Scribd Logo
Upload

Welcome to Scribd!

  • Assignment 1packet Sniffing

    Uploaded by

    cecohav455
    4 views5 pages
    This document discusses programming a sniffer in Python to analyze network packets. It begins by introducing packet sniffing and explaining that sniffers work by putting the network interface card in promiscuous mode to see all network traffic. It then provides code to implement a sniffer using Python sockets and struct to unpack the IP and TCP headers of captured packets. The code extracts fields like source/destination addresses and ports from these headers and prints them. The document concludes that running this program allows analyzing different packets by extracting header fields.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses programming a sniffer in Python to analyze network packets. It begins by introducing packet sniffing and explaining that sniffers work by putting the network interface card in promiscuous mode to see all network traffic. It then provides code to implement a sniffer using Python sockets and struct to unpack the IP and TCP headers of captured packets. The code extracts fields like source/destination addresses and ports from these headers and prints them. The document concludes that running this program allows analyzing different packets by extracting header fields.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views5 pages

    Assignment 1packet Sniffing

    Uploaded by

    cecohav455
    This document discusses programming a sniffer in Python to analyze network packets. It begins by introducing packet sniffing and explaining that sniffers work by putting the network interface card in promiscuous mode to see all network traffic. It then provides code to implement a sniffer using Python sockets and struct to unpack the IP and TCP headers of captured packets. The code extracts fields like source/destination addresses and ports from these headers and prints them. The document concludes that running this program allows analyzing different packets by extracting header fields.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Programming Laboratory-II Third Year Computer Engineering

    AIM : Write a program to sniff packet sent over the local network and analyze it.

    Write-up Correctness Documentation Viva Timely Total Dated sign


    of program of program Completion of SubjectTeacher

    2 2 2 2 2 10

    MCOERC,NASHIK
    Programming Laboratory-II Third Year Computer Engineering

    Introduction

    Have you ever thought about how your computer talks with others on a network? Would you like
    to listen to, or “sniff”, the conversation? Network engineers, system administrators, security
    professionals and, unfortunately, crackers have long used a tool that allows them to do exactly
    that. This nifty utility, known as a sniffer, can be found in the arsenal of every network guru,
    where it’s likely used every day for a variety of tasks. This article will offer a brief overview of
    sniffers, including what they do, how they work, why users need to be aware of them, and what
    users can do to protect themselves against the illegitimate use of sniffers.
    What is a Sniffer?

    Sniffing or network packet sniffing is the process of monitoring and capturing all the packets passing
    through a given network using sniffing tools. It is a form wherein, we can “tap phone wires” and get
    to know the conversation. It is also called wiretapping and can be applied to the computer networks.

    There is so much possibility that if a set of enterprise switch ports is open, then one of their
    employees can sniff the whole traffic of the network. Anyone in the same physical location can plug
    into the network using Ethernet cable or connect wirelessly to that network and sniff the total traffic.

    In other words, Sniffing allows you to see all sorts of traffic, both protected and unprotected. In the
    right conditions and with the right protocols in place, an attacking party may be able to gather
    information that can be used for further attacks or to cause other issues for the network or system
    owner.
    What can be sniffed?
    One can sniff the following sensitive information from a network −
    • Email traffic
    • FTP passwords
    • Web traffics
    • Telnet passwords
    • Router configuration
    • Chat sessions
    • DNS traffic

    How Does a Sniffer Work?

    • Before we can explore how a sniffer operates, it may be helpful to examine what enables
    the tool to work.
    • During normal tasks such as Web surfing and messaging, computers are constantly
    communicating with other machines.
    • Obviously, a user should be able to see all the traffic traveling to or from their machine.
    MCOERC,NASHIK
    Programming Laboratory-II Third Year Computer Engineering
    Most PCs, however, are on a Local Area Network (LAN), meaning they share a
    connection with several other computers.
    • If the network is not switched (a switch is a device that filters and forwards packets
    between segments of the LAN), the traffic destined for any machine on a segment is
    broadcast to every machine on that segment.
    • This means that a computer actually sees the data traveling to and from each of its
    neighbors, but ignores it, unless otherwise instructed.
    • We can now begin to understand the magic behind a sniffer. The sniffer program tells a
    computer, specifically its Network Interface Card (NIC), to stop ignoring all the traffic
    headed to other computers and pay attention to them.
    • It does this by placing the NIC in a state known as promiscuous mode. Once a NIC is
    promiscuous, a status that requires administrative or root privileges, a machine can see all
    the data transmitted on its segment.
    • The program then begins a constant read of all information entering the PC via the
    network card.
    Implementation using Python
    struct.pack(fmt, a1,a2,…)
    As the name suggests, this method is used to return the string, which is packed
    according to the given format. The string contains the values a1, a2 and so on.
    struct.unpack(fmt, string)
    As the name suggests, this method unpacks the string according to a given format.
    In the following example of raw socket sniffer IP header, which is the next 20 bytes in
    the packet and among these 20 bytes we are interested in the last 8 bytes. The latter
    bytes show if the source and destination IP address are parsing –
    Now, we need to import some basic modules as follows –
    import os
    import socket
    from struct import unpack
    Now, we will create a socket, which will have three parameters. The first parameter
    tells us about the packet interface — PF_PACKET for Linux specific and AF_INET for
    windows; the second parameter tells us that it is a raw socket and the third parameter
    tells us about the protocol we are interested in —0x0800 used for IP protocol.
    MCOERC,NASHIK
    Programming Laboratory-II Third Year Computer Engineering

    s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)

    Now, we need to call the recvfrom() method to receive the packet.


    while True:
    packet = s.recvfrom(65565)
    In the following line of code, we are ripping the Ethernet header –
    packet = s.recvfrom(65565)
    With the following line of code, we are parsing and unpacking the header with
    the struct method –
    iph = unpack('!BBHHHBBH4s4s' , ip_header)

    We can now get the IP header by executing the following line of code –
    ip_header = packet[0:20]
    iph = unpack('!BBHHHBBH4s4s' , ip_header)
    s_addr = socket.inet_ntoa(iph[8]);
    d_addr = socket.inet_ntoa(iph[9]);

    print ('\nVersion : ' + str(version) + '\nIP Header Length : ' + str(ihl) +


    '\nTTL : ' + str(ttl) + '\nProtocol : ' + str(protocol) + '\nSource Address :
    ' + str(s_addr) + '\nDestination Address : ' + str(d_addr))

    We can now get the TCP IP header by executing the following line of code –
    tcp_header = packet[iph_length:iph_length+20]

    #now unpack them :)


    tcph = unpack('!HHLLBBHHH' , tcp_header)

    source_port = tcph[0]
    dest_port = tcph[1]
    sequence = tcph[2]
    acknowledgement = tcph[3]
    doff_reserved = tcph[4]
    tcph_length = doff_reserved >> 4

    print ('\nSource Port : ' + str(source_port) + '\nDest Port : ' +


    str(dest_port) + '\nSequence Number : ' + str(sequence) + '\nAcknowledgement
    : ' + str(acknowledgement) + '\nTCP header length : ' + str(tcph_length))
    MCOERC,NASHIK
    Programming Laboratory-II Third Year Computer Engineering

    Get data from the packet


    data = packet[h_size:]

    Conclusion:

    Hence, we Conclude when we run these program different packets are analyzed by
    extracting Headers Fields different fields of captured packet.

    MCOERC,NASHIK

    You might also like