Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only

Similar documents
Computer Networks A Simple Network Analyzer Decoding Ethernet and IP headers

A Simple Network Analyzer Decoding TCP, UDP, DNS and DHCP headers

CNT5505 Programming Assignment No. 4: Internet Packet Analyzer (This is an individual assignment. It must be implemented in C++ or C)

ECE4110 Internetwork Programming. Introduction and Overview

ECE 358 Project 3 Encapsulation and Network Utilities

SSC-D02 HOMEWORK 2. Jean-Yves Le Boudec. November 6, 2002

K2289: Using advanced tcpdump filters

EE 610 Part 2: Encapsulation and network utilities

BSc Year 2 Data Communications Lab - Using Wireshark to View Network Traffic. Topology. Objectives. Background / Scenario

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

CHAPTER-2 IP CONCEPTS

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

Lab Using Wireshark to Examine Ethernet Frames

TCP/IP Transport Layer Protocols, TCP and UDP

Hands-On Ethical Hacking and Network Defense

Packet Header Formats

Lab - Using Wireshark to Examine a UDP DNS Capture

TCP /IP Fundamentals Mr. Cantu

Lab - Using Wireshark to Examine a UDP DNS Capture

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

Lab Using Wireshark to Examine Ethernet Frames

Your Name: Your student ID number:

Lab - Using Wireshark to Examine TCP and UDP Captures

Experiment 2: Wireshark as a Network Protocol Analyzer

Interconnecting Networks with TCP/IP

Introduction to the Packet Tracer Interface using a Hub Topology

Sirindhorn International Institute of Technology Thammasat University

The Transport Layer. Part 1

Review of Important Networking Concepts

The Transport Layer. Internet solutions. Nixu Oy PL 21. (Mäkelänkatu 91) Helsinki, Finland. tel fax.

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Lab 1: Packet Sniffing and Wireshark

CCNA Semester 1 labs. Part 2 of 2 Labs for chapters 8 11

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

5. Write a capture filter for question 4.

TSIN02 - Internetworking

TSIN02 - Internetworking

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Muhammad Farooq-i-Azam CHASE-2006 Lahore

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

TCP/IP Networking Basics

Lab I: Using tcpdump and Wireshark

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

Lecture 18 Overview. Last Lecture. This Lecture. Next Lecture. Internet Protocol (1) Internet Protocol (2)

Network Analyzer :- Introduction to Wireshark

Module : ServerIron ADX Packet Capture

To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at

Packet Sniffing and Spoofing

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

Networking Technologies and Applications

Review of Important Networking Concepts. Recall the Example from last lecture

Business Data Networks and Security 10th Edition by Panko Test Bank

Network Model. Why a Layered Model? All People Seem To Need Data Processing

ECE 461 Internetworking Fall Quiz 1

IP : Internet Protocol

Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

App. App. Master Informatique 1 st year 1 st term. ARes/ComNet Applications (7 points) Anonymous ID: stick number HERE

Configuring IPv6 ACLs

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

Introduction to TCP/IP networking

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

OSI Transport Layer. objectives

User Datagram Protocol

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

TSIN02 - Internetworking

Sirindhorn International Institute of Technology Thammasat University

TSIN02 - Internetworking

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

Transport Layer. <protocol, local-addr,local-port,foreign-addr,foreign-port> ϒ Client uses ephemeral ports /10 Joseph Cordina 2005

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

QUIZ: Longest Matching Prefix

Protocol Analysis: Capturing Packets

CS 457 Lecture 11 More IP Networking. Fall 2011

(ICMP), RFC

Lab 4: Network Packet Capture and Analysis using Wireshark

The ACK and NACK of Programming

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Network Layer (4): ICMP

Course Contents. The TCP/IP protocol Stack

Unix Network Programming

Significance of TCP/IP Model Divya Shree Assistant Professor (Resource Person), Department of computer science and engineering, UIET, MDU, Rohtak

6.1 Internet Transport Layer Architecture 6.2 UDP (User Datagram Protocol) 6.3 TCP (Transmission Control Protocol) 6. Transport Layer 6-1

New York University Computer Science Department Courant Institute of Mathematical Sciences

Networking Background

Network Reference Models

TSIN02 - Internetworking

Introduction to Wireshark

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

Network+ Guide to Networks 6 th Edition. Chapter 4 Introduction to TCP/IP Protocols

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

SIMPLE ROUTER PROJECT 2. - Balachander Padmanabha - TA CSE 123 (FALL 2017) - OH (Wed 9-11am B240A)

CS 465 Networks. Disassembling Datagram Headers

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

CSCI Networking Name:

Transcription:

Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only Objectives The main objective of this assignment is to gain an understanding of network activities and network packet formats using an existing packet sniffer program (Ethereal or Wireshark or tcpdump), which uses a normal network card to monitor the network traffic passing your computer. Overview Most of the ethernet frames that you will find on an Ethernet are either ARP or IP packets. The ethernet type field in the ethernet frame is used to distinguish what kind of packet (ARP or IP) is encapsulated in the ethernet frame data area. Packets that run on top of IP (UDP or TCP) are encapsulated in the data section of the IP packets. A field in the IP header specifies the encapsulated protocol. What To Do Part A: Download and install on your computer a packet sniffer (Ethereal or Wireshark in Windows, and tcpdump in Unix). Familiarize yourself with the sniffer program by studying the documentation available on the Internet. Capturing and Saving Packets: 1. Familiarize yourself with the syntax and optionsof the ping program. For instance, open a command window and try ping www.google.com 2. Find out your IP address. To do this, type ipconfig /all at the command prompt in Windows, or ifconfig a in Unix. You will get a bunch of configuration information, one piece of which is your IP address. 3. Start capture session on your packet sniffer. Make sure you select a correct interface card. Learn how to control the volume of captured frames using filters, and capture only frames to or from your computer. 4. Ping any remote computer -- for instance, www.cnn.com. You should see in the Ethereal window one ARP Request, one ARP Reply and a bunch of other packets. Stop capturing packets. 1

5. Save the captured packets in a file in format libpcap (tcpdump) this is the format that we will be decoding. Make sure to save the file in a folder where you can find it again. It is easy to save it in the wrong location if you do not pay attention. Decoding Packets Implement your own simple network analyzer that reads Ethernet frames from a tcpdump file (the one you have saved in Part II) and prints out information from the Ethernet header of each frame. If the Ethernet frame contains an IP packet, then print the IP header (only the fields described below). Your program should display the fields in the header in the following form: ----- Ether Header ----- Packet 1 Packet size = 210 bytes Destination = 08:00:20:01:3d:94 Source = 08:00:69:01:5f:0e Ethertype = 0800 (IP) ----- IP Header ----- Version = 4 Header length = 20 bytes Total length = 196 bytes Time to live = 255 seconds/hops Protocol = 17 (UDP) Source IP address = 128.10.26.116 Destination IP address = 128.10.3.100 Number of records processed: 112 Average packet length: 827 bytes Notes: 1. Next to the Ethernet type, print out a label identifying the type of data encapsulated in the frame (IP, ARP or unknown): Ethernet type 0x0800 0x0806 otherwise Ethernet data IP ARP UNKNOWN 2. You will need to use bit operations (&, >>) to extract bits out of a byte. Examples: b & 0x0F value of the second half of b (b & 0xF0) >> 4 value of the first half of b 2

Format of a tcpdump capture file The tcpdump capture file is organized as follows. The first line contains 24 bytes that should be skipped. Then, a series of variable-length records follows. Each record starts with a header containing information about how long the record is, how long the Ethernet frame encapsulated in the record is, and so on. The record header is followed by the Ethernet frame itself (that is, Ethernet header and Ethernet data), that we want to analyze. A record has the following layout: Record header Ethernet header Ethernet data RecHeader EthHeader unused here In this assignment you will process the record header, the Ethernet header and the Ethernet data. The record header contains the following information: RecHeader: Timestamp Frame length Captured data length an unsigned 64 bit integer an unsigned 32 bit integer an unsigned 32 bit integer - Timestamp is the time that the NIC driver sees the packet ignore it - Frame length is the length of Ethernet header + Ethernet data - Captured data length ignore it The Ethernet header contains the following information: EthHeader: MAC address of destination MAC address of source The protocol type on 6 unsigned bytes (48 bits) - on 6 unsigned bytes (48 bits) - (16 bits) The IP header contains the following information: IP_Header: Version and header length on 1 unsigned byte Type of service on 1 unsigned byte Total packet length Datagram identifier Flags and fragment offset Time to live (gateway hops) on 1 unsigned byte Type of protocol on 1 unsigned byte Header checksum Source IP address on 4 unsigned bytes Destination IP address on 4 unsigned bytes (No options) Integer fields in the IP packets that are longer than one byte must be converted from network byte order to host byte order. 3

Note: Next to the Protocol type (IP header), print out a label identifying the type of data encapsulated in the IP datagram: Protocol type Protocol data 17 UDP 1 ICMP 6 TCP otherwise UNKNOWN Implementation suggestions The key to success in developing a program is to build in incrementally, in stages. I suggest that you go through the following implementation stages: Stage 1. Write a program that does the following: - open the input data file in binary - skip the first 24 bytes - read the first record header - print out the length of the first record - load the data file in Ethereal and compare the value printed by your program with the length value given by Ethereal should be the same Stage 2. Extend the program from Stage 1 to do the following : - read the rest of first the record (that is, the Ethernet frame) - read the second record header - print out the length of the second record - load the data file in Ethereal and compare the value printed by your program with the length value given by Ethereal should be the same Once you make sure that you correctly jump to the second record in the file, go to Stage 3 below. Stage 3. Modify the program from Stage 2 to do the following: - open the input data file and skip the first 24 bytes - in a loop (until end of file is encountered) do the following: read the next record header print out the length of the record - print out the number of records in the input file - compare the number of records displayed by your program against the number of records given by Ethereal should be the same A successful implementation of Stage 3 ensures that you process the records in the input file properly. Stage 4. Extend the program from Stage 3 to read each Ethernet header following a record header. For each Ethernet header, print out: - the MAC address of the destination node - the MAC address of the source node 4

- the protocol type Notes for C programmers Unlike Java, C is platform dependant. There are two representations for storing integers and floating point numbers: big-endian and little-endian. Consider, for instance, the integer 91329, which is 00 01 64 C1 in hexadecimal. This could be stored as: Big endian: 00 01 64 C1 Little endian: C1 64 01 00 Each processor chooses its own format, for example Sun Spark uses big-endian and Intel Pentiums use little-endian. Computer networks are big endian. This means that when little-endian computers (like Pentium based computers running Windows) are going to pass integers over the network, they need to convert them to big endian. Likewise, when they receive integer values over the network, they need to convert them back to their own native representation. Integer fields that are longer than one byte must be converted from network byte order to host byte order. What To Do Part B: In this part you will extend the network analyzer you wrote in part A to print out the TCP and UDP headers of the captured packets. Print the Ethernet and the IP header as before. If the IP datagram contains an UDP packet, then print the UDP header If the IP datagram contains a TCP packet, then print the TCP header The UDP header contains the following information (see textbook, page 602): UDP_Header: Source port Destination port Checksum Length The TCP header contains the following information (see textbook, page 608, or quick reference handout): TCP_Header: Source port Destination port Sequence number on 4 unsigned bytes ACK number on 4 unsigned bytes Hlen and Code bits Window size... other info that you won t decode... 5

Your program should display the fields of the captured packets as shown below: ----- Ether Header ----- Packet 1 Packet size = 285 bytes Destination = 00:00:c0:51:ad:9c Source = 00:80:3e:4e:76:e0 Ethertype = 0x0800 (IP) ----- IP Header ----- Version = 4 Header length = 20 bytes Total length = 271 bytes Time to live = 253 seconds/hops Protocol = 17 (UDP) Source IP address = 153.104.136.2 Destination IP address = 153.104.202.161 UDP: ----- UDP Header ----- UDP: UDP: Source port = 53 UDP: Destination port = 3718 UDP: Checksum = 0x1dc4 UDP: Length = 251 ----- Ether Header ----- Packet 2 Packet size = 62 bytes Destination = 00:80:3f:f4:03:ad Source = 00:06:5b:de:58:60 Ethertype = 0x0800 (IP) ----- IP Header ----- Version = 4 Header length = 20 bytes Total length = 48 bytes Time to live = 128 seconds/hops Protocol = 6 (TCP) Source IP address = 153.104.202.98 Destination IP address = 153.104.202.12 TCP: ----- TCP Header ----- TCP: TCP: Source port = 4312 TCP: Destination port = 23 (TELNET) TCP: Sequence number = 1966876696 TCP: Acknowledgement number = 0 TCP: Header length = 28 bytes TCP: Flags = 0x0002 (SYN) TCP:..0.... = No urgent pointer TCP:...0... = Acknowledgement 6

TCP:... 0... = No push TCP:....0.. = No reset TCP:.....1. = SYN TCP:......0 = No Fin TCP: Window size = 64240 Number of records processed: 42 Average packet length: 167 bytes Notes: a. Well known port numbers are: Port number Application 21 FTP 23 TELNET 25 SMTP (mail server) 80 HTTP (web server) b. Use Ethereal to examine the options section of the TCP header. This activity will help you understand the information passed between client and server during connection establishment. You need not decode the options section of the TCP header. Submission Guidelines Hand in a printed copy of your program, a sample output, and a short README file that explains any bugs and/or deviations in your program from the assignment specification. If possible, please bring your laptop to class for a live demonstration of your code. You may work in teams or individually on this assignment. If you choose to work in teams, please report in the README file the contribution of each team member to the assignment (equal contribution, or approximate percentage contribution). Team members may be asked oral questions in order to evaluate their contribution and understanding of the assignment, before being assigned a grade. Grading The majority of your grade for this assignment will depend upon how well your implementation works. I will run your program on a capture file created by myself. In cases of equal contribution, each team member s grade will be determined by: 90%: Correct Execution 10%: Program structure and Documentation Use good indentation, meaningful variable names and helpful comments. Start early! Have Fun! 7

8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback