Scribd Logo
Upload

Welcome to Scribd!

  • Packet Sniffer Implementation

    Uploaded by

    nassmah
    15 views19 pages

    Original Title

    5a77b7b0-e7cb-4e19-883a-2f41375d902e-170215170010

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views19 pages

    Packet Sniffer Implementation

    Uploaded by

    nassmah

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    PACKET SNIFFER

    IMPLEMENTATION
    By
    Badrik Modi (011496654)
    Goutham Sunkara (011463270)
    Harika Reddy Patlolla (011050052)
    Sreekar Adapa (011468938)
    CONTENT:

     what is a packet sniffing?


     How does it work?
     Implementation using python
     Result
     Uses of packet sniffer
     Conclusion
     References
    What is Packet Sniffing?

     Packet sniffing, or packet analyzer, is the process of


    capturing the data that is passed over the local network and
    looking for any information that may be useful.

     Packet sniffing is a passive technique, no one actually is


    attacking your computer and investigating through the files.
    most of the time, system administrator uses packet sniffer to
    troubleshoot network problems.
    How does it work?

     Typically, when people think of network traffic, they think


    that it goes directly from their computers to the router or
    switch and up to the gateway and then out to the internet,
    where it routes similarly until it gets to specified destination.

     This is mostly true except for one fundamental detail. Your


    computer isn’t sending data anywhere.
    How does it work? (Cont.)

     Instead, it broadcasts the data in packets but have the


    destination in the header.

     Every node on network receives the packet, determines


    whether it is the intended recipient and then either accepts the
    packet or ignores it.
    Sniffing Methods:

     Sniffing method works in switched and non-switched network.

     Sniffing methods
    IP based sniffing.
    MAC based sniffing.
    ARP based sniffing.
    Implementation Using Python
    Sniffer program

     Wireshark is the commonly used packet sniffer/protocol


    analyzer.

     Packet sniffers can be written in python too and in this program


    we have written a sniffer program in python in Linux platform.

     Why Linux? Although python is a portable, the program won’t


    run and give similar results on windows.
    Implementation Using Python (Cont.)

     This is due to difference in the implementation of the socket


    API.

     Our packet sniffer program doesn’t use any extra libraries like
    libpcap. Instead, they just use raw sockets.
    Steps of Implementation

     Create a raw socket.


     Receive a packet and get packet string from tuple.
     From received packet parse TCP/IP header with the
    help of unpack method.
     Now parse the TCP/IP packet for retrieving TCP/IP
    header.
    Steps of Implementation (Cont.)

     Now check with the internal protocol used.


    If IP then, parse IP packet for retrieving IP header
    Then print version, IP header length, TTL, protocol,
    source address and destination address.

    If TCP then, parse TCP packet for retrieving TCP header


    Then print source port, destination port, sequence
    number, acknowledgement and TCP header length.
    Steps of Implementation (Cont.)
     CREATING A RAW SOCKET.

    S = SOCKET.SOCKET(SOCKET.AF_INET, SOCKET.SOCK_RAW,
    SOCKET.IPPROTO_TCP)

    . SOCKET.AF_INET  INTERNET PROTOCOL (IPV4)


    . SOCKET.AF_INET6  INTERNET PROTOCOL (IPV6)

    . SOCKET.SOCK_RAW  CONNECTION BASED STREAM (TCP)


    . SOCKET.SOCK_DGRAM DATAGRAM (UDP)

    . SOCKET.IPPROTO_TCP FOR TCP


    . SOCKET.IPPROTO_IP FOR IP
    . SOCKET.IPPROTO_UDP FOR UDP
    Steps of Implementation (Cont.)
     Receive a packet and get packet string from tuple.
    packet = s.Recvfrom(65565)  receiving a packet with buffer size
    packet = packet [0]  defining a packet
    ip_ipheader = packet [0:20] 

     Unpacking TCP/IP header from received packets.


    Ipheader = unpack(‘bbhhhbbh4s4s’, ip_ipheader)

    struct.Unpack(fmt, string) Unpack the string according to the given


    format. The result is a tuple even if it contains exactly one item.
    Steps of Implementation (Cont.)
    Now parse the TCP/IP packet for retrieving TCP/IP header.
     IP header
    ttl = ipheader[5]
    protocol = ipheader[6]
    s_addr = socket.Inet_ntoa(ipheader[8]);
    d_addr = socket.Inet_ntoa(ipheader[9]);

     TCP header
    source_port = tcpheader[0]
    dest_port = tcpheader[1]
    sequence = tcpheader[2]
    acknowledgement = tcpheader[3]
    off_reserved = tcpheader[4]
    tcpheader_length = doff_reserved >> 4
    RESULT
    Uses of Packet Sniffer:

    Packet sniffer is used for network troubleshooting by


    network administrators.

    It’s used for analyzing network traffic


    why is the network slow?
    What is network traffic pattern?
    How is the traffic is shared between the nodes?
    Uses of Packet Sniffer (Cont.):

    Capturing the clear text usernames and passwords.

    Capturing and replying voip telephone conversations

    Conversion of network traffic into human readable form.


    Conclusion
    A packet sniffer might be installed at any point along
    the network. It could also be sneakily installed on a server
    that acts as a gateway. A packet sniffer is not just a hacker’s
    tool. It can be used for network troubleshooting and other
    useful purposes.
    However, in the wrong hands, a packet sniffer can
    capture sensitive personal information that can lead to
    invasion of privacy.
    References

     https://docs.python.org/2/library/socket.html

     www.dabeaz.com/python/pythonnetbinder.pdf

     https://www.tutorialspoint.com/python3/index.htm

     https://acadndtechy.files.wordpress.com/2015/01/computer-networks-a-
    systems-approach-larry-l-peterson-morgan-kaufmann.pdf

    You might also like