1 / 15

Homework Assignment #1

Homework Assignment #1. Packet Capture & Analyze. Homework Assignment #1: Packet Capture and Analyze. Lots of tools or libraries exist for packet capture & analyze Sniffer, Pcap,… However, in this homework, you are required to directly utilize the operating system services

hanne
Download Presentation

Homework Assignment #1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Homework Assignment #1 Packet Capture & Analyze

  2. Homework Assignment #1: Packet Capture and Analyze • Lots of tools or libraries exist for packet capture & analyze • Sniffer, Pcap,… • However, in this homework, you are required to directly utilize the operating system services • Use ioctl function to change a NIC’s flag • Capture all packets passing the NIC • Use raw socket to obtain layer 2 & layer 3 information • Analyze all captured packets • Environment • Linux

  3. About ioctl • A system call used by a process to access features of a device that aren’t supported by the standard system calls like read, write… • int ioctl(int fd, unsigned long com, char *argp)

  4. Flowchart struct ifreq ethreq; //ifreq in <net/if.h> char interface[16]; memset(interface,0x00,sizeof(interface)); main function’s parameter argv[1]=‘eth0’ Start Setup interface Header: #include <sys/types.h> #include <sys/socket.h> Define: int socket(int domain,int type,int protocol) You need defining a Raw Socket to get L2,L3 information. Establish socket Header: #include <sys/ioctl.h> Define: int ioctl(int fd, unsigned long com, char *argp) Using command SIOCGIFFLAGS to get the original flag Get interface flag

  5. Flowchart (cont.) Define in header file “if.h” #define IFF_PROMISC 0x100 /*receive all packets */ You need to set NIC’s flag to IFF_PROMISC Set promiscuous mode Receive packets IP ARP Others …. Analyzing & Filtering TCP UDP ICMP …. Loop receive

  6. Data Structure • Define structure • #include <linux/if_ether.h> //for ethernet header struct ethhdr { unsigned char h_dest[ETH_ALEN]; unsigned char h_source[ETH_ALEN]; unsigned short h_proto; } • #include <linux/ip.h> //for ip header struct iphdr { unsigned int version:4; unsigned int h_len:4; unsigned char tos; unsigned short total_len; unsigned short ident; unsigned short frag_and_flags; unsigned char ttl; unsigned char proto; unsigned short checksum; unsigned int sourceIP; unsigned int destIP; }

  7. RAW Socket • RAW socket enable you to establish the protocol what you need • Advantages: • When you using RAW socket, the packets you receiving are not modified • Constrain • No port number : system forward raw packets to suitable raw socket. • In linux , raw socket can only be used by root.

  8. Executable Command • Format: capture [options][filter] • Default: no option and filter • Capture 100 packets and print out a summary of the packets #capture ------statistics------ IP :75 ARP :3 RARP :3 TCP :6 UDP :60 ICMP :0 IGMP :0 -----finish-----

  9. Option • -n <maxcount> • The number of packets to be captured • -v • Print out the information for each captured packet • Format: Source MAC address: 00:0E:6A:D3:B3:1E Destination MAC address: 00:E0:18:ED:D7:13 IP->protocol = TCP IP->src_ip = 220.130.208.127 IP->dst_ip = 220.130.208.129 Src_port =2345 Dst_port=64

  10. Filter • srcmac <MAC_ADDR> • Specify the source MAC address • destmac <MAC_ADDR> • Specify the destination MAC address • srcip <IP_ADDR> • Specify the source IP address • destip <IP_ADDR> • Specify the destination IP address • srcport <PORT_NUM> • Specify the source port number • destport <PORT_NUM> • Specify the destination port number • tcp • Specify the layer 4 protocol as TCP • udp • Specify the layer 4 protocol as UDP

  11. Filter (Cont) • Example 1 • Finding out 10 UDP packets belongs to you and printing out the information of packets (use v option) • #capture –n 10 –v upd destip 140.120.15.1 • Example 2 • Finding out 10 TCP packets with source IP = 140.120.15.1 and destination MAC address = 4578CD4E and printing out the information of packets (use v option) • #capture –n 10 –v tcp srcip 140.120.15.1 destmac 4578CD4E

  12. Turn In • Source code • Executing result (snapshot)

  13. Turn In (cont.) • Deadline • 23:59, Nov 24, 2005 • Ftp • IP:140.120.15.123 2222 • Username/Password: comm94/comm94 • Filename • HW1_ID.doc eg.HW1_79356001.doc • If you want to update • HW1_ID_new1.doc, HW1_ID_new2.doc …etc

  14. Turn In (cont.) • No late work is acceptable • You get zero if you miss the due day • No cheat work is acceptable • You get zero if you copy other people’s version

  15. Reference • TCP/IP Illustrated,Volume 2,Wright Stevens, Addison Wesley • Linux C/C++ 網路程式設計,金禾 • Linux C 函式庫參考手冊,旗標 • Linux Socket Programming,碁峰

More Related