1 / 1

Department of Computer Science & Engineering

REU 2008-Packet Sniffer Jose Gelpi, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero. 2.2. Sniffer. 1. Introduction. start. The application is developed in C language using a network capturing library called PCAP .

weston
Télécharger la présentation

Department of Computer Science & Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. REU 2008-Packet Sniffer Jose Gelpi, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero 2.2. Sniffer 1. Introduction start • The application is developed in C language using a network capturing library called PCAP. • After reading the Network Interface Card (NIC) name, the pcap_open_live function opens it in promiscuous mode. • Then pcap_loopsniff the channel and captures every packet seen by the NIC. • pcap_next stores the packet header following this structure: • structpcap_pkthdr {structtimevalts; /* time stamp */ • … • bpf_u_int32 len; /* length this packet */ • } • By using that structure, the packet timestamp and length is used to calculate the bandwidth. • Finally, the time at which each packet is captured, its size, and the calculated bandwidth is printed out. A packet sniffer is an application that intercepts network packets traveling in a communication channel. They usually create a log file with information about the packet headers. The motivation for this work is the need of a new network sniffer able to perform calculations based on data from the captured packets and to filter irrelevant information that current sniffers print by default. The objective of this research is to develop a network sniffer to calculate bandwidth based on the amount of bits transmitted at the IP layer (IP packet length) during the time between two consecutive packets. That is, NIC open NIC (pcap_open_live) Capture a packet (pcap_loop hdr<- pcap_next) Additional packets shown in the graphs are due to control traffic generated between hosts. Calculate BW: hdr.len/(hdr.ts2-hdr.ts1) 4. Conclusions Print Time BW • The more packets to be captured per unit time, the higher the relative error. One reason for that is excessive load in the operating system. • The developed sniffer could be implemented in intermediate routers to better select network routes based on their congestion level. • Additional packet processing in the tool can be easily performed by manipulating the information in the packet headers. For example, using source and destination IP addresses to determine the traffic load for each host in the network. 2. Contribution 3. Evaluation 2.1. Testbed The sniffer was evaluated in the testbed by inserting 30% and 60% of periodic cross traffic in a 10Mbps capacity link for a 10 second period. That is, inserting 3 and 6 Mbps of cross traffic to be sniffed by the tool. The traffic generation was performed with MGEN by sending 381 and 782 packets of 1024 bytes every second. Two end hosts communicated in a LAN and one machine in the middle sniffing the connection is used to test the sniffer. Cross traffic is generated using the Multi-Generator MGEN. It generates synthetic traffic with variable amount and distribution. An average relative error was calculated by comparing the real traffic rate given by the traffic generator with the value provided by the tool: 5. Acknowledgments I want to thank to César D. Guerrero and Dr. Miguel A. Labrador for their orientations and the National Science Foundation for supporting this project. The average relative error in the case of 3 Mbps was 1.83% and in the case of 6 Mbps was 3.75%. Department of Computer Science & Engineering

More Related