[go: up one dir, main page]
Scribd
Upload
161 views3 pages

Project Report of A Packet Sniffer Progr

The document summarizes a project to create a packet sniffer program using C. It discusses how the program uses raw sockets and monitor mode to capture packets from an ethernet card without connecting to an access point. It extracts the MAC and IP addresses from the Ethernet and IP headers of received packets. The procedures explained are opening a raw socket, receiving packets with recvfrom, parsing the Ethernet header for MAC addresses, and incrementing the buffer pointer to parse the IP header for source and destination IP addresses.

Uploaded by

Sayantan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
161 views3 pages

Project Report of A Packet Sniffer Progr

The document summarizes a project to create a packet sniffer program using C. It discusses how the program uses raw sockets and monitor mode to capture packets from an ethernet card without connecting to an access point. It extracts the MAC and IP addresses from the Ethernet and IP headers of received packets. The procedures explained are opening a raw socket, receiving packets with recvfrom, parsing the Ethernet header for MAC addresses, and incrementing the buffer pointer to parse the IP header for source and destination IP addresses.

Uploaded by

Sayantan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Project Report of a Packet Sniffer Program

Abstract- A sniffer program is used to detect or analyze the traffic of the network.
The packet sniffer program can be written using socket programming and to
receive an un-extracted packet, raw socket is used. The monitor mode allows the
card to capture packets without associating with an access point or ad-hoc
network. The C program presented in this project can sniff traffic from ethernet
card using raw socket in monitor mode and parse the frame to find MAC and IP
addresses of source and destination.
Keywords: Packet Sniffer, Monitor mode, raw socket, MAC, IP

1. Introduction to Packet Sniffer


Packet sniffers are programs that intercept the network traffic flowing in and
out of a system through network interfaces. So, if we are browsing the
internet then traffic is flowing, and a packet sniffer would be able to catch it
in the form of packets and display them for whatever reasons required.
Packet sniffers are used for various needs like analyzing protocols,
monitoring network, and assessing the security of a network. Packet
sniffers can be coded by either using sockets api provided by the kernel, or
by using some packet capture library like libpcap.
2. Basic Concepts
The basics definitions of various terms that have been used in this project,
are given below:

2.1. Ethernet Card


An Ethernet card is one kind of network adapter. These adapters support
the Ethernet standard for high-speed network connections using cable
connections.
Ethernet cards are part of a category of computing hardware called network
interface cards. Ethernet cards operate at different network speeds
depending on the protocol standard they support.

2.2. Raw Socket


A raw socket is used to receive raw packets. This means packets received
at the Ethernet layer will directly pass to the raw socket. Stating it precisely,
Project Report of a Packet Sniffer Program

a raw socket bypasses the normal TCP/IP processing and sends the
packets to the specific user application.
A raw socket allows an application to directly access lower level protocols,
which means a raw socket receives un-extracted packets. There is no need
to provide the port and IP address to a raw socket, unlike in the case of
stream and datagram sockets.
2.3. Monitor Mode
Monitor mode or RFMON (Radio Frequency Monitor) mode, enables a
device with a wireless network interface controller to monitor all traffic
received from the wireless network. Unlike promiscuous mode, which is
also used for packet sniffing, RFMON mode enables packets to be
captured without having to connect or link with an access point. RFMON
mode only works with wireless networks, while promiscuous mode can be
applied to both wired and wireless networks. When using some wireless
drivers, this mode allows for the sending of raw 802.11 frames.
3. Procedure of Packet Sniffing
The following procedures have been used for sniffing the traffic from
ethernet card using raw socket in monitor mode.
3.1. Opening a raw socket
To open a socket, three things the socket family, socket type and protocol
are required. For a raw socket, the socket family is AF_PACKET, the
socket type is SOCK_RAW and for the protocol, if_ether.h header file is
used. To receive all packets, the macro ETH_P_ALL is used.
3.2. Receive the network packet
After successfully opening a raw socket, network packets are received
using recvfrom api. recv api can also be used in place of recvfrom api but
recvfrom provides additional information. So, I have used recvfrom api in
my code.
3.3. Extracting the Ethernet header
After receiving network packets in buffer, the information about the
Ethernet header is extracted. The Ethernet header contains the physical
address of the source and destination, or the MAC address and protocol of
Project Report of a Packet Sniffer Program

the receiving packet. The if_ether.h header contains the structure of the
Ethernet header.
3.4. Extracting the IP header
The IP layer gives various pieces of information like the source and
destination IP addresses, the transport layer protocol, etc. The structure of
the IP header is defined in the ip.h header file.
Now, to get the information about IP addresses, buffer pointer is
incremented by the size of the Ethernet header because the IP header
comes after the Ethernet header.
4. Summary
In this project I have presented the basic of C program for sniffing the traffic
for all types of packets using raw socket in monitor mode. A packet sniffer
can find all types of header like TCP/UDP headers, IP header, ICMP
header, ARP header, etc. but I have only focused on Ethernet header and
IP header to detect MAC and IP addresses of source and destination. The
packet sniffer program has been on an Intel(R) Core(TM) CPU (i3) with a
1.70 GHz processor and 4.00 GB of RAM, running on the Ubuntu operating
system.

You might also like