CNT5505 Programming Assignment No. 4: Internet Packet Analyzer (This is an individual assignment. It must be implemented in C++ or C)

Similar documents
Packet Header Formats

Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only

K2289: Using advanced tcpdump filters

Computer Networks A Simple Network Analyzer Decoding Ethernet and IP headers

EE 610 Part 2: Encapsulation and network utilities

ECE 358 Project 3 Encapsulation and Network Utilities

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

SSC-D02 HOMEWORK 2. Jean-Yves Le Boudec. November 6, 2002

Your Name: Your student ID number:

ECE 461 Internetworking Fall Quiz 1

! ' ,-. +) +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+, ) 05,-. /,*+), 01/-*+) + 01/.*+)

TCP /IP Fundamentals Mr. Cantu

Interconnecting Networks with TCP/IP

ECE4110 Internetwork Programming. Introduction and Overview

Sirindhorn International Institute of Technology Thammasat University

Module : ServerIron ADX Packet Capture

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

CIS-331 Exam 2 Spring 2016 Total of 110 Points Version 1

CIS-331 Exam 2 Fall 2014 Total of 105 Points. Version 1

TCP/IP and the OSI Model

Networking Technologies and Applications

Business Data Networks and Security 10th Edition by Panko Test Bank

CIS-331 Exam 2 Fall 2015 Total of 105 Points Version 1

To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Course Contents. The TCP/IP protocol Stack

ECE 461 Internetworking Fall Quiz 1

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

Muhammad Farooq-i-Azam CHASE-2006 Lahore

Veryx ATTEST TM. Sample Test cases Overview. Conformance Test Suite. Internet Protocol version 4 (IPv4) Part Number: T / TCLS IPv /1.

Programming Assignment 1

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

User Datagram Protocol

CHAPTER-2 IP CONCEPTS

ICS 451: Today's plan

CIS-331 Fall 2014 Exam 1 Name: Total of 109 Points Version 1

Experiment 2: Wireshark as a Network Protocol Analyzer

Network Model. Why a Layered Model? All People Seem To Need Data Processing

McGraw-Hill The McGraw-Hill Companies, Inc., 2000

TSIN02 - Internetworking

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Lab Using Wireshark to Examine Ethernet Frames

Programming Assignment 1

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

Packet Sniffing and Spoofing

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

A Simple Network Analyzer Decoding TCP, UDP, DNS and DHCP headers

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

ECE 650 Systems Programming & Engineering. Spring 2018

CIS-331 Spring 2016 Exam 1 Name: Total of 109 Points Version 1

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

The Transport Layer. Internet solutions. Nixu Oy PL 21. (Mäkelänkatu 91) Helsinki, Finland. tel fax.

The Transport Layer. Part 1

(ICMP), RFC

TSIN02 - Internetworking

Communication Systems DHCP

Transport Over IP. CSCI 690 Michael Hutt New York Institute of Technology

TCP/IP Transport Layer Protocols, TCP and UDP

Transport: How Applications Communicate

CIS-331 Final Exam Spring 2018 Total of 120 Points. Version 1

CS 458 Internet Engineering Spring First Exam

TSIN02 - Internetworking

Simulation of TCP Layer

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

IP : Internet Protocol

CE3005: Computer Networks Laboratory 3 SNIFFING AND ANALYSING NETWORK PACKETS

Lab Using Wireshark to Examine Ethernet Frames

Internet Control Message Protocol (ICMP)

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

Hands-On Ethical Hacking and Network Defense

Lab - Using Wireshark to Examine TCP and UDP Captures

Understanding and Troubleshooting DHCP in Catalyst Switch or Enterprise Networks

TSIN02 - Internetworking

UNIT V. Computer Networks [10MCA32] 1

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

Vorlesung Kommunikationsnetze

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Review of Important Networking Concepts. Recall the Example from last lecture

Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

Internet Protocols (chapter 18)

OPTIMIZATION OF IPV6 PACKET S HEADERS OVER ETHERNET FRAME

Internet Control Message Protocol (ICMP), RFC 792. Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC

The Internet Protocol (IP)

CC231 Introduction to Networks Dr. Ayman A. Abdel-Hamid. Internet Protocol Suite

An 8051 Based Web Server

ECE 435 Network Engineering Lecture 15

COMMON LOWER-LAYER PROTOCOLS

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

Configuring TCP/IP Normalization and IP Reassembly Parameters

Position of IP and other network-layer protocols in TCP/IP protocol suite

Introduction to TCP/IP networking

Computer Networks Security: intro. CS Computer Systems Security

Internetworking models

NETWORK PACKET ANALYSIS PROGRAM

CS 457 Lecture 11 More IP Networking. Fall 2011

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

Introduction to Networks and the Internet

Transcription:

. CNT5505 Programming Assignment No. 4: Internet Packet Analyzer (This is an individual assignment. It must be implemented in C++ or C) PURPOSE Experience with packet analyzing and Internet packet formats. DESCRIPTION In this assignment, you will implement an Internet packet analyzer that processes the dump files produced by a home-made packet sniffer, ethernetdump.c (given in the class, but you do not need to understand it to do the assignment). The analyzer reads packets from a dump file, parses packet headers, accumulates packet statistics, and outputs the statistics and packet information. The dump file is a binary file with the following format: frame_size Ethernet_frame... frame_size Ethernet_frame The frame size is a 4-byte integer in the network order format (you need to use the ntohl() routine to convert this number into the host format). Each Ethernet frame contains Ethernet header and Ethernet payload (which may contain the entire packet in an upper layer protocol such as IP and ARP). Notice that the dump file is a binary file that does not have any delimiter between data items. The packet analyzer examines each packet in the dump file and identifies Ethernet, IP, ARP, TCP, UDP, and ICMP packets (other packets are classified as unknown packets). Depending on the command line options, different levels of statistics and the packet information will be printed. If the analyzer is executed without any flags, it will print a summary of the packets in the dump file. The following is an example. <linprog3:947>./a.out dumpfile.5000 Ethernet frames: 5000 Ethernet broadcast: 346 ARP packets: 335 IP packets: 4523 UDP packets: 27 TCP packets: 4486 ICMP packets: 10 other IP packets: 0 other packets: 142 <linprog3:948> The analyzer should support the flags, -c <numofpackets>, -v, and -V. -c <numofpackets> The number of frames to be processed can be modified with a -c flag. For example./a.out -c 200 dumpfile.5000 will process the first 200 frames in the file and print the summary. -v This option turns on the basic verbose mode, which will print one line for every packet. Your program must be able to handle all cases handled by the sample executable. The following example shows the cases you must handle. unknown packet (01:80:c2:00:00:00, 00:04:9a:36:38:9c, 0:26) 1

192.168.16.1 -> (broadcast) (ARP) who is 192.168.16.190 192.168.10.151 -> 192.168.10.154 (ARP) who is 192.168.10.154 192.168.1.25 -> 192.168.1.1 (ARP) 192.168.1.25 s hardware address is 0:10:18:b:58:80 192.168.16.103 -> 192.168.23.10 (ICMP), Echo Reply (type=0) 128.186.120.2 -> 192.168.16.103 (TCP) sourceport = 22 destport = 42170 192.168.16.103 -> 128.186.120.179 (UDP) sourceport = 32790 destport = 53 -V This option turns on the extended verbose mode. With this option, the program will print packet headers in detail. ----- Ether Header ----- Packet 0 Packet size = 60 bytes Destination = 1:80:c2:0:0:0 Source = 0:6:28:f2:55:1 Ethertype = 0026 (unknown) ----- Ether Header ----- Packet 400 Packet size = 60 bytes Destination = ff:ff:ff:ff:ff:ff Source = 0:e0:b6:1:bd:33 Ethertype = 0806 (ARP) ARP: ----- ARP Frame ----- ARP: ARP: Hardware type = 1 (Ethernet) ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 1 (ARP Request) ARP: Sender s hardware address = 0:e0:b6:1:bd:33 ARP: Sender s protocol address = 192.168.16.1 ARP: Target hardware address =? ARP: Target protocol address = 192.168.16.174 ARP: ----- Ether Header ----- Packet 398 Packet size = 60 bytes Destination = 0:b:db:a7:da:98 Source = 0:e0:b6:1:bd:33 Ethertype = 0800 (IP) ----- IP Header ----- Version = 4 Header length = 20 bytes 2

Type of service = 0 Total length = 28 bytes Identification = 0 Flags.1..... = do not fragment..0.... = last fragment Fragment offset = 0 bytes Protocol = 1 (ICMP) Header checksum = 91ec Source address = 192.168.23.10 Destination address = 192.168.16.154 No options ICMP: ----- ICMP Header ----- ICMP: ICMP: Type = 8 (Echo Request) ICMP: Code = 0 ICMP: Checksum = aa72 ICMP: Identifier = 19852 ICMP: Sequence number = 1 ICMP: ----- Ether Header ----- Packet 404 Packet size = 92 bytes Destination = ff:ff:ff:ff:ff:ff Source = 0:b:db:a7:da:7d Ethertype = 0800 (IP) ----- IP Header ----- Version = 4 Header length = 20 bytes Type of service = 0 Total length = 78 bytes Identification = 54795 Flags.0..... = allow fragment..0.... = last fragment Fragment offset = 0 bytes Protocol = 17 (UDP) Header checksum = c1aa Source address = 192.168.16.153 Destination address = 192.168.16.255 No options UDP: ----- UDP Header ----- UDP: UDP: Source port = 137 UDP: Destination port = 137 UDP: Message length = 58 3

UDP: Checksum = 53df UDP: ----- Ether Header ----- Packet 468 Packet size = 66 bytes Destination = 0:13:72:1e:46:7c Source = 0:e0:b6:1:bd:33 Ethertype = 0800 (IP) ----- IP Header ----- Version = 4 Header length = 20 bytes Type of service = 10 Total length = 52 bytes Identification = 61271 Flags.1..... = do not fragment..0.... = last fragment Fragment offset = 0 bytes Protocol = 6 (TCP) Header checksum = 8190 Source address = 128.186.120.2 Destination address = 192.168.16.103 No options TCP: ----- TCP Header ----- TCP: TCP: Source port = 22 TCP: Destination port = 42170 TCP: Sequence number = 4124809487 TCP: Acknowledgement number = 888630597 TCP: Data offset = 32 bytes TCP: Flags TCP:..0.... = No urgent pointer TCP:...1... = Acknowledgement TCP:... 0... = No push TCP:....0.. = No reset TCP:.....0. = No Syn TCP:......0 = No Fin TCP: Window = 8672 TCP: Checksum = 1d2e TCP: Urgent pointer = 0 TCP: Options ignored TCP: Your progrm should print exactly the same as the sample executable. To ensure that your program produces the same output as the sample program, the following output format should be followed. An Ethernet address should be printed as 6 hex numbers (for the six bytes) separated by :. Ethernet type (Ethertype) should be printed as a 4-digit hex number (fill with 0 s if necessary). 4

The program should identify IP packets (Ethertype=0x0800) and ARP packets (Ethertype = 0x0806). IP identification should be printed as a decimal number. IP header checksum should be printed as a hex number. The program should identify TCP packets (protocol = 6) and UDP packets (protocol = 17). If the header length is 20 bytes, there is no IP option in the header ( No options). Otherwise the program should ignore the options ( Options ignored). UDP checksum should be printed as a hex number and UDP message length should be printed as a decimal number. TCP sequence number and acknowledgement number should be printed as unsigned decimal numbers. TCP window should be printed as a decimal number and TCP checksum should be printed as a hex number. If TCP header length is 20 bytes, there is no TCP option in the header (TCP: No options). Otherwise the program should ignore the options (TCP: Options ignored). ICMP checksum should be printed as a hex number, identifier and sequence number should be printed as decimal numbers. DEADLINE AND MATERIALS TO BE HANDED IN Deadline: December 6. You should clean and tar your assignment directory before you submit the project. In the directory, you should have all the needed files to create the executable of the program. You program should work on linprog. You should also have a README file describing how to compile your program and the known bugs in your program. GRADING POLICY You program will be graded by comparing (with the diff command) the output from your program with that from the sample executable for different input dumpfiles. Any difference will result in the deduction of 20% of the points before further deductions are considered based on functionality. 1. Correct execution with no flags (40) 2. Correct implementation of the -v flag (25) 3. Correct implementation of the -V flag (25) 4. Correct implementation of the -c flag (10) 5. Extra 5 points for being the first to report a bug in the sample executable. 5

Misc. To do this assignment, you will know in detail different packet formats including some values and the meanings of the values in header fields. The needed information is much more detailed than what was taught in the class: CNT5505 should have taught enough for you to find the necessary information; and finding necessary information on your own is a part of this project. Your can find the packet for Ethernet, ARP, IP, TCP, UDP, and ICMP from the book and from Internet resources. TCP/IP protocol standards are published in a series of documents known as Request for Comments (RFCs), which are available from the Internet Engineering Task Force (IETF) at: http://www.ietf.org/rfc.html The protocol standard for IP is in RFC 791; TCP is specified in RFC 793; UDP is specified in RFC 768. IP and TCP protocols are updated in RFC 1122. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback