sniffing-and-spoofing.doc - Internet Security CSE644 Lab 1 Packet Sniffing and Spoofing Lab Aastha Yadav([email protected] SUID 831570679 Task 1 Writing

sniffing-and-spoofing.doc - Internet Security CSE644 Lab 1...

This preview shows page 1 - 5 out of 25 pages.

Internet Security CSE644 Lab 1: Packet Sniffing and Spoofing Lab Aastha Yadav ([email protected]) SUID: 831570679 Task 1: Writing Packet Sniffing Program Task 1.a: Understanding Sniffex Figure 1
Image of page 1
Figure 2
Image of page 2
Figure 3 Observation: First, let’s try to run our sniffex code with root privilege. We successfully capture 10 packets after compilation. Problem 1 : Here are the steps to the sequence of library calls essential for sniffer programs: 1. Setting up Device : pcap sets the device on its own. If this fails, it saves the error message into errbuf. pcap_lookupdev(errbuf) can be used to find a device to sniff on. 2. Opening the device for sniffing: pcap uses pcap_open_live() to open session on a device we will be sniffing on. The format of the statement is as follows: pcap_t *pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf)
Image of page 3
char *device: specifies the device we are sniffing on. snaplen: specifies max number of bytes to be captured by pcap. promisc: specifies if Promiscous mode is on or not. to_ms: this value is non-zero as this is the read time out in milliseconds. char *ebuf: stores error messages. Note: Promiscous Mode is used to sniff all network traffic and not just the traffic to, from, or routed through a specific host. 3. Filtering Traffic : We perform filtering using two functions in pcap library: pcap_compile() is used to compile the filter expression stored in a regular string. pcap_setfilter() is used to set the compiled filter to determine what the program sniffs. Here’s the prototype for them: int pcap_compile(pcap_t *p, struct bpf_program *fp, char *str, int optimize, bpf_u_int32 netmask) Pcap_t *p: specifies session handle. struct bpf_program *fp: specifies reference to the place we will store the compiled version of our filter. char *str: specifies expression in a regular string format. int optimize: integer that decides if the expression should be "optimized" or not. bpf_u_int32 netmask: specifies the network mask of the network the filter applies to. int pcap_setfilter(pcap_t *p, struct bpf_program *fp) pcap_t *p: session handler. struct bpf_program *fp: specifies reference to the compiled version of the expression. 4. Sniffing: u_char *pcap_next(pcap_t *p, struct pcap_pkthdr *h) is used to capture a single packet at a time. pcap_t *p: session handler struct pcap_pkthdr *h: a pointer to a structure that holds general information about the packet The function returns a u_char pointer to the packet that is described by this structure
Image of page 4
Image of page 5

You've reached the end of your free preview.

Want to read all 25 pages?

  • Fall '19

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes