Packet sniffing and spoofing are the two important concepts in network security; they are two major threats in network communication. Being able to understand these two threats is essential for understanding security measures in networking. There are many packet sniffing and spoofing tools, such as Wireshark, Tcpdump, Netwox, etc. Some of these tools are widely used by security experts, as well as by attackers. Being able to use these tools is important for students, but what is more important for students in a network security course is to understand how these tools work, i.e., how packet sniffing and spoofing are implemented in software.

The objective of this lab is for students to master the technologies underlying most of the sniffing and spoofing tools. Students will play with some simple sniffer and spoofing programs, read their source code, modify them, and eventually gain an in-depth understanding on the technical aspects of these programs. At the end of this lab, students should be able to write their own sniffing and spoofing programs.

Lab Tasks

  • VM version: This lab has been tested on our pre-built SEEDUbuntu16.04 VM.

Recommended Time

  • Supervised situation (e.g. a closely-guided lab session):
  • Unsupervised situation (e.g. take-home project):

Videos (New)

Suggested Reading

  • SEED Book by Wenliang Du (Book website) (Chinese version)
  • Programming with pcap
  • Programming with Libcap - Sniffing the network from our own applicaiton by Luis Martin Garcia.


SEED Books

SEED Lectures

SEED Workshops