CS 453 - Assignment Set 2 (Fall 2005)

Given: October 25, 2005

Due: December 9 (Friday), 2005

Language Options: C, C++, or Java

OS Options: Must run on CSEE shell servers

Part 1: Connection Analyzer [60 points total]: Construct an application that will take packet captures and perform analysis on them and display connection information. You will test your application by analyzing IP packets captured to a file. The captured packets are stored as a sequence of records in a file with the format given below.
```
 0                             15                              31
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Capture Second                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                     Capture Microsecond                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Capture Length                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                          IP Header                           ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                            Data                              ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...                                                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                  Capture Second (Packet 2)                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                Capture Microsecond (Packet 2)                 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                  Capture Length (Packet 2)                    |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      IP Header (Packet 2)                    ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...
```
The capture second and capture microsecond is the time that the IP packet was captured from the network. Capture seconds are measured since the epoch on January 1, 1970. Microseconds is the number of microseconds within that second. This is the standard C timeval structure configuration. Capture Length is the length of the IP packet in bytes (this length may less than the IP header packet length as not all of the packet may have been captured).
- A [20 points]: Analyze the capture file and display information for each TCP connection and UDP exchange. The Information must include IP addresses and ports used as well as start/end times and data bytes transferred in each direction. The output should resemble something like this:
```
 UDP: 192.168.0.45.3478 <--> 10.17.4.25.53
   Start: Mon Oct 17 14:40:41 EDT 2005
   Bytes of data sent to 10.17.4.25.53: 138
   Bytes of data sent to 192.168.0.45.3478: 203
   End: Mon Oct 17 14:40:41 EDT 2005
 TCP: 192.168.0.45.7345 <--> 10.17.4.42.80
   Start: Mon Oct 17 14:40:41 EDT 2005
   Bytes of data sent to 10.17.4.42.80: 34
   Bytes of data sent to 192.168.0.45.7345: 237549
   End: Mon Oct 24 14:40:42 EDT 2005
 . . .
 
```
  The above shows a UDP exchange and a TCP connection and the relevant information that should be displayed.
- B [15 points]: Provide a verbose option (command line argument -v) to display each packet in the capture file. It should display all fields for the IP, TCP, and UDP headers. It should not display the data of the packet.
- C [5 points]: Modify the application to change the display of IP addresses to use a reverse DNS lookup to turn IP addresses into hostnames. There should also be a command line option to turn this behavior off, such as -n.
- D [10 points]: Provide an option to limit the verbose and connection/exchange information to specific IP addresses/hostnames. The -a addr command line argument should be used for this.
- E [10 points]: Provide an option to limit the verbose and connection/exchange information to specific TCP/UDP port numbers. The -p # command line argument should be used for this.
- Example Input for Testing: Here is an example input file to begin testing with. Additional files will be used for submissions. The contents of the example input file can be found here.
Part 2: Protocol Design [40 points total]: Design and document a protocol to handle the sending of Instant Messages and the notification of user presence. Your protocol must provide the following features:
- Account Management: login, logout, create, delete, authentication change, etc.
- Presence Notification: user login, user logout, etc.
- Messaging: sending messages to logged in accounts, sending messages to several accounts, etc.
- Error Handling: sending messages to unknown accounts, not logged in accounts, etc.
You may add additional functionality as you desire. You may not use any existing protocols except IP, TCP, and UDP in your design. You must provide reasoning why you chose specific options, architecture, etc. Your document should be in text or PDF. Word documents will not be accepted.

Notes: Your submissions must at least compile before any credit will be given. Submissions that do not compile will not be graded. Submissions submitted after the due date will not be graded. All work must be your own original work. To get partial credit for parts of the assignment, you must demonstrate that those pieces work by themselves. If you share code with others, you will be given a 0 for the assignment. This assignment set is worth 25% of your total grade.

Todd L. Montgomery (revised 10.24.2005)