Packet Sniffer using Multicore programming - WordPress.com · Packet Sniffer using Multicore...
-
Upload
truongtuyen -
Category
Documents
-
view
244 -
download
0
Transcript of Packet Sniffer using Multicore programming - WordPress.com · Packet Sniffer using Multicore...
Packet Sniffer using Multicore programming
By B.A.KhivsaraAssistant Professor
Computer DepartmentSNJB’s KBJ COE,Chandwad
Outline
Packet Sniffer
Multicore
Command for CPU info
Program in Python
Packet Sniffer Definition:
A packet sniffer is a wire-tap device that plugs into computer networks and listens to the network traffic.
What are the components of a packet sniffer?
1. Hardware : standard network adapters .
2. Capture Filter : This is the most important part . It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer.
3 Buffers : used to store the frames captured by the Capture Filter .
What are the components of a packet sniffer?
4. Real-time analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection.
5. Decoder : "Protocol Analysis" .
How does a Sniffer Work?
Sniffers also work differently depending on the type of network
they are in.
Shared Ethernet
Switched Ethernet
How can you detect a packet sniffer?
Ping method
ARP method
DNS method
Packet Sniffer Mitigation
The following techniques and tools can be used to mitigate
sniffers:
Authentication
Switched infrastructure
Antisniffer tools
Cryptography
Host A Host BRouter A Router B
Top Packet Sniffers
Wireshark
Kismet
Tcpdump
Cain and Abel
Ettercap
Dsniff
NetStumbler
Ntop
Ngrep
What are sniffers used for?
Detection of clear-text passwords and usernames from the network.
Conversion of data to human readable format so that people can read the traffic.
Performance analysis to discover network bottlenecks.
Network intrusion detection in order to discover hackers.
Outline
Packet Sniffer
Multicore
Command for CPU info
Program in Python
Multi-core processors
Growth With each new generation of processors
Smaller size Faster
Increased heat
dissipation
Greater Consumption
of power
Single Core Performance
Technique used to increase single core performance was Pipelining
Single Core continued
Another technique was multithreading
• Multithreading involves execution of two separate threads.
• Time is divided and interlaced between the two threads in order to simulate simultaneous execution
Problems with Single Core
To execute the tasks faster you must increase the clock time.
Increasing clock times too high drastically increases power consumption and heat dissipation to extremely high levels, making the processor inefficient.
Multi Core solution
Creating two cores or more on the same Die increases processing power while keeping clock speeds at an efficient level.
A processor with 2 cores running at efficient clock speeds can process instructions with similar speed to a single core processor running at twice the clock speed, yet the dual core processor would still consume less energy.
Multi-Core Advantages
While working with many threads, a Multi Core processor with n cores can execute n threads simultaneously by assigning a core to each thread.
A Single core processor must multithread with every single thread.
Other Incentives
The name “core dual” and similar names are good for marketing.
It has lower manufacturing costs.
Uses proven processor designs.
Implementations
shared memory model
all cores share the same cache
memory.
distributed memory model
each core has its own cache
memory.
Implementations continued
The Intel core duo design has a separate L1 cache memory for each core, but both cores share an L2 cache.
Problems with multi core processors
Memory/Cache coherence. As
mentioned earlier, some implementations have
distributed L1 caches but must share an L2 cache. This poses the problem
of making sure each core keeps the other updated with changes in the data
in its own cache.
Multi threading is also a problem when the software being run is not
designed to take advantage of the multi
core processor. This may mean that one core does most of the work which
means that the processor is running no more efficiently than a
single core.
Outline
Packet Sniffer
Multicore
Command for CPU info
Program in Python
Linux commands for CPU info
• Shows no of processing units availablenproc
• Shows CPU architecture information in human readable formlscpu
• Contains information about individual core/proc/cpuinfo
Outline
Packet Sniffer
Multicore
Command for CPU info
Program in Python
Practical in Python: Prerequisite
install scapy by
sudo apt-get install scapy
Practical in Python
from scapy.all import *
import hashlibimport osimport sysimport timeimport multiprocessing
Practical in Pythondef pkt_callback(pkt):
print "\n\n"pkt.show() # debug statement
def sniffing(filter_1,core):print "\n######## " + core + " ############\n"sniff(prn=pkt_callback, filter=filter_1, count=5)
if __name__=='__main__':coreOne = multiprocessing.Process(target=sniffing("tcp","Core 1"))coreOne.start()
coreTwo = multiprocessing.Process(target=sniffing("udp","Core 2"))coreTwo.start()
How to run Program?
sudo python sniffer.py