Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Packet Sniffing

Avatar for Preetam Jinka Preetam Jinka
September 20, 2014
Programming
250
1

Packet Sniffing

Avatar for Preetam Jinka

Preetam Jinka

September 20, 2014

More Decks by Preetam Jinka

See All by Preetam Jinka
Downsampling, Time Series, and PostgreSQL
Avatar for Preetam Jinka preetamjinka
1
830
Siesta: RESTful Services Made Simple
Avatar for Preetam Jinka preetamjinka
0
130
Time Series Storage @ Data Hackers
Avatar for Preetam Jinka preetamjinka
1
200
Time Series Storage
Avatar for Preetam Jinka preetamjinka
13
2.8k
Intro to (Relational) Databases 2015
Avatar for Preetam Jinka preetamjinka
1
320
Intro to Databases
Avatar for Preetam Jinka preetamjinka
0
200

Other Decks in Programming

See All in Programming
Symfony + NelmioApiDocBundle を使った スキーマ駆動開発 / Schema Driven Development with NelmioApiDocBundle
Avatar for Shohei Okada okashoi
0
250
「効かない!」依存性注入(DI)を活用したAPI Platformのエラーハンドリング奮闘記
Avatar for Maki Hayashi mkmk884
0
280
AI-DLC 入門 〜AIコーディングの本質は「コード」ではなく「構造」〜 / Introduction to AI-DLC: The Essence of AI Coding Is Not “Code” but “Structure”
Avatar for shiro seike seike460
PRO
0
120
Codex の「自走力」を高める
Avatar for yorifuji yorifuji
0
1.3k
Laravel Nightwatchの裏側 - Laravel公式Observabilityツールを支える設計と実装
Avatar for Ryuta Hamasaki avosalmon
1
270
今年もTECHSCOREブログを書き続けます!
Avatar for 平奥真一(ひらおくしんいち) hiraoku101
0
200
AI時代の脳疲弊と向き合う ~言語学としてのPHP~
Avatar for Sakurai sakuraikotone
1
1.6k
Claude Code Skill入門
Avatar for maya mayahoney
0
450
最初からAWS CDKで技術検証してもいいんじゃない?
Avatar for アキキー | Akihisa Ikeda akihisaikeda
4
180
AWS×クラウドネイティブソフトウェア設計 / AWS x Cloud-Native Software Design
Avatar for nrs nrslib
16
3.5k
どんと来い、データベース信頼性エンジニアリング / Introduction to DBRE
Avatar for nnaka2992 nnaka2992
1
350
Redox OS でのネームスペース管理と chroot の実現
Avatar for isan isanethen
0
480

Featured

See All Featured
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
190
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
247
13k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.6k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
199
73k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
528
40k
SEO in 2025: How to Prepare for the Future of Search
Avatar for Michael King ipullrank
3
3.4k
The Illustrated Guide to Node.js - THAT Conference 2024
Avatar for David Neal reverentgeek
1
320
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
97
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.8k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
260
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.4k

Transcript

  1. Packet Sniffing Preetam Jinka (@preetamjinka) beCamp 2014 Intro to

  2. Code examples https://github.com/PreetamJinka/packet-sniffing

  3. Background What’s a socket? What’s a packet?

  4. Background What’s a socket? They’re basically channels for packets to

    travel across. What’s a packet? The fundamental unit of data in networking. A chunk of bytes, perhaps.
  5. None

  6. • Datagram (e.g. UDP) • Stream (e.g. TCP) • Raw

    ◦ “It’s RAW!” Types of sockets

  7. The socket() syscall “ socket() creates an endpoint for communication

    and returns a descriptor. int socket(int domain, int type, int protocol); ”

  8. TCP and UDP are complicated, right? • TCP ◦ Stateful

    ◦ Connections ◦ Ports • UDP ◦ Stateless ◦ Ports
  9. None

  10. Abstractions make sockets simpler. Your programming environment takes care of

    setting up sockets. You just have to send data. The packets are constructed for you (by the OS).

  11. TCP sockets in Node.js var net = require('net'); var server

    = net.createServer(function (socket) { socket.write('Echo server\r\n'); socket.pipe(socket); }); server.listen(1337, '127.0.0.1');

  12. When a socket is bound to an address:port, it only

    receives data sent to that address:port. The kernel manages that for you.

  13. Let’s rip away the abstractions. Make things RAW!

  14. Let’s make a RAW socket (in Go). Demo #1.

  15. What are we seeing?

  16. Protocol decoding It’s protocols all the way down! (Interesting computer

    science problems.)

  17. Applications

  18. Applications

  19. Let’s decode ethernet (and others) Demo #2.

  20. Issue #1 We see everything, but we don’t want to.

    Solution? Filter.

  21. Filtering

  22. Let’s filter by a port. Demo #3.

  23. Payloads We’ve only been looking at headers. Let’s read the

    rest of the packet.

  24. TCP Payloads Demo #4.

  25. What else can we do? Look at TCP flags. SYN

    but not ACK => connection opened FIN and ACK => connection closed

  26. Caveats We’re not considering connection states. SSL/TLS? Resource utilization (how

    fast can we sniff?)

  27. Caveats We’re not considering connection states. SSL/TLS? Resource utilization (how

    fast can we sniff?) If you’re not reading from the socket fast enough, the kernel buffer fills up and it will drop packets.

  28. Technique: sampling If you only want a representative sample, pick

    1 in N packets. Ignore the rest. Upside: monitor lots of network traffic Downside: not accurate (See me if you want to learn about sFlow)

  29. Sampling demo “topflows” https://github.com/PreetamJinka/flowtools/tree/master/topflows Very easy to turn this into

    a DDoS detector.

  30. More fun ideas You can read from raw sockets, but

    you can also write to raw sockets. Construct your own Ethernet, IP, and TCP/UDP packets! Write your own protocol on top of IPv4/IPv6!

  31. Questions?

  32. https://www.flickr.com/photos/qwrrty/2791283248/ https://vividcortex.com/blog/2014/07/25/prepared-statement-samples/ http://snmp.co.uk/scrutinizer/main.htm Wikipedia for the diagrams Photo credits