Xiaohong Yuan, Percy Vega, Jinsheng Xu, Huiming Yu, Stephen Providence
North Carolina A&T State University
4/13/2020 WECS7 1
• Introduction
• Packet Sniffer
• Packet Sniffer Simulator
• Tool Evaluation
• Conclusion and Future work
4/13/2020 WECS7 2
• Visualization has been used in computer science education
• Visualization of computer security concepts are needed
– Embry-Riddle Aeronautical Univ. developed interactive modules for such topics as buffer overflow vulnerabilities, cryptography, etc.
– CyberCIEGE is a high-end, commercial-quality video game developed for teaching security concepts and practices
– We designed and implemented an animated simulator for packet sniffer
4/13/2020 WECS7 3
• Packet sniffer is a program that captures all of the data packets that pass through a given network interface, and recognizes and decodes certain packets of interest.
• A packet sniffer can only capture packets within a given subnet.
• The network interface of the computer that has the packet sniffer is configured into promiscuous mode
• Commercial and free packet sniffer tools
– Ethereal
– AnalogX PacketMon
– Network Probe
4/13/2020 WECS7 4
• It demonstrates visually
– how a packet sniffer works in a local area network environment (Demo I – IV)
– how data packets are encapsulated and interpreted while going through the protocol stack
(Demo V)
• Implemented in Macromedia Flash MX
Professional Edition
– Can run as a Flash applet in web page
– Can also run as a standalone application
(Macromedia Flash Player is needed)
4/13/2020 WECS7 5
• Demo I: Direct Path
– Displays the path a data packet from a source goes through to reach destination
• Demo II: The real Path
– The packet reached all attached computer across a common collision domain
• Demo III: Promiscuous Mode
– A computer’s network interface hardware configured into promiscuous mode accepts all frames
4/13/2020 WECS7 6
• Demo IV: Packet Sniffer
– Packet sniffer is installed on a computer to examine the data packets captured
• Demo V: Telnet Over TCP/IP
– How a data packet is encapsulated and deencapsulated while going through the protocol stack
4/13/2020 WECS7 7
• Explain the differences between a hub, a bridge/switch, and a router
• Explain bus and star topology
• Explain how a data packet is transmitted in a local area network
• Explain the purpose of “promiscuous mode” of a network interface
• Explain what a packet sniffer does, and how it works.
• Explain the encapsulation and de-encapsulation process of a data packet while going through the protocol stack
4/13/2020 WECS7 8
• http://clayton.ncat.edu/comp476/Packet
SnifferAnimation/index.html
4/13/2020 WECS7 9
• The packet sniffer simulator is used in a computer network security class in Fall 2005
– Total number of students: 12
• First a pretest was given based the learning objectives
• A homework assignment was given to the students based on the packet sniffer simulator
• Then a posttest was given to the students and a survey questionnaire was conducted
4/13/2020 WECS7 10
Scatter Graph for Total Score (in % )
120
100
80
60
40
20
0
0 5
Student
10 15
Pre-Test Score
Post-Test Score
WECS7 4/13/2020 11
The tool helped in learning computer network and security concepts
The learning objectives are met by using the tool
The tool helped you understand the questions asked in the homework
The web site and the tutorial were helpful in understanding the demo
The tool is easy to learn and understand
Would like to see more of this kind of tools
You would like to recommend this tool to others?
Strongly
Agre e
33.33%
33.33%
25%
33.33%
50%
66.67%
66.67%
Agree
58.33%
58.33%
66.67%
66.67%
50%
33.33%
25%
4/13/2020 WECS7
Neither
Agree or
Disagree
8.33%
Disagre e
0.0%
Strongly
Disagre e
0.0%
0.0%
8.33%
0.0%
0.0%
0.0%
0.0%
8.33
0.0%
0.0%
0.0%
0.0%
8.33%
0.0%
0.0%
0.0%
0.0%
0.0%
0.0%
12
• An animated simulator for packet sniffer and related network concepts has been developed
• It has been used in a computer network security course in Fall 2005
• The student Feedback was very positive
• Future work
– Develop animated simulation for more security concepts
– Continue evaluating the effectiveness of visualization tool in teaching computer security courses
4/13/2020 WECS7 13
4/13/2020 WECS7 14