CS455 - Cybersecurity Lab Lab #2 Passive Monitoring / Packet Sniffing

In today’s lab you are going to implement a simple passive monitoring tool. Using libpcap write a simple program that captures packets, that will be printed on the screen (similar to tcpdump tool). In particular, the program should: 1. Connect to the wireless interface. 2. Create a tap on the active interface, using pcap_open_live() 3. Print the datalink name. 4. Apply BPF filters on the open handle using pcap_compile() and pcap_setfilter(). Filters should be defined by user as command-line arguments. e.g: #./sniffer ‘tcp port 80’ 5. Start packet processing using pcap_loop() or pcap_next(), and call the callback function. Callback function should process each packet captured. In particular it should: 1. Print the time where each packet was captured. 2. For Ethernet frames, print MAC addresses of both source and destination hosts. e.g. ETHERNET 00:11:22:33:44:55 -> AA:BB:CC:DD:EE:FF 3. If the packet is an IP packet, print the IP addresses of both source and destination hosts. e.g. IP 192.168.XXX.XXX -> 192.168.XXX.XXX 4. Check the protocol of the packet (TCP, UDP or ICMP), and: a. If the packet is an ICMP packet, print the protocol and the packet’s length. e.g. ICMP len 98 b. If the packet is an UDP packet, print the protocol, the packet’s length and the ports of both source and destination hosts. e.g. UDP 59415 -> 53 len 74 c. If the packet is a TCP packet, print the protocol, the packet’s length and the ports of both source and destination hosts. e.g. TCP 51933 -> 80 len 60 i. Check if source or destination port are equal to 80 (transaction with a web-server) and print the data contained in the packet (payload). e.g. GET index.jsp HTTP/1.1 Host: www.csd.uoc.gr Evaluation ● Generate ICMP traffic using the `ping` tool.

168.● Generate HTTP traffic.1. Using wget.75 port 80. Hints ● Compile your program with -lpcap ● In order to capture packets from the network interface. . Requirements ● Linux OS (or equivalent) with C compiler and libpcap installed. netcat or your web browser request the site in 192. libpcap must be run with elevated privileges. Thus. run your program as root.

Sign up to vote on this title
UsefulNot useful