More Related Content
Similar to BroadcomEthernetPacketAnalyzer
Similar to BroadcomEthernetPacketAnalyzer (20)
BroadcomEthernetPacketAnalyzer
- 4. ETHERNET PACKET ANALYZER 4
INTRODUCTION
Most network analyzers are restricted to a single host computer. The
host computer may connect to different networks, but the analyzer can
still only monitor the network to which it is connected. As a result,
businesses and homes that have a network issue may have to rely on a
professional to diagnose a problem. Similarly, a professional is
limited to the computer that he can access. Evidently, a network
suffering serious connectivity issues will require the physical
presence of an experienced examiner.
Often times a network may be fine, and perhaps only a port has
malfunctioned. In this event, it may be difficult to isolate a damaged
node in a network, especially in the case of an extensive and broad
network. As such, we, students from IIT Hyderabad and the University
of Texas, in conjunction with Broadcom India Technologies propose an
external unit whose purpose is to capture packets from an Ethernet
socket, save, and analyze the data captured.
As a prototype for the idea, we have decided to build from an existing
microcontroller. The Raspberry Pi, a powerful miniature computer, was
selected to be our platform based on its compatibility with Broadcom
products. The Raspberry Pi has one Ethernet port and an SD card
reader, making it the perfect platform for this project. Furthermore,
the developer community surrounding the Raspberry Pi and its
accessories is known to be one of the most extensive and supportive
resources for independent development and experimentation.
- 5. ETHERNET PACKET ANALYZER 5
BACKGROUND AND TERMINOLOGY
3.1 PACKET SNIFFERS AND ANALYZERS
The Ethernet packet analyzer documented in this report combines
two major ideas into one design. Our design incorporates the
concept of a network monitor, informally known as a packet
sniffer. Packet sniffers have the capability to tap into
networks and gather packets of information from the same
network. Typically, packet sniffers are located on a host
computer, meaning the sniffer itself is built from code and
executes from a stationary computer on the network to be
analyzed. The source code for many packet sniffers is available
online as a powerful tool to construct network analyzers.
The second concept incorporated into the project stems from
network monitors and network analyzers. The devices take
information and packets gathered from sniffers as inputs in
order to analyze the attributes of a network. Often times a
network analyzer will interpret and decipher information from a
sniffer to display the attributes of a network. Attributes can
include, but are not limited to; packet IP sources,
destinations, and network traffic statistics. Thus, network
analyzers, when combined with packet sniffers, become useful
tools to monitor, diagnose, and repair dysfunctional networks .
3.2 PACKETS
Packets, also called datagrams, are units of encapsulated bits
that are used to send information to and from devices on any
network. An Ethernet packet follows a specific format that lends
itself for analysis. One packet can be subdivided into two main
parts; the header, which contains all bits of information about
- 6. ETHERNET PACKET ANALYZER 6
the packet, its origin, destination, and other specifications;
and the payload, which contains information that the packet is
transferring.
For the purpose of building an Ethernet packet sniffer,
understanding the header portion of a datagram is essential. The
header of an IPv4 type packet contains its: version, header
length, type of service, total length, identification bits,
flags, fragment offset, time to live, protocol, header checksum,
source address, and destination address (Kozierok).
Although IPv4 packets are most commonly used today, it is
important to note that packets of different formats and
protocols exist. Understanding all formats of datagrams is also
crucial in developing a successful packet sniffer.
3.3 INTERNET PROTOCOL & TRANSMISSION CONTROL PROTOCOL
IP and TCP are international protocols that nearly all computers
and devices will adhere to in order to interface across networks
properly and efficiently. In fact, the function of the Internet
Protocol is to deliver datagrams from source to destination. The
IP standard constitutes four distinct layers to enable network
traffic. For the purpose of this project, thorough comprehension
of only the first two layers, the Link Layer and Internet Layer,
are necessary.
The link layer is comprised communication methods that operate
through physical connections. The link layer defines all
communication protocol between devices on the same network. As a
result, Ethernet exists almost exclusively in the link layer.
One level higher is the internet layer, which does not define
communication protocol between devices on the same network, but
rather on separate networks. The internet layer is populated by
- 10. ETHERNET PACKET ANALYZER 10
4.3 PRELIMINARY CODE
As of 4 July 2014, a program to capture packets from Ethernet
ports and Wifi has been written to run on a computer, but has
not been exported to the Raspberry Pi. In pseudocode, the
program is as follows:
Include Libraries:
Pcap.h, Stdio.h, Stdlib.h, String.h
First, check for present network devices. Select Ethernet port
or print none if unavailable. Open the device for capturing
packets, and then pass the device name and the packet length in
bytes to the main program. Toggle promiscuous mode on and check
the error buffer. If no errors exist, proceed to capturing
function “pcap_open_live.” From there, process the packets
according to packet type, and write the statistics to a .txt
- 13. ETHERNET PACKET ANALYZER 13
BIBLIOGRAPHY
TCPDUMP/LIBPCAP public repository. (2014, January
1). TCPDUMP/LIBPCAP public repository. Retrieved July 1,
2014, from http://www.tcpdump.org/
Download. (n.d.). Wireshark ∙ Go Deep.. Retrieved July 4, 2014,
from http://www.wireshark.org/
RFC 791 Internet Protocol. (1981, September 1). RFC 791 Internet
Protocol. Retrieved July 4, 2014, from
http://tools.ietf.org/html/rfc791
Kozierok, C. (2005, September 20). The TCP/IP Guide IP Datagram General
Format. The TCP/IP Guide IP Datagram General Format. Retrieved
July 4, 2014, from
http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htm
Ubuntu. (2014, January 1). The leading OS for PC, tablet, phone and
cloud. Retrieved July 4, 2014, from http://www.ubuntu.com/
Downloads. (2014, January 1). Raspberry Pi. Retrieved July 4, 2014, from
http://www.raspberrypi.org/downloads/
Welcome to Raspbian. (2014, January 1). FrontPage. Retrieved July 4, 2014,
from http://www.raspbian.org/