Transcript Document
An Animated Simulator for Packet Sniffer Xiaohong Yuan, Percy Vega, Jinsheng Xu, Huiming Yu, Stephen Providence North Carolina A&T State University 7/21/2015 WECS7 1 Overview • • • • • Introduction Packet Sniffer Packet Sniffer Simulator Tool Evaluation Conclusion and Future work 7/21/2015 WECS7 2 Introduction • Visualization has been used in computer science education • Visualization of computer security concepts are needed – Embry-Riddle Aeronautical Univ. developed interactive modules for such topics as buffer overflow vulnerabilities, cryptography, etc. – CyberCIEGE is a high-end, commercial-quality video game developed for teaching security concepts and practices – We designed and implemented an animated simulator for packet sniffer 7/21/2015 WECS7 3 Packet Sniffer • Packet sniffer is a program that captures all of the data packets that pass through a given network interface, and recognizes and decodes certain packets of interest. • A packet sniffer can only capture packets within a given subnet. • The network interface of the computer that has the packet sniffer is configured into promiscuous mode • Commercial and free packet sniffer tools – Ethereal – AnalogX PacketMon – Network Probe 7/21/2015 WECS7 4 The Packet Sniffer Simulator • It demonstrates visually – how a packet sniffer works in a local area network environment (Demo I – IV) – how data packets are encapsulated and interpreted while going through the protocol stack (Demo V) • Implemented in Macromedia Flash MX Professional Edition – Can run as a Flash applet in web page – Can also run as a standalone application (Macromedia Flash Player is needed) 7/21/2015 WECS7 5 The Packet Sniffer Demos • Demo I: Direct Path – Displays the path a data packet from a source goes through to reach destination • Demo II: The real Path – The packet reached all attached computer across a common collision domain • Demo III: Promiscuous Mode – A computer’s network interface hardware configured into promiscuous mode accepts all frames 7/21/2015 WECS7 6 Packet Sniffer Demos – Ctd. • Demo IV: Packet Sniffer – Packet sniffer is installed on a computer to examine the data packets captured • Demo V: Telnet Over TCP/IP – How a data packet is encapsulated and deencapsulated while going through the protocol stack 7/21/2015 WECS7 7 The Packet Sniffer Simulator: The Learning Objectives • • • • • • Explain the differences between a hub, a bridge/switch, and a router Explain bus and star topology Explain how a data packet is transmitted in a local area network Explain the purpose of “promiscuous mode” of a network interface Explain what a packet sniffer does, and how it works. Explain the encapsulation and de-encapsulation process of a data packet while going through the protocol stack 7/21/2015 WECS7 8 The Packet Sniffer Simulator: Demo • http://clayton.ncat.edu/comp476/Packet SnifferAnimation/index.html 7/21/2015 WECS7 9 Tool Evaluation • The packet sniffer simulator is used in a computer network security class in Fall 2005 – Total number of students: 12 • First a pretest was given based the learning objectives • A homework assignment was given to the students based on the packet sniffer simulator • Then a posttest was given to the students and a survey questionnaire was conducted 7/21/2015 WECS7 10 Pre-Post Test Score Comparison Scatter Graph for Total Score (in % ) 120 100 Score 80 Pre-Test Score 60 Post-Test Score 40 20 0 0 5 10 15 Student 7/21/2015 WECS7 11 The Survey Summary Strongly Agre e Agree Neither Agree or Disagree The tool helped in learning computer network and security concepts 33.33% 58.33% 8.33% 0.0% 0.0% The learning objectives are met by using the tool 33.33% 58.33% 0.0% 8.33 0.0% The tool helped you understand the questions asked in the homework 25% 8.33% 0.0% 0.0% The web site and the tutorial were helpful in understanding the demo 66.67% Disagre e Strongly Disagre e 33.33% 66.67% 0.0% 0.0% 0.0% 50% 50% 0.0% 0.0% 0.0% Would like to see more of this kind of tools 66.67% 33.33% 0.0% 0.0% 0.0% You would like to recommend this tool to others? 66.67% 25% 0.0% 8.33% 0.0% The tool is easy to learn and understand 7/21/2015 WECS7 12 Conclusion and Future Work • An animated simulator for packet sniffer and related network concepts has been developed • It has been used in a computer network security course in Fall 2005 • The student Feedback was very positive • Future work – Develop animated simulation for more security concepts – Continue evaluating the effectiveness of visualization tool in teaching computer security courses 7/21/2015 WECS7 13 7/21/2015 WECS7 14