Packet Sniffer using Multicore programming

By B.A.KhivsaraAssistant Professor

Computer DepartmentSNJB’s KBJ COE,Chandwad

Outline

Packet Sniffer

Multicore

Command for CPU info

Program in Python

Packet Sniffer Definition:

A packet sniffer is a wire-tap device that plugs into computer networks and listens to the network traffic.

What are the components of a packet sniffer?

1. Hardware : standard network adapters .

2. Capture Filter : This is the most important part . It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer.

3 Buffers : used to store the frames captured by the Capture Filter .

What are the components of a packet sniffer?

4. Real-time analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection.

5. Decoder : "Protocol Analysis" .

How does a Sniffer Work?

Sniffers also work differently depending on the type of network

they are in.

Shared Ethernet

Switched Ethernet

How can you detect a packet sniffer?

Ping method

ARP method

DNS method

Packet Sniffer Mitigation

The following techniques and tools can be used to mitigate

sniffers:

Authentication

Switched infrastructure

Antisniffer tools

Cryptography

Host A Host BRouter A Router B

Top Packet Sniffers

Wireshark

Kismet

Tcpdump

Cain and Abel

Ettercap

Dsniff

NetStumbler

Ntop

Ngrep

What are sniffers used for?

Detection of clear-text passwords and usernames from the network.

Conversion of data to human readable format so that people can read the traffic.

Performance analysis to discover network bottlenecks.

Network intrusion detection in order to discover hackers.

Outline

Packet Sniffer

Multicore

Command for CPU info

Program in Python

Multi-core processors

Growth With each new generation of processors

Smaller size Faster

Increased heat

dissipation

Greater Consumption

of power

Single Core Performance

Technique used to increase single core performance was Pipelining

Single Core continued

Another technique was multithreading

• Multithreading involves execution of two separate threads.

• Time is divided and interlaced between the two threads in order to simulate simultaneous execution

Problems with Single Core

To execute the tasks faster you must increase the clock time.

Increasing clock times too high drastically increases power consumption and heat dissipation to extremely high levels, making the processor inefficient.

Multi Core solution

Creating two cores or more on the same Die increases processing power while keeping clock speeds at an efficient level.

A processor with 2 cores running at efficient clock speeds can process instructions with similar speed to a single core processor running at twice the clock speed, yet the dual core processor would still consume less energy.

Multi-Core Advantages

While working with many threads, a Multi Core processor with n cores can execute n threads simultaneously by assigning a core to each thread.

A Single core processor must multithread with every single thread.

Other Incentives

The name “core dual” and similar names are good for marketing.

It has lower manufacturing costs.

Uses proven processor designs.

Implementations

shared memory model

all cores share the same cache

memory.

distributed memory model

each core has its own cache

memory.

Implementations continued

The Intel core duo design has a separate L1 cache memory for each core, but both cores share an L2 cache.

Problems with multi core processors

Memory/Cache coherence. As

mentioned earlier, some implementations have

distributed L1 caches but must share an L2 cache. This poses the problem

of making sure each core keeps the other updated with changes in the data

in its own cache.

Multi threading is also a problem when the software being run is not

designed to take advantage of the multi

core processor. This may mean that one core does most of the work which

means that the processor is running no more efficiently than a

single core.

Outline

Packet Sniffer

Multicore

Command for CPU info

Program in Python

Linux commands for CPU info

• Shows no of processing units availablenproc

• Shows CPU architecture information in human readable formlscpu

• Contains information about individual core/proc/cpuinfo

Outline

Packet Sniffer

Multicore

Command for CPU info

Program in Python

Practical in Python: Prerequisite

install scapy by

sudo apt-get install scapy

Practical in Python

from scapy.all import *

import hashlibimport osimport sysimport timeimport multiprocessing

Practical in Pythondef pkt_callback(pkt):

print "\n\n"pkt.show() # debug statement

def sniffing(filter_1,core):print "\n######## " + core + " ############\n"sniff(prn=pkt_callback, filter=filter_1, count=5)

if __name__=='__main__':coreOne = multiprocessing.Process(target=sniffing("tcp","Core 1"))coreOne.start()

coreTwo = multiprocessing.Process(target=sniffing("udp","Core 2"))coreTwo.start()

How to run Program?

sudo python sniffer.py