Packet Sniffer using Multicore programming By B.A.Khivsara Assistant Professor Computer Department SNJB s KBJ COE,Chandwad
Outline Packet Sniffer Multicore Command for CPU info Program in Python
Packet Sniffer Definition: A packet sniffer is a wiretap device that plugs into computer networks and listens to the network traffic.
What are the components of a packet sniffer? 1. Hardware : standard network adapters. 2. Capture Filter : This is the most important part. It captures the network traffic from the wire, filters it for the particular traffic you want, then stores the data in a buffer. 3 Buffers : used to store the frames captured by the Capture Filter.
What are the components of a packet sniffer? 4. Real-time analyzer: a module in the packet sniffer program used for traffic analysis and to shift the traffic for intrusion detection. 5. Decoder : "Protocol Analysis".
How does a Sniffer Work? Sniffers also work differently depending on the type of network they are in. Shared Ethernet Switched Ethernet
How can you detect a packet sniffer? Ping method ARP method DNS method
Packet Sniffer Mitigation Host A Router A Router B Host B The following techniques and tools can be used to mitigate sniffers: Authentication Switched infrastructure Antisniffer tools Cryptography
Top Packet Sniffers Wireshark Kismet Tcpdump Cain and Abel Ettercap Dsniff NetStumbler Ntop Ngrep
What are sniffers used for? Detection of clear-text passwords and usernames from the network. Conversion of data to human readable format so that people can read the traffic. Performance analysis to discover network bottlenecks. Network intrusion detection in order to discover hackers.
Outline Packet Sniffer Multicore Command for CPU info Program in Python
Multi-core processors
Growth With each new generation of processors Smaller size Faster Increased heat dissipation Greater Consumption of power
Single Core Performance Technique used to increase single core performance was Pipelining
Single Core continued Another technique was multithreading Multithreading involves execution of two separate threads. Time is divided and interlaced between the two threads in order to simulate simultaneous execution
Problems with Single Core To execute the tasks faster you must increase the clock time. Increasing clock times too high drastically increases power consumption and heat dissipation to extremely high levels, making the processor inefficient.
Multi Core solution Creating two cores or more on the same Die increases processing power while keeping clock speeds at an efficient level. A processor with 2 cores running at efficient clock speeds can process instructions with similar speed to a single core processor running at twice the clock speed, yet the dual core processor would still consume less energy.
Multi-Core Advantages While working with many threads, a Multi Core processor with n cores can execute n threads simultaneously by assigning a core to each thread. A Single core processor must multithread with every single thread.
Other Incentives The name core dual and similar names are good for marketing. It has lower manufacturing costs. Uses proven processor designs.
Implementations shared memory model distributed memory model all cores share the same cache memory. each core has its own cache memory.
Implementations continued The Intel core duo design has a separate L1 cache memory for each core, but both cores share an L2 cache.
Problems with multi core processors Memory/Cache coherence. As mentioned earlier, some implementations have distributed L1 caches but must share an L2 cache. This poses the problem of making sure each core keeps the other updated with changes in the data in its own cache. Multi threading is also a problem when the software being run is not designed to take advantage of the multi core processor. This may mean that one core does most of the work which means that the processor is running no more efficiently than a single core.
Outline Packet Sniffer Multicore Command for CPU info Program in Python
Linux commands for CPU info nproc Shows no of processing units available lscpu Shows CPU architecture information in human readable form /proc/cpuinfo Contains information about individual core
Outline Packet Sniffer Multicore Command for CPU info Program in Python
Practical in Python: Prerequisite install scapy by sudo apt-get install scapy
Practical in Python from scapy.all import * import hashlib import os import sys import time import multiprocessing
Practical in Python def pkt_callback(pkt): print "\n\n" pkt.show() # debug statement def sniffing(filter_1,core): print "\n######## " + core + " ############\n" sniff(prn=pkt_callback, filter=filter_1, count=5) if name ==' main ': coreone = multiprocessing.process(target=sniffing("tcp","core 1")) coreone.start() coretwo = multiprocessing.process(target=sniffing("udp","core 2")) coretwo.start()
How to run Program? sudo python sniffer.py