slides - CS Course Webpages

TAMU CSCE 465: Computer &Network
Security
(the basics)
Instructor: Guofei Gu
TA: Lei Xu
Agenda
•
•
•
•
Part 1: Virtual Machine
Part 2: Linux Programming
Part 3: Libpcap Programming
Part 4: Raw Socket Programming
Part 1: Virtual Machine
• Definition: A virtual machine (VM) is a
software implementation of a machine (for
example, a computer) that executes programs
like a physical machine. [wiki]
• Two Recommended Free Virtual Machines
– VMWare Player (support Windows, liunx)
– Virtual Box (Support Windows, Linux, Mac)
VMWare Player
• Free Software
• Run multiple OSes at the same time on your PC
• Host OS: Windows 8, Windows 7, Chrome OS,
Linux
• Homepage:
– http://www.vmware.com/products/player/
• Download
– https://my.vmware.com/web/vmware/free#desktop_
end_user_computing/vmware_player/5_0
Cont.
Create a new
VM
Open an
existing VM
Network Configuration
Network
Configurati
on
Start VM
File Sharing with the host
Contd.
Shared Folder Path
The shared folder in Ubuntu is
located /mnt/hfgs/
Virtual Box
•
•
•
•
Free Software
Run multiple OS at the same time on your PC
Host OS: Windows, Linux, Mac OS
Homepage:
– https://www.virtualbox.org/
• Download
– https://www.virtualbox.org/wiki/Downloads
Part2: Linux Programming Basics
• Common Unix/Linux Commands
– ls – list files in current directory (ignores files that are ‘invisible’)
– ls -a – List all the files
– cd bob – change directory to bob folder
 cd .. (jumps one level up in directory)
– mkdir filename – makes a folder of given filename
– rm blah – removes file
 rm *.ext – removes everything in current directory of a given
extension ext
– pwd – lists the path of the current directory
• other commands can be found at
https://wiki.cse.tamu.edu/index.php/Basic_UNIX_Comman
ds
Compiling and Executing
• For C program
– gcc filename.c - compiles and links c program, generating an
executable file
• For C++ program
– g++ filename.cpp - compiles and links c++ program, generating
an executable file
• Options for both
– ‘-o’ –renames the executabe, thus your executable no longer
must go under the a.out name
– More options can visit:
https://gcc.gnu.org/onlinedocs/gcc/Option-Summary.html
• Run the program
– ./a.out
Makefile
• Makefiles are special format files that together
with the make utility will help you to
automagically build and manage your projects
• For a simple tutorial, you can visit:
– http://mrbook.org/tutorials/make/
Tools and Useful Reference
• C/C++ program IDE:
– CodeBlock http://www.codeblocks.org/
– Eclipse
http://www.eclipse.org/
• Linux Programming References:
– [Richard Stevens]UNIX Network Programming
– [ Neil Matthew] Beginning Linux Programming
• Vmware Network:
– What is the differences among NAT, Host only and Bridge:
– http://blog-rat.blogspot.com/2009/05/bridged-vs-hostonly-vs-nat.html
– https://www.virtualbox.org/manual/ch06.html
Part 3: Libpcap Programming
• pcap is a user-level interface for user-level packet
capture
• libpcap provides C language Application
Programming Interface (API)s for network
statistics collection, security monitoring, network
debugging, etc.
• Now, many “wrappers” for pcap have developed
to support other programming language, such as:
pylibpcap for python, jNetpcap for Java
Installing the libpcap
• Linux:
for Ubuntu user:
Commandline Installation:
sudo apt-get install libpcap-dev
• Compiled from source:
http://sourceforge.net/projects/libpcap/
17
Work with the libpcap
• Compile program using libpcap
– gcc sniff.c –lpcap –o sniffer
• When run sniffer, you need root privilege.
– sudo ./sniffer
• Next, I will introduce some important
methods for libpcap programming.
How to write libpcap program ?
• ask pcap to find a valid device to sniff
dev = pcap_lookupdev(errbuf);
• Open live device description pointer to device
desc = pcap_open_live(dev,BUFSIZE,0,-1,errbuf)
• Open offline pcap file
handle = pcap_open_offline(file_path, errbuf);
• Once open the device, capature a packet
packet = pcap_next(desc, &hdr)
• Close the live device
pcap_close(desc);
Cont.
• Main Event Loop
void my_callback(u_char *useless,const struct
pcap_pkthdr* pkthdr,const u_char* packet) {
//do stuff here with packets
}
int main(int argc, char **argv) {
//open and go live
pcap_loop(descr,-1,my_callback,NULL);
return 0;
}
Cont.
• Filter Traffic: we don’t need to see every
packet!
• Compile the filter
int pcap_compile(pcap_t *p, struct bpf_program *fp,
char *str, int optimize, bpf_u_int32 netmask)
• Activate the filter
int pcap_setfilter(pcap_t *p, struct bpf_program *fp)
Part 4: Raw Socket Programming
• Raw Socket is an internet socket that allows
direct sending and receiving of internet
protocol packets without any protocol-specific
transport layer formatting
• The ability to craft packet headers is a
powerful tool that allows hackers to do many
nefarious things
• How does it work?
Fabricate network packets
• Create crafted packet (UDP for example)
struct ipheader *ip = (struct ipheader *) buffer;
struct udpheader *udp = (struct udpheader *) (buffer +
sizeof(struct ipheader));
• Fabricate the IP header
ip->iph_ihl = 5;
ip->iph_ident = htons(54321);
ip->iph_ttl = 64; // hops
ip->iph_protocol = 17; // UDP
// Source IP address, can use spoofed address here!!!
ip->iph_sourceip = inet_addr(argv[1]);
// The destination IP address
ip->iph_destip = inet_addr(argv[3]);
Cont.
• Fabricate the UDP header
/ /source port number
udp->udph_srcport = htons(atoi(argv[2]));
// Destination port number
udp->udph_destport = htons(atoi(argv[4]));
// Calculate the checksum for integrity
ip->iph_chksum = csum((unsigned short *)buffer,
sizeof(struct ipheader) + sizeof(struct
udpheader));
Cont.
• Create a raw socket with UDP protocol
sd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
• Send the crafted packet with raw socket
sendto(sd, buffer, ip->iph_len, 0, (struct
sockaddr *)&sin, sizeof(sin)) < 0
Q&A
More Future questions
Office Hour: Tuesday 2-3pm
Email: csce465@gmail.com