Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Packet Sniffing

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Preetam Jinka Preetam Jinka
September 20, 2014
Programming
250
1

Packet Sniffing

Avatar for Preetam Jinka

Preetam Jinka

September 20, 2014

More Decks by Preetam Jinka

See All by Preetam Jinka
Downsampling, Time Series, and PostgreSQL
Avatar for Preetam Jinka preetamjinka
1
830
Siesta: RESTful Services Made Simple
Avatar for Preetam Jinka preetamjinka
0
130
Time Series Storage @ Data Hackers
Avatar for Preetam Jinka preetamjinka
1
200
Time Series Storage
Avatar for Preetam Jinka preetamjinka
13
2.8k
Intro to (Relational) Databases 2015
Avatar for Preetam Jinka preetamjinka
1
320
Intro to Databases
Avatar for Preetam Jinka preetamjinka
0
200

Other Decks in Programming

See All in Programming
Symfony AI in Action - SymfonyLive Berlin 2026
Avatar for Christopher Hertel chr_hertel
1
140
AIと共に生きる技術選定 2026
Avatar for Sugar Sato sgash708
0
140
Programming with a DJ Controller — not vibe coding
Avatar for seki at druby.org m_seki
3
840
AIを導入する前にやるべきこと
Avatar for Negima negima
2
350
Terraform言語の静的解析 / static analysis of Terraform language
Avatar for Kazuma Watanabe wata727
1
140
Spec Driven Development | AI Summit Vilnius
Avatar for Daniel Sogl danielsogl
PRO
1
150
開発とはなにか、Essenceカーネルで見えるもの
Avatar for ukin0k0 ukin0k0
0
160
JCON - Create Agentic AI Apps, The Easy Way!
Avatar for Kevin Dubois kdubois
1
110
Structured Concurrency, Scoped Values and Joiners in the JDK 25 26 27
Avatar for José josepaumard
1
150
When benchmarks go bad - what I learned from measuring performance wrong
Avatar for Holly Cummins hollycummins
0
380
書籍「ユーザーストーリーマッピング」が私のバイブル
Avatar for asumikam asumikam
4
490
【ディップ|26年新卒研修資料】TDD実装演習
Avatar for ディップ株式会社 dip_tech
PRO
0
180

Featured

See All Featured
Designing Powerful Visuals for Engaging Learning
Avatar for Mike Taylor tmiket
1
360
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.3k
Test your architecture with Archunit
Avatar for Yoan thirion
1
2.2k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
110k
Discover your Explorer Soul
Avatar for Emna emna__ayadi
2
1.1k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
231
23k
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
290
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
1
250
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.6k
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.7k
Amusing Abliteration
Avatar for ianozsvald ianozsvald
1
170

Transcript

  1. Packet Sniffing Preetam Jinka (@preetamjinka) beCamp 2014 Intro to

  2. Code examples https://github.com/PreetamJinka/packet-sniffing

  3. Background What’s a socket? What’s a packet?

  4. Background What’s a socket? They’re basically channels for packets to

    travel across. What’s a packet? The fundamental unit of data in networking. A chunk of bytes, perhaps.
  5. None

  6. • Datagram (e.g. UDP) • Stream (e.g. TCP) • Raw

    ◦ “It’s RAW!” Types of sockets

  7. The socket() syscall “ socket() creates an endpoint for communication

    and returns a descriptor. int socket(int domain, int type, int protocol); ”

  8. TCP and UDP are complicated, right? • TCP ◦ Stateful

    ◦ Connections ◦ Ports • UDP ◦ Stateless ◦ Ports
  9. None

  10. Abstractions make sockets simpler. Your programming environment takes care of

    setting up sockets. You just have to send data. The packets are constructed for you (by the OS).

  11. TCP sockets in Node.js var net = require('net'); var server

    = net.createServer(function (socket) { socket.write('Echo server\r\n'); socket.pipe(socket); }); server.listen(1337, '127.0.0.1');

  12. When a socket is bound to an address:port, it only

    receives data sent to that address:port. The kernel manages that for you.

  13. Let’s rip away the abstractions. Make things RAW!

  14. Let’s make a RAW socket (in Go). Demo #1.

  15. What are we seeing?

  16. Protocol decoding It’s protocols all the way down! (Interesting computer

    science problems.)

  17. Applications

  18. Applications

  19. Let’s decode ethernet (and others) Demo #2.

  20. Issue #1 We see everything, but we don’t want to.

    Solution? Filter.

  21. Filtering

  22. Let’s filter by a port. Demo #3.

  23. Payloads We’ve only been looking at headers. Let’s read the

    rest of the packet.

  24. TCP Payloads Demo #4.

  25. What else can we do? Look at TCP flags. SYN

    but not ACK => connection opened FIN and ACK => connection closed

  26. Caveats We’re not considering connection states. SSL/TLS? Resource utilization (how

    fast can we sniff?)

  27. Caveats We’re not considering connection states. SSL/TLS? Resource utilization (how

    fast can we sniff?) If you’re not reading from the socket fast enough, the kernel buffer fills up and it will drop packets.

  28. Technique: sampling If you only want a representative sample, pick

    1 in N packets. Ignore the rest. Upside: monitor lots of network traffic Downside: not accurate (See me if you want to learn about sFlow)

  29. Sampling demo “topflows” https://github.com/PreetamJinka/flowtools/tree/master/topflows Very easy to turn this into

    a DDoS detector.

  30. More fun ideas You can read from raw sockets, but

    you can also write to raw sockets. Construct your own Ethernet, IP, and TCP/UDP packets! Write your own protocol on top of IPv4/IPv6!

  31. Questions?

  32. https://www.flickr.com/photos/qwrrty/2791283248/ https://vividcortex.com/blog/2014/07/25/prepared-statement-samples/ http://snmp.co.uk/scrutinizer/main.htm Wikipedia for the diagrams Photo credits