Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.
-
Upload
jayson-flowers -
Category
Documents
-
view
215 -
download
0
Transcript of Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.
![Page 1: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/1.jpg)
Raw Sockets - 101
Vivek Ramachandran
![Page 2: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/2.jpg)
A day in the life of Network Packet
![Page 3: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/3.jpg)
The gory details …..
![Page 4: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/4.jpg)
Problem formulation- why raw sockets ?
• We can only receive frames destined to us
(Unicast) , to everyone (Broadcast) and to some selected addresses we subscribe to (Multicast).
• All Headers i.e. Ethernet, IP, TCP etc are stripped by the network stack and only the data is shipped to the application layer.
• We cannot modify the packet headers of packets when they are sent out from our host.
![Page 5: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/5.jpg)
What could be interesting ?
• If we could receive the frames for all computers connected to our broadcast domain – Promiscous mode
• If we could get all the headers i.e. Ethernet , TCP, IP etc from the network and analyze them – Raw Sockets.
• If we could inject packets with custom headers and data into the network directly – Raw Sockets.
![Page 6: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/6.jpg)
Promiscous Mode
• It is the “See All, Hear All” Wizard mode • Tells the network driver to accept all
packets irrespective of whom the packets are addressed to.
• Used for Network Monitoring – both legal and illegal monitoring
• We can do this by programmatically setting the IFF_PROMISC flag or by using the ifconfig utility (ifconfig eth0 promisc)
![Page 7: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/7.jpg)
Getting all headers - Sniffing
• Once we set the interface to promiscous mode we can get “full packets” with all the headers.
• We can process these packets and extract data from it.
• Note we are receiving packets meant for all hosts => see what your neighbors are doing in the lab
![Page 8: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/8.jpg)
Sending arbitrary packets – Packet Injection
• We “manufacture” our own packets and send it out on the network.
• Absolute power – total network stack bypass
• Most active network monitoring tools and hacking tools use this.
• Remember the Dos attacks ? Syn Floods ? IP Spoofs ?
![Page 9: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/9.jpg)
Raw Sockets – a closer look
Application
Raw Socket
![Page 10: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/10.jpg)
What are raw sockets ?
• Simply put raw sockets provide a way to bypass the whole network stack traversal of a packet and deliver it directly to an application.
• There are many ways to create raw sockets. We will concentrate on the PF_PACKET interface for creating raw sockets.
![Page 11: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/11.jpg)
PF_PACKET
• It is a software interface to send/receive packets at layer 2 of the OSI i.e. device driver.
• All packets received will be complete with all headers and data.
• All packets sent will be transmitted without modification by the kernel to the medium.
• Supports filtering using Berkley Packet Filters.
![Page 12: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/12.jpg)
Creating a Raw Socket
• Call socket() with appropriate arguments.
Socket(PF_PACKET, SOCK_RAW, int protocol)
Protocol is ETH_P_IP for IP networks. It is mostly used as a filter. To receive all types of packets ETH_P_IP is used.
![Page 13: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/13.jpg)
The making of a Sniffer
• Create Raw socket – socket()
• Set interface you want to sniff on in promiscous mode.
• Bind Raw socket to this interface – bind()
• Receive packets on the socket – recvfrom()
• Process received packets
• Close the raw socket().
![Page 14: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/14.jpg)
The making of a Packet Injector
• Create a raw socket – socket()
• Bind socket to the interface you want to send packets onto – bind()
• Create a packet
• Send the packet – sendto()
• Close the raw socket – close()
![Page 15: Raw Sockets - 101 Vivek Ramachandran. A day in the life of Network Packet.](https://reader036.fdocuments.net/reader036/viewer/2022082611/56649ecf5503460f94bdc731/html5/thumbnails/15.jpg)
Class over !!
Lets start coding !!!