Packet sniffing and spoofing are the two important concepts in network security; they are two major
threats in network communication. Being able to understand these two threats is essential for
understanding se-curity measures in networking. There are many packet sniffing and spoofing tools, such
as Wireshark, Tcpdump, Netwox, etc. Some of these tools are widely used by security experts, as well as
by attack-ers. Being able to use these tools is important for students, but what is more important for
students in a network security course is to understand how these tools work, i.e., how packet sniffing and
spoofing are implemented in software.
The objective of this lab is for students to master the technologies underlying most of the sniffing and spoofing
tools. Students will play with some simple sniffer and spoofing programs, read their source code, modify them, and
eventually gain an in-depth understanding on the technical aspects of these programs. At the end of this lab, students
should be able to write their own sniffing and spoofing programs.
2 Lab Tasks
2.1 Task 1: Writing Packet Sniffing Program
Problem 1: Please use your own words to describe the sequence of the library calls that are essential for sniffer
programs. This is meant to be a summary, not detailed explanation like the one in the tutorial.
Problem 2: Why do you need the root privilege to run sniffex? Where does the program fail if executed
without the root privilege?
Problem 3: Please turn on and turn off the promiscuous mode in the sniffer program. Can you demon-strate the
difference when this mode is on and off? Please describe how you demonstrate this.
Problem 4: Please write filter expressions to capture each of the followings. In your lab reports, you need
to include screen dumps to show the results of applying each of these filters.
Capture the ICMP packets between two specific hosts.
Capture the TCP packets that have a destination port range from to port 10 - 100.
Problem 5: Please show how you can use sniffex to capture the password when somebody is using telnet
on the network that you are monitoring. You may need to modify the sniffex.c a little bit if needed. You
also need to start the telnetd server on your VM. If you are using our pre-built VM, the telnetd server is
already installed; just type the following command to start it.
% sudo service openbsd-inetd start
2.2 Task 2: Spoofing
Problem 6: Please use your own words to describe the sequence of the library calls that are essential for
packet spoofing. This is meant to be a summary.
Problem 7: Why do you need the root privilege to run the programs that use raw sockets? Where does the
program fail if executed without the root privilege?
Problem 8: Please combine your sniffing and the spoofing programs to implement a sniff-and-then-spoof
program. This program monitors its local network; whenever it sees an ICMP echo request packet, it spoofs an
ICMP echo reply packet. Therefore, even if the victim machine pings a non-existing machine, it will always
see that the machine is alive. Please include screen dump in your report to show that your program works.
Please also attach the code in your report.
Hello,
It will be my pleasure to join your project as i have the required skills and experience. I have extensive experience on networking, security, technical/report writing, VMware, penetration testing, Linux, Wireshark, Tcpdump, Netwox etc. and am confidant to complete your task successfully.
Please spare just 5 minutes and pay attention to my profile.
Thanks & Regards,
Engr. Gul Nawaz
I am an information security professional with overall 3 years experience. This can be easily done using socket programming in python. please let me know if you like my approach
Software professional with 8 years of industry experience. Strong knowledge on C Programming, Linux system programming, Computer Networking, Packet Analysis etc.,
Domains: Deep Packet Inspection, Malware Analysis....