暫無描述

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. # Classes - Simple Sniffer
  2. ##Objectives
  3. 1. Practice Data Structures, Classes and Inheritance
  4. ## Pre-Lab:
  5. Before you get to the laboratory you should have:
  6. 1. Reviewed C++ classes and structures
  7. 2. Studied the concepts and instructions for this laboratory session.
  8. 3. Taken the Pre-Lab quiz in Moodle
  9. ## Simple Sniffer
  10. Computers communicate with each other through the Internet Protocol (IP). When a computer sends information to another computer it is sent via Internet packets that contain the Internet address of the sender computer (source address), the source port of the application that is sending the message, the Internet address of the receiving computer(destination address), and the port of the application that will receive the message.
  11. We can compare the Internet address to the address of a house, and the applications to the members of the house. When sending a letter from one house to another, the address on the letter identifies the destination house, and the name on the letter identifies the house member to who it is sent.
  12. For instance when your lab computer is contacting the department's web server, the packets that carry the information from your computer to the web server contains the source address of the lab computer and the destination address of the web server; and the source port of your web browser and the destination port of the web server.
  13. Internet addresses are represented on 4 bytes (32 bits) normally presented to users as strings of 4 decimal values. Each decimal value is the decimal representation of one of the 4 bytes: "(0-255).(0-255).(0-255).(0-255)". Examples of IP addresses are: 10.0.1.10, 192.168.10.11, 136.145.54.10, and so on.
  14. Port numbers are composed of 2 bytes or 16 bits. Therefore port numbers range from 0-65535. There are ports numbers assigned to known application services such as number 22 for ssh, 23 for telnet, 25 smtp, 80 for http, and so on.
  15. To complicate things a little bit, each computer network card has an unique identifier that is used for the communication between you computer and the network device that routes the network traffic from the Internet and local network to your computer and vice-versa (Ethernet protocol). This unique identifier is known as the Hardware address (a.k.a Multiple Access Controll (MAC) addres), is represented on 6 bytes (48 bits), and is presented to users as strings of 6 hexadecimal values. Each hex value is the hex representation of the 6 bytes: "(00-ff):(00-ff):(00-ff):(00-ff):(00-ff):(00-ff)". Examples of MAC addresses are: e0:f8:47:01:e9:90, 70:ad:60:ff:fe:dd:79:d8 , and so on.
  16. A packet sniffer (a.k.a packet analyzer, protocol analyzer, or network analyzer) is a computer program that can intercept and log traffic passing over a digital network, or network device. As data flow across the network, the sniffer captures each packet and, if needed decodes the packet's raw data[1].
  17. The packets captured by this program follow the following packet structure:
  18. 1. first an Ethernet header which contains the source and destination MAC addresses
  19. 2. second a IP header that contains the source and destination IP addresses
  20. 3. third a header that contains the source and destination port numbers.
  21. In this application we create a simple packet sniffer that captures all the IP packets that flow across your lab computer, and for each packet, decodes the IP addresses, the port numbers, and some additional information of the packets. Additionaly it detects the unencrypted request of images in the web, and displays the images in the GUI.
  22. See the following snapshot of the application:
  23. ![](images/ss.png)
  24. Each row in the table is the information of each captured packet, the text box under the table presents a ASCII summary of a selected packet from the table, and the list in the right presents the images that have been requested and are seen in you network card.
  25. The application that you are about to complete gives the user the ability to analyze the network traffic and monitor the images that are being watched in your network.
  26. ## Laboratory session:
  27. To create a packet sniffer you can use the *pcap* library that provides an interface to access the data passing across your network card. This library contains a function that returns a raw stream of bytes of each packet captured. It is the task of the sniffer programmer to decode the raw stream into human readable information. Fortunately this is not your task, but you can learn how to do it, if you want, by reading the source code of this laboratory. Your task is to follow the exercises below so you provide the packet sniffer with the needed objects (Classes) to process the packets.
  28. ## Exercise 1: Familiriaze your self with the application
  29. ####Instructions
  30. 1. To load this project you need to run qt creator with root privileges.
  31. ```sudo qtcreator Documents/eip/simplesniffer/SimpleSniffer.pro```
  32. 2. The project `SimpleSniffer` is in the directory `Documents/eip/simplesniffer` of your computer. You can also go to `http://bitbucket.org/eip-uprrp/classes-simplesniffer` to download the folder `classes-simplesniffer` to your computer.
  33. 3. Configure the project. The project consists of several files. In this laboratory you will be working with the files `ethernet_hdr.h`, `ethernet_packet.h`, `ethernet_packet.cpp`, `ip_packet.h` and `ip_packet.cpp`
  34. ## Exercise 2: Complete the class ethernet_packet
  35. Read the file `ethernet_hdr.h`, it contains the definition of the data structure that represents an Ethernet header. It is also shown below:
  36. ```
  37. #define ETHER_ADDR_LEN 6
  38. struct sniff_ethernet {
  39. u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address */
  40. u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */
  41. u_short ether_type; /* IP? ARP? RARP? etc */
  42. };
  43. ```
  44. The Ethernet header above is used to decode the ethernet part of the raw data in each packet. It is composed of the source MAC address (ether_shost, 6 bytes), the destiantion MAC address (ether_dhost, 6 bytes), and the type of Ethernet packet (ether_type, 2 bytes) which is used to determine if the packet is an IP packet.
  45. As you can see, it is not a good idea to show this information format to a regular user. Your first task is to define the functions of the C++ class that defines the functions to translate the MAC address information into human readable strings.
  46. The class header is in file `ethernet_packet.h` and is also shown below:
  47. ```
  48. class ethernet_packet
  49. {
  50. sniff_ethernet ethernet ;
  51. // Returns a 6 bytes MAC address in string representation.
  52. string mac2string(u_char []) ;
  53. public:
  54. ethernet_packet(); // Default constructor
  55. // Set the ethernet variable member ether_dhost to the values
  56. // received in the array
  57. void setEtherDHost(u_char []) ;
  58. // Same as above but to the ether_shost
  59. void setEtherSHost(u_char []) ;
  60. // Set the ethernet type to the value received.
  61. void setEtherType(u_short) ;
  62. // returns the string representation of the ethernet addresses
  63. string getEtherDHost() ;
  64. string getEtherSHost() ;
  65. // Return the ethernet type
  66. u_short getEtherType() ;
  67. };
  68. ```
  69. Define the functions in file `ethetnet_packet.cpp`
  70. ## Exercise 3: Construct the header of class ip_packet
  71. For Exercise 3 see the definitions of the functions of the class ip_packet found in file `ip_packet.cpp`
  72. Your task is to define the class header following the functions inside the file. The member variables are:
  73. * two `string`s to store the source and destination IP addresses
  74. * a one byte (`char`) variable to store the IP protocol
  75. * two `unsigned short` variables to store the source and destination port
  76. * one `string` to store the packet payload.
  77. This class header that you are defining inherits from the class that you defined in Exercise 2.
  78. ### Deliverables
  79. Use "Deliverables" in Moodle to upload the files `ethernet_packet.cpp` y `ip_packet.h` that you defined.
  80. ### References
  81. [1]http://en.wikipedia.org/wiki/Packet_analyzer