Networks Project Report

Student name : Nofa Osama 221052

Student name: Rassan Alnabati 2210021

1) Overview.
Building a network packet sniffer that records examines and displays network traffic in real time
was the aim of this project. The project records unique network addresses (IP and MAC)
measures throughput and latency and captures packets on a network using the Scapy library.
Additionally the sniffer computes statistics like connection metrics packet size and protocol
usage and then displays the results in graphs. Additionally the program handles termination
gracefully upon user interruption (Ctrl+C) and incorporates a logging system. By collecting this
information network managers or security experts can monitor the general health of their
network spot possible bottlenecks and gain a better understanding of network traffic patterns.
2) Project Synopsis.
There are multiple important components to this project.
1. Packet Capture: The application sniffs network packets using Scapy and parses them
according to the protocol layers (IP TCP UDP and Ethernet).
2. logging: Information about captured packets is recorded in a file called network_events.
log) which contains data like the protocol packet size and source and destination IP/MAC
addresses.
3. Throughput Calculation: By adding up the sizes of the packets that were captured during
predetermined time periods the program determines the throughput of each protocol.
4. Measurement of Latency: The time interval between a connections first and last packet is
used to determine latency for both TCP and UDP connections.
5. Real-Time Statistics: Metrics like the quantity of distinct IP/MAC addresses the total
number of packets intercepted and the average packet size for every protocol are among
the real-time statistics that are shown on the console every 30 seconds.
6. Data Visualization: To show the gathered data three important graphs are created.
o Throughput Over Time: A line graph that displays each protocols throughput over
time.
o Latency Distribution: A histogram showing the distribution of latency for each
connection.
o Protocol Usage: The quantity of packets for each protocol is displayed in a bar
chart.
7. When the user interrupts the program by pressing Ctrl+C it gracefully ends and exits with
a summary of the statistics and data that were recorded.
c) Usage Functions.
1. The code is divided into multiple functions that manage distinct tasks associated with
data processing packet sniffing and visualization. Below is a summary of the main
features.
2. The function capture_packets() uses scapy.sniff() to continuously sniff network packets.
Using the Ethernet IP TCP and UDP layers it processes each packet and logs pertinent
information like the packet size and source/destination IP/MAC. To gauge latency the
function also keeps track of the beginning and ending times of TCP and UDP
connections.
3. The function packet_handler(packet) handles individual packets extracting and recording
pertinent data like MAC addresses, source and destination IP addresses, and packet sizes.
In order to determine latency for TCP and UDP connections it additionally invokes the
track_latency() function.
4. track_latency(): By logging timestamps for every connection (TCP/UDP) this function
calculates the latency between a connection's first and last packet. The round-trip time is
calculated using the difference between the start and end timestamps, which is stored in
the latency_data dictionary.
5. calculate_throughput(): This function adds up all of the packet sizes over predetermined
time periods to determine the overall throughput for each protocol. It aids in displaying
the volume of data transferred over time for every protocol.
6. calculate_latency(): This function compares the timestamps kept in the latency_data
dictionary to determine the latency for every connection. The outcome is used to
visualize the latency distribution and is saved in milliseconds.
7. plot_throughput_over_time(): This function helps visualize network performance by
creating a line plot that displays each protocol's throughput (measured in bytes per
second) over time.
8. plot_latency_distribution(): This function creates a latency value histogram for every
TCP/UDP connection that has been recorded. It facilitates the visualization of how
connection delays are distributed throughout the network.
9. plot_protocol_usage(): This function provides information about the composition of
network traffic by generating a bar chart that displays the quantity of packets recorded for
each protocol (Ethernet, TCP, and UDP) as well as the distinct count of IP and MAC
addresses.
10. Every 30 seconds, the function display_metrics() shows real-time statistics such as the
number of unique IP/MAC addresses, the average packet size for each protocol, and the
total number of captured packets.
11. When a SIGINT signal (Ctrl+C) is received, the handle_exit_signal() function manages
graceful termination. After waiting for the threads to finish, it halts packet sniffing and
prints the final network statistics, including packet counts and unique addresses.

d) Outcome.
The outcomes of running the packet sniffer are as follows.
1. Throughput in Time: The throughput graph displays the trends in the amount of data
(measured in bytes) sent by each protocol over time. This facilitates comprehension of the
bandwidth consumption of Ethernet, TCP, and UDP packets on the network.

2. Distribution of Latency: The distribution of TCP and UDP connection round-trip times
is displayed by the latency histogram. A network that is responsive and healthy has more
connections with low latency, whereas a network with high latency may be congested or
experiencing problems.

3. Protocol Usage: The number of packets recorded for the Ethernet, TCP, and UDP
protocols is displayed in the protocol usage bar chart. Insight into the relative traffic
volume for various network protocols is also provided.
 4. Measurements in real time: The application prints current network statistics every 30
seconds, including the total number of IP and MAC addresses, the average packet size for
each protocol, and the number of unique packets captured.
--- Real-time Statistics ---

--- Network Metrics ---

Unique MAC addresses: 5

Unique IP addresses: 11

Total packets captured: 1229

Average packet size for Ethernet: 537.13 bytes

Average packet size for IP: 537.83 bytes

Average packet size for UDP: 548.32 bytes

Average packet size for TCP: 131.45 bytes

e) A discussion section about the network environment used for testing.

Computers, routers, switches, and other devices made up the local network that served as the
project's testing environment. Using the network, typical internet traffic (TCP, UDP, and
Ethernet packets) was simulated. We noticed network traffic from file transfers, web browsing,
and other activities during testing.
Configuration for Testing:
· Devices: Utilizing Ethernet cables, a desktop and a laptop are linked to the same local
area network (LAN).
· Tools: Python 3 and the Scapy packet sniffing library were used to run the sniffer on a
Linux-based system. During regular operation, other network devices produced traffic.

There are some observations:

· Both TCP and UDP traffic, along with a sizable amount of Ethernet traffic, were
successfully captured by the sniffer.
 · High spikes in the throughput graph during file transfer times indicated a higher network
load.
· Most connections had low latency values according to the latency distribution; however,
when several devices were actively using the network, there were sporadic high latency
peaks.
· The program was tested in a controlled setting to make sure it captured local network
traffic accurately.
· A better grasp of the internal network performance was made possible by the fact that no
external internet traffic was recorded during testing.

In conclusion.
The network packet sniffer that is successfully implemented in this project records and examines
network traffic computes important metrics like throughput and latency displays the findings and
offers real-time updates. It shows how to analyze network traffic using Python and Scapy
providing insightful information about packet distribution and network performance. The
application is a helpful tool for network administrators and security experts due to its capacity to
record data across various protocols (Ethernet TCP and UDP) and offer comprehensive real-time
statistics.