Transcript Document
An Animated Simulator for
Packet Sniffer
Xiaohong Yuan, Percy Vega, Jinsheng Xu, Huiming Yu, Stephen Providence
North Carolina A&T State University
7/21/2015
WECS7
1
Overview
•
•
•
•
•
Introduction
Packet Sniffer
Packet Sniffer Simulator
Tool Evaluation
Conclusion and Future work
7/21/2015
WECS7
2
Introduction
• Visualization has been used in computer science education
• Visualization of computer security concepts are needed
– Embry-Riddle Aeronautical Univ. developed interactive modules for such
topics as buffer overflow vulnerabilities, cryptography, etc.
– CyberCIEGE is a high-end, commercial-quality video game developed
for teaching security concepts and practices
– We designed and implemented an animated simulator for packet sniffer
7/21/2015
WECS7
3
Packet Sniffer
• Packet sniffer is a program that captures all of the data packets
that pass through a given network interface, and recognizes and
decodes certain packets of interest.
• A packet sniffer can only capture packets within a given subnet.
• The network interface of the computer that has the packet sniffer
is configured into promiscuous mode
• Commercial and free packet sniffer tools
– Ethereal
– AnalogX PacketMon
– Network Probe
7/21/2015
WECS7
4
The Packet Sniffer Simulator
• It demonstrates visually
– how a packet sniffer works in a local area network
environment (Demo I – IV)
– how data packets are encapsulated and
interpreted while going through the protocol stack
(Demo V)
• Implemented in Macromedia Flash MX
Professional Edition
– Can run as a Flash applet in web page
– Can also run as a standalone application
(Macromedia Flash Player is needed)
7/21/2015
WECS7
5
The Packet Sniffer Demos
• Demo I: Direct Path
– Displays the path a data packet from a source goes
through to reach destination
• Demo II: The real Path
– The packet reached all attached computer across a
common collision domain
• Demo III: Promiscuous Mode
– A computer’s network interface hardware configured
into promiscuous mode accepts all frames
7/21/2015
WECS7
6
Packet Sniffer Demos – Ctd.
• Demo IV: Packet Sniffer
– Packet sniffer is installed on a computer to
examine the data packets captured
• Demo V: Telnet Over TCP/IP
– How a data packet is encapsulated and deencapsulated while going through the protocol
stack
7/21/2015
WECS7
7
The Packet Sniffer Simulator: The
Learning Objectives
•
•
•
•
•
•
Explain the differences between a hub, a
bridge/switch, and a router
Explain bus and star topology
Explain how a data packet is transmitted in a local
area network
Explain the purpose of “promiscuous mode” of a
network interface
Explain what a packet sniffer does, and how it works.
Explain the encapsulation and de-encapsulation
process of a data packet while going through the
protocol stack
7/21/2015
WECS7
8
The Packet Sniffer Simulator:
Demo
• http://clayton.ncat.edu/comp476/Packet
SnifferAnimation/index.html
7/21/2015
WECS7
9
Tool Evaluation
• The packet sniffer simulator is used in a computer
network security class in Fall 2005
– Total number of students: 12
• First a pretest was given based the learning objectives
• A homework assignment was given to the students
based on the packet sniffer simulator
• Then a posttest was given to the students and a survey
questionnaire was conducted
7/21/2015
WECS7
10
Pre-Post Test Score Comparison
Scatter Graph for Total Score (in % )
120
100
Score
80
Pre-Test Score
60
Post-Test Score
40
20
0
0
5
10
15
Student
7/21/2015
WECS7
11
The Survey Summary
Strongly
Agre
e
Agree
Neither
Agree or
Disagree
The tool helped in learning
computer network and security
concepts
33.33%
58.33%
8.33%
0.0%
0.0%
The learning objectives are met by
using the tool
33.33%
58.33%
0.0%
8.33
0.0%
The tool helped you understand the
questions asked in the
homework
25%
8.33%
0.0%
0.0%
The web site and the tutorial were
helpful in understanding the
demo
66.67%
Disagre
e
Strongly
Disagre
e
33.33%
66.67%
0.0%
0.0%
0.0%
50%
50%
0.0%
0.0%
0.0%
Would like to see more of this kind
of tools
66.67%
33.33%
0.0%
0.0%
0.0%
You would like to recommend this
tool to others?
66.67%
25%
0.0%
8.33%
0.0%
The tool is easy to learn and
understand
7/21/2015
WECS7
12
Conclusion and Future Work
• An animated simulator for packet sniffer and
related network concepts has been developed
• It has been used in a computer network security
course in Fall 2005
• The student Feedback was very positive
• Future work
– Develop animated simulation for more security
concepts
– Continue evaluating the effectiveness of visualization
tool in teaching computer security courses
7/21/2015
WECS7
13
7/21/2015
WECS7
14