Network Security
- Project 4
Developing
a simple Network Sniffing Program
a)
Learning Objectives:
WinPcap,
the Open Source Windows packet library is the industry-standard tool for
link-layer network access in Windows environments. It allows applications to
capture and transmit network packets bypassing the protocol stack, and has
additional useful features, including kernel-level packet filtering, a network
statistics engine and support for remote packet capture.
WinPcap consists of a driver that
extends the operating system to provide low-level network access, and a library
that is used to easily access the low-level network layers. This library also
contains the Windows version of the well known libpcap Unix API.
The objective of this project is to acquaint the student
with how to develop a simple sniffing application using Winpcap library.
b)
Tools utilized:
-
The student will be
provided an external hard disk with Windows 2000 professional or windows XP
installed.
-
Winpcap library (for Windows) can be download locally
at http://www.dcsl-uhcl.net/public/download.html
or at
http://www.Winpcap .org/install/default.htm.
-
Once you have installed
Wincap, a tutorial (WinPcap_docs.html)
can be found in the foler WpdPack_3_1\Wpdpack\docs.
Sample applications developed by using Wincap can be found at the foler
Examples-pcap, which is under the WpdPack_3_1\Wpdpack
folder.
-
C compiler (for
example Visual C ++ 6.0).
-
A WEB/FTP/TELNET
server is setup for students to use their program to sniff the network
connection. The testing account will also provided.
·
The server IP address:
192.168.11.50
·
Testing account for
Web server: username: test /password: test
·
Testing account for
Ftp server: username: test /password: test
·
Testing account for
Telnet server: username: test /password: test
c)
Requirements:
-
This project requires
the understanding of network (IP) and transportation layer protocols (TCP/UDP).
The student will have to use C programming language and Winpcap library to develop a simple network sniffing program that
can read the network traffic.
-
An UDPDump sample application is available
as one of the sample programs in the example applications folder. You may use
that program as a base of your project.
-
The student will use this
program to read the following information from a network connection:
1.
Aauthentication
information of HTTP connection
Note: The username and password of a HTTP connection is Base64
encoded. Your program will need to perform Base64 conversion in order to print
the username and password in readable format. See http://www.opensource.apple.com/darwinsource/WWDC2004/fetchmail-11/fetchmail/base64.c
or other web site for how to perform the conversion.
2.
Aauthentication
information of TELNET connection
3.
Aauthentication
information of FTP connection
4.
The content of web
pages accessed from a Web server.
-
The student is
required to submit excecutable program and the source code.
-
The student can export
the captured information to a file or capture the screen shots as a supplement
submission to the program source code.
-
-
The student is also
required to submit readme file that shows how to run the program.
d)
Problem
classification:
This experiment can be classified as a programming assignment
and also as a network study experiment.
e)
How it may be
implemented in the security lab:
This project requires a LAN environment and a network
server to provide WEB, TELNET and FTP services. The project will be implemented
and tested in the D158 student network. Each student will be given external
hard disk in order to install OS and utilities.
f)
Level of difficulty:
Based on the level of difficulty, this experiment can be
classified as an experiment in intermediate category.
g)
Grading criteria and
methods:
The submitted executable file must run and capture network
traffic. The grader will run the program against TCP or UDP connections and the
program must capture expected network traffic.