For this assignment we recommend you use the following python libraries:

• construct
• hexdump

You will be creating a packet capture program similar to wireshark. Below is the help menu for your program.

usage: sniffles [-h] [-o OUTPUT] [-t TIMEOUT] [-x]
                [-f {UDP,Ethernet,DNS,IP,TCP,ONE_MORE_OF_YOUR_CHOOSING}]
                INTERFACE

positional arguments:
  INTERFACE             interface to listen for traffic on

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        File name to output to
  -t TIMEOUT, --timeout TIMEOUT
                        Amount of time to capture for before quitting. If no
                        time specified ^C must be sent to close program
  -x, --hexdump         Print hexdump to stdout
  -f {UDP,Ethernet,DNS,IP,TCP,ONE_MORE_OF_YOUR_CHOOSING}, --filter {UDP,Ethernet,DNS,IP,TCP,ONE_MORE_OF_YOUR_CHOOSING}
                        Filter for one specified protocol

You should start by researching raw sockets and binding to the specified interface to listen for traffic on. If the -x flag is provided you dump the data exactly as is sniffed from the socket to stdout. This will help you test your program. You can check your output against a wireshark capture running simultaneously to make sure that you are getting the expected output.

Next you should start creating your structs representing the the various required protocol formats as well the one protocol of your choosing.

Now if the filter flag is provided you can print out only the packets of the specified protocol. You should print out the packets in a readable plain text format. For example if we filtered for TCP your output could look like:

TCP(SrcPort=2390, DestPort=4567, SeqNum=34556, AckNum=24677, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34557, AckNum=34558, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34558, AckNum=34559, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34559, AckNum=34559, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34560, AckNum=34561, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34561, AckNum=34562, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34562, AckNum=34563, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34563, AckNum=34564, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34564, AckNum=34565, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)
TCP(SrcPort=2390, DestPort=4567, SeqNum=34565, AckNum=34566, DataOff=23, Flags={RST, ECE}, WinSize=3455, ChkSum=0x0345, UrgentPtr=345, Options=0)

Your format may differ from this but keep in mind that readability is key. You should be able to look back at the output and talk about what was happening among a sequence of packets (e.g. Connection RST, or Three-way handshake)

Lastly, you will need to output to the pcapng file format described here. You only need to implement the file format such that there is:

• one "Section Header"
• one "Interface Description Block"
• every packet is stored in an "Enhanced Packet Block".

Look at Figure 5: File structure example: a pcapng file similar to a classical libpcap file in the link to see what the total file format looks like.

You need to correctly parse and display at least the following formats:

• Ethernet
• IP
• TCP
• UDP
• DNS

You must choose one of the following additional formats:

• ARP
• IRC
• HTTP
• ICMP
• FTP
• NTP
• QUIC
• SSDP
• SMTP
• LLC