CPS633 Lab7 Question
Task 1
For the first task we ran the code and saw the program only sniffed packets when we were connected to the internet. Otherwise it just displayed nothing.
Task 1.2 Spoofing ICMP Packets
We first successfully sent a packet using the example code given. It told us that we sent 1 packet. We saw this code was modifying the destination ip address, this also becomes apparent with ls(a)
So to successfully change the source ip address we modified a.src to an arbitrary ip address.
We can see we were successful when we use ls(a)
Task 1.3
In this task we used the python commands to see how changes in the ttl(time to live) field affected the packets. We used Wireshark and filtered all packets other than the ICMP packets we were sending so we could see the effect on each one. When the time to live field was too small and had values around 1-6 we could see that the packet was not reaching the destination. When it was high enough(like 100) we observed that it did not get dropped and it reached it’s destination.
Task 2.1A
Question 1. Please use your own words to describe the sequence of the library calls that are essential
Pcap_open_live is an important library call because it allows us to get the handle so we can capture packets later on in the program using it.
Pcap_compile - we need to compile before we can set a filter
Pcap_setfilter - allows us to filter network traffic to see only the types of packets we want, rather than all network traffic
Pcap_loop - continuously processes packets until count of packets runs out
Question 2. Why do you need the root privilege to run a sniffer program? Where does the program fail if it is executed without the root privilege?
We need root privilege because to we need to be able to obtain the packets. If the operating system was designed in a way where we could access packets without needing root privileges, then any program would be able to read the incoming/outgoing traffic of all other programs
Question 3. Please turn on and turn off the promiscuous mode in your sniffer program. Can you demonstrate the difference when this mode is on and off? Please describe how you can demonstrate this.
Promiscuous mode allows all packets to be viewed by all the network adapters on the network
Task 2.1B:
- Capture the ICMP packets between two specific hosts.
char filter_exp[] = "ip proto icmp";
- Capture the TCP packets with a destination port number in the range from 10 to 100.
char filter_exp[] = "ip proto tcp dst port 10 <= 100";
Task 2.2A: Write a spoofing program.
int sd;
struct sockaddr_in sin;
char buffer[1024]; // You can change the buffer size
/* Create a raw socket with IP protocol. The IPPROTO_RAW parameter
* tells the system that the IP header is already included;
* this prevents the OS from adding another IP header.
sd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(sd < 0) {
perror("socket() error"); exit(-1);
}
7
*/
/* This data structure is needed when sending the packets
* using sockets. Normally, we need to fill out several
* fields, but for raw sockets, we only need to fill out
* this one field */
sin.sin_family = AF_INET;
// Here you can construct the IP packet using buffer[]
//
- construct the IP header ...
//
- construct the TCP/UDP/ICMP header ...
//
- fill in the data part if needed ...
// Note: you should pay attention to the network/host byte order.
/* Send out the IP packet.
* ip_len is the actual size of the packet. */
if(sendto(sd, buffer, ip_len, 0, (struct sockaddr *)&sin,
sizeof(sin)) < 0) {
perror("sendto() error"); exit(-1);
}
Here is the wireshark screenshot showing the spoofed address.
Task 2.2B:
Question 4. Can you set the IP packet length field to an arbitrary value, regardless of how big the actual packet is?
No, if the packet length field is too small, and the actual packet is big, then the packet wouldn’t be sent properly since it would be cut due to the small IP packet length field.
Question 5. Using the raw socket programming, do you have to calculate the checksum for the IP header?
No it is done by the operating system. So there is no need to manually do it.
Question 6. Why do you need the root privilege to run the programs that use raw sockets? Where does the program fail if executed without the root privilege?
We need root privileges since we need access certain network devices. We cannot use raw sockets without these privileges
hihi
Want to order fresh copy of the Sample Template Answers? online or do you need the old solutions for Sample Template, contact our customer support or talk to us to get the answers of it.
