Courses/CS 491ab/Winter 2008/Peiling ChangChien

From CSWiki

Jump to: navigation, search

ChangChien User:Peiling ChangChien

Contents

[edit] Week 1 - January 4, 2008

[edit] Week 2 - January 11, 2008

1. Winsock Packet Editor 

 A.	Winsock Packet Editor(WPE) is a packet sniffing or editing tool.
 B.	It allows modification of data at TCP level.
 C.	We can select a running process from the memory and modify the data sent by it before it reaches the destination.

2. JSSE (Java Secure Socket Extension) 

 A.	Download JDK6 from http://java.sun.com/javase/downloads/index.jsp and install it
 B.	Download eclipse SDK from http://www.eclipse.org/downloads/ and install it
 C.	Read the downloading and installing JSSE from http://www.onjava.com/pub/a/onjava/2001/05/03/java_security.html
 D.	Test my JSSE installation by running the example from above link.

3. Jpcap (Java library for capturing and sending network packets) 

 A.	Download the latest version from http://netresearch.ics.uci.edu/kfujii/jpcap/doc/download.html
 B.	Read the installation http://netresearch.ics.uci.edu/kfujii/jpcap/doc/install.html
 C.	Download and install WinPcap from http://www.winpcap.org/install/default.htm
 D.	Read the tutorial pages and try the examples

 import java.io.IOException;
 import jpcap.NetworkInterface;
 import jpcap.NetworkInterfaceAddress;
 import jpcap.JpcapCaptor;
 public class jpcapTest {
	public jpcapTest(){
 		NetworkInterface[] devices = JpcapCaptor.getDeviceList();
		for (int i = 0; i < devices.length; i++) {  
   			System.out.println(i+": "+devices[i].name + "(" + devices[i].description+")");  
   			System.out.println(" datalink: "+devices[i].datalink_name + "(" + devices[i].datalink_description+")");  
     			System.out.print(" MAC address:");  
     			for (byte b : devices[i].mac_address)    
 				System.out.print(Integer.toHexString(b&0xff) + ":");  
 			System.out.println();  
     			for (NetworkInterfaceAddress a : devices[i].addresses)
   				System.out.println(" address:"+a.address + " " + a.subnet + " "+ a.broadcast);
       			}
   		try{
       	  	   	JpcapCaptor captor=JpcapCaptor.openDevice(devices[1], 65535, false, 20);
      			for(int i=0;i<10;i++){  
     				System.out.println(captor.getPacket());
   				}
   			captor.close();
   		}catch(IOException ioe){
   			System.out.println(ioe.getMessage());
       		}	
   	}	
    	 public static void main(String[] args) {
    		 new jpcapTest();
   	 }
}

[edit] Week 3 - January 18, 2008

This week, I try to understand how Networking works. (http://www.petri.co.il/osi_concepts.htm) OSI Basic Reference Model.

Layer 1 - Physical 

 •	Transmits raw bit stream over physical cable 
 •	Defines cables, cards, and physical aspects 
 •	Defines NIC attachments to hardware, how cable is attached to NIC 
 •	Defines techniques to transfer bit stream to cable

Layer 2 - Data Link 

 •	Turns packets into raw bits 100101 and at the receiving end turns bits into packets. 
 •	Handles data frames between the Network and Physical layers 
 •	The receiving end packages raw data from the Physical layer into data frames for delivery to the Network layer 
 •	Responsible for error-free transfer of frames to other computer via the Physical Layer 
 •	This layer defines the methods used to transmit and receive data on the network. It consists of the wiring, the devices use to connect the NIC to the wiring, the signaling involved to transmit / receive data and the ability to detect signaling errors on the network media

Layer 3 - Network 

 •	Translates logical network address and names to their physical address (e.g. computername ==> MAC address) 
 •	Responsible for 
   o	addressing 
   o	determining routes for sending 
   o	managing network problems such as packet switching, data congestion and routing 
 •	If router can’t send data frame as large as the source computer sends, the network layer compensates by breaking the data into smaller units. At the receiving end, the network layer reassembles the data 
 •	Think of this layer stamping the addresses on each train car

Layer 4 - Transport 

 •	Additional connection below the session layer 
 •	Manages the flow control of data between parties across the network 
 •	Divides streams of data into chunks or packets; the transport layer of the receiving computer reassembles the message from packets 
 •	A train is a good analogy => the data is divided into identical units 
 •	Provides error-checking to guarantee error-free data delivery, with on losses or duplications 
 •	Provides acknowledgment of successful transmissions; requests retransmission if some packets don’t arrive error-free 
 •	Provides flow control and error-handling

Layer 5 - Session 

 The session protocol defines the format of the data sent over the connections. The NFS uses the Remote Procedure Call (RPC) for its session protocol. RPC may be built on either TCP or UDP. Login sessions uses TCP whereas NFS and broadcast use UDP.

Layer 6 - Presentation 

 External Data Representation (XDR) sits at the presentation level. It converts local representation of data to its canonical form and vice versa. The canonical uses a standard byte ordering and structure packing convention, independent of the host.

Layer 7 - Application 

 Provides network services to the end-users. Mail, ftp, telnet, DNS, NIS, NFS are examples of network applications.

----------------------------------------------------

Then, I tried to use Jpcap Labrary and their example of sniffing program.

[edit] Week 4 - January 25, 2008

This week, I tried to see different packet capture library and Application programming interface. I haven’t done any code this week.

Jacap is based on WinCap library. WinPcap is the industry-standard tool for link-layer network access in Windows environments. It allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture. And it is open source. It has a particular documeation. However, it still can’t modify packets.

NetBee is a new library intended for several types of packet processing, such as packet sniffing and filtering, packet decoding, and packet manipulation. On the other hand, maybe this library is the right one I can use to achieve my goal. However, after I read the description of each NetBee module and look around its classes. It still can’t modify an existent socket.

Winsock is an API which defines a standard interface between a Windows TCP/IP client application and the underlying TCP/IP protocol stack. It is based on BSD sockets, and it supports stream and datagram model. There are four kinds of functions. 

Socket Functions
Microsoft WinSock Extended Functions
Conversion Functions
Database Functions

The Java Native Interface (JNI) is a programming framework that allows Java code running in the Java virtual machine (JVM) to call and be called[1] by native applications and libraries written in other languages, such as C, C++ and assembly. So next week, I will work on how to use Winsock API in java.

[edit] Week 5 - February 1, 2008

This week, I started to consider my project carefully. So, I tried to look around different sniffing tools. 

1. JpcapDumper: regular sniffing tools in java
2. Smartsniff: regular sniffing tools in win32
3. WinAircrackPack: depends on your network card. turn your network to listening mode to capture every single packet in the air.

However, I have never seem any tools can capture packet for a specify program which is running. A dumper can capture the specify packets of a specify program whould be a usefull tool for programmers.

[edit] Week 6 - February 8, 2008

This week, I tried to think what my project will be. The first idea of my project will be the extended library of Jpcap 

1. documentation of the Jpcap:
 Class JpcapCaptor
  openFile(java.lang.String filename) : Opens a dump file created by tcpdump or  Ethereal, and returns an instance of this class.
  openDevice(NetworkInterface intrface, int snaplen, boolean promisc, int to_ms): Opens the specified network interface, and returns an instance of this class.

2. Extended methods for JpcapCaptor
  openWinProcess: open an existent socket for a specific running program, but this program has to be based on winsock.

3. Class JpcapSender
  openDevice(NetworkInterface device):Initializes a network interface for sending a packet, and returns an instance of this class.
  sendPacket(Packet packet): Sends a packet.

4. Extended method for JpcapSender
  openWinProcess: open an existent socket for a specific running program, but this program has to be based on winsock.
  sendWinPacket(winsock ID): Send a packet by the existent winsock

Purpose of the extended library
Packets analyzer 
Decode packets
Network limiter: http://www.netlimiter.com/ 
Plug-in tools: http://www.msgpluslive.net/ http://www.stuffplug.com/

[edit] Week 7 - February 15, 2008

no class

[edit] Week 8 - February 22, 2008

Packets analyzer 

1.	Add the functions to Jpcap library to capture packets into separate streams.
2.	Add the functions to Jpcap library to change the information into the packets from a specific socket.
3.	Capture every stream from each running program, and summarize the flow of each socket.
4.	Summarize the total flow from the running programs.
5.	We can set a filter for each stream to filter the packets.
6.	Analyze the flow of different packets such as POP3, Http, FTP and so on.

Image:PacketsAnalyzer.jpg

[edit] Week 9 - February 29, 2008

Menu

1. File: Open, Save, Save as…


2. Capture: Start, Stop


3. Statistics: 

A. All

Image:week8-1.jpg 

B. Transport Layer Protocol

Image:week8-2.jpg 

C. Application Layer Protocol

Image:week8-3.jpg Image:week8-4.jpg 

D. Network Layer Protocol

Image:week8-5.jpg


4. Filter 

A. IPv4
B. IPv6
C. ARP/RARP
D. TCP
E. UDP
F. ICMP
G. HTTP
H. FTP
I. Telnet
J. SMTP
K. POP3
L. User define

Image:week8-6.jpg

[edit] Week 10 - March 7, 2008

working on final report.

[edit] Final Report

[edit] Brief project description

A JAVA application that can capture, edit and analyze packets into different classification. It will be based on Jpcap library which is open source with several extended classes I am working on. In short, the final program will be a packets analyzer and editor.

[edit] Anticipated users

The users will be JAVA programmers who want to develop Internet applications such as a Dynamic Web Server, a FTP tool, a game robot, a plugin for internet programs and so on.

[edit] Main conceptual objects

The main characters in a packets analyzer and editor:
  • packets
  • applications: running programs
  • processes
  • socket: winwocket
  • packets streams
  • programs that generate packet streams: packets editor and replacer
  • programs that capture packets
  • pickets analyzer
    • chart: pie chart and bar chart show the distribution of your internet use
    • OSI Model:
      • Transport Layer Protocol: UDP/IP, TCP/IP, ICMP
      • Application Layer Protocol: HTTP, FTP, SMTP, POP3
      • Network Layer Protocol: IPv4, IPv6, ARP/RARP

[edit] Primary conceptual operations

The main operations are to capture packets and anlyze them.
  • analyze the total flow of packets
  • analyze the flow of packets for each running probram in the computer
  • analyze the packets into the application classification which they belong to
  • Use simple table and chart to show the distribution of packets by different classification such as OSI Model, protocol, application, process and socket.
  • Interrupt the packets in a existent socket between the server and the client. For example, you create a packets stream, and then the program will use the same socket ID to send it.
  • substitute packets automatically in a existent socket. For example, you set a replacer that can change the packets stream from "abc" to "def", and then send it.

[edit] Why I am interested in this project

Curiousness is a human being. I had being an Internet programer in my country for two years. As an Internet programmer, every time when I see a Internet program, I am always curious about how they make it work and if I can do the same thing or make it better. For example, I had played a online game with a robot last year. The robot which I tried had to pay for it. As a result, I wanted to have a better and free robot for the game, but the problem was I didn't know how the game communicate with the game server.

[edit] Status

1. I have researched on the library and technique I have to use.
  • extend Jpcap library
    • Add the functions to Jpcap library to capture packets into separate streams.
    • Add the functions to Jpcap library to change the information into the packets from a specific socket.
  • understand Winsock API and implement in JAVA by using Java Native Interface.
2. Consider the functions my project should have
  • Capture every stream from each running program, and summarize the flow of each socket.
  • We can set a filter to capture the packets we only need.
  • We can set a sender into a socket to interrupt a existent socket.
  • We can set a replacer into a socket to substitute packets.
  • detailed classification
    • Analyze packets into different layers such as Transport Layer, Application Layer, Network Layer Protocol
    • Analyze packets into different protocol such as POP3, Http, FTP and so on.
    • Analyze packets into different applications, processes and sockets.
  • using charts to show the distribution of packets
    • Pie chart
    • Bar chart

Now, I am working on designing GUI and extending Jpcap library.

Retrieved from "http://cs.calstatela.edu/wiki/index.php/Courses/CS_491ab/Winter_2008/Peiling_ChangChien"