Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin

Published byMerry Atkins Modified over 7 years ago

Similar presentations

Presentation on theme: "Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin"— Presentation transcript:

1 Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin
Ben-Gurion University of the Negev Department of Communication Systems Engineering. Mobile Packet Sniffer Presented by: Ofer Borosh Vadim Lanzman Instructor: Dr. Chen Avin

2 Contents Packet Sniffing Motivation. Project Goal. Android platform.
Packet capturing. Monitor mode Problem. ARP injection solution. Learning Process. Follow up. Primitive sniffer

3 Packet Sniffing Motivation
Wi-Fi and Bluetooth networks usage is growing continuously, increasing traffic capacities in the wireless medium. Strong Need for a small and Mobile Sniffing Device. Usage of such sniffing device: Important tool for Wireless network designers. Evaluate network protocols and their performance. Understanding and debugging network problems. Address network security issues.

4 Project Goal Develop packet sniffer application on a compact mobile
platform. Perform capturing of packets traveling in wireless networks. Store captured packets in a DB on the capturing device. Perform basic analysis of Captured data. Support the export of captured data to a PC for further analysis.

5 Project Goal Sniffing Interfaces: Wi-Fi 802.11 b/g Bluetooth 802.15.1
In the future: 3G, ZigBee, GSM

6 Android Platform Hardware: Qualcomm processor : 528 MHz
TI Wi-Fi and Bluetooth integrated chip: WiLink 4.0 TI Wi-Fi driver : WL 1251 GPS ADP G 1 Software: Android Open Source Linux based OS. JAVA SDK 1.6 for Android NDK – for cross compile C files

7 Normal Packet Decapsulation
Packet capturing Normal Packet Decapsulation Packets loose all their headers on the way to the APP layer. We a way to BYPASS the stack. APP. Application Data DATA TRANSPORT TCP/UDP Segment TCP/UDP header DATA NETWORK IP datagram IP header TCP/UDP header DATA LINK Network Frame Ethernet header IP header TCP/UDP header DATA Ethernet trailer PHY

8 Packet capturing Using RAW Sockets
SW Implementations to bypass the stack: Raw Sockets. Tcpdump based on open source Libpcap library. Parsing and analyzing Raw packet headers. Using RAW Sockets APP. OPEN RAW SOCKET TRANSPORT NETWORK LINK Network Frame Using the same method we can inject custom made packets. Ethernet header IP header TCP/UDP header DATA Ethernet trailer PHY

9 Application Demo 1

10 Monitor Mode Problem Wi-Fi Element Operational Modes: Ideal sniffer:
Master mode. Managed mode. AD-HOC mode. Promiscuous mode. Monitor Mode. WiFi card Driver LINK NETWORK TRANSPORT APP. Ethernet header IP header TCP/UDP header DATA Ethernet trailer header Ideal sniffer: Uses Promiscuous or Monitor mode. Problem: TI Driver Prevents the Monitor and Promiscuous modes.

11 ARP Injection Solution
We will use Arp Protocol Properties to solve the problem. Arp Protocol Basics: Arp table in every PC. Need to know the MAC address before sending the packet. Host A Arp Request (Who has IP B ? Broadcast) Host B Arp Reply( Unicast IP B is at MAC B)

12 ARP Injection Solution
We will use Arp Protocol Properties to solve the problem. Switched network properties: Constantly Learning MAC addresses. Prevent the sniffing of neighboring traffic. MAC - A 5 MAC address port MAC - A 5 1 2 3 4 MAC - B 4 MAC - B

13 ARP Injection Solution
Host A ARP cache Host B ARP cache MAC address IP add MAC address IP add MAC - B IP - B MAC - A IP - A Normal traffic 2 3 AP route table MAC address Port 1 MAC - A 2 MAC - B 3 Active Sniffer: IP - C MAC - C

14 ARP Injection Solution
Host A ARP cache Host B ARP cache MAC address IP add MAC address IP add MAC - B IP - B MAC - A IP - A MAC - C MAC - C Arp Injection process 2 3 AP route table 1 MAC address Port MAC - A 2 Active Sniffer: IP - C MAC - C MAC - B 3 MAC - C 1

15 ARP Injection Solution
Host A ARP cache Host B ARP cache MAC address IP add MAC address IP add MAC - C IP - B MAC - C IP - A Re-Routed Traffic 2 3 AP route table 1 MAC address Port MAC - A 2 Active Sniffer: IP - C MAC - C MAC - B 3 MAC - C 1

16 Active Sniffing Milestones
Domain Scanning to find Active Sniffing targets. Arp Packet Injection to the selected targets. Enabling Traffic Rerouting to Avoid denial of service. Capture and analyze the traffic.

17 Application Demo 2

18 Learning process Development in JAVA under Android API.
Working and Cross Compiling for Linux based OS. Understanding of protocol and it’s operational modes. Raw sockets usage. Custom Packet creation and injection ARP spoofing .

19 Follow Up Extending the Capture interfaces to sniff ZigBee sensors.
Building custom parsing engines using Raw sockets. Rewriting the driver to support Monitor mode. End much more…

20 Questions…?

Download ppt "Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin"

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
ARP AND RARP ROUTED AND ROUTING Tyler Bish. ARP There are a variety of ways that devices can determine the MAC addresses they need to add to the encapsulated.

ARP AND RARP ROUTED AND ROUTING Tyler Bish. ARP There are a variety of ways that devices can determine the MAC addresses they need to add to the encapsulated.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
COEN 252 Computer Forensics Remote Sniffer Detection.

COEN 252 Computer Forensics Remote Sniffer Detection.
Summer Workshop on Cyber Security Computer Networks Security (Part 1) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.

Summer Workshop on Cyber Security Computer Networks Security (Part 1) Dr. Hamed Mohsenian-Rad University of California at Riverside and Texas Tech University.
Review of Important Networking Concepts

Review of Important Networking Concepts
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Data Communications I & II 91.413 -91.414 Project Sequence Tom Costello.

Data Communications I & II Project Sequence Tom Costello.
MAC AddressesCS-502 (EMC) Fall 20091 Clarification — MAC Addresses and IP Networks CS-502, Operating Systems Fall 2009 (EMC) (Slides include materials.

MAC AddressesCS-502 (EMC) Fall Clarification — MAC Addresses and IP Networks CS-502, Operating Systems Fall 2009 (EMC) (Slides include materials.
COS 461: Computer Networks

COS 461: Computer Networks
Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.

Detection of Promiscuous nodes Using Arp Packets By Engin Arslan.
Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.

Android An open handset alliance project Janice Garcia September 18, 2008 MIS 304.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.

InterVLAN Routing Design and Implementation. What Routers Do Intelligent, dynamic routing protocols for packet transport Packet filtering capabilities.
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic

Similar presentations

Ads by Google