How to Implement Sniffer Attack in NS2

 

To implement sniffer attack in Network Simulator 2 (NS2) has needs to mimic the scenarios in which the malicious node eavesdrops to or captures packets on a network. This attack concentrates on packet capture and traffic analysis at the network level. A sniffer can submissively capture packets, extract information like source and destination addresses, packet types, and occasionally even the data payload itself uncertainty encryption is not in place. The below is a guide that walk you to implement the sniffer attack in NS2, that is a malicious node (sniffer) captures and logs packets passing through the network.

Steps to Implement a Sniffer Attack in NS2

  1. Set up the Network Topology

Initially we need to generate a network topology with multiple nodes. One or more of these nodes will act as sniffers to capture packets from the network traffic.

  1. Traffic Generation

Mimic normal traffic using TCP, UDP, or CBR (Constant Bit Rate) applications among the nodes. The sniffer node will eavesdrop to the traffic and capture related packet information.

  1. Simulating the Sniffer (Packet Capturing)

The sniffer node will passively track the network traffic, capturing and logging details like packet type, source and destination addresses, and packet sizes. This can be attained by intercepting packets that are sent or received in the network.

Example TCL Script for Sniffer Attack in NS2

# Create a new simulator instance

set ns [new Simulator]

# Open trace and nam files

set tracefile [open “sniffer_attack_trace.tr” w]

$ns trace-all $tracefile

set namfile [open “sniffer_attack.nam” w]

$ns namtrace-all-wireless $namfile

# Define network topology

set n0 [$ns node]  ;# Normal sender node

set n1 [$ns node]  ;# Normal receiver node

set n2 [$ns node]  ;# Sniffer node (malicious)

# Create a UDP connection between n0 and n1 (normal traffic)

set udp0 [new Agent/UDP]

set null0 [new Agent/Null]

$ns attach-agent $n0 $udp0

$ns attach-agent $n1 $null0

$ns connect $udp0 $null0

# Create a CBR application to generate traffic

set cbr0 [new Application/Traffic/CBR]

$cbr0 set packetSize_ 512

$cbr0 set rate_ 1Mb

$cbr0 attach-agent $udp0

# Function to simulate the sniffer attack

proc sniffer_attack { sniffer src dst } {

global ns

# Enable promiscuous mode for the sniffer to capture all packets

$sniffer promiscuous-mode 1

puts “Sniffer node $sniffer is listening on traffic between $src and $dst.”

# Schedule periodic traffic sniffing and log captured packet details

for {set time 1.0} {$time <= 5.0} {set time [expr $time + 1.0]} {

$ns at $time “$sniffer log-sniffed-packets $src $dst”

}

}

# Start the traffic generation

$ns at 1.0 “$cbr0 start”

$ns at 5.0 “$cbr0 stop”

# Schedule sniffer attack

$ns at 1.5 “sniffer_attack $n2 $n0 $n1”

# Define finish procedure

proc finish {} {

global ns tracefile namfile

$ns flush-trace

close $tracefile

close $namfile

exec nam sniffer_attack.nam &

exit 0

}

# End the simulation at 7.0 seconds

$ns at 7.0 “finish”

# Run the simulation

$ns run

Explanation of the Script:

  1. Normal Traffic:
    • Nodes n0 and n1 are normal nodes that interacting using UDP. Node n0 is the sender, and node n1 is the receiver.
    • The CBR application creates UDP traffic from node n0 to node n1 that initiates at time 1.0 second and stops at 5.0 seconds.
  2. Sniffer Node:
    • Node n2 is the malicious sniffer node. This node is configured to perform in promiscuous mode, meaning it will capture all packets it can “hear” on the network.
    • The sniffer_attack protocol allows the promiscuous mode for the sniffer ($sniffer promiscuous-mode 1) and intermittently logs the details of the packets it captures from the interaction among  n0 and n1.
  3. Packet Capture Logging:
    • The sniffer captures packets and logs the source and destination addresses, alongside with packet size, at regular intervals (every 1 second between 1.5 to 5.0 seconds).
    • This logged data can be printed out or saved to a file for further analysis.
  4. Trace Files and Visualization:
    • The simulation records packet events in the trace file (sniffer_attack_trace.tr), and we need to use NAM to visualize the traffic and the sniffing behaviour.
  1. Customizing the Sniffer Attack

We can improve the sniffer attack execution by modifying the packet capture behaviour and logging more detailed information, such as:

  1. a) Capturing Specific Packet Types:

We can configure the sniffer node to capture particular types of packets, like TCP, UDP, or ICMP packets, or even filter by packet size.

proc log_sniffed_packets { sniffer src dst } {

global ns

# Capture and log specific types of packets (e.g., only UDP packets)

set captured_pkts [$ns capture-packets $sniffer -type UDP -src $src -dst $dst]

puts “Sniffer node $sniffer captured $captured_pkts UDP packets from $src to $dst”

}

  1. b) Extracting Packet Payload:

If encryption is not used, the sniffer can also log the contents of the packet payload. This mimic an attack in which the sniffer captures sensitive data from the communication.

  1. c) Real-time Monitoring:

We can improve the attack by logging traffic in real-time, giving the malicious node the capability to immediately react to specific patterns of traffic, like initiating other attacks according to the volume of traffic captured.

proc real_time_sniffer { sniffer src dst } {

global ns

# Capture and analyze packets in real-time

set packets [$ns capture-realtime $sniffer -src $src -dst $dst]

foreach pkt $packets {

set pkt_size [$ns get-packet-size $pkt]

set src_addr [$ns get-src-address $pkt]

set dst_addr [$ns get-dst-address $pkt]

puts “Sniffer node $sniffer captured packet: Size=$pkt_size, Src=$src_addr, Dst=$dst_addr”

}

}

  1. Analysing the Sniffer Attack

To evaluate the sniffer attack, we can use the trace file to see that packets were captured and what information the sniffer node is collected. We can write parsing scripts such as  in AWK, Python, or Perl to extract the captured traffic details from the trace file.

Example traces analysis output:

Sniffer node n2 captured 5 packets between n0 and n1 at time 1.5

Sniffer node n2 captured 7 packets between n0 and n1 at time 2.5

Sniffer node n2 captured 6 packets among n0 and n1 at time 3.5

We can also use NAM to visualize the captured traffic and monitor on how the sniffer node intercepts the traffic among the legitimate nodes.

  1. Advanced Sniffer Attack Features (Optional)

To execute more advanced sniffer attack scenarios that deliberate the following features:

  • Passive vs. Active Sniffing: In a passive attack, the sniffer only tracks the traffic without interfering. In an active attack, the sniffer can inject its own traffic or modify the packets it captures like Man-in-the-Middle attack.
  • Multiple Sniffer Nodes: We can mimic a network with multiple sniffer nodes, working organized to collect the comprehensive traffic information via the network.
  • Traffic Pattern Recognition: Execute logic in which the sniffer recognizes patterns, like increased traffic, to identify high-value data transmissions or on-going network activities.

We validate the sniffer attack can classify the malevolent in the network and it has the ability to monitor and capture the network traffic using the ns2 tool. We plan to intricate how the sniffer attack will perform in other simulation tool.

. We provide a range of project ideas, presenting you with creative topics to delve into. You can count on us for tailored support in implementing the Sniffer Attack in NS2. Moreover, we can offer you in-depth comparative analyses for your projects. Don’t hesitate to reach out with your project details for additional help.