Overview

Packet sniffing and spoofing are the two important concepts in network security; they are two major threats in network communication. Being able to understand these two threats is essential for understanding security measures in networking. There are many packet sniffing and spoofing tools, such as Wireshark, Tcpdump, Netwox, etc. Some of these tools are widely used by security experts, as well as by attackers. Being able to use these tools is important for students, but what is more important for students in a network security course is to understand how these tools work, i.e., how packet sniffing and spoofing are implemented in software.

The objective of this lab is for students to master the technologies underlying most of the sniffing and spoofing tools. Students will play with some simple sniffer and spoofing programs, read their source code, modify them, and eventually gain an in-depth understanding on the technical aspects of these programs. At the end of this lab, students should be able to write their own sniffing and spoofing programs.

Tasks (English) (Spanish)

• VM version: This lab has been tested on our SEED Ubuntu-20.04 VM
• Lab setup files
  • Labsetup.zip
  • Labsetup-arm.zip (for Apple Silicon machines)
• Manual:: Docker manual

Time (Suggested)

• Supervised (closely-guided lab session): 3 hours
• Unsupervised (take-home project): 1 week

SEED Videos

• Udemy: Internet Security: A Hands-on Approach (§ 2)
• Identical videos are available on NetEase (for Mainland China)

SEED Books (English) (Chinese)

• Computer & Internet Security: A Hands-on Approach, 3rd edition (§ 19)
• Internet Security: A Hands-on Approach, 3rd edition (§ 1, 4)

Additional Reading

• Programming with pcap
• Programming with Libcap - Sniffing the network from our own applicaiton by Luis Martin Garcia.

Feedback and Help