Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin

Similar presentations


Presentation on theme: "Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin"— Presentation transcript:

1 Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin
Ben-Gurion University of the Negev Department of Communication Systems Engineering. Mobile Packet Sniffer Presented by: Ofer Borosh Vadim Lanzman Instructor: Dr. Chen Avin

2 Contents Packet Sniffing Motivation. Project Goal. Android platform.
Packet capturing. Monitor mode Problem. ARP injection solution. Learning Process. Follow up. Primitive sniffer

3 Packet Sniffing Motivation
Wi-Fi and Bluetooth networks usage is growing continuously, increasing traffic capacities in the wireless medium. Strong Need for a small and Mobile Sniffing Device. Usage of such sniffing device: Important tool for Wireless network designers. Evaluate network protocols and their performance. Understanding and debugging network problems. Address network security issues.

4 Project Goal Develop packet sniffer application on a compact mobile
platform. Perform capturing of packets traveling in wireless networks. Store captured packets in a DB on the capturing device. Perform basic analysis of Captured data. Support the export of captured data to a PC for further analysis.

5 Project Goal Sniffing Interfaces: Wi-Fi 802.11 b/g Bluetooth 802.15.1
In the future: 3G, ZigBee, GSM

6 Android Platform Hardware: Qualcomm processor : 528 MHz
TI Wi-Fi and Bluetooth integrated chip: WiLink 4.0 TI Wi-Fi driver : WL 1251 GPS ADP G 1 Software: Android Open Source Linux based OS. JAVA SDK 1.6 for Android NDK – for cross compile C files

7 Normal Packet Decapsulation
Packet capturing Normal Packet Decapsulation Packets loose all their headers on the way to the APP layer. We a way to BYPASS the stack. APP. Application Data DATA TRANSPORT TCP/UDP Segment TCP/UDP header DATA NETWORK IP datagram IP header TCP/UDP header DATA LINK Network Frame Ethernet header IP header TCP/UDP header DATA Ethernet trailer PHY

8 Packet capturing Using RAW Sockets
SW Implementations to bypass the stack: Raw Sockets. Tcpdump based on open source Libpcap library. Parsing and analyzing Raw packet headers. Using RAW Sockets APP. OPEN RAW SOCKET TRANSPORT NETWORK LINK Network Frame Using the same method we can inject custom made packets. Ethernet header IP header TCP/UDP header DATA Ethernet trailer PHY

9 Application Demo 1

10 Monitor Mode Problem Wi-Fi Element Operational Modes: Ideal sniffer:
Master mode. Managed mode. AD-HOC mode. Promiscuous mode. Monitor Mode. WiFi card Driver LINK NETWORK TRANSPORT APP. Ethernet header IP header TCP/UDP header DATA Ethernet trailer header Ideal sniffer: Uses Promiscuous or Monitor mode. Problem: TI Driver Prevents the Monitor and Promiscuous modes.

11 ARP Injection Solution
We will use Arp Protocol Properties to solve the problem. Arp Protocol Basics: Arp table in every PC. Need to know the MAC address before sending the packet. Host A Arp Request (Who has IP B ? Broadcast) Host B Arp Reply( Unicast IP B is at MAC B)

12 ARP Injection Solution
We will use Arp Protocol Properties to solve the problem. Switched network properties: Constantly Learning MAC addresses. Prevent the sniffing of neighboring traffic. MAC - A 5 MAC address port MAC - A 5 1 2 3 4 MAC - B 4 MAC - B

13 ARP Injection Solution
Host A ARP cache Host B ARP cache MAC address IP add MAC address IP add MAC - B IP - B MAC - A IP - A Normal traffic 2 3 AP route table MAC address Port 1 MAC - A 2 MAC - B 3 Active Sniffer: IP - C MAC - C

14 ARP Injection Solution
Host A ARP cache Host B ARP cache MAC address IP add MAC address IP add MAC - B IP - B MAC - A IP - A MAC - C MAC - C Arp Injection process 2 3 AP route table 1 MAC address Port MAC - A 2 Active Sniffer: IP - C MAC - C MAC - B 3 MAC - C 1

15 ARP Injection Solution
Host A ARP cache Host B ARP cache MAC address IP add MAC address IP add MAC - C IP - B MAC - C IP - A Re-Routed Traffic 2 3 AP route table 1 MAC address Port MAC - A 2 Active Sniffer: IP - C MAC - C MAC - B 3 MAC - C 1

16 Active Sniffing Milestones
Domain Scanning to find Active Sniffing targets. Arp Packet Injection to the selected targets. Enabling Traffic Rerouting to Avoid denial of service. Capture and analyze the traffic.

17 Application Demo 2

18 Learning process Development in JAVA under Android API.
Working and Cross Compiling for Linux based OS. Understanding of protocol and it’s operational modes. Raw sockets usage. Custom Packet creation and injection ARP spoofing .

19 Follow Up Extending the Capture interfaces to sniff ZigBee sensors.
Building custom parsing engines using Raw sockets. Rewriting the driver to support Monitor mode. End much more…

20 Questions…?


Download ppt "Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin"

Similar presentations


Ads by Google