5.a Network sniffer

From Inforail
Jump to: navigation, search

Keywords

IP, BSD sockets, raw sockets, protocol, sniffing, privacy, parsing

Objectives

  • Learn how to manipulate sockets at a lower level, by setting certain options.
  • Write a simple sniffer that can capture an IP packet, parse it and print it on the screen in a human readable form.

The "human readable form" is defined as: 

{
An IP packet with the size %i was captured. 
Raw data: {%bla bla, raw data}

Parsed data:
	Version:
	Header length:
	Type of Service:
	Length:
	ID:
	Flags:
	Fragment offset:
	TTL:
	Protocol:
	Checksum:
	Src:
	Dst:
	Payload:
	{
		bla bla bla bla bla, higher layer protocol raw data
	}
}

Requirements

No special requirements are given, the scope of the task is defined in the Objectives section.


Notes

http://en.wikipedia.org/wiki/Endianess


Grading policy

Assuming that everything is correct,

  • 8 - for capturing a raw IP packet;
  • 9 - for properly parsing the packet and displaying it;
  • 10 - for extending the program with another feature that uses socket options, or describing in detail how that feature could be implemented.


Self-test questions

Use these questions to independently evaluate your knowledge. The better you understand how to answer them, the smoother your interview with the devil will go.

  • At which layer of the network stack does the program work?
  • What kind of a socket have you created?
  • How can you tell which transport layer protocol is in the payload of the IP packet?
  • What does each argument mean in the part of the code where the socket is created?
  • What are the benefits of using raw sockets?
  • Provide examples of other socket options; what are their practical applications?
  • How would you have to redesign the program, such that it could selectively block certain IP packets?
  • Is your program going to work with IPv6? If yes - why? If not - why?
Retrieved from "https://info.railean.net/index.php?title=5.a_Network_sniffer&oldid=3"