Packet interception implementation

asked 2020-02-13 10:26:04 +0000

EdS gravatar image


I'm a second year University student, currently taking up Computer Networks class.

We were asked to implement a small cient-server protocol. The client sends packets and the server receives it. We should then use Wireshark to see the packets being transmitted at both client and server hosts.

I managed to do the above.

A subsequent task is to make the Client to send split payloads and the server merge payloads into a single packet before Wireshark sees them. On the client side wireshark should send multiple packets being sent, however on server side, wireshark shoul see a single merged packet.

My understanding is that Wireshark already captures packets at a very low level. How can we implement code that is at an even lower level than wireshark? Or, at least, code that is processed before the network packets reach wireshark?

Lastly, how difficult would it be to implement the functionality above? I do not have C programming skills in case tweaking Windows drivers are necessary. Virtual machines can be used without restrictions.

All the best.

edit retag flag offensive close merge delete


What is your transport protocol, TCP or something else?

If Wireshark on the client is to see multiple packets, and Wireshark on the server is to see one merged packet, then you need something in the middle to reassemble packets. Are you sure this is what is being asked?

grahamb gravatar imagegrahamb ( 2020-02-13 10:39:24 +0000 )edit

Hi. Yes, this is what we're being asked. Is there any way I could add a TCP filter or something like that? Im using Windows 10 with full admin access.

EdS gravatar imageEdS ( 2020-02-13 20:11:57 +0000 )edit

I'm afraid I don't understand what you're being asked to do. To segment a payload, the client either has to send multiple transmissions, each with a segment of the payload, or make such a big transmission that it gets fragmented by the network. In either case, Wireshark on the server is likely to see the individual packets and not one big one.

grahamb gravatar imagegrahamb ( 2020-02-13 20:33:41 +0000 )edit

You can get this is you venture into the realm of TCP offloading, e.g., TCP chimney or Large receive offloading, because that places these functions underneath the layer were Wireshark is getting its capture data from. Not trivial though, so I'm also not sure about the specifics of this request.

Jaap gravatar imageJaap ( 2020-02-14 09:15:08 +0000 )edit