected to one and other through some specified topology. These
topologies include ring, bus, star etc. Most of these LANS use client-server
server, where all other acts as clients. Clients are those who generate requests and
Generally the requests are of the following types. Requesting a file from
server, updating a file present in server, removing particular file in server. The server
contains some important file, which are needed by many clients.depending upon the
requests send by the clients the server serves the clients, by sending files which are
requested by clients, or by updating files in server with the data sent by clients , or by
removing a file in the server.but during this tranfer there may be threat of virus so we
protection.so we need som programming technique to provide this.By keeping all this
in view we selected our project and tried to provide protection mechanisims to this
transfer.
Socket Domains:
Domains specify the network medium that the socket communication will
use. The most common domain is AF_INET refers to Internet networking. It is used
on many UNIX local area networks and the Internet itself. The underlying protocol,
Internet protocol(IP), imposes a particular way of specifying computers on a network -
this is the IP address.
Socket domains include:
Socket Types:
A socket domain may have a number of different ways of
communicating, each of which might have different characteristics. The most widely
used socket types are:
Stream Sockets:
Stream sockets are specified by the type SOCK_STREAM. They are
implemented in the AF_INET domain by TCP/IP connections. Stream sockets provide
a sequenced, reliable two way byte stream. Thus data us guaranteed not to be lost,
duplicated or re-ordered without an indication that an error has occurred.
Datagram Sockets:
Datagram sockets are specified by the type SOCK_DGRAM. They are
implemented in the AF_INET domain byte UDP.IP connections. Datagram sockets
provide an unsequenced, unreliable service.
Stream sockets treat communications as a continuous stream of characters,
while datagram sockets have to read entire messages at once. Each uses its own
communciations protocol. Stream sockets use TCP (Transmission Control Protocol),
which is a reliable, stream oriented protocol, and datagram sockets use UDP (Unix
Datagram Protocol), which is unreliable and message oriented.
ftp is a protocol for tansferring files from one host to another host. ftp
uses two parallel tcp connections to transfer a file ,a control connection and a data
connection the control connection is used for sending control information between
two hosts, information such as user identification, passwords ,commands to change
remote directory, and commands to put and get files. The data connection is used
actually to send a file.
-------------
|/---------\|
|| User || --------
||Interface|<--->| User |
|\----^----/| --------
---------- | | |
|/------\| FTP Commands |/----V----\|
||Server|<---------------->| User ||
|| PI || FTP Replies || PI ||
|\--^---/| |\----^----/|
| | | | | |
-------- |/--V---\| Data |/----V----\| --------
| File |<--->|Server|<---------------->| User |<--->| File |
|System| || DTP || Connection || DTP || |System|
-------- |\------/| |\---------/| --------
---------- -------------
Server-FTP USER-FTP
The FTP process can be modeled as shown in the figure. The user-PI initiates
the control connection with the server. The FTP commands initiated by the user are
transmitted to the server process via the control connection. In response to these
commands, standard replies are sent by the server-PI to the user-PI over the control
connection.
Server-ftp
User-ftp
Process model
hardware kernel
hardware
architecture of linux
Sort of files:
Most files are just files, called regular files; they contain normal data,
for example text files, executable files or programs, input for or output from a program
and so on.
While it is reasonably safe to suppose that everything you encounter on
a Linux system is a file, there are some exceptions.
Directories: files that are lists of other files.
Special files: the mechanism used for input and output. Most special files are in
/dev, we will discuss them later.
Links: a system to make a file or directory visible in multiple parts of the system's file
tree. We will talk about links in detail.
(Domain) sockets: a special file type, similar to TCP/IP sockets, providing
inter-process networking protected by the file system's access control.
Named pipes: act more or less like sockets and form a way for processes to
communicate with each other, without using network socket semantics.
2.5.5 VI EDITOR
Vi editor is a full-screen editor now available with all LINUX systems,which is
used to write some C programs and shell scripts.vi offers cryptic, and sometimes
mnemonic ,internal commands for editing work.It makes complete use of the
keyboard, where practically every key has a function.
The relationship between these three modes is depicted in the following figure:
Command
mode
I,o,O,r,R,s,S,a,A <enter>
<Esc> :
Input
Ex mode
mode
1.Command mode:
when you open the file with vi , the cursor is positioned at the top left corner of
the screen.you are said to be in command mode.This is the mode you can pass the
commands to act on the text,using most of the keys of the keyboard.pressing a key
does not show it on the screen,but may perform a function like moving the cursor to
the next line, or deleting a line.you can’t use the command mode to enter or replace
the text.The following table summarizes the Command mode commands:
Command Action
2.Input mode:
To enter text, you have to leave the command mode and enter the input
mode.Thereare ten keys which, when pressed take you to this mode,and whatever
you type shows up on the screen.To leave this mode you have to press <esc> key.
The following table summarizes the input mode commands:
Command Function
3.Ex mode:
Command Action
Application of linux:
Today Linux has joined the desktop market. Linux developers concentrated on
networking and services in the beginning, and office applications have been the last
barrier to be taken down. Linux an acceptable choice as a workstation, providing an
easy user interface and MS compatible office applications like word processors,
spreadsheets, presentations and the like.
On the server side, Linux is well-known as a stable and reliable platform,
providing database and trading services for companies like Amazon, the well-known
online bookshop, US Post Office, the German army and such. Especially Internet
2.6 C Language
Functions used in c :
Memset :
This function is used to set n bytes of an array to a value s. The syntax is as
follows
memset(void *s ,int c ,size_t n);
Getcwd :
This function is used to get the current working directory.
getcwd(char *buff,int buflen);
buff contains the current directory and buflen is the length of the buff.
System :
It executes a command internally .
int system(char * command);
unlink:
this function is used to delete a file.if the file has readonly property this command
fails.
int unlink(const char * filename)
rename :
it is used to change the name of a file.
int rename(const char *oldfilename,const char *newfilename);
strdup :
this function is used to duplicat a given string.the syntax is
char * strdup(const char *s)
Files
Opening A File:
Before we can write information to a file on a disk or read it, we must open
the file. When we request the operating system to open a file, what we get back, is a
pointer to the structure FILE. That is why, we make the following declaration before
opening the file,
FILE *fp;
fopen() is used to open a file. The syntax is as follows:
fp = fopen(“pr1.c”,”r”);
Reading A File:
To read a file, the file must be opened in the read mode. The syntax will be
as follows:
fp = fopen(“pr1.c”, “r”);
The contents in the file are read by using the function called, fscanf(). The
syntax is as follows :
fscanf(fp, format, values);
Writing A File:
Before writing data into a file, the file must be opened in write mode.
fp= fopen(“pr1.c”,”w”);
The data is written into the file , by using the function called, fprintf().The syntax is
as follows :
fprintf (fp, format, values);
Closing A File:
Closing of file is done by using the function called, fclose(). The syntax
is as follows:
fclose (fp);
1. the status of the client and the sever while the server is blocked in the call to
accept and the connection request arrives from the client.
2. the connection status after connect returns is as follows:
Server Client
Listenfd
Connection Connect()
connfd
The kernel accepts the connection and a new socket connfd, is created. This is
a connected socket and data can now be read and written across connection.
3. the status after fork is as follows:
Server(parent) Client
Listenfd() Connect()
Connection
Connfd()
fork Server(child)
Connfd()
the status after the child closes the connected socket and the child closes
the listening socket as follows.
Server(parent) client
listenfd
Connect()
Connection
Server(child)
connfd
this is the desired state of the sockets. The child is handling the connection
with the client and the parent can call accept again on the listening socket, to
handle the next connection.
RETRIEVE (RETR)
This command causes the server-DTP to transfer a copy of the ile, specified
in the pathname, to the server- or user-DTP at the other end of the data connection.
The status and contents of the file at the server site shall be unaffected.
STORE (STOR)
This command causes the server-DTP to accept the data transferred via the
data connection and to store the data as a file at the server site. If the file specified in
the pathname exists at the server site, then its contents shall be replaced by the
data being transferred. A new file is created at the server site if the file specified in
the pathname does not already exist.
STORE UNIQUE (STOU)
This command behaves like STOR except that the resultant file is to be
created in the current directory under a name unique to that directory. The 250
Transfer Started response must include the name generated.
APPEND (with create) (APPE)
This command causes the server-DTP to accept the data transferred via the
data connection and to store the data in a file at the server site. If the file specified in
the pathname exists at the server site, then the data shall be appended to that file;
otherwise the file specified in the pathname shall be created at the server site.
DELETE (DELE)
This command causes the file specified in the pathname to be deleted at the
server site. If an extra level of protection is desired (such as the query, "Do you
really wish to delete?"), it should be provided by the user-FTP process.
REMOVE DIRECTORY (RMD)
1,3
E
S
cmd W 2
B
F
4,5
3 E
B cmd W 2 S
F
1 4,5
Note that this second model could also be used to represent the first group of
commands, the only difference being that in the first group the 100 series replies are
unexpected and therefore treated as error, while the second group expects (some
may require) 100 series replies.
Remember that at most, one 100 series reply is allowed per command.
rnfr W 1,2
B E
3 4,5
2 1,3
rnto
F
W
4,5
Rest 1,2
B W E
3 4,5
S
2 3
cmd
W F
1 4,5
Single Interface
The easiest configuration is a box with a single interface. The same interface that
listens to the network traffic is the same one from which administration is done.
Dual Interface
In a dual-interface configuration, one interface is used to listen to network traffic in
promiscuous mode while the other is used for remote administration. This type of
configuration is used in environments where it is not possible to administrate the box
from the same interface that is listening to the network traffic.
In this configuration, the external interface should be well protected and the box
designed explicitly for this purpose. The box should not be offering any network
services except for ssh on the internal interface only.
Ip layer
Drop out
data
Data Link Layer
data
Physical Layer
IMPLEMENTATION
Socket Function:
The socket system call creates a socket on demand.
Int socket(int domain, int type, int protocol);
returns non-negative descriptor if OK, -1 on error
The domain parameter specifies the address family, the type parameter specifies the
type of communication to the used with the socket, and the protocol parameter
specifies the protocol to be employed.
Bind function:
The bind function assigns a local protocol address (name) to a socket, this
makes the socket available for use by other programs.
int bind(int sockfd, const struct sockaddr *address,socklen_t addrlen);
returns 0 if OK, -1 on error
listen Function:
This function is called by a server program, and has the following prototype.
int listen(int sockfd,int backlog);
returns 0 if OK, -1 on error
The listen function performs two actions:
When a socket is created by the socket function, it is assumed to be an active socket,
that is, a client socket that will issue a connect. The listen function converts an
unconnected socket into a passive socket, indicating that the kernal should accept
incoming connection requests directed to this socket.
The second argument to this function specifies the maximum number of connections
that the kernal should queue for this socket.
connect Function:
The connect function is used by a TCP client to establish a connection with a
TCP server.
int connect(int sockfd, const struct sockaddr *servaddr, socklen_t addrlen);
returns 0 if OK, -1 on error
The function connects the socket specified by the parameter sockfd, to the server
socket specified by the parameter servaddr, which is of length addrlen.
accept Function:
The accept function is called by a TCP server to return the next completed
connection from the front of the connection queue.
int accept(int sockfd, struct sockaddr *cliaddr, socklen_t *addrlen);
returns non-negative descriptor if OK, -1 on error
Server
Socket()
bind()
listen()
Client
accept()
socket()
Blocks until connection from client
Connection established
connect()
Data (request)
write read()
Process request
Data (reply)
write()
read()
read()
close() EOF notification
close()
3. The server then waits for a client connection on the named socket. It calls the
4. The server then calls the accept system call to accept client connections. On a
successful connection, accept returns a new socket, which is distinct from the
named socket. This new socket is used exclusively for communication with this
particular client. The named socket remains free for further connections from other
clients.
5. Once a connection is established with a client., the server processes the request
the request and sends back a reply to the client. This continues until the client
closes its end of the connection, which sends an end-of-file notification to the
server..
The FTP program is very basic – the user input to the FTP client are
directory manipulation commands and the file pathnames. The implementation
supports FTP commands: "list", “cd”, “copy”, “mkdir”, “rmdir” , “delete”, “transfer” ,
“exit”, and “help”.All the other FTP commands and options are not included in the
program because these additional commands are not really necessary for the task of
transferring files from one system to another.
Since the protocol implementation should support multiple users
simultaneously, the FTP server implemented is a concurrent server. The server is
started as a background process, it for connection requests ( on a fixed port )from
clients, and forks to create child processes as described in multipl server session.
These child processes handle individual clients and terminate after servicing the
clients.
The client implementation is fairly simple: the client program first establishes
a control connection with the server, and passes the file manipulation and file transfer
commands along with any parameters to the server over this connection. Each
command is sent as a message - a text string, to the server. The server processes
these commands and passes the results back to the client via the same control
connection. The next command is then read at the command prompt ‘FTP>’ & sent to
the server and the process continues. The session can be terminated by invoking
the exit command which closes the client side socket and breaks the connection.
Sockfd=if((socket(AF_INET,SOCK_STREAM,0))<0)/* opens a tcp socket */
Printf(“can’t open stream socket”);
/*fill the structure serv_addr with address of server*/
bzero((char *)&serv_addr,sizeof(serv_addr));
serv_addr.sin_family=AF_INET;
serv_addr.sin_addr.s_addr=inet_addr(SERV_HOST_ADDR);
serv_addr.sin_port=htons(SERV_TCP_PORT);
/* connect to server*/
The server implementation is as follows: when the server receives a request for
connection, it executes the accept system call, which returns a new socket descriptor
to the server. This new distinct socket is used to communicate with client. The server
then forks, and a new child, which also inherits the parents’ socket descriptor, is
created. Next, the parent and the child close the connected socket and the listening
socket ( named server socket ) respectively, and function independent of each other.
Sockfd=if((socket(AF_INET,SOCK_STREAM,0))<0)/* opens a tcp socket */
Printf(“can’t open stream socket”);
/*bind our local address so client can send us*/
bzero((char *)&serv_addr,sizeof(serv_addr));
serv_addr.sin_family=AF_INET;
serv_addr.sin_addr.s_addr=htonl(INADDR_ANY);;
serv_addr.sin_port=htons(SERV_TCP_PORT);
if(bind(sockfd,struct sockaddr *)&serv_addr,sizeof(serv_addr))<0)
printf(“can’t bind local address”);
listen(sockfd,5);
for( ; ;)
{
clilen=sizeof(cli_addr);
newsockfd=accept(sockfd,(struct sockaddr*) & cli_addr,&cli_len);
if(newsockfd<0)
printf(”accept error”);
if((childpid==fork())<0)
printf(“fork error”);
else if(childpid==0)
Server code:
fd=open(buf2,O_RDONLY);
do {
n=read(fd,buf6,sizeof(buf6));
write(nd,buf6,n);
if(read(fd,ch,1)==NULL)
break;
read(nd,buf,sizeof(buf));
}while(1);
n=read(fd,buf6,sizeof(buf6));
write(nd,"completed",9);
putfile:
The user at the client-side enters the command putfile<filename> at the
MYFTP> prompt.
If the file exists, it ‘s contents are read in to buffer and this text is sent over
the connection to the server using a write API.
At the server side, a new file is created in the present working directory with the
name specified.
The data received from the server is stored in the new file.
Client code :
read(sd,bu0,sizeof(sd));
nd=read(fd,buf2,sizeof(buf2));
4.4 PCAP
Nids is implemented using pcap library.
The structure of pcap.h header is as follows:
#ifndef lib_pcap_h
#define lib_pcap_h
#include <sys/types.h>
#include <sys/time.h>
#include <net/bpf.h>
#include <stdio.h>
#define PCAP_VERSION_MAJOR 2
#define PCAP_VERSION_MINOR 4
#define PCAP_ERRBUF_SIZE 256
/* XXX */
int pcap_freecode(pcap_t *, struct bpf_program *);
int pcap_datalink(pcap_t *);
int pcap_snapshot(pcap_t *);
int pcap_is_swapped(pcap_t *);
/* XXX */
FILE *pcap_file(pcap_t *);
int pcap_fileno(pcap_t *);
4.5 TESTING
Testing techniques :
Simple notation for the representation of control flow called a flow graph .
sequence
if
while
3
4 5
Cyclomatic complexity
path1: 1-8
path2: 1-2-3-5-1-8
path3: 1-2-4-6-7-2-3-5-1-8
Condition testing
Condition testing is a test case design method that exercises the logical
conditions contained in a program module.
In our program we performed condition testing for checking whether given file is
present
if(strcmp(read1->d_name,arg_table[1])==0)
reads the contents of a directory anc compare with the input file.
Thus we check for the condition whether given file is present or not.
Loop Testing :
Loop testing is a white box testing technique that focues exclusively on the
validity of loop constructs. Four different classes of loops can be defined:
Simple loops, concatenated loops,nested loops and unstructured loops.
In our programs we have used mostly concatenated loops and nested loops
Nested loops:
the inner loop will execute for arg_num times for every iteration of for loop.
While loop will execute end of file.
Termination conditions:
Inner loop terminate when i=arg_num
While loop terminate at two conditions.
a) end of file is reached .
b) empty file is read.
• The utilityhas been tested for multiple file trasfer vetween two systems running
on Linux.
• It has been tested transferring a virus file and report was generated
succesfully.
LIMITATIONS
• It is diffcult for a nontechnical user to work.
• Nids alone could not stop transfering of virus packets.
• Signature of the virus should be known in advance.
FUTURE SCOPE
The present utility still needs some enhancements to be made for more global usage.
The following updations are to be implemented in future
REFERENCES
www.w3.org/protocols/rfc959/overview.html
http://searchnetworking.techtarget.coms