Make your own Packet Sniffer
Anshul Behl (~anshul2) |
A Sniffer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. It is also sometimes known as a network analyzer/protocol analyzer/packet analyzer, or for particular types of networks, an Ethernet sniffer or wireless sniffer.
This workshop would be dedicated to understanding socket programming in python to create a packet sniffer which can sniff all the incoming and outgoing packets from a particular interface (Ethernet or Wireless) without using any external libraries like libpcap. It will also sniff all Ethernet frames , which means all kinds of IP packets(TCP , UDP , ICMP) and even other kinds of packets(like ARP).
I will give a basic overview of python sockets, IP Headers, struct packing and unpacking for half an hour and then we will move to making our capstone project taking one step at a time.
- Brief Overview of Sniffers and tools like wireshark.(10 minutes)
- Overview of python sockets.(5 minutes)
- An introduction to struct packing and unpacking.(5 minutes)
- Basic of IP Packets and TCP/UDP Headers.(10 minutes)
- Sniffer program to capture TCP Packets(20 minutes)
- Sniffer program to capture UDP Packets.(30 minutes)
- Generic Sniffer program showing all the header details.(30 minutes)
- Capstone project making a tool similar to tcpdump.(1 hour)
At the end of this workshop you will be able to:
- Understand python sockets.
- Bond with the only source of networking truth -- the packets.
- Know what's really happening on your network.
- Write your own client-server applications using socket programming.
- Understand conversions between Python values and C structs represented as Python strings.
- Work with binary and data, packing and unpacking them.
- Basic understanding of python ( loops, functions, exception handling, data types).
- Understanding of IP headers and how a TCP/UDP/ICMP header looks like.
- Basic knowledge of OSI and TCP/IP models.
- Anshul is currently working with Red Hat India as a Associate Quality Engineer and mainly working on technologies like Openstack, Docker and Automation Testing. He has also worked with Zscaler which is a cloud security company mainly testing their security products which involved a lot of networking insight and packet sniffing using wireshark and other custom tools.
- Swati Goswami is a Senior Software Engineer currently working at RedHat. At RedHat her focus is to test different projects in openstack , cloud , docker , abidiffs , sosreports. She has been handling the QA responsibilities for the certification team at RedHat for more than 3 years now. She enjoys testing and attending conferences related to testing and automation happening in vicinity.