5.a Network sniffer
From Inforail
Keywords
IP, BSD sockets, raw sockets, protocol, sniffing, privacy, parsing
Objectives
- Learn how to manipulate sockets at a lower level, by setting certain options.
- Write a simple sniffer that can capture an IP packet, parse it and print it on the screen in a human readable form.
The "human readable form" is defined as:
{
An IP packet with the size %i was captured.
Raw data: {%bla bla, raw data}
Parsed data:
Version:
Header length:
Type of Service:
Length:
ID:
Flags:
Fragment offset:
TTL:
Protocol:
Checksum:
Src:
Dst:
Payload:
{
bla bla bla bla bla, higher layer protocol raw data
}
}
Requirements
No special requirements are given, the scope of the task is defined in the Objectives section.
Notes
- On Windows platforms
- you need admin rights to do that
- (using standard methods) you can only read data, but not write
- if you use Python, reading raw data on Windows is implemented in Python 2.6 and above
- this page specifies which socket options are supported in Windows and how they behave: http://msdn.microsoft.com/en-us/library/bb736550(VS.85).aspx
- The IPv4 header format: http://www.networksorcery.com/enp/protocol/ip.htm
- Don't forget to take into account little-endian and big-endian order if you run your program on various platforms
http://en.wikipedia.org/wiki/Endianess
Grading policy
Assuming that everything is correct,
- 8 - for capturing a raw IP packet;
- 9 - for properly parsing the packet and displaying it;
- 10 - for extending the program with another feature that uses socket options, or describing in detail how that feature could be implemented.
Self-test questions
Use these questions to independently evaluate your knowledge. The better you understand how to answer them, the smoother your interview with the devil will go.
- At which layer of the network stack does the program work?
- What kind of a socket have you created?
- How can you tell which transport layer protocol is in the payload of the IP packet?
- What does each argument mean in the part of the code where the socket is created?
- What are the benefits of using raw sockets?
- Provide examples of other socket options; what are their practical applications?
- How would you have to redesign the program, such that it could selectively block certain IP packets?
- Is your program going to work with IPv6? If yes - why? If not - why?