ECE 5600 Project (Phase 1)

OBJECTIVES
1. Become familiar with Wireshark, Linux OS and virtual machine (VM).
2. Learn how to capture traffic and use C/C++ programming in a Linux OS environment.
3. Learn how to customize a Wireshark filter to capture and analyze data frames.

BACKGROUND
During the course of this semester, we will implement TCP/IP protocol stacks using
Linux. Linux allows us to configure a socket in packet mode so we can send and receive
raw packets over Ethernet. We will be able to build up our own network stack without
interfering with normal operation of the network connection. IP addresses have the
following format:
192.168. 56. xxx
You can use the command ifconfig to get the IP address for your machine.

PRE-LAB READING
Chapter 4 P 281-286, P 465-469.

PROJECT PROCEDURE
The following steps outline this project:
1. Obtain the ECE SSD from Heidi in the ECE Store.
2. Log into one of the computers in the lab using your A-number and password. Plug
the SSD into the computer, read the README file in the SSD, which gives you the
information on how to work on a virtual machine (VM). You can get to know more
information about VM from https://www.virtualbox.org/.
If you work on your own computer, you may need to install Oracle VirtualBox
 software on your own computer. Only Windows OS has been tested. If your
VirtualBox cannot open the VM, please read README file.
3. To facilitate you to work on VM , you will need to allow bidirectional drag-and-drop
operation

And also for our lab experiment, you will need to clone another VM, which can be
done as follows (also see the pictures)
1. Go to Machine menu, click Clone.
2. Build a folder on SSD named Clone, and select this as clone path, make
“Generate new MAC addresses for all network and adapters” as MAC
Address policy.
3. Clone type set as “Liked clone”.
4. You may log in using ecestudent as the username and usuece as the password if you
have not changed the password from the default setting. The password for sudo
command is also usuece.
5. Do not share your code or data with other students.
6. Get the C++ code for Frame I/O from the course website. Read frameio.h and
frameio.cpp carefully; make sure you understand them for future course projects.
7. Read the example code example1.cpp. This example gives you a template for using
Frame I/O.
8. Run example1.cpp for practice. See the Hints section below for help.
9. Write a program to read an incoming packet (either IP packet or ARP packet) and
print the first 42 bytes in “%02x” format to the terminal. Put a space between each
byte and add a new-line character (\n) after the 22nd and 42nd bytes for clarity.

Separate each set of 42 bytes with a blank line.

10. Run your program and monitor the network traffic. Hint: Network traffic in a public
network could be heavy. Thus if you go to the clone VM and ping your VM you are
 using, please use filter on WireShark to find your printed packet.
11. Each SSD already has installed WireShark. Use command which wireshark to
locate the Wireshark, it should be /user/local/bin/wireshark. If your system does not
have Wireshark, you can install Wireshark and its GUI using sudo yum install

wireshark-gnome in terminal.
12. Run Wireshark. This is a program to monitor network traffic. You can get familiar
with this software by reading the user’s guide carefully. Hint: Use sudo
/user/local/bin/wireshark to run wireshark with admin permissions. Use
Ctrl+Shift+T to open a new tab in the terminal.
13. Start capturing traffic (the device to monitor is probably “enp0s8”; you should check
it by using ifconfig before experimenting with Wireshark). From another machine,
ping your IP address. Observe the packet’s transmission over the network. There are
many unrelated frames captured in Wireshark; you can define a capture filter in
Capture Options or in the Filter bar. Hint: search online for tips for capture filtering
in Wireshark.
14. Stop capturing traffic in Wireshark and use Ctrl+C to terminate your program. Use
Wireshark to find an ARP packet containing your IP address. Select the ARP packet
with your mouse and view the raw data in the bottom window. Screenshot the
Wireshark window showing this data for your report. Hint: Centos has the
screenshot tool.
15. Locate the corresponding packet in your program’s output. Screenshot the terminal
with the corresponding packet highlighted for your report.

REPORT REQUIREMENTS
1. Read the lab report requirements from the syllabus carefully.
2. Screenshot the Wireshark window (with detailed output text in the bottom window)
and your command window’s output after you successfully capture the frames and
compare the two frames.
3. Be sure to add your lab partner’s name in the report.
4. Online submissions only. Please submit all your files in a .zip or .rar folder with your
name and A number in the file name.

Project due date: Sep 25, 2021

 Hints for Project 1
In order to understand Project 1, you need to have some knowledge on Ethernet frames.
Ethernet frame formatting is shown in Figure 1. The preamble is omitted since it is used
for synchronization.

Figure 1 Ethernet frame formatting.

The MAC header contains three parts with a total length of 14 bytes: Destination MAC
address, Source MAC address and frame type. Here, frame type (Ether Type) indicates
the payload data type. Two common types are 0x0800 (IP) and 0x0806 (ARP).

You need to output the MAC header (14 bytes) and the first 28 bytes from the payload in
Project 1.

For practice run example1.cpp first:

1) Find the network interface name by using the ifconfig command in your terminal.
2) Use your network interface name to replace the name in example1.cpp. The old
name is "eth1" in the main function.
3) Compile the code by running g++. Run "g++ example1.cpp frameio2.cpp

util.cpp -lpthread -o out" from the terminal. You can search online for better
understanding of the g++ compiler.
4) Run the executable “out” you created using sudo ./out in the terminal. Hint:
Remember sudo enables admin permissions.

You should see this example code capturing IP and ARP frames. Hint: If there is no
traffic information, make sure you changed the interface name. If there is still no output,
ping your machine from the cloned VM.

For your own program you can borrow code pieces from example1.cpp.
1. Define a frameio structure.
2. Open the interface.
3. Use a while loop to receive frames. If the frame length is less than 42, discard it.
4. Print the first 42 bytes with a space between each byte, and add a new line after 22
bytes for extra clarity. Add a blank line between each set of 42 bytes. Hint: use \n.