完成一个网络协议分析器,能分析 OSI
中的Ethernet, IP, TCP, HTTP层各协议。
![OSI](https://upload.wikimedia.org/wikipedia/commons/thumb/4/41/OSI-model-
Communication.svg/400px-OSI-model-Communication.svg.png)
Presentation
The objective of this project is to program an ‘offline’ network protocol
analyzer. It takes as input a trace file containing the bytes previously
captured on an Ethernet network. Your program can run in a command window
(terminal type) or it can be displayed in a graphical interface.
The list of protocols that your analyzer will be able to understand are as
follows:
- Layer 2: Ethernet
- Layer 3: IP
- Layer 4: TCP
- Layer 7: HTTP (only the header of requests and responses)
At each run, the results of your analyzer must be saved in a text file
formatted so as to facilitate its reading.
Rating
- This project will be carried out in pairs.
- You are free to choose the programming language.
- Documents to submit:
- A zip archive to be submitted on the EU Moodle:
- your source code,
- a binary file or make up to start the execution of your analyzer,
- a readme file which describes the structure of your code,
- a howto file which explains how to install and launch your program.
- A 10-minute pre-recorded video presentation posted on Youtube: Video addition link. (Your video will be added to a private playlist). In this video, you will introduce:
- a full overview of your project,
- a description of your choices, achievements and contributions personal,
- a demonstration of your analyzer in action.
- A zip archive to be submitted on the EU Moodle:
Instructions to follow
As a starter
Your program takes as input a trace file (text format) containing the ‘raw’
bytes, as captured on the network. These bytes are presented as in Wireshark
in the ‘Captured Bytes’ panel. This file may contain several Ethernet frames
in succession (without preamble or FCS field):
- Each byte is encoded by two hexadecimal digits.
- Each byte is delimited by a space.
- Each line begins with the offset of the first byte located in succession on the same line. The offset describes the position of this byte in the trace.
- Each new frame begins with an offset of 0 and the offset is separated by a space of captured bytes located after it.
- The offset is coded on at least one byte given in hexadecimal value (two hexadecimal digits).
- Hexadecimal characters can be upper or lower case.
- There is no limit on the length or number of bytes on each line.
- If text values are given at the end of a line, they should be ignored, even if the values are hexadecimal digits.
- Lines of text between traces or interlaced between captured byte lines should be ignored.
- Byte lines that do not start a valid offset should be ignored.
- Any incomplete line must be identi ed and raise an error indicating the position of the line in error.
Out
The output of your program should be similar to the information produced by
Wireshark in the ‘Analyze message headers’ panel.
Your analyzer must return the list of headers for each frame contained in the
trace file, specifying:
- For each protocol header, the list of header fields and the value of these fields given in hexadecimal and when necessary converted into decimal.
- Example: IP field Total length: 0x05C8 (1500 bytes).
- For header fields containing a code, your analyzer will give the meaning of this code.
- Example: Ethernet Type field: 0x0806 (ARP).
- The protocol headers will be presented in tree form: each header can be expanded (reduced) to reveal (hide) the fields and values of the header. Otherwise, the use of indentations will make it possible to distinguish the fields and their value according to the protocol header to which they belong.
The result of your analyzer will be saved in a text le formatted for easy
reading.