Programming Laboratory-IV Third Year Computer Engineering

R N Oral Total Dated Sign

(2) (5) (3) (10)

Assignment Group-A_1

Problem Definition:

Implementation of Packet Sniffer. Program should identify header of each protocol.

Use multi-core programming

1.1 Prerequisite:

1. Socket Programming.
2. Header Formats.
3. TCP/IP and OSI.

1.2 Learning Objectives:

Understand the working of Packet Sniffing Tool
Implementation of Tool for analyzing traffic.

1.3 New Concepts:

a. Packet Analyzer
b. Python networking related functions

1.4 Theory

1.4.1 Introduction

Have you ever thought about how your computer talks with others on a network? Would you like
to listen to, or “sniff”, the conversation? Network engineers, system administrators, security
professionals and, unfortunately, crackers have long used a tool that allows them to do exactly
that. This nifty utility, known as a sniffer, can be found in the arsenal of every network guru,
where it’s likely used every day for a variety of tasks. This article will offer a brief overview of
sniffers, including what they do, how they work, why users need to be aware of them, and what
users can do to protect themselves against the illegitimate use of sniffers.

1
SNJB’s Late Sau.KB Jain CoE , Chandwad
Programming Laboratory-IV Third Year Computer Engineering
1.4.2 What is a Sniffer?

A sniffer is a piece of software that grabs all of the traffic flowing into and out of a computer
attached to a network. They are available for several platforms in both commercial and open-
source variations. Some of simplest packages are actually quite easy to implement in C or Perl,
use a command line interface and dump captured data to the screen. More complex projects use a
GUI, graph traffic statistics, track multiple sessions and offer several configuration options.
Sniffers are also the engines for other programs. Intrusion Detection Systems (IDS) use sniffers
to match packets against a rule-set designed to flag anything malicious or strange. Network
utilization and monitoring programs often use sniffers to gather data necessary for metrics and
analysis. Law enforcement agencies that need to monitor email during investigations, likely
employ a sniffer designed to capture very specific traffic. Knowing that sniffers simply grab
network data, let’s see how they work.

1.4.3 How Does a Sniffer Work?

Before we can explore how a sniffer operates, it may be helpful to examine what enables
the tool to work.
During normal tasks such as Web surfing and messaging, computers are constantly
communicating with other machines.
Obviously, a user should be able to see all the traffic traveling to or from their machine.
Most PCs, however, are on a Local Area Network (LAN), meaning they share a
connection with several other computers.
If the network is not switched (a switch is a device that filters and forwards packets
between segments of the LAN), the traffic destined for any machine on a segment is
broadcast to every machine on that segment.
This means that a computer actually sees the data traveling to and from each of its
neighbors, but ignores it, unless otherwise instructed.
We can now begin to understand the magic behind a sniffer. The sniffer program tells a
computer, specifically its Network Interface Card (NIC), to stop ignoring all the traffic
headed to other computers and pay attention to them.
It does this by placing the NIC in a state known as promiscuous mode. Once a NIC is
promiscuous, a status that requires administrative or root privileges, a machine can see all
the data transmitted on its segment.
2
SNJB’s Late Sau.KB Jain CoE , Chandwad
Programming Laboratory-IV Third Year Computer Engineering
The program then begins a constant read of all information entering the PC via the
network card.

1.5 Header Formats:

IP Header Format:

TCP Header Format:

1.6 Need of Sniffer:

On a normal LAN there are thousands of packets exchanged by multiple machines

every minute, ample supply for any attacker.
Anything transmitted in plaintext over the network will be vulnerable - passwords,
web pages, database queries and messaging to name a few.

3
SNJB’s Late Sau.KB Jain CoE , Chandwad
Programming Laboratory-IV Third Year Computer Engineering
A sniffer can easily be customized to capture specific traffic like telnet sessions or e-
mail. Once traffic has been captured, crackers can quickly extract the information
they need - logins, passwords and the text of messages.
And the users will likely never know they were compromised - sniffers cause no
damage or disturbance to a network environment.

1.7 Sniffer Tools Examples:

1. Wireshark :-
Wireshark is a network packet analyzer. A network packet analyzer will try to capture
network packets and tries to display that packet data as detailed as possible.

You could think of a network packet analyzer as a measuring device used to examine
what’s going on inside a network cable, just like a voltmeter is used by an electrician to
examine what’s going on inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the
advent of Wireshark, all that has changed.
Wireshark is perhaps one of the best open source packet analyzers available today.

4
SNJB’s Late Sau.KB Jain CoE , Chandwad
Programming Laboratory-IV Third Year Computer Engineering
2. TCPDUMP:

TCPDUMP is a common packet analyzer that runs under the command line. It allows the user to
intercept and display TCP/IP and other packets being transmitted or received over a network to
which the computer is attached. Distributed under the BSD license, tcpdump is free software.
Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, OS X, HP-UX and
AIX among others. In those systems, tcpdump uses the libpcap library to capture packets. The
port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows port of
libpcap.

Uses of TCPDUMP:

Tcpdump prints the contents of network packets. It can read packets from a network interface
card or from a previously created saved packet file. Tcpdump can write packets to standard
output or a file.It is also possible to use tcpdump for the specific purpose of intercepting and
displaying the communications of another user or computer. A user with the necessary privileges
on a system acting as a router or gateway through which unencrypted traffic such as Telnet or
HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites
being viewed, or any other unencrypted information. The user may optionally apply a BPF-based
filter to limit the number of packets seen by tcpdump this renders the output more usable on
networks with a high volume of traffic.

1.8 Multicore Programming:

A multi-core processor is a single computing component with two or more independent
actual central processing units (called "cores"), which are the units that read and execute program
instructions.[1] The instructions are ordinary CPU instructions such as add, move data, and
branch, but the multiple cores can run multiple instructions at the same time, increasing overall
speed for programs amenable to parallel computing.

1.9 Assignment Questions:

1. What is Packet Sniffing?
2. Draw Header Formats of different Protocols like IP, ICMP, TCP, UDP?
3. What is socket Programming? Syntax to create Socket in Python.
4. Why to use Packet Sniffing Tools?

5
SNJB’s Late Sau.KB Jain CoE , Chandwad
Programming Laboratory-IV Third Year Computer Engineering

Conclusion:

Hence we Conclude when we run these program different packets are analyzed by
extracting Headers Fields different fields of captured packet.

6
SNJB’s Late Sau.KB Jain CoE , Chandwad