Getting started with libpcap
Extracting Ethernet information
Internet Protocol (IP)
Filtering captured datagrams
Capturing datagrams offline
Address Resolution Protocol (ARP)
Internet Control Message Protocol (ICMP)
Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Trivial File Transfer Protocol (TFTP)
Injecting datagrams with libnet
Download source code
What is it?
Packet capture is the action of collecting data as it travels through a computer network. Sniffing consists of grabbing network datagrams through the Ethernet card of a computer connected to that network. There are multiple reasons why one wants to collect information with tools such as protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers.
Packet injection consists of customizing and transmitting datagrams through the network to specific targets. Again, reasons for such injections include routing analysis, security audits and malicious attacks.
In this tutorial, we use open-source libraries to build packet capture and injection applications in C++ on Linux :
Who is it for?
This tutorial is intended for experienced C++ programmers who whish to develop packet capture and/or injection applications on Linux. It assumes the reader has basic understanding of network protocols at lower TCP/IP layers (Ethernet, ARP, ICMP, IP, TCP, UDP, etc.) as well a basic understanding of the works of simple network applications such as ping and traceroute. Packet header formats and protocols are detailed when appropriate.
What you need?
To test the presented source code, you should have a functional C++ compiler (for example gcc) as well as the libpcap and libnet libraries installed in a Linux distribution. The libraries are pretty straightforward to install.
All source code presented in this tutorial is fully portable to most Linux distributions.
Throughout this tutorial we designate captured chunks of bytes as datagrams. A sequence of bytes travelling through a network is named differently depending on which TCP/IP layer it travels:
To improve readability, this tutorial commonly uses the term « datagram » to designate frames, packets, segments and other application layer protocol data chunks. The more precise terms (frame, packet or segment) are used when appropriate.
Source code availability
All source code presented in this tutorial may be downloaded freely.You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version.
The source code is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License for more details.
All source code is copyright 2014 Marco Lavoie unless otherwise stated. Please include references to this tutorial if you use any of its source code in your personal or commercial productions.
|Copyright © 2014 Marco Lavoie|