AL&A

Broadcast and Computer Consultants

Layer 2 Project References

At some point in the projects below, access to some/all of the following may prove useful.

Stevens
Unix Network Programming
The Sockets Network API
3rd Edition
Volume 1
Particularly chapters 28 and 29 for these projects.
His books are excellent, but do tend to be for the more experienced reader.

The Linux programming interface
http://tldp.org/
It is very clear and concise.
By following the instructions and using the sample code, interfacing with the kernel is almost painless.
Thanks to the authors for their excellent work.

The Linux programming interface – the book!
https://www.kernel.org/doc/man-pages
We used this book extensively when interacting with the linux kernel.
How to use it:
1. Read the required pages/chapter.
2. Follow the instructions.
3. Type in the code as it suggests.
4. It should just work.
It is a little old but nothing we require has changed since its publication.
Changes since printing:
https://www.man7.org/tlpi/api_changes/index.html
Thanks to the authors for their excellent work.

tcpdump
http://www.tcpdump.org/
Useful to have around and be familiar with.

libpcap
https://www.tcpdump.org/pcap.html
This is the library used to capture packets.
It must operate the interface being captured in “promiscuous mode” (not the normal mode).
Last time we looked it was written in “C”.
If you follow the examples on this site when writing the capture code…it should just work.
Thanks to the authors for their excellent work.

An oldie but….
For anyone interested in going further, the article below (a little old) is an excellent introduction.
https://web.archive.org/web/20191223043917/http://recursos.aldabaknocking.com/libpcapHakin9LuisMartinGarcia.pdf

Wireshark
https://www.wireshark.org/
For broadcasters it has replaced the “tweeker” we used to carry about in our top pocket.

libnet
The latest version (recommended) is located at: https://github.com/libnet/libnet
A very old version is located at: http://libnet.sourceforge.net/ (please do not try and use this version)
Most of the documentation is for the old version, which unfortunately is not applicable for the new one.
This makes for a little more work to use than you first expect.
**** Warning ****
This is a cross platform packet injection library.
Our reason for using it is “honorable” and its hard to imagine anyone being upset when it is used in this way.
But be prepared if some find its use questionable, they may have experienced its less friendly aspects.

ISO Layer 2
These projects will mostly be operating in Layer 2 (Ethernet).
If you are curious about who/what else operates there:
http://standards-oui.ieee.org/ethertype/eth.txt
https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml#ieee-802-numbers-1
The amount of traffic that flows around a network at Level 2 is quite surprising.
If it only uses layer 2 (ethernet in our case) its not visible to other computers on the network.
The only indication that something is “happening” is flickering lights on the front of a switch.
A “Managed Switch” will of course be able to log and disable this type of operation.

®SolutionBase is a Registered Tradmark of Ashley Leach & Associates Pty. Ltd