Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019 6 Preventing the Breach of Sniffers in TCP/IP Layer Using Nagle's Algorithm P. Subhaasini, N. Bhuvaneswari, M. Jerald and M. Madhavakirshnan Abstract--- Normally packet is send through the network, even though packet is encrypted the path which it travel may cause some damage such as packet missing, time delay, packet shuffle. To overcome such issues Nagle's algorithm and D'Esopo Pape algorithm are used. Hence this algorithm increases the response time of the packet. This will take place in the TCP/IP layer which is more reliable. Keywords--- Network, Nagles Algorithm, D'Esopo Pape Algorithm, Maximum Segment Size. I. INTRODUCTION A S there is the increasing number of development in the computer networks, the risk originating from networks is also increasing. Computer Security Institute survey results show that cyberspace is currently facing the variety of attacks during the transmission of data from the sender to the receiver. When the packet is send through the same router for many number of times repeatedly it finds very easy for the attackers to monitor the transmission of the packet and can easy change the packet order and some times can destroy the packet from the path. Using algorithm as nagle’s algorithm, D'Esopo pape the packet is secured. By using this method packet shuffle, packet damage and packet time delay can be controlled. Thus the system can effectively prevent the sniffers to attack the packet or to shuffle the packet and this system provides more security. II. RELATED WORK This security of information transmission in a network is an important research topic of global network security; it is also the focus of the entire information security field. Network sniffing is currently a major threat to network security. It can be used to eavesdrop on a user’s data, steal a user’s identity, achieve unauthorized access and disguise attackers as legitimate users to obtain confidential data. To prevent such attacks, much research work has been performed. III. MIMIC SECURITY DEFENSE For information systems, mimic computing can be P. Subhaasini, Student, Department of CSE, Sree Sakthi Engineering College, AICTE, Coimbatore, India. E-mail: haasinibabu1997@gmail.com N. Bhuvaneswari, Student, Department of CSE, Sree Sakthi Engineering College, AICTE, Coimbatore, India. E-mail: bhuvanadhijaa468@gmail.com M. Jerald, Student, Department of CSE, Sree Sakthi Engineering College, AICTE, Coimbatore, India. E-mail: jeraldmjt173@gmail.com M. Madhavakirshnan, Assistant Professor, Department of CSE, Sree Sakhi Engineering College, AICTE, Coimbatore, India. E-mail: mkmathava@gmail.com DOI:10.9756/BIJNTA.9005 implemented by a variety of software and hardware variants with equivalent functions but different computing efficiencies. To improve the overall computational efficiency, mimic computing can reconstruct the corresponding system operation structure or execution environment in a timely and dynamical manner. The inherent dynamics, heterogeneity, and nondeterminism of mimic computing naturally disrupt the integrity of attack chains that current attack technologies rely on. Thus, mimic computing enables information systems to have inherent active defense capabilities. Mimic security defense is based on the theory of mimic computing. By actively changing the basic elements of the information system components, it realizes the transition or migration of network, platform, environment, software, data and other structures. In addition, these dynamic changes are made to be controllable by the defender to realize a mimic environment. For the attacker, the target changes are difficult to observe and predict, thereby greatly increasing the difficulty and cost of an attack and greatly reducing the system security risk. The mimic defense (MD) framework and ‘dynamic, heterogeneity, redundancy core mechanism in detail. The basic components of DHR consist of heterogeneous variants, a dispatcher, a mimic scheduler and a policy-based arbiter. Their research mainly focuses on the evaluation issue of DHR and analyzes its performance with a theoretical model. In addition, their results show that MD can significantly increase the difficulty faced by attackers and enhance the security of cyber systems; an up to teatimes enhancement of security can be achieved. The mimic defense system formally and analyzed the security effects of redundancy in mimic defense systems through results from Monte Carlo simulations. Proposed a mimic defense web server with a dynamic heterogeneous redundancy structure to establish the software layer, data layer, operating system layer and other multilayer mimic defense. The web server can effectively resist many types of intrusion detection and attacks. After attack implantation, the system structure can be transformed so that the original attack will fail. An aware decision-making security architecture with multiple controllers, which exploits heterogeneity and redundancy from different controllers to prevent an attack proactively. The architecture utilizes the heterogeneity and redundancy of controllers to enable the control plane to operate in a dynamic, reliable and unsteady state, which significantly hampers the probing of systems and executing attacks. Designed and implemented a mimic network operating system, an active defense architecture based on mimic security defense to ensure SDN control plane security. The architecture adopts a heterogeneous redundant network operating system, and a mimic plane is added between the traditional SD data plane and the control plane to implement ISSN 2320-5377 | © 2019 Bonfring Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019 dynamic scheduling .This can effectively reduce the probability of successful attack and has good fault tolerance. Based on the mimic defense theory and technology. proposed a framework against zero-day attacks. To protect the security of distributed storage systems. presented a storage architecture for mimic defense. This architecture adopts heterogeneous a multi-random coding defense mechanism to actively and dynamically defend against indeterminate attacks. System Architecture The data link layer is between the physical layer and the network layer and provides services to the network layer based on the service provided by the physical layer. The data link layer mimic encryption system is implemented by the CPU and the FPGA reconfigurable device. Data encryption is performed by inserting the FPGA encryption card into the PCI slot of each computer. The key management module runs on the CPU and is mainly used for the two communication parties of a key agreement, initialization parameters, key distribution and FPGA status information statistics. Through the SPI interface, the CPU passes the parameters and keys to the FPGA. These are then parsed by the key management module of the FPGA. The FPGA is mainly used for the implementation of the mimic encryption and decryption modules. The reconfigurability of the FPGA, dynamic implementation of different encryption and decryption algorithms, and pseudo-random calls of these algorithms are used to perform data encryption and decryption. The FPGA can integrate multiple redundant 10G, 1G and 100M Ethernet network interfaces according to the changes in the network processing load and upper user configuration and dynamic switching of the network port and channel. By fully utilizing the flexibility and scalability of the FPGA, the system confuses attackers and prevents network attacks such as network sniffing. Encryption Frame Format The basic function of the data link layer is to provide transparent and reliable data transmission to users. It is the physical layer used to transmit the original bit stream capability enhancement and transform the physical error provided by the physical layer connection into a logically error-free data link and is represented to the user as an errorfree route. A frame is an important component of the data link layer and includes, for example, synchronization information, address information, data information, and checksum information To facilitate and effectively encrypt these types of information and to prevent data leakage, it is necessary to transform the original frame structure. 7 components of the vector represent the changes in the system encryption algorithm, the key and the network inter face channel. Regarding a traditional encryption system, its encryption algorithm, key and network interface are unchanged during the operation, and (t 1 ) =(t 2 ) = (t l ), that is, the traditional encryption system is static and deterministic. Simultaneously, for two different traditional encryption systems, the encryption algorithm may be the same, but the key will be different, though similar. The mimic encryption system is dynamic, diverse and random. The descriptions of these characteristics are as follows. Dynamic The encryption and decryption algorithm of the mimic system is dynamically reconfigurable. After negotiation with the user, it can dynamically partially reconstruct the encryption algorithm and the hash algorithm and then complete the switching between different algorithms. Additionally, the frame FID is time varying, with 256 as a cycle and changing from 0 to 255 in turn. Simultaneously, the pseudo-random number generator also produces different cyclic states with different seeds. In combination with FID scrambling, different algorithms are dynamically selected from the encryption algorithm pool. Finally, the system key is constantly changing, and at a given point in time, the value is different from that at other moments, namely, Key (t1) = Key (t2) = Key(t l). Diverse The mimic encryption system consists of a pseudorandom number generator, an encryption algorithm pool, an HK pool and other different elements, and each element has several different states. Thus, the whole system has many different states. Assuming that the system encryption algorithm pool is Ec = {ec 1 , ec 2 , ec 3 , . . . , ec n }, the number of encryption changes is n 2. The system has multiple redundant network interfaces, according to the user configuration, and can dynamically choose a network interface with different rates and different channels. Assuming that the system has m network interfaces, the number of combinations of encrypted frames sent is n 2 ×m. For the same frame content, since the depth of the HK pool is 256, there are at most 256 different keys. Thus, there are 256n 2 types of encrypted cipher texts for the same frame. Security Analysis Mimic Security Analysis If the mimic encryption system is represented by the symbol, it can be described by a 3-tuple as = {Ec, Key, NI },where represents the encryption algorithm, Key represents the key, and NI represents the network interface. The multiple phases of the system have several different encryption schemes, and if represented by a state vector(t) = {Ec(t), Key(t), NI (t)} at a certain time, a finite state set can be used to represent all the different states of the system. The ISSN 2320-5377 | © 2019 Bonfring IV. NETWORK PROCESSING Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019 Million number of computers that are connected together for the purpose of sharing the resources. Sharing of resources is made via wired and wireless. Though the wired transmission of data ,the chance of data missing is very less. But when the data is send through the wireless medium the chance of data missing is very high. Hence the security provided to the wireless network must be more than that of the wired network. When the important data is send through the wireless network the data must be very secure. Data Transmission Data transmission is the process of transmitting the data through one or more computing network. The transmission of packet is enabled by point to point, point to multipoint, multipoint to multipoint. There are two process of data transmission they are parallel and serial processing. Serial processing is fore there divided into two they are synchronous and asynchronous. Synchronous Data is transmitted between the sender and the receiver with the help of time slot which is generated and they have a even interval. Synchronous uses the parallel communication. Data is transmitted as a block at one time. The distance overed by it is fast. It transmit the When the time is gone out the packet that is sent will be rejected and hence the packet must be send again and when the acknowledge is also received lately the packet is resend. Due to this purpose the packet that is missed can be easily identified. Both the sender and receiver are synchronized with each other when the clock is set correctly. Asynchronous Data is transmitted between the sender and the receiver by its own way thus it has the uneven interval between them when the packet is send. It is also called as the stop or start transmission. Asynchronous uses the serial communication. Data is transmitted as a single character at a time. The distance covered by it is slow. By using this method the missing packets cannot be dected, because it does not have any time slot to manage the transmission of packet. There can be gaps between the data. Previous analyses of problems with the data transmission Pseudo-random selection of combinations of encryption algorithms and keys is performed to achieve “One frame –One key” which is the mimic encryption concept. The use of a n FPGA combine with CPU, software and hardware collaboration is achieved for the entire system. This makes the attacking surface large which reduces the vulnerabilities of such attacks. The system can prevent exhaustive key search attacks, and cipher text only attacks. Security is provided only for the data link layer. TCP/IP layer security is needed to expand the attack surface so that it provides more security. 8 There may occur time delay during the transmission of packets from source to destination. The data packets may be missed during the transmission. V. NAGLE'S ALGORITHM Nagle’s algorithm is a means of improving the efficiency of TCP/IP layer by reducing the number of packets that need to be sent over the network. If the network is very congested, the ACK will take a long time. This will result in many small packets being collected into a MSS which is known as container, thus reducing the overhead. If the network is not in congested state, the ACK will arrive very quickly, allowing the next small segment to be sent without much delay. The Nagle algorithm favors the sending of short segments on a “fast network”. Push key is mainly used to indicate that the container is to be sent to the receiver even if the MSS is not full. The packet that is filled in the MSS can be of any size, when the MSS is filled immediately the container is send to the receiver. If the MSS is not filled then the container is kept in the buffer till it get filled. If the packet that is filled in the container of different address it can be managed by using the field ID that is proved in front of the packet. Hence it finds easy for the different address packets to reach in the different destination with the help of the container concept in Nagles algorithm. After the collection of packets the container will be consider as a packet hence the source and the destination address will be provided there for the acknowledge purpose. 1) Nagle's Algorithm if there is new data to send if the packet >= MSS and available data is >= MSS send complete MSS segment now else if there is unconfirmed data still in the pipe en queue data in the buffer until an acknowledge is arrived else send data immediately end if end if end if Normally when the packet is sent from the source to the destination , each packet gives the response this takes the long time for the transmission of the packet. If the many number of packet is sent to the destination the acknowledge is not in the proper manner. Hence to over come such issues the nagles algorithm is used in the better way. It sends only a single container so hence only one acknowledge will be received. This provides the sufficient information about the packet. The data that is kept in the buffer it waits for 30 sec after that the packet is sent to the receiver. VI. D'ESOPO PAPE ALGORITHM The D’Esopo pape algorithm is mainly used to find shortest path and to reduce the time taken to find search. It’s a type of path-finding algorithm. .It work much faster than Dijkstra’s and Bellman-Ford algorithm. The major disadvantage of the Routing Information Protocol, Dijkstra’s ISSN 2320-5377 | © 2019 Bonfring Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019 algorithm is the fact that it does a blind search there by consuming a lot of time waste of necessary resources. Another disadvantage is that it cannot handle negative edges. Routing Information Protocol checks with its neighboring routers every 30 seconds, which increases network traffic. To overcome this D’Esopo pape algorithm is used. By using the distance and time balancing to avoid the blind search which reduces the time waste which also work with the negative edges. Due to parallel processing for searching the node , the time reduced. • Bellman-Ford algorithm is mainly used to find the shortest path only when the graph is weighted. • Dijkstra's algorithm is similar to that of the BellmanFord algorithm but the Dijkstra's algorithm does not work with the negative edges. 2) D'Esopo pape algorithm Kershenbaum Algorithm() Construct a two-vertex graph with vertices 1 and 2, and edges(1,2) =1; for k = 3 to n add vertex k; for i= 2 to k =1; add edge(k.i0 with weight (edge(k,i))= weight(edge(1,i)); weight (edge(1,i)) = weight (1,i) + 1; add edge(1,k) with weight (edge(1,k)) =1; With the help of the above algorithm the shortest path can be easily found out, and also the negative edges. It does not check any blind search like other algorithm. Here the vertices represents the router and weight represents the distance between the sender and the router. VII. NETWORK SIMULATION It shows the simulation for routing and multicast protocols for either wired and wireless network in the internet. Network simulation is an correct imitation of the o a process or system operation. It has successfully applied to many application. It is used to explore changes and alternatives in a very low risk environment which is very safe than the other operation. Behavior, functions and abstract are the key characteristics that are used to represents the simulator. Real- world problems are solved safely and efficiently with the help of the network simulation. There are five types of the network simulation they are Task Trainer Simulation. • Manikin-based Simulation. • Standardized Patient Simulation. • Virtual Reality Simulation. • Tissue-based Simulation. The goals of the study is the initial step which involves defining what needs to be solved. The Monte Carlo method uses the random numbers which is the simulation technique. The principles of Student-Centred and constructivist learning and teaching is a strategy for the simulator which takes the number of forms. It is the form of experiential learning. Forecast the future behavior of a system by using the simulation which influence that future behavior. Selecting an appropriate network simulator for a particular application, it is important to have knowledge of the simulator tools available, along with their strengths and weaknesses. General purpose network simulator is Optimized Network Engineering Tool which is a discrete event, object-oriented. Simulation of large 9 networks with heavy traffic can be developed by using QualNet Developer (‘QualNet’)is a distributed and parallel network simulator. Variety of machines and operating systems can be maintained with the help of QualNet. Network Simulator Techniques There are three widely used techniques for running the Network simulator they are as follows, • Parallel • Distributed • Combination of both Parallel and the Distributed. Stochastic or discrete-event simulation is a part of parallel and distributed simulator. Stochastic simulation is regarded as a statistical experiment where the data is analyzed using some statistical method for that purpose. Time based behavior of a system can be monitor by the distributed simulator. Due to limited performance of the current network simulators it have most widely performed on small network models and for short time scales. Several simulations that are running on multiple inter- connected processors correctly are termed as Parallel simulation. Huge amount of memory and processing time are required for the simulation of large networks. Rerunning multiple replications in parallel number of machines are suggested to reduce the time duration of simulation. • Practical feedback is given when designing real world systems. • Correctness and efficiency of a design is determined before the system is actually constructed. • Limited external regulation is provided. The packet that is sent, need to reach the destination. When the packet is send continuously the information about the packet cannot be obtain. To overcome this acknowledge concept is introduced. Here when the packet is send to the receiver, immediately when the packet reaches the receiver acknowledge about that packet is send to the receiver. Hence when the packet is missed during the transmission the same packet can be resend to the receiver. Path works similarly to traditional uptime and performance monitoring solutions by creating a network ISSN 2320-5377 | © 2019 Bonfring Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019 a) Consisting of monitoring nodes around the world. However, unlike traditional networks, the nodes used to the system. b) Monitor and collect information are made up of distributed, independent applications located at the end user c) Level rather than the data center level. This allows for a wider variety of data gathering points with built in redundancy, end-to-end visibility, and an unprecedented number of locations around the world. 1. An unprecedented number of independent data collection points. 2. Operators can run the node application from anywhere in the world on any internet connected device. 3. bringing massive global efficiency to deficiencies in local monitoring coverage not currently addressed by any 4. Network monitoring service providers. All monitoring nodes are end user level and independent. Our advanced network analytics / telemetry results from data collected on standard workstations, IOT systems and mobile devices, providing a level of network analysis in sight previously thought unobtainable Modules processing Normally the packet is send from the sender to the receiver, which gives the acknowledgement to the receiver. Due to this the packet is send in the safe manner thus if the packet is missed that particular packet can be resend again. Not only the single user is send to the receiver. The sender can by many numbers that is many number of users. When multiple sender sends the data to the receiver the place may be in a congestion form. Hence to over come this the acknowledge can be taken place in the First In First Out order. Due to this order the packet can be sent easily from the sender to the receiver. Using the Nagles algorithm the container concept is used, so that packet is sent very safely from the sender to the receiver. The size of the container is 14GB so that more number of packets can be sent at a starch for the transmission purpose. the important information as IP address, port number etc, which provides thee opportunity for the attackers breach the data. Normally packet is send through the network, even though packet is encrypted the path which it travel may cause some damage such as packet missing, time delay, packet shuffle. To overcome such issues Nagle's algorithm and D'Esopo Pape algorithm are used. Hence this algorithm increases the response time of the packet. This will take place in the TCP/IP layer which is more reliable. To speed up the packet transmission some other efficient algorithms can be implemented in the Transport layer. So that more number of packets can be sent simultaneously from the sender to the receiver. Some more additional formulas and the mathematical problems can be used to calculate the packet speed when it is transmitted from the sender. REFERENCES [1] [2] [3] [4] Z. Trabelsi, “Enhancing the comprehension of network sniffing attack information security education using a hands-on lab approach”, In Proc.15th Annu. Conf. Inf. Technol. Educ., Pp. 39–44, 2014. X. Li, “On modeling eavesdropping attacks in wireless networks”, J. Comput. Sci., Vol. 11, Pp. 196–204, 2015. E. Al-Shaer, W. Marrero, A. El-Atawy and K. ElBadawi, “Network con figuration in a box: Towards end-to-end verification of network reachability and Security”, In Proc. IEEE Netw. Protocols, Pp. 123–132, 2009. A. Nguyen-Tuong, D. Evans, J. C. Knight, B. Cox and J. W. Davidson, “Security through redundant data diversity”, In Proc. IEEE Dependable Syst. Netw. FTCS DCC, Pp. 187–196, 2008. Nagle’s algorithm is a means of improving the efficiency of TCP/IP networks by reducing the number of packets that need to be sent over the network. If the network is very bogged down, the ACK will take a long time. This will result in many small packets being collected into MSS, thus reducing the overhead. If the network isn’t bogged down, the ACK will arrive very rapidly, allowing the next small segment to be sent without much delay. The Nagle algorithm favors the sending of short segments on a “fast network” and favors collecting them into larger segments on a “slow network”. Push keyword is mainly used to indicate that the packet is to be sent to the receiver even if the MSS is not full. VIII. 10 CONCLUSION With the increasing development of the internet more attention has to be paid to the network security problems. Network security defense technology has a very important scope in the research field. Now a days network equipment transmit data in the plaintext at the data link layer, which has ISSN 2320-5377 | © 2019 Bonfring