Packet Sniffer:
A packet sniffer (also known as a network analyzer, protocol analyzer or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content.
Packets in computer communications can be defined as a quantity of data of limited size. In Internet all traffic travels in the form of packets, the entire file downloads, web page retrievals, email, all these internet communications always occur in the form of packets. In the internet, packet is a formatted unit of data carried by a packet mode in computer network.
Why the Use of A Network Sniffer?
The information running through networks is a valuable source of evidence for network administrators to fish out intruders or anomalous connections. The need to capture this information has lead to the development of packet sniffers. Packet sniffer when installed in a network will help monitor network traffic and keeps log of all connections to the network, which is then analyzed for the detection of suspicious activities.
Protocols:
A] TCP Header:
Destination Port: The destination port number.
Sequence Number: The sequence number of the first data octet in this segment (except when SYN is present). If SYN is present the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1.
Acknowledgment Number: If the ACK control bit is set this field contains the value of the next sequence number the sender of the segment is expecting to receive. Once a connection is established this is always sent.
Data Offset: The number of 32 bit words in the TCP Header. This indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits long.
Reserved: Reserved for future use. Must be zero.
Window: The number of data octets beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.
Checksum: The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum purposes. The pad is not transmitted as part of the segment. While computing the checksum, the checksum field itself is replaced with zeros.
Urgent Pointer: This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field is only be interpreted in segments with the URG control bit set.
Options: Options may occupy space at the end of the TCP header and are a multiple of 8 bits in length.
Padding: The TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit boundary.
B] UDP Header:
Source Port: The 16-bit port number of the process that originated the UDP message on the source device.
Destination Port: Destination port has a meaning within the context of particular internet destination address.
Length: The length of the entire UDP datagram, including both header and Data fields.
Checksum: An optional 16-bit checksum computed over the entire UDP datagram plus a special “pseudo header” of fields.
Data: The encapsulated higher-layer message to be sent.
Python Modules:
A] OS:
This module provides a portable way of using operating system dependent functionality.
-Functions:
1] os.ctermid()
Return the filename corresponding to the controlling terminal of the process.
2]os.geteuid()
Return the current process’s effective user id.etc.
B] SYS:
The sys module provides information about constants, functions and methods of the Python interpreter. dir(system) gives a summary of the available constants, functions and methods. Another possibility is the help() function. Using help (sys) provides valuable detail information.
C] HASHLIB:
This module implements a common interface to many different secure hash and message digest algorithms. Included are the FIPS secure hash algorithms SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as RSA’s MD5 algorithm (defined in Internet RFC 1321). The terms secure hash and message digest are interchangeable. Older algorithms were called message digests. The modern term is secure hash.
D] TIME:
This module provides a number of functions to deal with dates and the time within a day. It’s a thin layer on top of the C runtime library.
E] MULTIPROCESSING:
Multiprocessing is a package that supports spawning processes using an API similar to the threading module. The multiprocessing package offers both local and remote concurrency, effectively side-stepping the global interpreter lock by using subprocesses instead of threads. Due to this, the multiprocessing module allows the programmer to fully leverage multiple processors on a given machine. It runs on both UNIX and Windows.
No comments:
Post a Comment