BroadcomEthernetPacketAnalyzer

ETHERNET PACKET ANALYZER 1
ETHERNET PACKET ANALYZER
The Indian Institute of Technology in Hyderabad and the
University of Texas at Austin collaborative project with
Broadcom India Technologies, Ltd.
Tanya Marwah IIT Hyderabad
Udbhav Vyakaranam IIT Hyderabad
Judson Daniels University of Texas
Nick Sehy University of Texas
Akshans Verma University of Texas
Sachin Suman Broadcom Technologies

TABLE OF CONTENTS
ABSTRACT 3
INTRODUCTION 4
BACKGROUND AND TERMINOLOGY 5
PROBLEM STATEMENT 8
SOLUTION 9
PROJECT TIMELINE 11

ABSTRACT
This report documents parts of the design process taken by
electrical engineering students from the Indian Institute of
Technology in Hyderabad and from the University of Texas at
Austin in a collaborative project with Broadcom India
Technologies, Ltd. The project, as defined by Broadcom
associates, requires an Ethernet packet reader with remote
access capabilities. The solution for the remote Ethernet packet
analyzer can be broken into two main parts: the design and
implementation of the packet capturing device and the software
to analyze the captured data. The packet analyzer will be able
to capture Ethernet packets directly from an Ethernet port,
analyze data from the packets, and display intuitively the
information gathered. Furthermore, the packet analyzer must be
able to collect data from an external network, independent from
a host computer. The development of an Ethernet packet analyzer
with remote accessibility will allow network analysts to
monitor, diagnose, and potentially repair area networks from
faraway places.

INTRODUCTION
Most network analyzers are restricted to a single host computer. The
host computer may connect to different networks, but the analyzer can
still only monitor the network to which it is connected. As a result,
businesses and homes that have a network issue may have to rely on a
professional to diagnose a problem. Similarly, a professional is
limited to the computer that he can access. Evidently, a network
suffering serious connectivity issues will require the physical
presence of an experienced examiner.
Often times a network may be fine, and perhaps only a port has
malfunctioned. In this event, it may be difficult to isolate a damaged
node in a network, especially in the case of an extensive and broad
network. As such, we, students from IIT Hyderabad and the University
of Texas, in conjunction with Broadcom India Technologies propose an
external unit whose purpose is to capture packets from an Ethernet
socket, save, and analyze the data captured.
As a prototype for the idea, we have decided to build from an existing
microcontroller. The Raspberry Pi, a powerful miniature computer, was
selected to be our platform based on its compatibility with Broadcom
products. The Raspberry Pi has one Ethernet port and an SD card
reader, making it the perfect platform for this project. Furthermore,
the developer community surrounding the Raspberry Pi and its
accessories is known to be one of the most extensive and supportive
resources for independent development and experimentation.

BACKGROUND AND TERMINOLOGY
3.1 PACKET SNIFFERS AND ANALYZERS
The Ethernet packet analyzer documented in this report combines
two major ideas into one design. Our design incorporates the
concept of a network monitor, informally known as a packet
sniffer. Packet sniffers have the capability to tap into
networks and gather packets of information from the same
network. Typically, packet sniffers are located on a host
computer, meaning the sniffer itself is built from code and
executes from a stationary computer on the network to be
analyzed. The source code for many packet sniffers is available
online as a powerful tool to construct network analyzers.
The second concept incorporated into the project stems from
network monitors and network analyzers. The devices take
information and packets gathered from sniffers as inputs in
order to analyze the attributes of a network. Often times a
network analyzer will interpret and decipher information from a
sniffer to display the attributes of a network. Attributes can
include, but are not limited to; packet IP sources,
destinations, and network traffic statistics. Thus, network
analyzers, when combined with packet sniffers, become useful
tools to monitor, diagnose, and repair dysfunctional networks .
3.2 PACKETS
Packets, also called datagrams, are units of encapsulated bits
that are used to send information to and from devices on any
network. An Ethernet packet follows a specific format that lends
itself for analysis. One packet can be subdivided into two main
parts; the header, which contains all bits of information about

the packet, its origin, destination, and other specifications;
and the payload, which contains information that the packet is
transferring.
For the purpose of building an Ethernet packet sniffer,
understanding the header portion of a datagram is essential. The
header of an IPv4 type packet contains its: version, header
length, type of service, total length, identification bits,
flags, fragment offset, time to live, protocol, header checksum,
source address, and destination address (Kozierok).
Although IPv4 packets are most commonly used today, it is
important to note that packets of different formats and
protocols exist. Understanding all formats of datagrams is also
crucial in developing a successful packet sniffer.
3.3 INTERNET PROTOCOL & TRANSMISSION CONTROL PROTOCOL
IP and TCP are international protocols that nearly all computers
and devices will adhere to in order to interface across networks
properly and efficiently. In fact, the function of the Internet
Protocol is to deliver datagrams from source to destination. The
IP standard constitutes four distinct layers to enable network
traffic. For the purpose of this project, thorough comprehension
of only the first two layers, the Link Layer and Internet Layer,
are necessary.
The link layer is comprised communication methods that operate
through physical connections. The link layer defines all
communication protocol between devices on the same network. As a
result, Ethernet exists almost exclusively in the link layer.
One level higher is the internet layer, which does not define
communication protocol between devices on the same network, but
rather on separate networks. The internet layer is populated by

Internet Protocol based packets that travel through gateways to
reach a destination.
3.4 ETHERNET PORTS
Ethernet ports are the access points between a device and the
local network the device is connected to. There are distinct
types of Ethernet sockets, including datagram sockets, stream
sockets, and raw sockets. Different Ethernet sockets utilize
different protocols such as Transmission Control Protocol (TCP),
User Datagram Protocol (UDP), and raw Internet Protocol (IP).
3.5 LIBPCAP
Libpcap is a library in C language that serves as a base for
nearly all packet analyzers available. Libpcap is an open source
library downloaded specifically for packet and network analysis
instrumentation. The library includes written structures and
functions to access Ethernet sockets. The structures in Libpcap
are defined for Ethernet packet headers and protocols, allowing
for the filtration of different types of packets. Furthermore,
Libpcap is packaged with tools to read incoming packets from
Ethernet as well as Wifi.
Libpcap is only usable on Ubuntu and Linux based machines. Once
downloaded, the library and all of its dependencies must be
unpackaged onto the machine

PROBLEM STATEMENT
Design, construct, and implement a packet sniffer capable of
reading datagrams from an Ethernet port. Beginning in a Linux
environment, develop code to tap into and draw packets from an
open Ethernet port. Make the packet sniffer portable by
exporting the code onto a Raspberry Pi for execution. The
sniffer must then be able to save raw information collected from
the Ethernet port onto a secure digital (SD) card inserted into
the Raspberry Pi. Design and implement a secondary software
program to run on the Raspberry Pi that analyzes captured data
from the SD card. The analysis software should filter packets
and calculate statistics conducive for network interpretation,
manipulation, diagnosis, and repair. Export the analytical data
into a .txt file that can be read from the SD card on a separate
device. Finally, design the packet analyzer in such a way that
leaves room for future modifications, particularly the
capability to push information to a cloud.

SOLUTION
NOTE: the SOLUTION section of this report is incomplete as the
packet analyzer is still in development. The following are the
steps we have taken in progress towards completing the project.
4.1 LINUX ENVIRONMENT
The Linux environment, namely the command shell, lends itself to
easier interfacing with the Raspberry Pi than other operating
systems. Ubuntu version 14.04 LTS was the chosen distribution to
familiarize team members with the UNIX command shell.
Ubuntu 14.04 LTS was downloaded from an official source onto an
8GB bootable flash drive. In Windows, the disk management
application was called by typing “diskmgmt.msc” in the command
line. The hard drives were partitioned to allocate a 10GB
minimum space for a swap file and the Ubuntu distribution.
Lastly, Ubuntu was installed onto each machine using a step by
step process
4.2 IMPORTING NOOBS AND RASPBIAN
NOOBS (New Out of the Box Software) installs an operating system
distribution of choice onto a formatted SD card. The SD card was
formatted to FAT type using the NOOBS software, downloaded from
the Raspberry Pi foundation. Though the NOOBS interface, a Linux
distribution developed for the Raspberry Pi called Raspbian was
selected to be installed onto the SD card.
After initialization, the SD card was connected to the Raspberry
Pi. A monitor, keyboard, and mouse were connected as input
devices in order to interface with the Raspberry Pi.

4.3 PRELIMINARY CODE
As of 4 July 2014, a program to capture packets from Ethernet
ports and Wifi has been written to run on a computer, but has
not been exported to the Raspberry Pi. In pseudocode, the
program is as follows:
Include Libraries:
Pcap.h, Stdio.h, Stdlib.h, String.h
First, check for present network devices. Select Ethernet port
or print none if unavailable. Open the device for capturing
packets, and then pass the device name and the packet length in
bytes to the main program. Toggle promiscuous mode on and check
the error buffer. If no errors exist, proceed to capturing
function “pcap_open_live.” From there, process the packets
according to packet type, and write the statistics to a .txt

PROJECT TIMELINE
This section describes the progress the team has made towards
building a solution as well as an expected timeline for our
remaining goals.
16 June 2014
The students from both universities visited Broadcom for a
briefing of the assignment. Research was conducted by the team
in order to gain a general understanding of the problem and its
parameters. A working background knowledge of Internet Protocol
regarding datagrams was acquired, and, through brainstorming, a
rudimentary design plan was constructed for solving the problem.
It was decided that certain materials were needed before
progress could continue. These materials included:
Computers installed with a Linux based operating system (4)
Raspberry Pi (1)
SD card (1)
HDMI/VGA cable (1)
Keyboard (1)
Computer mouse (1)
23 June 2014
The team configured their individual machines to run Linux
distribution Ubuntu 14.04 LTS. The Raspberry Pi, SD card, and
supporting materials were acquired. A conference call with
Broadcom associates gave the team a clearer understanding of the
problem statement. It became evident that the team would utilize
the Libpcap packet analyzing library in C in their solution.

30 June 2014
Preliminary programming was done on a host computer to capture
packets from the Ethernet or wireless internet by Tanya M. while
other members of the group divided other tasks. Nick S. and
Akshans V. became responsible for interfacing with the Raspberry
Pi and SD card. Udbhav V. would devise a physical input to start
the packet capturing on the Raspberry Pi, and Judson D. was held
responsible for packet types and analysis.
July 7 2014
In C language, implement the sniffer using Libpcap libraries to
capture packets of ICMP, IGMP, TCP, UDP and other types.
Initialize an environment for Libpcap on Raspbian and the
Raspberry Pi.
July 14 2014
Export the packet sniffing code to the Raspberry Pi. Construct
the hardware for starting and stopping the sniffing process.
July 21 2014
Test rigorously the Raspberry Pi for packet detection. Develop
code for packet analysis.
July 28 2014
Implement a GUI to display analytical results.

BIBLIOGRAPHY
TCPDUMP/LIBPCAP public repository. (2014, January
1). TCPDUMP/LIBPCAP public repository. Retrieved July 1,
2014, from http://www.tcpdump.org/
Download. (n.d.). Wireshark ∙ Go Deep.. Retrieved July 4, 2014,
from http://www.wireshark.org/
RFC 791 Internet Protocol. (1981, September 1). RFC 791 Internet
Protocol. Retrieved July 4, 2014, from
http://tools.ietf.org/html/rfc791
Kozierok, C. (2005, September 20). The TCP/IP Guide IP Datagram General
Format. The TCP/IP Guide IP Datagram General Format. Retrieved
July 4, 2014, from
http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htm
Ubuntu. (2014, January 1). The leading OS for PC, tablet, phone and
cloud. Retrieved July 4, 2014, from http://www.ubuntu.com/
Downloads. (2014, January 1). Raspberry Pi. Retrieved July 4, 2014, from
http://www.raspberrypi.org/downloads/
Welcome to Raspbian. (2014, January 1). FrontPage. Retrieved July 4, 2014,
from http://www.raspbian.org/

BroadcomEthernetPacketAnalyzer

More Related Content

What's hot (16)

Viewers also liked (16)

Similar to BroadcomEthernetPacketAnalyzer (20)

BroadcomEthernetPacketAnalyzer