|
Douglas E. Comer
Computer Science Department
Purdue University
West Lafayette, IN 47907
webmaster: W. David Laverell
Companion
Topics
Home
Book
Information
Purpose
of Site
Getting
Started
Students
Faculty
"What's
New"
"Coming
Attractions"
"C Pointers"
Acknowledgements
|
|
HON: Faculty Notes to Chapter 12
Home > Faculty > Chapter Notes > Chapter 12
Chapter 12
Be sure to see the general comments on Experiment 12.1
to get some idea of the problems students will encounter.
In my
most recent networks course I had several students for
whom this sort of thing is second nature, but for most
of them this would be extremely difficult without some
preliminary help. In working on the solutions to the
programming experiments I have used tcpdump
under two versions of LINUX and snoop
running under SOLARIS. The differences are
remarkable. On the theory that most faculty members
who will be teaching this course love looking at
captured packets in hexidecimal but do not have
unlimited time to do so I would like to offer the
following table based on my current understanding
of things. I plan to have students who can do so
add to it, and I would certainly accept input from
you.
| Packet Sniffer |
Machine |
OS |
Version |
File Header |
Packet Header |
Position of Length in PH |
Header included in Packet Length |
Extra Bytes |
Source |
| snoop |
SunBlade 100 |
Solaris |
8 |
16 |
24 |
0-3 |
No |
Align to 8 byte boundary |
WDL |
| tcpdump |
COMPAQ PC |
Mandrake Linux |
8.1 |
16 |
24 |
16-19 |
Yes |
16 |
WDL |
| tcpdump |
COMPAQ PC |
Red Hat Linux |
7.1 |
24 |
24 |
8-11 |
No |
None |
WDL |
| tcpdump |
Powerbook G4 550 |
MacOS X |
10.2.1 |
24 |
16 |
8-11 |
No |
None |
CPSC370 |
Now on to the mechanics of packet sniffing. Obviously,
you cannot allow students to engage in this kind of activity
without restriction, supervision, and a strong warning to
those whose packets may be sniffed. An isolated lab behind a
firewall is ideal for these experiments. You still need
to give root access. This can be done using sudo or,
if you are running Solaris, version 8 or beyond,
rbac.
Designate a small number of special machines on which your students
can sniff packets, and give them a certain amount of time
in which to capture them to files for later analysis.
If this is just not possible, obtain the packets yourself,
or, if they don't trust you, have one of your network staff
do it for you.
To generate ARP packets ping a non-existent host from a
special machine. ICMP packets can be obtained by pinging
a special machine from another machine. To get UDP packets
run rusers on a special machine. TCP packets would be
generated by running telnet or ssh on another machine to one
of the special machines. Some students will need to be warned
about telnetting to a machine on which packets are being
sniffed. Come to think of it I know a faculty member who
had to change his password because of exactly this problem.
If you use ssh, very little of the contents of your packets
will be readable, but this is still preferable, and there
are some plain text packets at the beginning of such a
session.
This site is maintained by W. David Laverell
of the Computer Science Department
at Calvin College. For assistance or corrections,
please contact him at . |
|
