Scribd Logo
Upload

Welcome to Scribd!

  • CS455 Lab 2 Packet Sniffing

    Uploaded by

    Evgenia Renartz
    28 views2 pages
    The document provides instructions for a lab assignment to implement a passive network monitoring tool using libpcap that will capture and print packets from a wireless interface. The program must connect to the interface, create a tap, print the datalink name, apply BPF filters, and start packet processing using a callback function to print details of Ethernet, IP, ICMP, UDP and TCP packets including addresses, protocols, lengths, and payload data for ports 80. Students are asked to generate ICMP and HTTP traffic to test the program.

    Original Description:

    Original Title

    PassiveMonitoring-PacketSniffing

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides instructions for a lab assignment to implement a passive network monitoring tool using libpcap that will capture and print packets from a wireless interface. The program must connect to the interface, create a tap, print the datalink name, apply BPF filters, and start packet processing using a callback function to print details of Ethernet, IP, ICMP, UDP and TCP packets including addresses, protocols, lengths, and payload data for ports 80. Students are asked to generate ICMP and HTTP traffic to test the program.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views2 pages

    CS455 Lab 2 Packet Sniffing

    Uploaded by

    Evgenia Renartz
    The document provides instructions for a lab assignment to implement a passive network monitoring tool using libpcap that will capture and print packets from a wireless interface. The program must connect to the interface, create a tap, print the datalink name, apply BPF filters, and start packet processing using a callback function to print details of Ethernet, IP, ICMP, UDP and TCP packets including addresses, protocols, lengths, and payload data for ports 80. Students are asked to generate ICMP and HTTP traffic to test the program.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CS455 - Cybersecurity Lab Lab #2 Passive Monitoring / Packet Sniffing

    In todays lab you are going to implement a simple passive monitoring tool. Using libpcap write a simple program that captures packets, that will be printed on the screen (similar to tcpdump tool). In particular, the program should: 1. Connect to the wireless interface. 2. Create a tap on the active interface, using pcap_open_live() 3. Print the datalink name. 4. Apply BPF filters on the open handle using pcap_compile() and pcap_setfilter(). Filters should be defined by user as command-line arguments. e.g: #./sniffer tcp port 80 5. Start packet processing using pcap_loop() or pcap_next(), and call the callback function. Callback function should process each packet captured. In particular it should: 1. Print the time where each packet was captured. 2. For Ethernet frames, print MAC addresses of both source and destination hosts. e.g. ETHERNET 00:11:22:33:44:55 -> AA:BB:CC:DD:EE:FF 3. If the packet is an IP packet, print the IP addresses of both source and destination hosts. e.g. IP 192.168.XXX.XXX -> 192.168.XXX.XXX 4. Check the protocol of the packet (TCP, UDP or ICMP), and: a. If the packet is an ICMP packet, print the protocol and the packets length. e.g. ICMP len 98 b. If the packet is an UDP packet, print the protocol, the packets length and the ports of both source and destination hosts. e.g. UDP 59415 -> 53 len 74 c. If the packet is a TCP packet, print the protocol, the packets length and the ports of both source and destination hosts. e.g. TCP 51933 -> 80 len 60 i. Check if source or destination port are equal to 80 (transaction with a web-server) and print the data contained in the packet (payload). e.g. GET index.jsp HTTP/1.1 Host: www.csd.uoc.gr Evaluation Generate ICMP traffic using the `ping` tool.

    Generate HTTP traffic. Using wget, netcat or your web browser request the site in 192.168.1.75 port 80.

    Hints Compile your program with -lpcap In order to capture packets from the network interface, libpcap must be run with elevated privileges. Thus, run your program as root. Requirements Linux OS (or equivalent) with C compiler and libpcap installed.

    You might also like