NETWORK MONITORING USING CAPTIVE PORTAL

IN PFSENSE

ROHIDAYU BINTI OTHMAN

BACHELOR OF COMPUTER SCIENCE

(COMPUTER NETWORK SECURITY)

UNIVERSITI SULTAN ZAINAL ABIDIN

2017
NETWORK MONITORING USING CAPTIVE PORTAL IN PFSENSE

ROHIDAYU BINTI OTHMAN

Bachelor of Computer Science (Computer Network Security)

Faculty of Informatics and Computing

Universiti Sultan Zainal Abidin, Terengganu, Malaysia

MAY 2017
 DECLARATION

I would like to declare this thesis has been satisfied in term of abstract, scope,

literature review, framework and also presentation. This thesis is produce based on my

own effort in gathering information from sources to complete it. The work is a result

from my investigation. I also understand that cheating and plagiarism is not allow in

university so I am sure this thesis never been produce by any student from University

Sultan Zainal Abidin or student from others university.

________________________________

Name : ..................................................

Date : ..................................................

i
 CONFIRMATION

This report entitled Network Monitoring Using Captive Portal In pfSense was

prepared and submitted by Rohidayu Binti Othman (Matric Number :

BTBL14037409) and has been found satisfactory in terms of scope, quality and

presentation as partial fulfilment of the requirement for Bachelor of Computer Science

(Computer Network Security) with honors in Universiti Sultan Zainal Abidin.

________________________________

Name : ..................................................

Date : ..................................................

ii
 DEDICATION

Firstly, I am praised to Allah S.W.T because simplifying and blessing me to finish my

final year project successfully. Next, I would like to take this opportunity to thank my

supervisor, Dr. Mohd Fadzil Bin Abdul Kadir for his guidance, advice and idea

throughout preparation process of completing this project. Besides that, I would like to

thanks all panels for valuable comment and suggestion regarding this project. Without

all of them, this project is impossible to me for completing since this project must

follow requirement that given. Secondly, I would like to give my appreciation to my

beloved familys members because they have given me support and encouragement

advice during process of final year project. Last but not least, I want to say thanks to

all my friends who always helping me to solve problem and give a lot of support

throughout this project.

iii
 ABSTRACT

Nowadays, networking technology is increasing as well as a number of user

increase. Each user can communicate to transfer data information through a network.

However, when network continues to grow up, network administrator have to monitor

traffic flow or bandwidth that are traversing networks. Some of the user that accessing

the Internet without any purpose may cause a problem like a Bottleneck. The main

purpose is to design a simulation that can monitor network and optimize network

usage as well as limiting bandwidth and time. The importance of solving this problem

is enhanced network traffic performance. Next, One Time Password algorithm has use

as a technique which apply into captive portal. Captive portal is a web page that

control any Hyper Text Transfer Protocol (HTTP) browser access to the internet. A

user that want to access internet would be redirected to webpage for authentication.

This is make network administrator easy to monitor and handle of network traffic.

Besides, pfSense is an open source computer software distribution based on FreeBSD.

It can be installed on a physical computer or a virtual machine to make a dedicated

router for a network. Network activity is easy to monitor when the user is accessing

the Internet in real time. As an expected result of this project, the network

performance will smooth well as simulation can limit bandwidth and minimize users

that want to access Internet at one time.

iv
 ABSTRAK

Pada masa kini, teknologi rangkaian kian meningkat dan jumlah pengguna

juga bertambah. Setiap pengguna boleh berkomunikasi untuk memindahkan maklumat

melalui sesuatu rangkaian. Walau bagaimanapun, apabila rangkaian semakin

berkembang, pentadbir rangkaian perlu memantau aliran trafik atau bandwidth yang

melalui rangkaian tersebut. Sebahagian pengguna yang mengakses Internet tanpa

sebarang tujuan boleh menyebabkan masalah seperti Bottleneck. Tujuan utama adalah

untuk mereka suatu simulasi yang boleh memantau rangkaian dan mengoptimumkan

prestasi rangkaian disamping data akses dan masa boleh dihadkan. Kepentingan

menyelesaikan masalah tersebut adalah prestasi rangkaian trafik boleh

dipertingkatkan. Seterusnya, One Time Password algoritma digunakan sebagai teknik

yang dimasukkan kedalam captive portal. Captive portal adalah laman sesawang yang

mengawal Hyper Text Transfer Protocol (HTTP) browser untuk mengakses Internet.

Pengguna yang ingin mengakses Internet diarahkan ke laman sesawang untuk

pengesahan. Ini dapat memudahkan pentadbir rangkaian untuk memantau and

mengendalikan rangkaian trafik. Selain itu, pfSense adalah sumber terbuka bagi

pengedaran perisian komputer berdasarkan FreeBSD. pfSense bole dipasang pada

komputer secara fizikal atau mesin secara maya untuk mengkhususkan router pada

rangkaian. Aktiviti rangkaian adalah memudahkan bagi memantau apabila pengguna

mengakses Internet pada waktu sebenar. Berdasarkan hasil kajian daripada projek ini,

prestasi rangkaian akan menjadi lancar dan simulasi ini boleh menghadkan bandwidth

dan mengurangkan pengguna yang ingin mengakses Internet pada masa tertentu.

v
 CONTENTS

PAGE

DECLARATION i i
CONFIRMATION ii
DEDICATION iii
ABSTRACT iv
ABSTRAK v
CONTENTS vi
LIST OF TABLES viii
LIST OF FIGURES ix
LIST OF ABBREVIATIONS x

CHAPTER 1 INTRODUCTION
1.1 Background 1
1.2 Problem statement 2
1.3 Objectives 3
1.4 Scopes 3
1.5 Limitation of works 4
1.6 Report structure 4

CHAPTER 2 LITERATURE REVIEW

2.1 Introduction 6
2.2 Network 6
2.3 Bandwidth usage 7
2.4 Linux Operating System 8
2.5 One Time Password 9
2.6 Existing system
2.6.1 Securing Wireless Network using pfSense 10
Captive Portal with RADIUS Authentication
2.6.2 Building secure wireless access point based 11
on certificate authentication and firewall
Captive Portal
2.6.3 DNS-based Captive Portal with integrated 12
transparent proxy to protect against user
device caching incorrect IP address

vi
 2.6.4 Design and configuration of app supportive
indirect internet access using a 13
Transparent Proxy Server
2.6.5 Monitoring Local Area Network using 14
Remote Method Invocation
2.6.6 Secure network monitoring system using 15
mobile agents
2.6.7 Low cost web based remote monitoring and 16
controlling system
2.6.8 Android based network monitor 17
2.6.9 Two factor authentication using smartphone 18
generate one time password
2.7 Overview of the Project and Research 19
2.8 Summary 24

CHAPTER 3 METHODOLOGY
3.1 Introduction 25
3.2 Flowchart 25
3.3 Framework 27
3.4 Algorithm 29
3.5 Captive portal 30
3.6 pfSense 31
3.7 Summary 31

CHAPTER 4 CONCLUSION
4.1 Introduction 32
4.2 Project limitation 32
4.3 Recommendation 33
4.4 Summary 33

REFERENCES 34

APPENDIX 37

vii
 LIST OF TABLES

TABLE TITLE PAGE

1.1 First table in chapter 2 8

viii
 LIST OF FIGURES

FIGURE TITLE PAGE

1.1 First figure in chapter 3 22

1.2 Second figure in chapter 3 24
1.3 Third figure in chapter 3 25

ix
 LIST OF ABBREVIATIONS

WiFi Wireless Fidelity

DHCP Dynamic Host Configuration Protocol

DNS Domain Name System

LAN Local Area Network

WAN Wide Area Network

AD Active Directory

NPS Network Policy Server

TLS Transport Layer Security

WLAN Wireless Local Area Network

SSID Service Set Identifier

Admin Administrator

HMAC Hash Message Authentication Code

x
 CHAPTER 1

INTRODUCTION

1.1 Background

In an era of globalization, access Internet has become a part of life and it is

compulsory activity in everyday especially students. Besides, the Internet acts as medium

communication between one person to another person in the world. The Internet can also

become a resource for education which is teaching and learning. It is often connected by

using wired but today, many places have connected the Internet using wireless as simply

called as WiFi at home or building such as university and company. Based on that

statement, network usage will increases from time to time with an application that user can

use for access. This problem can be worse if it is not managed efficiently.

Next, Internet can be defined as a massive network of networks. A network is a

collection of computers and other devices that can send data to and receive data from one

another, more or less in real time (Elliotte Rusty Harold,2013). Development of network

may lead data access to become exceed. So, network administrator should monitor the

network using pfSense. In current research, pfSense is an essential software that use for

easy monitor the network. pfSense is open source software distribution based on FreeBSD.

pfSense is commonly used as a router, perimeter firewall, DHCP server, wireless access

point and DNS server. Moreover, pfSense also support installation of third-party packages

1
like Snort as intrusion detection and prevention (IDS/IPS). In order to overcome network

problem, pfSense must be configured as DHCP server. Switch is use to make two device

such as computer connected. Switch act as bridge. Switch is better performance in average

time compared with hub (Christopher Udeagha, R. Maye, D. Patrick, D. Humphery, D.

Escoffery and E. Campbell, 2016). It can send and receive information at same time and

faster than hub. Many peoples are use switch in forwarding a message to specific host.

Authentication is an importance process should use to validate access from authorized user

before he or she has given access to the resource. One Time Password is one form of

authentication that mostly use with other forms of authentication. In other word, One Time

Password algorithm is one of the simplest and most popular forms of two-factor

authentication today (Nilesh Khankari and Geetanjali Kale, 2014).

1.2 Problem Statement

Some of the problems are common causes of this project is developed. The problem is:

i. Congestion in network will limit communication between client (user) and

server so bottleneck problem may occur.

ii. Users are consume a lot of bandwidth at one time when access the Internet.

iii. Unexpected scalability and performance problem appear as number of networks

user increase at one time.

2
1.3 Objectives

There are three main objectives to develop this project include:

i. To study existing LAN infrastructure.

ii. To design the simulation that can monitor and apply One Time Password

algorithm into captive portal.

iii. To implement the simulation that optimize network usage as well as

limiting bandwidth and time in pfSense.

1.4 Scopes

The scopes of this project involve two parties which are administrator and user.

1.4.1 Scope of administrator

Administrator can monitor and configure this simulation by set up server to

minimized network usage so administrator will limit data access and time.

1.4.2 Scope of user

The users should be able to get access Internet or network in real time so this

simulation can monitor network activity or network behavior.

3
1.5 Limitation of work

There is some limitation in this project which are:

i. Difficult to configure because network not in same range.

ii. This simulation depends on an internet connection to be in real-time mode

only.

iii. This simulation need two network interface card.

1.6 Report structure

Chapter 1

This chapter is most significant part which introducing project background,

problem statement, objective of project, project scope and limitation of work. The

introduction part gives a basic description on idea of the whole project.

Chapter 2

This chapter is basically describes concept of network monitoring with related

work for this project. Specific knowledge about network monitor comes from reading

material and sources such as books, journals, related website and existing project.

4
 Chapter 3

This chapter explains about methodology that use to perform in this project. This

chapter also discuss about flowchart, framework and algorithm to shows concept of

process model in this research.

Chapter 4

This is a conclusion chapter of final year project. Limitation and recommendation

which discover into more advance are kindly stated there.

5
 CHAPTER 2

LITERATURE REVIEW

2.1 Introduction

This chapter is about selected literature review that need to describe and

explain which are relate to a simulation will be developed. The literature review is a

text of a trusted paper such as journal, article and book that include current knowledge

about theoretical and methodological contribution. Main purpose of the literature

review is to identify research methods and strategies that should be applying in this

project. It is important to know and understand about all information from previous

research and takes a consideration before develop this project. A few previous

research or existing system will also discussed in this chapter. Therefore, the literature

review is carried out to be used as references in developing the proposed simulation.

2.2 Network

According to Data Communication and Networking Fifth Edition book, a

network is the interconnection of a set devices capable of communication (Behrouz A.

Forouzan,2012). In this definition, a device can be connecting device or host which

connects the network to other networks and transmission data will be occur.

6
These device are connect by using wired and wireless transmission media. Wired use

copper wires or fiber optic cable to send data and receive data. Instead of wireless

transmission, the data signal will travel on electromagnetic waves. In this case, we use

switch act as a bridge to make client and server are connected. For information, two

type of network that involve in this simulation which are Local Area Network (LAN)

and Wide Area Network (WAN). LAN is a privately own and connects some hosts in

single office, building or campus but it is also depends on organization needed. Most

LAN are design to allow resources to be shared between hosts. Normally, LAN is

limited size of area while WAN is wider size of area. Rate of transmission that

transmit between can be measured in kilobyte, megabyte or gigabyte per second.

2.3 Bandwidth usage

Bandwidth is defined as a range of frequencies that can be transmitted by a

particular system or medium (Jorge L. Olenewa,2012). Although this term often

define as maximum data transmission capacity but it is also refer as transmission

speed. The growth of technology will make bandwidth usage increase. So when

bandwidth usage increase then network administrator must handle and maintain

network performance as well as before this.

Moreover, bandwidth need to manage by an organization. Bandwidth

management is a generic term that describes the various techniques, technologies,

tools and policies employed by an organization to enable the most efficient use of its

bandwidth resources (Lockias Chitanana,2012). Bandwidth is measured in bits per

7
seconds and is particularly important in the case of transferring large amounts of data

over a network (Stanislaw Lota and Marcin Markowski,2015). Wireless technology

such as third generation (3G) and fourth generation (4G) have significant give impact

on the bandwidth. Most of universities are prefer use wireless means of providing

internet to wired connection using Wireless Local Area Network (WLAN) (Aryeh, F.

L., Asante, M. and Danso, A. E. Y.,2016). Many students are consume a lot of data

access for streaming video and surfing media social. For example, a twenty megabits-

per-second (20 Mbps) is sufficient for download high definition video. Video-based

application are require large amount of bandwidth because content video and audio in

there.

2.4 Linux Operating System

Linux is an open source operating system that available in the form of

distribution from companies such as Red Hat. It is freely available of source code and

use under GNU General Public License. Advantage of Linux is that it offer user

variety of supported file system (Eduardo Ciliendo and Takechika Kunimasa, 2007).

Linux does not require a license to install because free operating system for individual

use. Linux is powerful and unique operating system compared with other operating

system such as Windows and Macintosh (Hussain A. Alhassan and Dr. Christian

Bach, 2014). Moreover, Linux is user-friendly when writing application code through

an accessing network so that why suitable in this project. Many programmer also

choose Linux because it is support multi-processing compare than other operating

system. pfSense is compatible with Linux although pfSense is a software based on

8
Free BSD. Linux is much better than Windows because Linux quite rarely crashes.

According to the pfSense are install in computer, Ubuntu Linux has choose as

operating system in the project. Ubuntu has been the better performer as far as the

networking performance (Saranya S. Devan, 2013).

2.5 One Time Password

One Time Password schemes has been introduced that provide secure

authentication. One Time Password is a popular algorithm or technique of two-factor

authentication. A One Time Password is valid for only one login session (Nilesh

Khankari and Geetanjali Kale, 2014). In other word, One Time Password is unlike a

static password because it is changes each time the user want to log in. According to

article Survey on One Time Password, One Time Password are form of strong

authentication, provide much better protection to online bank account, corporate

network and other system that contain sensitive information. Himika Parmar, Nancy

Nainan and Sumaiya Thaseen are proposed about an authentication service that image

based and eliminate text password in their article (Himika Parmar, Nancy Nainan and

Sumaiya Thaseen, 2012). This paper integrate image-based authentication and HMAC

based one time password for achieve level of security. User should obtain One Time

Password to access their personal account after image authentication.

9
2.6 Existing system

2.6.1 Securing Wireless Network using pfSense Captive Portal with RADIUS
Authentication

This paper discuss the authentication method to avoid unauthorized users to

access. Effective ways of achieving a secure wireless network authentication is by

using a Captive Portal with Radius authentication method. Wireless network allow

users easy making connection although within local coverage of network. However,

some problem about wireless network is security. The improvement security of

WLAN is by using secure mechanism called Captive Portal. The advantages of that

mechanism are users will direct to login page when they open web browser for

accessing the internet and users does not need install access controller software on

their mobile device. Windows 7 and Windows 8 are setup as a client while Windows

Server 2012 has Active Directory (AD) and Network Policy Service (NPS) acts as

local RADIUS server. AD is responsible about users credential for authentication.

NPS is responsible for allowing network administrator create network policies to

authenticate and authorize connections from wireless access points and authenticating

switches. In this project, pfSense can be function as a perimeter firewall, router, Proxy

server and DHCP server. However, pfSense prefer act as a firewall in this case.

Captive Portal setting up with RADIUS so combination both of them will be more

secured. Disadvantage in this project is difficult for large organization within over

2000 user login credential in AD. (Aryeh, F. L., Asante, M. and Danso, A. E. Y.,2016)

10
2.6.2 Building secure wireless access point based on certificate authentication
and firewall Captive Portal

According to this paper, discuss about securing wireless local area network

used WPA2 Enterprise based PEAP MS-CHAP and Captive Portal. Protected

Extensible Authentication Protocol (PEAP) is a member of family of Extensible

Authentication Protocol (EAP) protocols. It is use in Transport Layer Security to

create encrypted channel between authenticating PEAP client. Moreover, PEAP does

not specify an authentication method but provide additional security for other EAP

authentication protocol. PEAP MS-CHAP will utilize Active Directory Certificate

Service to generate digital certificate that install on NPS. Authentication process

occurs in two phase. Firstly, use protocol EAP for opening channel TLS. Second,

authentication mechanism of username and password that connect WLAN through

SSID Internal by using protocol EAP. Proposed method in this research that have two

level security which are firewall with pfSense Captive Portal and WPA2 Enterprise.

On the other hand, this paper focus on two SSID which is SSID for guest and internal

user. Next, advantage of this paper is use strong authentication to protect data

transmission. Basically, the evaluation and analysis process are compulsory in this

project because need for testing effectiveness method that apply. Complementary to

this, WLAN that use PEAP MS-CHAP security is still vulnerable to airodump-ng and

aireplay-ng tools. Aireplay-ng tool is to inject data packet to client that connect to

access point. After injection occur, aireplay-ng will force that client to re-

authentication again. In re-authentication process, airodump-ng will capture

handshake process and save them into a file. (B. Soewito and Hirzi,2014)

11
2.6.3 DNS-based Captive Portal with integrated transparent proxy to protect
against user device caching incorrect IP address

This paper present about DNS-based captive portal. Name server receive

Domain Name System (DNS) request and queries login database. Then, name server

respond to DNS request with Internet Protocol (IP) address of web server as resolve IP

address of specified domain name when user device is logged in. Web server acts as

transparent proxy between user device and non-local target Uniform Resource Locator

(URL). Captive portal involves a DNS server resolving all domain names for

unlogged in user devices to the IP address of a login portal. Advantage from this paper

is about good in security. This because when user want to access a website, they need

logged in portal first before that website successful appear. Second advantage is make

organization easy for managing users because possible instruct users to manually

navigate URL or IP address by placing instructional card at specific place. Instead,

they expect all process are automatically. Disadvantage of DNS-based captive portal

is only work if user initially attempt to browse to URL with domain name address.

Next, perform DNS poisoning for unlogged in user device. The user device may cache

IP address of login portal even after they are logged in. Solution to that problem is

configuration DNS server of captive portal to provide low time-to-live (TTL). TTL

will resolve domain name to IP address of login portal for unauthorized user device.

TTL should complete prevent user device from cache an incorrect IP address.

However, no guarantee user device will respect TTL. (Peter S. Warrick and David T.

Ong, 2014)

12
2.6.4 Design and configuration of app supportive indirect internet access using a
Transparent Proxy Server

Company or institute need to perform many task such as web filtering, caching

and user monitoring but only allow access Internet after authentication by using

explicit proxy. According that statement, this paper has been proposed transparent

proxy and captive portal to get application work with it. A pfSense use as firewall

which has both proxy server and captive portal services integrated on single platform.

User cannot be challenged for credential by proxy server itself since transparent proxy

is use. So, user have authenticate by using captive portal. Transparent proxy has been

proposed for fulfill filtering, caching and monitoring requirement. Advantage from

this approach is proxy server will allowing client computer to make indirect network

connection to other network services. Transparent proxy also does not require any

configuration on clients end and makes use of efficient forwarding mechanism. More

importantly, ideal choice for web accelerator and web filtering gateway. Disadvantage

of transparent proxy deployment, web browser is unaware that it is communicate with

a proxy. Captive portal technique also use in this research for preventing user from

access network until authentication occur. This way may protect confidential

information. (Pranjal Sharma and T. Benith, 2014)

13
2.6.5 Monitoring Local Area Network using Remote Method Invocation

In this paper, discuss about control and monitor network of Local Area

Network (LAN) by using Remote Method Invocation (RMI). This technique allow

java object execute on one machine to invoke method of a Java object that execute on

another machine. Stub has been generated before use of client and server. Stub is a

java object that reside on client machine and function of stub is present same interface

as remote server. Network monitoring is use of system that constantly monitor

computer network and then, notify network administrator if any problem detect. Java

RMI is mechanism that allow one to invoke method on object that exist in another

address space. Subsequently, Java RMI use for providing authority to administrator by

stopping any illegal process and enable to monitor whole of LAN. Advantage of that

technique is use wireless network so can get Internet Protocol address of client and

keep pinging every time for checking latest status LAN. Another advantage is instant

of clients machine image should be saved to database when server shutdown clients

machine. The action will reduce size of database. Disadvantage of this project is vast

functionalities regarding it performance. (Harsh Mittal, Manoj Jain and Latha Banda,

2013)

14
2.6.6 Secure network monitoring system using mobile agents

This paper represent about network monitoring system that follow decentralized

approach for overcome problem of existing system. Decentralized approach are

related with secure multi-agent based on architecture which create different mobile

agents that has been proposed. Main proposed of the system to reduce network

bandwidth by using mobile agent for monitoring the network. Problem of existing

system are heterogeneity in network, limited amount of bandwidth, lack of resources,

lack of fault tolerance capability and huge amount of traffic generated on central

server. Beside, architecture of system have one Master Controller Agent (MCA) and

different Controller Agent (CA). Mobile agent is use to control and manage network

traffic as well as network infrastructure require. Advantages of the system are ability

to achieve confidentiality and integrity and reduce network bandwidth. Moreover,

load balancing problem can overcome after that approaches apply on the system. Each

client is independent for performing their own process and given result to server.

Disadvantages is process of system must be slow and delay at a certain time. (Larkins

Carvalho and Nielet Dmello, 2013)

15
2.6.7 Low cost web based remote monitoring and controlling system

In this paper, discuss about design and implement web monitoring and

controlling system which is capable of monitoring visually and controlling device at

remote areas autonomously through web page. Embedded system is a special-purpose

computer system that design to perform one or few dedicated function often with real-

time computing constraint. Besides, embedded system is require to run at speed of

environment. Advantage of this system is dedicated to specific task may reduce size

and cost of product and also increase reliability and performance. However, this

system also have limitation or disadvantages. Disadvantages of the system is only

focus on specific task only. General-purpose computer can do many different tasks

depend on programming. This is reason might be challenge to design embedded

system because need to conform to specific set of constraint for application. Another

challenge for embedded system design is perform an accurate worst case design

analysis on system with statistical performance characteristic. (V. Srinivas and

V.V.S.R.K.K. Pavan. Bh, 2015)

16
2.6.8 Android based network monitor

The paper is purpose about develop a system that user not available at the actual

site can monitor the network. This method can remote Local Area Network (LAN) by

using a mobile-based application, ANDROID. Objective this system is develop a

system where administrator can execute various command to control activities of

network even when not present at actual site of network using a mobile-based app.

Administrator can enter command through ANDROID app which would sent to

remote server. Next, administrator would be authenticated using SHA (Secure hash

algorithm) and gain right to monitor network. Two ways of control the network are

enter command through mobile device and control network directly through server.

Administrator is responsible to check network load on LAN by typing a command.

Advantages of system are high throughput, scalability, availability, reliability and

transparency. Limitation on this system are security model and algorithms of GPRS

were developed in secrecy and were never published. The system also does not

support duplex communication between client and server. (Aditya Bhosale, Kalyani

Thigale, Sayali Dodke and Tanmay Bargal, 2014)

17
2.6.9 Two factor authentication using smartphone generate one time password

According to paper, proposed a system that involves generating and delivering

a One Time Password to mobile phone. The authors also explain about method of two

factor authentication implemented using One Time Password (OTP) generate by

Smartphone. Smartphone use as token for creating OTP. OTP is valid for short period

of time only and it is generated and verified using Secured Cryptographic Algorithm.

High security is the main advantage of using OTP. Security is the major concern in all

sector. So OTP can solve a problem about password because it is valid in one session

only. However, this system also have disadvantage. More than one two-factor

authentication system require multiple token. From users point of view, token gives

drawback which include cost of purchasing, issuing and managing the token as well.

(Sagar Archarya, Apoorva Polawar and P.Y.Pawar, 2013)

18
2.7 Overview of the Project and Research

Table 2.1 : Comparison table of project and research

Author/Year Project Name Technology/ Description Advantage Disadvantage

Technique
Aryeh, F. L., Securing Wireless Radius - Authentication method to avoid - Users will direct to login Difficult for large
Asante, M. and Network Using authentication unauthorized users to access page when they open web organization within
Danso, A. E. Y. pfSense Captive browser for access internet over 2000 user login
Portal with - Effective ways in overcome credential in Active
(2016) RADIUS problem is use a Captive Portal with - Users does not need Directory
Authentication Radius authentication method install access controller
software on their mobile
device

B. Soewito and Building secure WPA2 - Secure wireless local area network Use strong authentication Use PEAP MS-
Hirzi wireless access Enterprise used WPA2 Enterprise based PEAP to protect data transmission CHAP security is
point based on MS-CHAP and Captive Portal still vulnerable to
(2014) certificate airodump-ng and
authentication - Two phase of authentication aireplay-ng tools.
and firewall process are use protocol EAP and
Captive Portal authentication mechanism of
username and password

19
Peter S. DNS-based Integrated - Captive portal involves a DNS - Good in security Only work if user
Warrick and Captive Portal transparent server resolve all domain names for initially attempt to
David T. Ong with integrated proxy unlogged in user devices to IP - Make organization easy browse to URL with
transparent proxy address of a login portal for managing users domain name
(2014) to protect against address
user device - Solution of problem is
caching incorrect configuration DNS server of captive
IP address portal to provide low time-to-live
(TTL)

Pranjal Sharma Design and Transparent - Proposed transparent proxy and - Allow client computer to Web browser is
and T. Benith configuration of Proxy Server captive portal to overcome problem make indirect network unaware that it is
app supportive connection to other communicate with a
(2014) indirect internet - Transparent proxy use for fulfill network services proxy
access using a filtering, caching and monitoring
Transparent requirement - Does not require any
Proxy Server configuration on clients
- Captive portal technique use in end and makes use of
this research for preventing user efficient forwarding
from access network until mechanism
authentication occur

20
Harsh Mittal, Monitoring Local Remote - Control and monitor network of - Use wireless network so Vast functionalities
Manoj Jain and Area Network Method Local Area Network by using can get Internet Protocol regarding its
Latha Banda using Remote Invocation Remote Method Invocation address of client and keep performance
Method pinging every time for
(2013) Invocation - Allow java object execute on one checking latest status LAN
machine to invoke method of a Java
object that execute on another - Instant of clients
machine machine image saved to
database when server
- Java RMI is mechanism that allow shutdown clients machine
one to invoke method on object that
exist in another address space and
use for providing authority to
administrator by stopping any illegal
process and enable to monitor whole
of Local Area Network

Larkins Secure network Mobile agents - Network monitoring system that - Ability to achieve Process of system
Carvalho and monitoring follow decentralized approach for confidentiality and slow and delay at a
Nielet Dmello system using overcome problem of existing integrity certain time
mobile agents system
(2013) - Reduce network
- To reduce network bandwidth by bandwidth
using mobile agent for monitoring
the network

21
V. Srinivas and Low cost web based Embedded - Web monitoring and - Dedicated to Only focus on specific
V.V.S.R.K.K. Pavan. remote monitoring system controlling system is capable specific task may task only
Bh and controlling of monitoring visually and reduce size and
system controlling device at remote cost of product
(2015) areas autonomously through
web page - Increase
reliability and
- Embedded system is special- performance
purpose computer system
design to perform one or few
dedicated function

Aditya Bhosale, Android based Android - Develop system that user not - High throughput - Security model and
Kalyani Thigale, network monitor available at the actual site can algorithms of GPRS
Sayali Dodke and monitor the network - Scalability develop in secrecy and
Tanmay Bargal - Availability never publish
- Administrator is
(2014) authenticate using Secure hash - Reliability - System does not
algorithm and gain right to support duplex
monitor network - Transparency communication
between client and
- Two ways of control server
network are enter command
through mobile device and
control network directly
through server

22
Sagar Archarya, Two factor One Time Password - System that involves High security Cost of purchasing,
Apoorva Polawar and authentication using generating and issuing and managing
P.Y.Pawar smartphone generate delivering a One the token
one time password Time Password to
(2013) mobile phone

- OTP is valid for

short period of time
only

23
2.8 Summary

This chapter provides overview regarding the concept of the system. Based on

the study that has been made it shows the literature review is one of the important part

in research. Literature review will help in determine idea about technology has been

studied before or not. Besides, research article must be related with project that

proposed. Example source of research paper can be believed for study about research

are IEEExplore, Springer and ScienceDirect. Every article and journal need to

compare each other for decide which one should be selected.

24
 CHAPTER 3

METHODOLOGY

3.1 Introduction

Methodology is a systematic way that solve the research problem by applying

technique, algorithm or method. It comprises theoretical analysis of methods and

principles associated with a branch of knowledge. Methodology also define as

principles, rules or procedure that use for developing a project or system. According

to the project, methodology that shows in this chapter are flowchart and framework. In

order to overcome problem stated in 1.2, this methodology builds referring to the three

main objectives stated in 1.3. First, to study existing LAN infrastructure, second to

design the simulation and lastly, to implement the simulation. This project will be

focused on network monitoring.

3.2 Flowchart

Flowchart is a type of diagram represent algorithm or process where it is shows

various of box has been connected with arrow. It is means visual diagram presenting

flow of data through information processing system in sequence to be performed in

solving a problem. Flowchart also shows step by step for user authentication before

administrator has monitor their network usage by limiting their bandwidth or time of

access Internet.

25
These flowchart plays a vital role in solving a problem that relate with programming.

It is quite helpful in understanding a complicated problem that appear by solving this

problem wisely. Besides, box represent as a operation of process, circle represent as a

connector or joining of two parts of program and arrow represent as a flow line.

Figure 3.1 Flowchart

Figure 3.1 shows flowchart for user authentication of simulation in this project.

This simulation has involve user and administrator. According to the project, two

computer are needed to use as requirement for testing. One computer represent as

DHCP server while another computer act as clients computer or users computer.

Moreover, pfSense is install in virtual box of computer that acting as DHCP Server.

Users must be authenticated by captive portal before get access the Internet.

So, users should enter username and password for verifying and identifying by

administrator.

26
Once users cannot pass in authentication, users cannot access the Internet although

user try hundreds of times to enter browser or access the Internet. When users enter a

correct username and password, they are easy to access the Internet.

Next, administrator have to monitor network usage of users. Administrator

able to enter total of bandwidth and time consume by users for limiting or maximize

usage of network in configuration of pfSense. pfSense will be recorded IP address or

mac address of each computer that access the network.

3.3 Framework

This part will be discussed and focused on simulation of framework.

Simulation is imitation of operation that applied as real world process or system over a

time. This simulation are require a model has develop and that model represents the

key characteristics or functions of selected system. This simulation of framework

define a process has need for operationalization of model that show design of network

system will develop in the future. According to the project, it is explain design of

network system which involve device such as computer and switch for making

connection between them. Furthermore, this framework are helps to understand

concept of monitor network usage in Local Area Network by administrator.

27
 Figure 3.2 Framework

Figure 3.2 shows simulation model of network for users computer get Internet

access after connecting with DHCP Server. Switch in this case act as bridge that

making both of computer are connected. A computer has install with pfSense is

configure as DHCP Server for monitoring network usage of user. DHCP Server and

users computer are connected by switch has form intranet. Actually, intranet is a

private network that contain within a enterprise. Intranet is involve connection through

one or more gateway computer to the outside Internet. In this case, use of intranet for

sharing data access or Internet from DHCP Server. Users computer should go

through captive portal first before user can access network.

28
3.4 Algorithm

Figure 3.3 shows proposed algorithm that apply into captive portal is One Time

Password algorithm.

Figure 3.3 Proposed algorithm

One Time Password algorithm is a representative technique that applying in

the project for securing relate to authentication of users into captive portal. One Time

Password is a different technique than others where different password is generate

each time a password used. In other word, One Time Password is randomly generated

password and need sending to users by using email or mobile phone services. As an

administrator, when users want to enter a captive portal, administrator need to send

one time password code to the users after they are making pre-register. Users will be

allowed into the network after they are successful authenticate by captive portal.

29
Password usually for secure need consist of 8 characters with at least one digit, one

capital letter and one small letter. Advantage of One Time Password is not vulnerable

to replay attack. This means intruder who want to attack the system does not easy

enter that system because intruder need to break the password first.

3.5 Captive Portal

Captive portal is a technique that imposes users authentication by presenting

their credential before gaining access to the network (Surasak Sanguanpong and

Kasom Koht-Arsa, 2013). Moreover, it is allow users to redirection through page

login and then, they will get access the network. When user enter web page of browser

is automatically redirected to login page on an authentication web server. According

to captive portal, the user must insert credentials which are username and password so

after authentication, user can access to the Internet. Administrator need to identify and

verify user that access the network. Captive portal also ways or method of security is

provide before someone want to access Internet.

30
3.6 pfSense

pfSense is a open source computer software and customized distribution of

FreeBSD which configure computer into DHCP Server. pfSense need to download

and install in virtual box. After successful install in virtual box, administrator must

configure and upgrade pfSense first in web-based interface. Besides, pfSense setup

should have two network interface card in order to run system. pfSense use single

XML file to store configuration all services available in pfSense software or machine.

It is allow pfSense to be easily back up. Furthermore, pfSense services is written in

PHP which make easy to extend current code base.

3.7 Summary

This chapter is discuss the methodology use to complete this project. In chapter

methodology shows flowchart, framework and algorithm. The elements are important

to make this project more systematic. Because of that, methodology must be followed

during simulation development in order to complete and making the project

successful. One Time Password algorithm is a technique that applying in this project.

Overview about captive portal and pfSense which important to be discussed in this

chapter. The right methodology can help in project to be done accordingly to the Gantt

Chart.

31
 CHAPTER 4

CONCLUSION

6.1 Introduction

This chapter can be concluded the overall contribution of project Network

Monitoring using Captive Portal in pfSense. The conclusion of the project is discuss

about the conclusion of the simulation that gives benefit to the administrator and

users. Project limitation will be stated all the difficulties that have been faced

throughout process of development. Recommendation should be discussed in giving

suggestion in the future project.

6.2 Project limitation

There are several problems and constraints that occur throughout the development

of this project. During completing this project proposal, a few of limitation that comes

up. These problems and constraints in conducting this study are:

This project must have same network range for LAN and WAN coverage

Difficulties to use wireless in campus

Cannot use whether hub or modem in this project

This project need use two network interface card

This project must be depends on internet connection either performance

network is slow or strong

32
6.3 Recommendation

This simulation will be better if all requirement for this project can be fulfilled. So

this project of simulation can widely used by everyone especially administrator to

monitor network performance in easy way.

6.4 Summary

As a conclusion, this project proposal will help any organization or company

administrator in easily monitor of network performance. Regarding to the project, it

will make reducing the cost or budget in any organization. This project can be

minimized network usage by limiting bandwidth and time. A lot of discussion has

been made that describe about network monitoring in pfSense and also study of

literature review in research paper based on the previous related works. Last but not

least, this project hope can help many people especially administrator and users.

According to the statement, this project will be beneficial and useful to all

organization and clients. On the other hand, these limitation can monitor network

usage through Captive Portal so users does not access network without any purpose in

the future.

33
 REFERENCES

[1] Elliotte Rusty Harold. 2013. Java Network Programming Fourth Edition.

pp. 26.

[2] Behrouz A. Forouzan. 2012. Data Communication and Networking Fifth

Edition. pp. 7-17.

[3] Jorge L. Olenewa. 2012. Guide to Wireless Communication Third Edition.

pp. 18-56.

[4] Stanislaw Lota and Marcin Markowski. 2015. Performance analysis of virtual

computer network based on Cisco cloud services router 1000v in a private

cloud environment. Vol. 7, No. 2, pp. 117-132.

[5] B. Soewito and Hirzi. 2014. Building secure wireless access point based on

certificate authentication and firewall Captive Portal. EPJ Web of Conferences

68. doi:10.1051/epjconf/20146800029.

[6] Aryeh, F. L., Asante, M. and Danso, A. E. Y. 2016. Securing Wireless

Network using pfSense Captive Portal with RADIUS Authentication. Ghana

Journal of Technology, Vol. 1, pp. 40-45.

[7] Peter S. Warrick and David T. Ong. 2014. Dns-based Captive Portal with

Integrated transparent proxy to protect against user device caching incorrect IP

address.US 2014/0344890 A1.

[8] Pranjal Sharma and T. Benith. 2014. Design and Configuration of App

Supportive Indirect Internet Access using a Transparent Proxy Server.

International Journal of Modern Engineering Research, Vol. 4, Issue. 10,

pp. 2249-6645.

34
[9] Harsh Mittal, Manoj Jain and Latha Banda. 2013. Monitoring Local Area

Network using Remote Method Invocation. International Journal of Computer

Science and Mobile Computing, Vol. 2, Issue. 5, 50-55.

[10] Larkins Carvalho and Nielet Dmello. 2013. Secure network monitoring system

using mobile agents. International Journal of Modern Engineering Research,

Vol. 3, Issue. 3, pp. 1850-1853.

[11] V. Srinivas and V.V.S.R.K.K. Pavan. Bh. 2015. Low cost web based remote

monitoring controlling system. International Journal of Innovative Research

in Electronics and Communication, Vol. 2, Issue 4, pp. 22-34.

[12] Aditya Bhosale, Kalyani Thigale, Sayali Dodke and Tanmay Bargal. 2014.

Android Based network monitor. International Journal of Computer Science

and Information Technology & Security, Vol. 4, No.2, pp. 2249-9555.

[13] Lockias Chitanana. 2012. Bandwidth management in universities in

Zimbabwe: Towards a responsible user base through effective policy

implementation. International Journal of Education and Development using

Information and Communication Technology, Vol. 8, Issue 2, pp. 62-76.

[14] Eduardo Ciliendo and Takechika Kunimasa. 2007. Linux Performance and

Tuning Guidelines First Edition. pp. 15.

[15] Hussain A. Alhassan and Dr. Christian Bach. 2014. Operating System and

Decision Making. ASEE 2014 Zone I Conference, pp. 80-85.

[16] Saranya S. Devan. 2013. Windows 8 V/S Linux Ubuntu 12.10 Comparison

Of The Network Performance. International Journal of Research in

Engineering and Technology, Vol. 2, Issue 3, pp. 577-580.

35
[17] Surasak Sanguanpong and Kasom Koht-Arsa. 2013. A Design and

Implementation of Dual-Stack Aware Authentication System for Enterprise

Captive Portal. pp. 118-121.

[18] Nilesh Khankari and Geetanjali Kale. 2014. Survey on One Time Password.

International Journal of Computer Engineering and Application, Vol. 9,

Issue 3. pp. 2321-3469.

[19] Christopher Udeagha, R. Maye, D. Patrick, D. Humphery, D. Escoffery and E.

Campbell. 2016. Comparative analysis of performance of hub with switch

local area network (LAN) using riverbed in University of Technology (Utech),

Jamaica. pp. 118-126.

[20] Salim Istyaq. 2016. A New Technique For User Authentication Using Numeric

One Time Password Scheme. International Journal of Advanced Trends in

Computer Science and Engineering, Vol. 4, Issue 5, pp. 163-165.

[21] Himika Parmar, Nancy Nainan and Sumaiya Thaseen. 2012. Generation Of

Secure One Time Password Based On Image Authentication. pp. 195-206.

[22] Sagar Archarya, Apoorva Polawar and P.Y.Pawar. 2013. Two factor

authentication using smartphone generate one time password. ISOR Journal of

Computer Engineering, Vol. 11, Issue 2, pp. 85-90.

36
 APPENDIX

Gantt Chart (FYP1)

Week
Activity 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Project briefing by KPP
Discussion and selection of
proposal topic
Project title registration
Detailed about background
project, problem statement,
objectives, scope, limitation
Detailed about Literature
Review
Presentation of proposal and
presentation 1
Correction of proposal
Framework discussion
Configuration of pfSense
Draft proposal submission
Correction of proposal
Discussion and preparation of
project presentation
Conference of project
presentation
Final submission report

37