In this lab, we will analyze the pcap data. The file two.pcap simply contains two ping packets as shown below:


Here's the contents of the file: 
$ hexdump -C two.pcap
00000000  d4 c3 b2 a1 02 00 04 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 04 00 01 00 00 00  68 35 ba 60 d5 14 02 00  |........h5.`....|
00000020  62 00 00 00 62 00 00 00  00 00 00 00 00 00 00 00  |b...b...........|
00000030  00 00 00 00 08 00 45 00  00 54 cd 04 40 00 40 01  |......E..T..@.@.|
00000040  6f a2 7f 00 00 01 7f 00  00 01 08 00 49 80 00 01  |o...........I...|
00000050  00 01 68 35 ba 60 00 00  00 00 cb 14 02 00 00 00  |..h5.`..........|
00000060  00 00 10 11 12 13 14 15  16 17 18 19 1a 1b 1c 1d  |................|
00000070  1e 1f 20 21 22 23 24 25  26 27 28 29 2a 2b 2c 2d  |.. !"#$%&'()*+,-|
00000080  2e 2f 30 31 32 33 34 35  36 37 68 35 ba 60 db 14  |./01234567h5.`..|
00000090  02 00 62 00 00 00 62 00  00 00 00 00 00 00 00 00  |..b...b.........|
000000a0  00 00 00 00 00 00 08 00  45 00 00 54 cd 05 00 00  |........E..T....|
000000b0  40 01 af a1 7f 00 00 01  7f 00 00 01 00 00 51 80  |@.............Q.|
000000c0  00 01 00 01 68 35 ba 60  00 00 00 00 cb 14 02 00  |....h5.`........|
000000d0  00 00 00 00 10 11 12 13  14 15 16 17 18 19 1a 1b  |................|
000000e0  1c 1d 1e 1f 20 21 22 23  24 25 26 27 28 29 2a 2b  |.... !"#$%&'()*+|
000000f0  2c 2d 2e 2f 30 31 32 33  34 35 36 37              |,-./01234567|
000000fc

[35pts] Part 1: Raw Packet Extraction

Refer to the lecture notes on OSI protocol stack and PCAP analysis.

Your Task

Sample run: 


>>> data = open("two.pcap", "rb").read()
>>> import lab03
>>> lab03.showpkts(data)
data:
00 00 00 00 00 00 00 00  00 00 00 00 08 00 45 00
00 54 cd 04 40 00 40 01  6f a2 7f 00 00 01 7f 00
00 01 08 00 49 80 00 01  00 01 68 35 ba 60 00 00
00 00 cb 14 02 00 00 00  00 00 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d  1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d  2e 2f 30 31 32 33 34 35
36 37

data:
00 00 00 00 00 00 00 00  00 00 00 00 08 00 45 00
00 54 cd 05 00 00 40 01  af a1 7f 00 00 01 7f 00
00 01 00 00 51 80 00 01  00 01 68 35 ba 60 00 00
00 00 cb 14 02 00 00 00  00 00 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d  1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d  2e 2f 30 31 32 33 34 35
36 37

>>>

Notes

[35pts] Part 2: Peeling the Onion: Extract Ethernet Header Information

Refer to the lecture notes on OSI protocol stack and PCAP analysis.

Your Task

A sample run: 

>>> import lab03
>>> data = open("udp.pcap", "rb").read()
>>> lab03.showpkts_Eth(data)
Dst-MAC= 01:00:5e:00:00:fb
Src-MAC= 08:00:27:f3:5c:ca
Type= 08 00
data:
45 00 00 49 ba 01 40 00  ff 11 73 f7 c0 a8 ac 06
e0 00 00 fb 14 e9 14 e9  00 35 86 8c 00 00 00 00
00 02 00 00 00 00 00 00  05 5f 69 70 70 73 04 5f
74 63 70 05 6c 6f 63 61  6c 00 00 0c 00 01 04 5f
69 70 70 c0 12 00 0c 00  01

Dst-MAC= 08:00:27:f3:5c:ca
Src-MAC= 08:00:27:b3:0c:54
Type= 08 00
data:
45 00 00 25 47 c0 40 00  40 11 19 ac c0 a8 ac 04
c0 a8 ac 06 8d f8 1e c6  00 11 d9 7e 75 64 70 20
74 65 73 74 0a

Dst-MAC= 08:00:27:b3:0c:54
Src-MAC= 08:00:27:f3:5c:ca
Type= 08 00
data:
45 00 00 22 55 bf 40 00  40 11 0b b0 c0 a8 ac 06
c0 a8 ac 04 1e c6 8d f8  00 0e 1c d2 77 6f 72 6b
73 0a 00 00 00 00 00 00  00 00 00 00 00 00

>>>

[20pts] Part 3: Reading Assignment

  1. Click here to download chapter 2 of the following book: 
    Security Engineering, 3rd ed. by Ross Anderson
  2. Read the following:
    • 2.1 Introduction
    • 2.2.1 Five Eyes
    (Eventually, we will finish reading the whole chapter. Expect further reading assignments in later labs.)
  3. In the lab report, give a brief summary of what you read.

[10pts] Lab Report and Submission

Write a lab report by using the provided template.

Your lab report should contain: 
~/bin/submit -c=IT430 -p=lab03 lab03.py lab03_report.docx