C Programming Assignment, files attached. Program 3 is a continuation of program 2, I did bad on program 2 so I am starting from scratch.Rubric for Program 3 is as follows:5 points - Name, netid, Spring 2020, and submission data at the top of the file5 points - Code compiles properly, warnings have been resolved5 points - All ethernet fields are printed and correct5 points - All ARP fields are printed and correct (including any data and/or padding in the packet)10 points - All IP fields are printed and correct5 points - If IP is ICMP, ICMP fields are printed and are correct (including any data and/or padding in the packet)5 points - If ICMO, parameters are printed properly - use the table in the book (i.e. if it's an ID and Seq #, it is printed as such)10 points - If IP is TCP, TCP fields are printed and are correct (including any data and/or padding in the packet)5 points - If IP is not IMCP or TCP, packet data is still printed but just as hex values10 points - Any options fields are printed as options, not included in the data field10 points - All DNS packets are detected, no non-DNS packets are counted as DNS packets15 points - SMTP is decoded and printed properly, payload in ASCII15 points - POP is decoded and printed properly, payload in ASCII15 points - MAO is decoded and printed properly, payload in ASCII15 points - HTTP is decoded and printed properly, payload in ASCII5 points - Packet counts are displayed and correct5 points - Printouts are readable and formatted nicely5 points - Code is well-formatted, readable, and well commented
Program 2 ©[email protected] This document may not be posted on homework sites such as Course Hero. Express written consent required to copy, modify and distribute, or upload this document in any manner. The goal of Program 2 is to take a network packet, examine its hexadecimal values, and decode those values to see what they tell you about the packet itself. You will use the Kali VM and netdump files as you did in Program 1. You will be adding code to netdump.c. General Notes: • You will add code to the function/routine raw_print(). This is where you will parse the packets – it is executed every time a new packet is captured. For example, to print out the number of IP packets you would declare a global variable that increments the number of IP packets seen and prints this number in the raw_print() routine. o the packet is contained in the array p where p[0] is the first byte of the HW destination address o caplen is the length of the packet • You will add code to the function/routine program_ending(). This is where you will put your final counts – it is executed only when you stop the program. • You do not add code to any function/routine other than raw_print() and program_ending(). • The function/routine default_print() prints the original packet out in hex. You can use this function to decode a packet by hand to see if your print statements are accurate. • You may create global variables when needed • You may create helper functions within netdump.c. • Please do not create files or make changes in files outside of netdump.c. • Only well-known port numbers will be used. • Canvas will sometimes rename the file netdump.c to something like netdump-1.c and this is ok. Reminders: To start the program, type sudo ./netdump and to end the program, press Ctrl+C. If you make any changes in netdump.c, you must call make netdump to compile the changes. It might be useful to pipe your output to a text file so you can run the code for a while and then use the find function to locate specific packets (sudo ./netdump > yourfile.txt). You can always open the text file from the GUI file folder system – you don’t need to do this in the terminal. Make sure you use Ctrl+C to stop netdump or you risk filling up your disk space and crashing your VM. If, for some reason, you are starting netdump from scratch and not from Program 1, make sure you have made the changes noted in Program 1 for bmf_dump. You also need to have the pcap library installed. Steps to Complete: 1. Ethernet Header • In raw_print(), decode and print the Ethernet header. • Print the destination and source addresses using colons (e.g. Destination Address= 00:16:22:F3:33:45). [Decode & print means look at pages 98-100 to see the fields are in an Ethernet packet, what information the fields contain, and how long the fields are.] To help you get started, this line of code will print out the HW destination address: printf(“DEST Address = %02X:%02X:%02X:%02X:%02X:%02X\n”, p[0], p[1],p[2],p[3],p[4],p[5]); 2. Ethernet Header Continued • Print the Ethernet type/length field as Type = (hex value) or Len = (in decimal). To help you get started, this line of code will print the type/length field uint16_t e_type; //this goes after u_int caplen = h->caplen; e_type = p[12] * 256 + p[13]; printf(“E_Type = 0x%04X ”, e_type); ©[email protected] This document may not be posted on homework sites such as Course Hero. Express written consent required to copy, modify and distribute, or upload this document in any manner. Important information to understand about Steps 1 & 2: Please recognize that p is just an array. You only need very basic programming skills to access the contents of the array p to complete the program. You will need to access each element in the array separately. The information in the packet is being passed to the raw_print method in netdump.c as an array of type const u_char *p. The ‘const’ keeps the array value from being accidentally changed in the code. A ‘u_char’ is an unsigned character. In C, the type u_char has a storage size of 8 bits. Since p is an array, it is an array of u_chars. That means each position in the array is a u_char that is 8 bits long (this concept is important when we start grabbing data from the array, e.g. p[13] has a storage size of 8 bits or 1 byte and p[20] and p[21] together would be 16 bits or 2 bytes). We also see the type uint16_t. This is just an unsigned integer that is 16 bits long. Throughout your careers, you may also see uint8_t, uint32_t, uint64_t, etc. that represent unsigned integers that are 8 bits, 32 bits, 64 bits, etc. The variable e_type in the provided code is a uint16_t type. That means e_type has a storage size of 16 bits. When we go to grab p[12] to store into e_type, we need to grab p[13] too because we are wanting to store 16 bits of information into e_type (remember, p[12] and p[13] are each 8 bits, totaling 16 bits together). If you are not familiar with C data types, TutorialsPoint has a good explanation of them. Combining two array elements can be done in the following manner: e_type = p[12] * 256 + p[13]; The * 256 operation simply takes the bits of p[12], bit shifts them to the left and then the addition tacks on p[13], so everything is in the order we expect. When printing in C, you’ll notice the code given has %02x and %04x. In C, the % is used for printing data types. %04x is a format specifier telling it to print the data type as a hex value with 4 digits (i.e. if the value isn’t big enough for 4 digits, then it will put 0s in front of it to make it 4 digits long). printf(“E_Type = 0x%04X ”, e_type); Looking at 0x%04X, the 0x signifies the output is in hex; the %04X is a format specifier that prints the e_type as 4 hex values. Since e_type is a uint16_t, this will print something like “Type = 0x0806”. You could achieve the same result using printf(“Type=0x%04X“, p[12]*256 + p[13]); 3. Ethernet Header Continued • Print the Ethernet protocol being used. E.g. If the type is 0x0800, print something like “Payload = IPv4”. The type field is 2 bytes in size. Yes, Figure 5.9 says 1 byte, but it is 2 bytes. To help you get started, this line of code will print if the payload is IP: if (e_type == 0x0800){ printf(“ -> IPv4\n”); } 4. ARP Header • Decode and print the ARP header and ARP request and reply headers using the information about ARP packets and their fields in your textbook. • Print the IP addresses in standard notation (e.g. 129.186.215.40). • Print remaining values in the packet as hex values (for some packets, like ARP, you will see padded 0s – these are to ensure the Ethernet packet meets its minimum required size and should be printed out too). • Reminder: Don’t forget to add comments to the code as you go – use good programming techniques! **At this point, if you need help understanding what is happening in steps #1-5, please ask the professor or TA. We’re here to help you. This is not meant to be a difficult programming assignment. <->