Packet sniffing

•

4 likes•941 views

Tanmay 'Unsinkable'

Presented at Student Seminar Series_VIT University

Technology

TANMAY SINHA
B.TECH(Computer Science)
IIIrd year

Agenda
 PART 1
 Motivating Examples
 Generic Architecture Design

 PART 2
 Libraries you can work with

 PART 3
 Loopholes and Improvements
 Demos

Libraries
• Provisions that a packet filter can provide
 1)Monitoring
 2)Filtering

 3)Specifying Verdict on packets

 Need some High Level API’s to provide an interface
 Popular Libraries –
 Libipq()
 Libpcap()/Winpcap()

Loopholes
 Dynamic Filtering Tasks
 Algorithmic Inefficiency(Many pre-processing
phases)
 Architecture and Instruction Set(RISC)
 Frame Loss(Queue Overrun)

Solution Approaches
 Hardware level /Kernel Level/User Level
 Aim
 Reducing the number of packets that are forwarded to the application to be
only discarded later on.

 Constant memory consumption
regardless of the number of filters

 A simpler computational model with fewer instructions -->Main aim is to
achieve low filter update latency by avoiding filter recompilation

 A modified implementation of the Netfilter ip_queue module with the
goal of higher performance

 Allowing packets on a single interface to be segmented across multiple
threads/cores, allowing for more efficient packet processing

Technicalities
 To interrogate Queue status
 #ethtool -S ethX

 To increase Queue Length
 # ethtool --set-ring ethX [rx N] [tx N]

 To increase rate at which Queue Drains
 # vim /proc/sys/net/core/dev_weight

 Slow down i/p traffic by controlling size of receive buffers
used in Sockets
 #sysctl -w net.core.rmem_default=N

Solution Approaches…contd
 BLOOM FILTERS
 A probabilistic data structure that is used to test whether an
element is a member of a set. False positives are possible, but
False Negatives are not

 Is space efficient , Insertion and Searching takes O(1) time ,
Deletion possible in Modified Bloom Filter

References
 http://tcpdump.org
 http://wireshark.org
 http://ntop.org
 http://snort.org
 http://openbsd.org
 http://technet.microsoft.com/en-
us/network

What's hot

Packet sniffing in LANArpit Suthar

Sniffer[1]عمر اسماعيل

Packet sniffersKunal Thakur

Prensentation on packet sniffer and injection toolIssar Kapadia

Packet sniffing & ARP Poisoning Viren Rao

Network sniffers & injection toolsvishalgohel12195

Ethical Hacking - sniffingBhavya Chawla

Packet capture in network securityChippy Thomas

How to use packet sniffersDeepika Padmanabhan

Hacking Ciscoguestd05b31

Password sniffingSRIMCA

Network packet analysis -capture and AnalysisManjushree Mashal

Packet SniffingMohammed Farrah

Packet sniffingShyama Bhuvanendran

Network Protocol AnalyzerSourav Roy

Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community

Ip trace pptdeepakmarndi

An improved ip traceback mechanism for networkeSAT Publishing House

Linux and firewallMhmud Khraibene

Snortnazzf

What's hot (20)

Packet sniffing in LAN

Sniffer[1]

Packet sniffers

Prensentation on packet sniffer and injection tool

Packet sniffing & ARP Poisoning

Network sniffers & injection tools

Ethical Hacking - sniffing

Packet capture in network security

How to use packet sniffers

Hacking Cisco

Password sniffing

Network packet analysis -capture and Analysis

Packet Sniffing

Packet sniffing

Network Protocol Analyzer

Network Forensics: Packet Analysis Using Wireshark

Ip trace ppt

An improved ip traceback mechanism for network

Linux and firewall

Snort

Viewers also liked

Idea_Tanmay_MicrosoftTanmay 'Unsinkable'

Application of hashing in better alg design tanmayTanmay 'Unsinkable'

OPERACIONES A INTERÉS SIMPLEreyesfernandezfuentes

5 Steps To A Smart Compensation PlanBambooHR

Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...Stanford GSB Corporate Governance Research Initiative

10 Tips for WeChatChris Baker

20 Ideas for your Website Homepage ContentBarry Feldman

Benefits of drinking waterEason Chan

Viewers also liked (8)

Idea_Tanmay_Microsoft

Application of hashing in better alg design tanmay

OPERACIONES A INTERÉS SIMPLE

5 Steps To A Smart Compensation Plan

Stay Up To Date on the Latest Happenings in the Boardroom: Recommended Summer...

10 Tips for WeChat

20 Ideas for your Website Homepage Content

Benefits of drinking water

Similar to Packet sniffing

Melp codec optimization using DSP kitsohaibaslam207

mTCP使ってみたHajime Tazaki

International Journal of Engineering Research and Development (IJERD)IJERD Editor

SF-TAP: Scalable and Flexible Traffic Analysis Platform (USENIX LISA 2015)Yuuki Takano

Hyper Threading Technologynayakslideshare

DESIGN AND ANALYSIS OF A 32-BIT PIPELINED MIPS RISC PROCESSORVLSICS Design

Design and Analysis of A 32-bit Pipelined MIPS Risc ProcessorVLSICS Design

Intel new processorszaid_b

B.Eng-Final Year Project interim-reportAkash Rajguru

eBPF BasicsMichael Kehoe

Tridiagonal solver in gpuHunan University

MulticoreBirgit Plötzeneder

Risc revolutionAanandha Saravanan

Cisco crs1wjunjmt

OS Module-2.pptxbleh23

Chapter 3. sensors in the network domainPhu Nguyen

Improving Passive Packet Capture : Beyond Device PollingHargyo T. Nugroho

Tos tutorialmanikainth

Area Efficient and high-speed fir filter implementation using divided LUT methodIJMER

Similar to Packet sniffing (20)

Melp codec optimization using DSP kit

mTCP使ってみた

International Journal of Engineering Research and Development (IJERD)

SF-TAP: Scalable and Flexible Traffic Analysis Platform (USENIX LISA 2015)

Hyper Threading Technology

DESIGN AND ANALYSIS OF A 32-BIT PIPELINED MIPS RISC PROCESSOR

Design and Analysis of A 32-bit Pipelined MIPS Risc Processor

Intel new processors

B.Eng-Final Year Project interim-report

eBPF Basics

Tridiagonal solver in gpu

Multicore

Risc revolution

Cisco crs1

OS Module-2.pptx

Chapter 3. sensors in the network domain

Improving Passive Packet Capture : Beyond Device Polling

Tos tutorial

Area Efficient and high-speed fir filter implementation using divided LUT method

Recently uploaded

Boost PC performance: How more available memory can improve productivityPrincipled Technologies

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays

Real Time Object Detection Using Open CVKhem

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun

Histor y of HAM Radio presentation slidevu2urc

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j

Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Apidays New York 2024 - The value of a flexible API Management solution for O...apidays

HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics

From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Driving Behavioral Change for Information Management through Data-Driven Gree...

Data Cloud, More than a CDP by Matt Robison

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Real Time Object Detection Using Open CV

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Exploring the Future Potential of AI-Enabled Smartphone Processors

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Powerful Google developer tools for immediate impact! (2023-24 C)

Histor y of HAM Radio presentation slide

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Strategies for Landing an Oracle DBA Job as a Fresher

How to Troubleshoot Apps for the Modern Connected Worker

Apidays New York 2024 - The value of a flexible API Management solution for O...

HTML Injection Attacks: Impact and Mitigation Strategies

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

How to Troubleshoot Apps for the Modern Connected Worker

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Packet sniffing

1. TANMAY SINHA B.TECH(Computer Science) IIIrd year

2. Agenda  PART 1  Motivating Examples  Generic Architecture Design  PART 2  Libraries you can work with  PART 3  Loopholes and Improvements  Demos

3. Motivating Examples

5. (Sniffer and ID/PS Mode)

6. Generic BPF Architecture

7. ??? ???

9. Libraries • Provisions that a packet filter can provide  1)Monitoring  2)Filtering  3)Specifying Verdict on packets  Need some High Level API’s to provide an interface  Popular Libraries –  Libipq()  Libpcap()/Winpcap()

10.

11. Libpcap()

12. Requirement-Deep Filtering

13. Libipq()

14. Loopholes  Dynamic Filtering Tasks  Algorithmic Inefficiency(Many pre-processing phases)  Architecture and Instruction Set(RISC)  Frame Loss(Queue Overrun)

15. Solution Approaches  Hardware level /Kernel Level/User Level  Aim  Reducing the number of packets that are forwarded to the application to be only discarded later on.  Constant memory consumption regardless of the number of filters  A simpler computational model with fewer instructions -->Main aim is to achieve low filter update latency by avoiding filter recompilation  A modified implementation of the Netfilter ip_queue module with the goal of higher performance  Allowing packets on a single interface to be segmented across multiple threads/cores, allowing for more efficient packet processing

16. Technicalities  To interrogate Queue status  #ethtool -S ethX  To increase Queue Length  # ethtool --set-ring ethX [rx N] [tx N]  To increase rate at which Queue Drains  # vim /proc/sys/net/core/dev_weight  Slow down i/p traffic by controlling size of receive buffers used in Sockets  #sysctl -w net.core.rmem_default=N

17. Solution Approaches…contd  BLOOM FILTERS  A probabilistic data structure that is used to test whether an element is a member of a set. False positives are possible, but False Negatives are not  Is space efficient , Insertion and Searching takes O(1) time , Deletion possible in Modified Bloom Filter

18. References  http://tcpdump.org  http://wireshark.org  http://ntop.org  http://snort.org  http://openbsd.org  http://technet.microsoft.com/en- us/network

Packet sniffing

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Packet sniffing

Similar to Packet sniffing (20)

Recently uploaded

Recently uploaded (20)

Packet sniffing