CIS 457 Lab Assignment 4: Basic Traffic Sniffer

Objective: Gain familiarity with raw packet sockets, and parsing network packets, by writing a simple program.

Deliverables: The source code to your program, as well as a screenshot of the output, in hard copy.

Teams: You should write your code individually, although you may of course discuss with classmates.

Grading: 10 points, as described below.

Sample Code

In this assignment, you are to write a basic traffic sniffer, that listens for packets, and prints out their Ethernet and IP headers. The program must use raw packet sockets (PF_PACKET, SOCK_RAW). Your program should be written in C or C++. You will have to use Mininet to test your program (this socket type needs root access). Specifically your programs must do the following:

  1. Open a raw packet socket, listening for packets from all protocols: int s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); (1 point)
  2. Create a sockaddr_ll, and set the sll_family, sll_protocol, and sll_ifindex members appropraitely. The family should be AF_PACKET, the protocol should be htons(ETH_P_ALL), and the interface index should be the index for whatever interface you want to listen on. The index can be obtained from the interface name using if_nametoindex. (1 point)
  3. Use bind to bind the socket you created to the address (1 point)
  4. In a loop, recieve packets using recvfrom, with a sockaddr_ll as the address. (1 point)
  5. Ignore any outgoing packets, by checking if the sll_pkttype in the address is PACKET_OUTGOING (1 point)
  6. Upon recieving a (incoming) packet, parse out and print the Ethernet header information (destination, source, and type). You should not do this byte by byte, instead you should use struct ether_header from /usr/include/net/ethernet.h. (3 points)
  7. For packets where the type is IPv4 (0x800), print the source and destination addresses from the IP header (once again, do not parse byte by byte, use struct iphdr from /usr/include/netinet/ip.h). (2 points)

All printing should be done in the expected format for the information (IP addresses should look like the standard text format for IP addresses, etc).