Scribd
Upload
46 views

Lab #2 Passive Monitoring / Packet Sniffing

The document provides instructions for a lab assignment to implement a passive network monitoring tool using libpcap that will capture and print packets from a wireless interface. The program must connect to the interface, create a tap, print the datalink name, apply BPF filters, and start packet processing using a callback function to print details of Ethernet, IP, ICMP, UDP and TCP packets including addresses, protocols, lengths, and payload data for ports 80. Students are asked to generate ICMP and HTTP traffic to test the program.

Uploaded by

Evgenia Renartz
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views

Lab #2 Passive Monitoring / Packet Sniffing

The document provides instructions for a lab assignment to implement a passive network monitoring tool using libpcap that will capture and print packets from a wireless interface. The program must connect to the interface, create a tap, print the datalink name, apply BPF filters, and start packet processing using a callback function to print details of Ethernet, IP, ICMP, UDP and TCP packets including addresses, protocols, lengths, and payload data for ports 80. Students are asked to generate ICMP and HTTP traffic to test the program.

Uploaded by

Evgenia Renartz
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

CS455 - Cybersecurity Lab Lab #2 Passive Monitoring / Packet Sniffing

In todays lab you are going to implement a simple passive monitoring tool. Using libpcap write a simple program that captures packets, that will be printed on the screen (similar to tcpdump tool). In particular, the program should: 1. Connect to the wireless interface. 2. Create a tap on the active interface, using pcap_open_live() 3. Print the datalink name. 4. Apply BPF filters on the open handle using pcap_compile() and pcap_setfilter(). Filters should be defined by user as command-line arguments. e.g: #./sniffer tcp port 80 5. Start packet processing using pcap_loop() or pcap_next(), and call the callback function. Callback function should process each packet captured. In particular it should: 1. Print the time where each packet was captured. 2. For Ethernet frames, print MAC addresses of both source and destination hosts. e.g. ETHERNET 00:11:22:33:44:55 -> AA:BB:CC:DD:EE:FF 3. If the packet is an IP packet, print the IP addresses of both source and destination hosts. e.g. IP 192.168.XXX.XXX -> 192.168.XXX.XXX 4. Check the protocol of the packet (TCP, UDP or ICMP), and: a. If the packet is an ICMP packet, print the protocol and the packets length. e.g. ICMP len 98 b. If the packet is an UDP packet, print the protocol, the packets length and the ports of both source and destination hosts. e.g. UDP 59415 -> 53 len 74 c. If the packet is a TCP packet, print the protocol, the packets length and the ports of both source and destination hosts. e.g. TCP 51933 -> 80 len 60 i. Check if source or destination port are equal to 80 (transaction with a web-server) and print the data contained in the packet (payload). e.g. GET index.jsp HTTP/1.1 Host: www.csd.uoc.gr Evaluation Generate ICMP traffic using the `ping` tool.

Generate HTTP traffic. Using wget, netcat or your web browser request the site in 192.168.1.75 port 80.

Hints Compile your program with -lpcap In order to capture packets from the network interface, libpcap must be run with elevated privileges. Thus, run your program as root. Requirements Linux OS (or equivalent) with C compiler and libpcap installed.

You might also like