Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No.
1, March 2019 6
Preventing the Breach of Sniffers in TCP/IP Layer
Using Nagle's Algorithm
P. Subhaasini, N. Bhuvaneswari, M. Jerald and M. Madhavakirshnan
Abstract--- Normally packet is send through the network,
even though packet is encrypted the path which it travel may
cause some damage such as packet missing, time delay, packet
shuffle. To overcome such issues Nagle's algorithm and
D'Esopo Pape algorithm are used. Hence this algorithm
increases the response time of the packet. This will take place
in the TCP/IP layer which is more reliable.
Keywords--- Network, Nagles Algorithm, D'Esopo Pape
Algorithm, Maximum Segment Size.
I. INTRODUCTION
A S there is the increasing number of development in the
computer networks, the risk originating from networks is
also increasing. Computer Security Institute survey results
show that cyberspace is currently facing the variety of attacks
during the transmission of data from the sender to the
receiver. When the packet is send through the same router for
many number of times repeatedly it finds very easy for the
attackers to monitor the transmission of the packet and can
easy change the packet order and some times can destroy the
packet from the path. Using algorithm as nagle’s algorithm,
D'Esopo pape the packet is secured. By using this method
packet shuffle, packet damage and packet time delay can be
controlled. Thus the system can effectively prevent the sniffers
to attack the packet or to shuffle the packet and this system
provides more security.
II. RELATED WORK
This security of information transmission in a network is
an important research topic of global network security; it is
also the focus of the entire information security field. Network
sniffing is currently a major threat to network security. It can
be used to eavesdrop on a user’s data, steal a user’s identity,
achieve unauthorized access and disguise attackers as
legitimate users to obtain confidential data. To prevent such
attacks, much research work has been performed.
III. MIMIC SECURITY DEFENSE
For information systems, mimic computing can be
P. Subhaasini, Student, Department of CSE, Sree Sakthi Engineering
College, AICTE, Coimbatore, India. E-mail: haasinibabu1997@gmail.com
N. Bhuvaneswari, Student, Department of CSE, Sree Sakthi Engineering
College, AICTE, Coimbatore, India. E-mail: bhuvanadhijaa468@gmail.com
M. Jerald, Student, Department of CSE, Sree Sakthi Engineering College,
AICTE, Coimbatore, India. E-mail: jeraldmjt173@gmail.com
M. Madhavakirshnan, Assistant Professor, Department of CSE, Sree
Sakhi Engineering College, AICTE, Coimbatore, India.
E-mail: mkmathava@gmail.com
DOI:10.9756/BIJNTA.9005
ISSN 2320-5377 | © 2019 Bonfring
implemented by a variety of software and hardware variants
with equivalent functions but different computing efficiencies.
To improve the overall computational efficiency, mimic
computing can reconstruct the corresponding system operation
structure or execution environment in a timely and dynamical
manner. The inherent dynamics, heterogeneity, and non-
determinism of mimic computing naturally disrupt the
integrity of attack chains that current attack technologies rely
on. Thus, mimic computing enables information systems to
have inherent active defense capabilities. Mimic security
defense is based on the theory of mimic computing. By
actively changing the basic elements of the information
system components, it realizes the transition or migration of
network, platform, environment, software, data and other
structures. In addition, these dynamic changes are made to be
controllable by the defender to realize a mimic environment.
For the attacker, the target changes are difficult to observe and
predict, thereby greatly increasing the difficulty and cost of an
attack and greatly reducing the system security risk.
The mimic defense (MD) framework and ‘dynamic,
heterogeneity, redundancy core mechanism in detail. The
basic components of DHR consist of heterogeneous variants, a
dispatcher, a mimic scheduler and a policy-based arbiter.
Their research mainly focuses on the evaluation issue of DHR
and analyzes its performance with a theoretical model. In
addition, their results show that MD can significantly increase
the difficulty faced by attackers and enhance the security of
cyber systems; an up to teatimes enhancement of security can
be achieved. The mimic defense system formally and analyzed
the security effects of redundancy in mimic defense systems
through results from Monte Carlo simulations. Proposed a
mimic defense web server with a dynamic heterogeneous
redundancy structure to establish the software layer, data
layer, operating system layer and other multilayer mimic
defense. The web server can effectively resist many types of
intrusion detection and attacks. After attack implantation, the
system structure can be transformed so that the original attack
will fail. An aware decision-making security architecture with
multiple controllers, which exploits heterogeneity and
redundancy from different controllers to prevent an attack pro-
actively. The architecture utilizes the heterogeneity and
redundancy of controllers to enable the control plane to
operate in a dynamic, reliable and unsteady state, which
significantly hampers the probing of systems and executing
attacks. Designed and implemented a mimic network
operating system, an active defense architecture based on
mimic security defense to ensure SDN control plane security.
The architecture adopts a heterogeneous redundant network
operating system, and a mimic plane is added between the
traditional SD data plane and the control plane to implement
Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019
dynamic scheduling .This can effectively reduce the
probability of successful attack and has good fault tolerance.
Based on the mimic defense theory and technology. proposed
a framework against zero-day attacks. To protect the security
of distributed storage systems. presented a storage architecture
for mimic defense. This architecture adopts heterogeneous a
multi-random coding defense mechanism to actively and
dynamically defend against indeterminate attacks.
System Architecture
The data link layer is between the physical layer and the
network layer and provides services to the network layer based
on the service provided by the physical layer. The data link
layer mimic encryption system is implemented by the CPU
and the FPGA reconfigurable device. Data encryption is
performed by inserting the FPGA encryption card into the PCI
slot of each computer. The key management module runs on
the CPU and is mainly used for the two communication parties
of a key agreement, initialization parameters, key distribution
and FPGA status information statistics. Through the SPI
interface, the CPU passes the parameters and keys to the
FPGA. These are then parsed by the key management module
of the FPGA. The FPGA is mainly used for the
implementation of the mimic encryption and decryption
modules. The reconfigurability of the FPGA, dynamic
implementation of different encryption and decryption
algorithms, and pseudo-random calls of these algorithms are
used to perform data encryption and decryption. The FPGA
can integrate multiple redundant 10G, 1G and 100M Ethernet
network interfaces according to the changes in the network
processing load and upper user configuration and dynamic
switching of the network port and channel. By fully utilizing
the flexibility and scalability of the FPGA, the system
confuses attackers and prevents network attacks such as
network sniffing.
Encryption Frame Format
The basic function of the data link layer is to provide
transparent and reliable data transmission to users. It is the
physical layer used to transmit the original bit stream
capability enhancement and transform the physical error
provided by the physical layer connection into a logically
error-free data link and is represented to the user as an error-
free route. A frame is an important component of the data link
layer and includes, for example, synchronization information,
address information, data information, and checksum
information To facilitate and effectively encrypt these types of
information and to prevent data leakage, it is necessary to
transform the original frame structure.
Security Analysis
Mimic Security Analysis
If the mimic encryption system is represented by the
symbol, it can be described by a 3-tuple as = {Ec, Key, NI
},where represents the encryption algorithm, Key represents
the key, and NI represents the network interface. The multiple
phases of the system have several different encryption
schemes, and if represented by a state vector(t) = {Ec(t),
Key(t), NI (t)} at a certain time, a finite state set can be used to
represent all the different states of the system. The
ISSN 2320-5377 | © 2019 Bonfring
7
components of the vector represent the changes in the system
encryption algorithm, the key and the network inter face
channel. Regarding a traditional encryption system, its
encryption algorithm, key and network interface are
unchanged during the operation, and (t 1 ) =(t 2 ) = (t l ), that
is, the traditional encryption system is static and deterministic.
Simultaneously, for two different traditional encryption
systems, the encryption algorithm may be the same, but the
key will be different, though similar. The mimic encryption
system is dynamic, diverse and random. The descriptions of
these characteristics are as follows.
Dynamic
The encryption and decryption algorithm of the mimic
system is dynamically reconfigurable. After negotiation with
the user, it can dynamically partially reconstruct the
encryption algorithm and the hash algorithm and then
complete the switching between different algorithms.
Additionally, the frame FID is time varying, with 256 as a
cycle and changing from 0 to 255 in turn. Simultaneously, the
pseudo-random number generator also produces different
cyclic states with different seeds. In combination with FID
scrambling, different algorithms are dynamically selected
from the encryption algorithm pool. Finally, the system key is
constantly changing, and at a given point in time, the value is
different from that at other moments, namely, Key (t1) = Key
(t2) = Key(t l).
Diverse
The mimic encryption system consists of a pseudo-
random number generator, an encryption algorithm pool, an
HK pool and other different elements, and each element has
several different states. Thus, the whole system has many
different states. Assuming that the system encryption
algorithm pool is Ec = {ec 1 , ec 2 , ec 3 , . . . , ec n }, the
number of encryption changes is n 2. The system has multiple
redundant network interfaces, according to the user
configuration, and can dynamically choose a network interface
with different rates and different channels. Assuming that the
system has m network interfaces, the number of combinations
of encrypted frames sent is n 2 ×m. For the same frame
content, since the depth of the HK pool is 256, there are at
most 256 different keys. Thus, there are 256n 2 types of
encrypted cipher texts for the same frame.
IV. NETWORK PROCESSING
Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019
Million number of computers that are connected together
for the purpose of sharing the resources. Sharing of resources
is made via wired and wireless. Though the wired
transmission of data ,the chance of data missing is very less.
But when the data is send through the wireless medium the
chance of data missing is very high. Hence the security
provided to the wireless network must be more than that of the
wired network. When the important data is send through the
wireless network the data must be very secure.
Data Transmission
Data transmission is the process of transmitting the data
through one or more computing network. The transmission of
packet is enabled by point to point, point to multipoint,
multipoint to multipoint. There are two process of data
transmission they are parallel and serial processing. Serial
processing is fore there divided into two they are synchronous
and asynchronous.
Synchronous
Data is transmitted between the sender and the receiver
with the help of time slot which is generated and they have a
even interval. Synchronous uses the parallel communication.
Data is transmitted as a block at one time. The distance overed
by it is fast. It transmit the When the time is gone out the
packet that is sent will be rejected and hence the packet must
be send again and when the acknowledge is also received
lately the packet is resend. Due to this purpose the packet that
is missed can be easily identified. Both the sender and receiver
are synchronized with each other when the clock is set
correctly.
Asynchronous
Data is transmitted between the sender and the receiver by
its own way thus it has the uneven interval between them
when the packet is send. It is also called as the stop or start
transmission. Asynchronous uses the serial communication.
Data is transmitted as a single character at a time. The distance
covered by it is slow. By using this method the missing
packets cannot be dected, because it does not have any time
slot to manage the transmission of packet. There can be gaps
between the data.
Previous analyses of problems with the data transmission
Pseudo-random selection of combinations of encryption
algorithms and keys is performed to achieve “One frame –One
key” which is the mimic encryption concept. The use of a n
FPGA combine with CPU, software and hardware
collaboration is achieved for the entire system. This makes the
attacking surface large which reduces the vulnerabilities of
such attacks. The system can prevent exhaustive key search
attacks, and cipher text only attacks. Security is provided only
for the data link layer. TCP/IP layer security is needed to
expand the attack surface so that it provides more security.
ISSN 2320-5377 | © 2019 Bonfring
8
There may occur time delay during the transmission of packets
from source to destination. The data packets may be missed
during the transmission.
V. NAGLE'S ALGORITHM
Nagle’s algorithm is a means of improving the efficiency
of TCP/IP layer by reducing the number of packets that need
to be sent over the network. If the network is very congested,
the ACK will take a long time. This will result in many small
packets being collected into a MSS which is known as
container, thus reducing the overhead. If the network is not in
congested state, the ACK will arrive very quickly, allowing the
next small segment to be sent without much delay. The Nagle
algorithm favors the sending of short segments on a “fast
network”. Push key is mainly used to indicate that the
container is to be sent to the receiver even if the MSS is not
full. The packet that is filled in the MSS can be of any size,
when the MSS is filled immediately the container is send to
the receiver. If the MSS is not filled then the container is kept
in the buffer till it get filled. If the packet that is filled in the
container of different address it can be managed by using the
field ID that is proved in front of the packet. Hence it finds
easy for the different address packets to reach in the different
destination with the help of the container concept in Nagles
algorithm. After the collection of packets the container will be
consider as a packet hence the source and the destination
address will be provided there for the acknowledge purpose.
1) Nagle's Algorithm
if there is new data to send
if the packet >= MSS and available data is >=
MSS
send complete MSS segment now
else
if there is unconfirmed data still in the pipe en
queue data in the buffer until an acknowledge
is arrived
else
send data immediately end if
end if
end if
Normally when the packet is sent from the source to the
destination , each packet gives the response this takes the long
time for the transmission of the packet. If the many number of
packet is sent to the destination the acknowledge is not in the
proper manner. Hence to over come such issues the nagles
algorithm is used in the better way. It sends only a single
container so hence only one acknowledge will be received.
This provides the sufficient information about the packet. The
data that is kept in the buffer it waits for 30 sec after that the
packet is sent to the receiver.
VI. D'ESOPO PAPE ALGORITHM
The D’Esopo pape algorithm is mainly used to find
shortest path and to reduce the time taken to find search. It’s a
type of path-finding algorithm. .It work much faster than
Dijkstra’s and Bellman-Ford algorithm. The major
disadvantage of the Routing Information Protocol, Dijkstra’s
Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019
algorithm is the fact that it does a blind search there by
consuming a lot of time waste of necessary resources. Another
disadvantage is that it cannot handle negative edges. Routing
Information Protocol checks with its neighboring routers every
30 seconds, which increases network traffic. To overcome this
D’Esopo pape algorithm is used. By using the distance and
time balancing to avoid the blind search which reduces the
time waste which also work with the negative edges. Due to
parallel processing for searching the node , the time reduced.
• Bellman-Ford algorithm is mainly used to find the
shortest path only when the graph is weighted.
• Dijkstra's algorithm is similar to that of the Bellman-
Ford algorithm but the Dijkstra's algorithm does not
work with the negative edges.
2) D'Esopo pape algorithm
Kershenbaum Algorithm()
Construct a two-vertex graph with vertices 1 and 2, and
edges(1,2) =1;
for k = 3 to n add vertex k; for i= 2 to k =1;
add edge(k.i0 with weight (edge(k,i))=
weight(edge(1,i));
weight (edge(1,i)) = weight (1,i) + 1;
add edge(1,k) with weight (edge(1,k)) =1;
With the help of the above algorithm the shortest path can
be easily found out, and also the negative edges. It does not
check any blind search like other algorithm. Here the vertices
represents the router and weight represents the distance
between the sender and the router.
VII. NETWORK SIMULATION
It shows the simulation for routing and multicast protocols
for either wired and wireless network in the internet. Network
simulation is an correct imitation of the o a process or system
operation. It has successfully applied to many application. It
is used to explore changes and alternatives in a very low risk
environment which is very safe than the other operation.
Behavior, functions and abstract are the key characteristics
that are used to represents the simulator. Real- world problems
are solved safely and efficiently with the help of the network
simulation. There are five types of the network simulation
they are Task Trainer Simulation.
• Manikin-based Simulation.
• Standardized Patient Simulation.
• Virtual Reality Simulation.
• Tissue-based Simulation.
The goals of the study is the initial step which involves
defining what needs to be solved. The Monte Carlo method
uses the random numbers which is the simulation technique.
The principles of Student-Centred and constructivist learning
and teaching is a strategy for the simulator which takes the
number of forms. It is the form of experiential learning.
Forecast the future behavior of a system by using the
simulation which influence that future behavior. Selecting an
appropriate network simulator for a particular application, it is
important to have knowledge of the simulator tools available,
along with their strengths and weaknesses. General purpose
network simulator is Optimized Network Engineering Tool
which is a discrete event, object-oriented. Simulation of large
ISSN 2320-5377 | © 2019 Bonfring
9
networks with heavy traffic can be developed by using
QualNet Developer (‘QualNet’)is a distributed and parallel
network simulator. Variety of machines and operating systems
can be maintained with the help of QualNet.
Network Simulator Techniques
There are three widely used techniques for running the
Network simulator they are as follows,
• Parallel
• Distributed
• Combination of both Parallel and the Distributed.
Stochastic or discrete-event simulation is a part of parallel
and distributed simulator. Stochastic simulation is regarded as
a statistical experiment where the data is analyzed using some
statistical method for that purpose. Time based behavior of a
system can be monitor by the distributed simulator. Due to
limited performance of the current network simulators it have
most widely performed on small network models and for short
time scales. Several simulations that are running on multiple
inter- connected processors correctly are termed as Parallel
simulation. Huge amount of memory and processing time are
required for the simulation of large networks. Rerunning
multiple replications in parallel number of machines are
suggested to reduce the time duration of simulation.
• Practical feedback is given when designing real
world systems.
• Correctness and efficiency of a design is determined
before the system is actually constructed.
• Limited external regulation is provided.
The packet that is sent, need to reach the destination.
When the packet is send continuously the information about
the packet cannot be obtain. To overcome this acknowledge
concept is introduced. Here when the packet is send to the
receiver, immediately when the packet reaches the receiver
acknowledge about that packet is send to the receiver. Hence
when the packet is missed during the transmission the same
packet can be resend to the receiver. Path works similarly to
traditional uptime and performance monitoring solutions by
creating a network
Bonfring International Journal of Networking Technologies and Applications, Vol. 6, No. 1, March 2019 10

a) Consisting of monitoring nodes around the world. the important information as IP address, port number etc,
However, unlike traditional networks, the nodes used which provides thee opportunity for the attackers breach the
to the system. data. Normally packet is send through the network, even
b) Monitor and collect information are made up of though packet is encrypted the path which it travel may cause
distributed, independent applications located at the end some damage such as packet missing, time delay, packet
user shuffle. To overcome such issues Nagle's algorithm and
c) Level rather than the data center level. This allows for a D'Esopo Pape algorithm are used. Hence this algorithm
wider variety of data gathering points with built in increases the response time of the packet. This will take place
redundancy, end-to-end visibility, and an in the TCP/IP layer which is more reliable. To speed up the
unprecedented number of locations around the world. packet transmission some other efficient algorithms can be
1. An unprecedented number of independent data implemented in the Transport layer. So that more number of
collection points. packets can be sent simultaneously from the sender to the
2. Operators can run the node application from anywhere receiver. Some more additional formulas and the mathematical
in the world on any internet connected device. problems can be used to calculate the packet speed when it is
3. bringing massive global efficiency to deficiencies in transmitted from the sender.
local monitoring coverage not currently addressed by
any REFERENCES
4. Network monitoring service providers. [1] Z. Trabelsi, “Enhancing the comprehension of network sniffing attack
All monitoring nodes are end user level and independent. information security education using a hands-on lab approach”, In
Our advanced network analytics / telemetry results from data Proc.15th Annu. Conf. Inf. Technol. Educ., Pp. 39–44, 2014.
[2] X. Li, “On modeling eavesdropping attacks in wireless networks”, J.
collected on standard workstations, IOT systems and mobile Comput. Sci., Vol. 11, Pp. 196–204, 2015.
devices, providing a level of network analysis in sight [3] E. Al-Shaer, W. Marrero, A. El-Atawy and K. ElBadawi, “Network con
previously thought unobtainable figuration in a box: Towards end-to-end verification of network
reachability and Security”, In Proc. IEEE Netw. Protocols, Pp. 123–132,
Modules processing 2009.
[4] A. Nguyen-Tuong, D. Evans, J. C. Knight, B. Cox and J. W. Davidson,
Normally the packet is send from the sender to the “Security through redundant data diversity”, In Proc. IEEE Dependable
receiver, which gives the acknowledgement to the receiver. Syst. Netw. FTCS DCC, Pp. 187–196, 2008.
Due to this the packet is send in the safe manner thus if the
packet is missed that particular packet can be resend again.
Not only the single user is send to the receiver. The sender can
by many numbers that is many number of users. When
multiple sender sends the data to the receiver the place may be
in a congestion form. Hence to over come this the
acknowledge can be taken place in the First In First Out order.
Due to this order the packet can be sent easily from the sender
to the receiver. Using the Nagles algorithm the container
concept is used, so that packet is sent very safely from the
sender to the receiver. The size of the container is 14GB so
that more number of packets can be sent at a starch for the
transmission purpose.
Nagle’s algorithm is a means of improving the efficiency
of TCP/IP networks by reducing the number of packets that
need to be sent over the network. If the network is very
bogged down, the ACK will take a long time. This will result
in many small packets being collected into MSS, thus
reducing the overhead. If the network isn’t bogged down, the
ACK will arrive very rapidly, allowing the next small segment
to be sent without much delay. The Nagle algorithm favors the
sending of short segments on a “fast network” and favors
collecting them into larger segments on a “slow network”.
Push keyword is mainly used to indicate that the packet is to
be sent to the receiver even if the MSS is not full.

VIII. CONCLUSION
With the increasing development of the internet more
attention has to be paid to the network security problems.
Network security defense technology has a very important
scope in the research field. Now a days network equipment
transmit data in the plaintext at the data link layer, which has

ISSN 2320-5377 | © 2019 Bonfring