slides - CS Course Webpages

TAMU CSCE 465: Computer &Network
(the basics)
Instructor: Guofei Gu
TA: Lei Xu
Part 1: Virtual Machine
Part 2: Linux Programming
Part 3: Libpcap Programming
Part 4: Raw Socket Programming
Part 1: Virtual Machine
• Definition: A virtual machine (VM) is a
software implementation of a machine (for
example, a computer) that executes programs
like a physical machine. [wiki]
• Two Recommended Free Virtual Machines
– VMWare Player (support Windows, liunx)
– Virtual Box (Support Windows, Linux, Mac)
VMWare Player
• Free Software
• Run multiple OSes at the same time on your PC
• Host OS: Windows 8, Windows 7, Chrome OS,
• Homepage:
• Download
Create a new
Open an
existing VM
Network Configuration
Start VM
File Sharing with the host
Shared Folder Path
The shared folder in Ubuntu is
located /mnt/hfgs/
Virtual Box
Free Software
Run multiple OS at the same time on your PC
Host OS: Windows, Linux, Mac OS
• Download
Part2: Linux Programming Basics
• Common Unix/Linux Commands
– ls – list files in current directory (ignores files that are ‘invisible’)
– ls -a – List all the files
– cd bob – change directory to bob folder
 cd .. (jumps one level up in directory)
– mkdir filename – makes a folder of given filename
– rm blah – removes file
 rm *.ext – removes everything in current directory of a given
extension ext
– pwd – lists the path of the current directory
• other commands can be found at
Compiling and Executing
• For C program
– gcc filename.c - compiles and links c program, generating an
executable file
• For C++ program
– g++ filename.cpp - compiles and links c++ program, generating
an executable file
• Options for both
– ‘-o’ –renames the executabe, thus your executable no longer
must go under the a.out name
– More options can visit:
• Run the program
– ./a.out
• Makefiles are special format files that together
with the make utility will help you to
automagically build and manage your projects
• For a simple tutorial, you can visit:
Tools and Useful Reference
• C/C++ program IDE:
– CodeBlock
– Eclipse
• Linux Programming References:
– [Richard Stevens]UNIX Network Programming
– [ Neil Matthew] Beginning Linux Programming
• Vmware Network:
– What is the differences among NAT, Host only and Bridge:
Part 3: Libpcap Programming
• pcap is a user-level interface for user-level packet
• libpcap provides C language Application
Programming Interface (API)s for network
statistics collection, security monitoring, network
debugging, etc.
• Now, many “wrappers” for pcap have developed
to support other programming language, such as:
pylibpcap for python, jNetpcap for Java
Installing the libpcap
• Linux:
for Ubuntu user:
Commandline Installation:
sudo apt-get install libpcap-dev
• Compiled from source:
Work with the libpcap
• Compile program using libpcap
– gcc sniff.c –lpcap –o sniffer
• When run sniffer, you need root privilege.
– sudo ./sniffer
• Next, I will introduce some important
methods for libpcap programming.
How to write libpcap program ?
• ask pcap to find a valid device to sniff
dev = pcap_lookupdev(errbuf);
• Open live device description pointer to device
desc = pcap_open_live(dev,BUFSIZE,0,-1,errbuf)
• Open offline pcap file
handle = pcap_open_offline(file_path, errbuf);
• Once open the device, capature a packet
packet = pcap_next(desc, &hdr)
• Close the live device
• Main Event Loop
void my_callback(u_char *useless,const struct
pcap_pkthdr* pkthdr,const u_char* packet) {
//do stuff here with packets
int main(int argc, char **argv) {
//open and go live
return 0;
• Filter Traffic: we don’t need to see every
• Compile the filter
int pcap_compile(pcap_t *p, struct bpf_program *fp,
char *str, int optimize, bpf_u_int32 netmask)
• Activate the filter
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
Part 4: Raw Socket Programming
• Raw Socket is an internet socket that allows
direct sending and receiving of internet
protocol packets without any protocol-specific
transport layer formatting
• The ability to craft packet headers is a
powerful tool that allows hackers to do many
nefarious things
• How does it work?
Fabricate network packets
• Create crafted packet (UDP for example)
struct ipheader *ip = (struct ipheader *) buffer;
struct udpheader *udp = (struct udpheader *) (buffer +
sizeof(struct ipheader));
• Fabricate the IP header
ip->iph_ihl = 5;
ip->iph_ident = htons(54321);
ip->iph_ttl = 64; // hops
ip->iph_protocol = 17; // UDP
// Source IP address, can use spoofed address here!!!
ip->iph_sourceip = inet_addr(argv[1]);
// The destination IP address
ip->iph_destip = inet_addr(argv[3]);
• Fabricate the UDP header
/ /source port number
udp->udph_srcport = htons(atoi(argv[2]));
// Destination port number
udp->udph_destport = htons(atoi(argv[4]));
// Calculate the checksum for integrity
ip->iph_chksum = csum((unsigned short *)buffer,
sizeof(struct ipheader) + sizeof(struct
• Create a raw socket with UDP protocol
• Send the crafted packet with raw socket
sendto(sd, buffer, ip->iph_len, 0, (struct
sockaddr *)&sin, sizeof(sin)) < 0
More Future questions
Office Hour: Tuesday 2-3pm
Email: [email protected]