Lab 4.5 -- Simulated Chinese Firewall (Part Deux)

For the second part of lab 4, (lab 4.5), we are once again thwarting the simulated Chinese-firewall IDS, but this time the professor configured the IDS to detect small packets sizes. We will no longer be able to just break the offending words into very small packets and send the text file to Ta.

The first thing I did on this lab was to put myself in the sudoer’s file on Tha; we are still going to send our messages to Ta, but we will be using Tha as the staging server to send our packets. We received an e-mail from the professor that the performance on Tha was very poor, and that we should use a root shell. I decided to log-in to Tha with the root user:

# ssh root@Tha

In the second part of this lab we will be using libpcap and scapy in order to forge raw packets to Tha. I’ve never used libpcap, (a package capture program), or scapy, (used to manipulate and forge network packets), before, so I’m not completely sure of what I’m doing just yet…I‘m starting to notice a pattern with the labs at this point… ;)

I started by running sniff.py, (a tool given to us by Jong), to sniff on port 8092. (the port of my student number):

# python sniff.py eth0 tcp port 8092

I receive a message stating:

“…sniffing eth0 starting…”

…and it just hangs after that. I’m not sure if it’s actually doing anything, or if I’m using the .py file incorrectly. My SSH session would literally time-out before I would receive any feedback from the command above. I hope I’m not seriously degrading the performance of the server for everyone! Although it wouldn’t be the first time I’ve done this… :)

I’m going to e-mail the professor and make sure I’m using the tool correctly. There was another e-mail sent out that suggested we merge the sniff.py and lab4.py files in order to get the correct output from the “out.txt” file. This was also due to the degraded performance of Tha. I'm going to have to look at the code and determine how to merge the programs together.

As you can see, I really don’t have much to report on this week concerning the lab, but I hope to have it completed and have received another “Success!” response by the next blog post. I’m also still reading-up on both scapy and libpcap; that should definitely keep me busy the rest of this week.