Suzanne J. Matthews and David R. Raymond
Department of Electrical Engineering & Computer Science
United States Military Academy - West Point
This assignment (orginally organized as a lab) highlights the the real-world dangers of packet-sniffing by enabling students to analyze a packet capture (PCAP) file using the Scapy package in Python. The PCAP file purportedly contains the packets of four individuals working in a coffee shop. The end goal is for the students to discover as much information they can about the four individuals whose packets were sniffed. This includes passwords, potential occupations, e-mail contents, and other sensitive topics.
Scapy starter code is provided. Students only need basic Python parsing skills (string, lists) to analyze the packet capture files.
|Summary||Packet Sniffing in Python --After a discussion of how information is transferred across wireless vs wired networks and the legality/ethics of wireless packet sniffing, students write Python code (mostly simple string matching and lists manipulation) to extract and inspect information from a packet capture file that was created artificially in a sandboxed network.|
||Compare and contrast how information is sent in a wired vs a wireless network.
Define and discuss packet sniffing.
Use the Scapy package to analyze packets stored in a PCAP file.
Motivate the need for data encryption.
Python topics: string parsing and lists and dictionaries.
||Appropriate for CS1 or a later
||This is an intermediate assignment, currently implemented in my course as a 2-hour lab. If impelmented as an assignment, I recommend that students be given a week to complete it.
||High Impact lab -- conveys to students the dangers of unsecured wireless networks, and how easy it is to steal/scrape personal information through a packet capture.
Most students prior to the lab had never heard of packet captures or packet sniffing. It was a very eye-opening experience. They were shocked that they could read e-mails and passwords in plain-text, and log-on to the e-mail accounts with the passwords they had stolen.
||Time should be spent introducing students to basic wireless network and packet concepts. Without a clear understanding of how packets are organized and how information is sent over a wireless network, students will struggle.
Take the time to throughly explain the provided starter code. Students who have not been exposed to lists or dictionaries may have issues understanding the organization of scapy packet objects.
||Requires Python 2.6.6 or later and the scapy package. Students who have basic knowledge of loops, string parsing and lists in Python should have enough knowledge to get started, especially if given the IP subnet. However, a familiarity of dictionaries will help students better understand the organization of Scapy packets.
||Additional packet captures can be made available upon request.
For advanced students: As an extra challenge, I recommend that you NOT give the IP subnet. Instead have them use their knowledge of dictionaries to figure out what the IP addresses of the four users are. Essentially the IPs with the common subnet who are sending and receiving the most number of packets will be that of the individuals in the coffee shop.
An overview of networks and packets can be found in the following slides and instructor handout. I also recorded the following mini video lectures to explain core networking and packet concepts.
So how do we protect ourselves against packet sniffing? The answer is not to simply use password protected wireless networks. Someone who is intent on stealing your data will likely break the password. Once they are in the network, they can then run the packet sniffer and your goose will be cooked.
So what do we do? During the course of the exercise, there is one individual out of the four that we are unable to get any information on. This is because this indivudal is using an encrypted connection, and their packets are all encrypted. Banks, online stores, and other entities that deal with financial transactions on a regular basis open up a secure channel (using SSL) to encrypt the packets prior to sending/receiving them. That is why it is so important that you always check that you are connected to an
https protocal domain before entering password data!
One of the good things that come out of Google's packet sniffing debacle is that all Google searches are now encrypted by default. You can also install third party apps on Firefox such as HTTPS everywher that will open a secure, encrypted session with SSL with whatever website you visit, if an SSL channel is available. I recommend concluding this assignment/lab with a discussion with students what will need to change in order for organizations and governments to adopt packet encryption as mainstream.