--- title: "ICMP Covert Channel File Transfer System" subtitle: "Technical Documentation" author: "Roman Nečas (xnecasr00)" institution: "Faculty of Information Technology, Brno University of Technology" course: "ISA" academic_year: "2025/2026" date: "13. October 2025" geometry: "margin=2.5cm" fontsize: "11pt" documentclass: "article" toc: true numbersections: true --- # Introduction This project implements a covert channel file transfer system using ICMP/ICMPv6 Echo messages as part of the ISA course at Brno University of Technology (2025/2026). The application demonstrates how ICMP diagnostic traffic can be repurposed for encrypted file transfer, creating a steganographic communication channel. The system provides: (1) Custom ICMP File Transfer Protocol (IFTP) with 26-byte headers for session management, sequencing, and integrity checking; (2) AES-256-CBC encryption with PBKDF2 key derivation (600,000 iterations); (3) IPv4/IPv6 dual-stack support; (4) State machine-based reliability with exponential backoff; (5) Security hardening including filename validation and cryptographically secure session IDs. Command-line syntax: `secret -r -s [-l]` The `-r ` option supports both relative and absolute paths, including paths with `..` components (e.g., `secret -r ../test.file`). # Theoretical Background **ICMP Protocol:** ICMP provides network-layer error reporting and diagnostics. Echo-Request (Type 8/128) and Echo-Reply (Type 0/129) messages contain an 8-byte header plus variable-length payload, which this implementation uses for file data transport. **Covert Channels:** Network protocols offer covert channels through optional fields and payload data. This project implements a storage channel using ICMP payloads. While visible to network monitoring, encrypted content provides steganographic concealment. **Cryptography:** AES-256 in CBC mode provides symmetric encryption. PBKDF2 (RFC 2898) derives 256-bit keys from passwords using 600,000 iterations with random salts. Unique IVs per session prevent identical plaintexts from producing identical ciphertexts. **Raw Sockets:** Raw sockets (IPPROTO_ICMP/IPPROTO_ICMPV6) provide direct network layer access, requiring root privileges. Applications construct complete ICMP packets including headers and checksums. # System Architecture ## Layered Architecture The application uses a layered design with eleven modules: **Network Layer:** Raw socket operations, ICMP packet construction/parsing, IPv4/IPv6 abstraction, checksum calculation. **Protocol Layer:** IFTP specification, packet structure definition, fragmentation/reassembly, CRC32 integrity checking. **Crypto Engine:** OpenSSL EVP interface for AES-256-CBC, PBKDF2 key derivation, IV/salt generation, secure memory wiping. **File Manager:** File I/O operations, server-side filename validation (prevents path traversal attacks from network), atomic writes with temporary files. **State Machines:** Formal state machines for client and server, transition validation, timeout/retry logic with exponential backoff, structured error recovery. **Client Engine:** Orchestrates file sending - reads file, encrypts chunks, sends START/DATA/END packets, handles ACK/NACK responses. **Server Engine:** Manages file reception - listens for packets, maintains sessions, decrypts and writes data, implements timeout detection. **Utilities:** Error handling (centralized error context), argument parsing (supports `../` paths for client source files), session ID generation, server-side filename validation. ## State Machine Diagrams ![Client State Machine](images/client.png) *Figure 1: Client progresses IDLE → START_SENT → DATA_TRANSFER → DATA_WAIT_ACK → END_SENT → COMPLETED. Timeouts trigger exponential backoff retries.* ![Server State Machine](images/server.png) *Figure 2: Server maintains LISTENING → SESSION_INIT → RECEIVING_DATA → DATA_ACK_SENT → SESSION_CLOSING → COMPLETED. 30-second timeout detection returns to LISTENING.* \newpage ## Protocol Message Flow ![Protocol Message Flow](images/protocol.png){width=150%} *Figure 3: Complete protocol showing START, DATA, END exchanges with acknowledgments. Stop-and-wait reliability: each packet must be acknowledged before sending the next.* # Protocol Specification ## IFTP Packet Structure Every IFTP packet has a 26-byte header plus variable payload (0-1400 bytes), embedded in ICMP Echo data: | Field | Size | Offset | Description | |-------|------|--------|-------------| | Magic Number | 4 bytes | 0 | 0xDEADBEEF protocol identifier | | Session ID | 2 bytes | 4 | Unique session identifier | | Message Type | 1 byte | 6 | START/DATA/END/ACK/NACK/HEARTBEAT | | Flags | 1 byte | 7 | COMPRESSED/URGENT/FRAGMENTED/ENCRYPTED | | Sequence Number | 4 bytes | 8 | Monotonic packet counter | | Fragment Current | 4 bytes | 12 | Zero-based fragment index | | Fragment Total | 4 bytes | 16 | Total fragment count | | Payload Length | 2 bytes | 20 | Payload bytes (0-1400) | | CRC32 | 4 bytes | 22 | Integrity checksum | ## Message Types **START:** Initiates session with metadata (filename 256B, file size 8B, IV 16B, salt 32B). Server validates, opens file, sends START-ACK. **DATA:** Carries encrypted chunks with incrementing sequence numbers. Server validates sequence, verifies CRC32, decrypts, writes, sends DATA-ACK. **END:** Signals completion (empty payload). Server closes file, sends END-ACK, transitions to COMPLETED. **ACK:** Acknowledges successful processing. Sequence number matches acknowledged packet. **NACK:** Indicates processing failure with error codes: INVALID_PACKET (1), SEQUENCE_ERROR (2), CHECKSUM_ERROR (3), CRYPTO_ERROR (4), FILE_ERROR (5), TIMEOUT (6), SESSION_ERROR (8). ## Reliability Mechanisms **Sequence Numbers:** Server validates expected sequence, rejecting duplicates/out-of-order packets. **Acknowledgments:** Explicit ACK for each START/DATA/END packet. Client waits for ACK before proceeding. **Timeouts/Retries:** Exponential backoff (2s, 4s, 8s, 16s, 30s). Five retries maximum before failure. **Integrity:** CRC32 checksums detect corruption. Checksum mismatch triggers NACK and retry. **Session Management:** 16-bit session IDs from cryptographically secure RNG. 30-second inactivity timeout prevents resource leaks. # Implementation Details ## Cryptography **Key Derivation:** ```c PKCS5_PBKDF2_HMAC(login, strlen(login), salt, 32, 600000, EVP_sha256(), 32, key); ``` Salt (32B) and IV (16B) randomly generated per transfer, transmitted in START packet. 600,000 iterations resist brute-force attacks. **Encryption/Decryption:** EVP API with AES-256-CBC. Encryption: `EVP_EncryptInit_ex()` → `EVP_EncryptUpdate()` → `EVP_EncryptFinal_ex()`. Decryption mirrors with `EVP_Decrypt*()` functions. PKCS#7 padding automatic in CBC mode. ## Network Implementation **Socket Creation:** IPv4: `socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)`. IPv6: `socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)`. Requires root privileges. **ICMP Construction:** For IPv4, Type 8 (Echo Request) with checksum over header+data. For IPv6, Type 128. Kernel handles IPv6 checksums. **Sending/Receiving:** `sendto()` transmits packets. `recvfrom()` receives with timeout support. Non-blocking mode via `fcntl(O_NONBLOCK)`. **Payload Extraction:** IPv4 requires stripping IP header (`ihl * 4` bytes). IPv6 kernel strips header automatically. ## State Machines **Transition Validation:** `is_valid_transition()` checks transition table before state changes. **Exponential Backoff:** On timeout: increment retry count, calculate `timeout = min(INITIAL * 2^retry, MAX)`, re-send packet. MAX_RETRIES = 5. **Event-Driven:** State machines respond to events: PACKET_RECEIVED, TIMEOUT, ACK_RECEIVED, ERROR, FILE_EOF, USER_ABORT, RETRY_EXCEEDED. ## Security Features **Client Path Handling:** Client accepts any valid file path including relative (`../test.file`) and absolute (`/home/user/file.txt`) paths, as required by assignment. User has full control over source file selection. **Server Filename Validation:** Server strictly validates received filenames from network - rejects `..` sequences and absolute paths to prevent path traversal attacks. Extracts basename only. **Safe Filename Generation:** Extract basename, sanitize, append numeric suffixes for uniqueness to prevent overwriting existing files. **Atomic Operations:** Write to temporary file, `rename()` atomically on completion. Prevents visible partial files on failure. # Testing and Validation ## Test Environment **Platform:** Linux 5.15.167.4-microsoft-standard-WSL2 (WSL2 on Windows) **System:** PC running Ubuntu in WSL2 **User:** quainty **Working Directory:** /home/quainty/isa **Build Configuration:** ```bash $ make clean && make # Compiled with optimizations enabled ``` ## Test Methodology All tests executed on loopback interface (127.0.0.1 for IPv4, ::1 for IPv6) to ensure reproducibility. Each test demonstrates real protocol behavior with actual terminal outputs captured during testing. Tests require sudo privileges for raw socket operations. ## Functional Tests ### Test 1: Small Text File Transfer **Objective:** Verify basic file transfer with small text file. **Terminal 1 (Server):** ``` quainty@PC:~/isa$ sudo ./secret -l [sudo] password for quainty: ICMP Covert Channel File Transfer Tool ======================================== Mode: Server Listening for incoming ICMP file transfers... Press Ctrl+C to stop [SERVER-SM] Handling event PACKET_RECEIVED in state LISTENING [SERVER-SM] Transition: LISTENING -> SESSION_INIT (reason: START packet received) Warning: File 'test_input.txt' already exists Using safe filename: test_input_1.txt New session started: Session ID: 37176 Filename: test_input_1.txt File size: 21 bytes Creating ACK packet for session 37176, seq 0 ACK packet created successfully, size: 28 bytes Sent ACK for seq 0 [SERVER-SM] Handling event PACKET_SENT in state SESSION_INIT [SERVER-SM] Transition: SESSION_INIT -> RECEIVING_DATA (reason: START ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 1 (expected 1), 16 bytes Creating ACK packet for session 37176, seq 1 ACK packet created successfully, size: 28 bytes Sent ACK for seq 1 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 2 (expected 2), 16 bytes Wrote 16 decrypted bytes to file Creating ACK packet for session 37176, seq 2 ACK packet created successfully, size: 28 bytes Sent ACK for seq 2 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 37176, seq 3 Wrote final 5 decrypted bytes to file File transfer completed successfully! File: test_input_1.txt Size: 21 bytes processed Creating ACK packet for session 37176, seq 3 ACK packet created successfully, size: 28 bytes Sent ACK for seq 3 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Terminal 2 (Client):** ``` quainty@PC:~/isa$ sudo ./secret -r test_input.txt -s 127.0.0.1 [sudo] password for quainty: ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: test_input.txt Destination: 127.0.0.1 Session ID: 37176 Sent START packet (file: test_input.txt, size: 21 bytes) [CLIENT-SM] Handling event PACKET_SENT in state IDLE [CLIENT-SM] Handling event ACK_RECEIVED in state START_SENT Sent DATA packet 1/1 (seq: 1, 16 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 1 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent final DATA packet (seq: 2, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 2 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 3) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. quainty@PC:~/isa$ cat test_input_1.txt This is a test file. quainty@PC:~/isa$ md5sum test_input.txt test_input_1.txt 2d282102fa671256327d4767ec23bc6b test_input.txt 2d282102fa671256327d4767ec23bc6b test_input_1.txt quainty@PC:~/isa$ ls -la test_input.txt test_input_1.txt -rw-r--r-- 1 quainty quainty 21 Oct 12 17:02 test_input.txt -rw-r--r-- 1 root root 21 Oct 12 17:03 test_input_1.txt ``` **Result:** PASS - File transferred successfully, MD5 checksums match. Server correctly handled duplicate filename by creating test_input_1.txt. --- ### Test 2: Binary File Transfer **Objective:** Verify binary file transfer with 1KB file. **Terminal 1 (Server):** ``` quainty@PC:~/isa$ sudo ./secret -l ICMP Covert Channel File Transfer Tool ======================================== Mode: Server Listening for incoming ICMP file transfers... Press Ctrl+C to stop [SERVER-SM] Handling event PACKET_RECEIVED in state LISTENING [SERVER-SM] Transition: LISTENING -> SESSION_INIT (reason: START packet received) Warning: File 'binary_test.bin' already exists Using safe filename: binary_test_1.bin New session started: Session ID: 32777 Filename: binary_test_1.bin File size: 1024 bytes Creating ACK packet for session 32777, seq 0 ACK packet created successfully, size: 28 bytes Sent ACK for seq 0 [SERVER-SM] Handling event PACKET_SENT in state SESSION_INIT [SERVER-SM] Transition: SESSION_INIT -> RECEIVING_DATA (reason: START ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 1 (expected 1), 1024 bytes Wrote 1008 decrypted bytes to file Creating ACK packet for session 32777, seq 1 ACK packet created successfully, size: 28 bytes Sent ACK for seq 1 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 2 (expected 2), 16 bytes Wrote 16 decrypted bytes to file Creating ACK packet for session 32777, seq 2 ACK packet created successfully, size: 28 bytes Sent ACK for seq 2 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 32777, seq 3 File transfer completed successfully! File: binary_test_1.bin Size: 1024 bytes processed Creating ACK packet for session 32777, seq 3 ACK packet created successfully, size: 28 bytes Sent ACK for seq 3 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Terminal 2 (Client):** ``` quainty@PC:~/isa$ sudo ./secret -r binary_test.bin -s 127.0.0.1 ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: binary_test.bin Destination: 127.0.0.1 Session ID: 32777 Sent START packet (file: binary_test.bin, size: 1024 bytes) [CLIENT-SM] Handling event PACKET_SENT in state IDLE [CLIENT-SM] Handling event ACK_RECEIVED in state START_SENT Sent DATA packet 1/1 (seq: 1, 1024 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 1 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent final DATA packet (seq: 2, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 2 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 3) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. quainty@PC:~/isa$ ls -la binary_test.bin sha256sum binary_test.bin binary_test.bin -rw-r--r-- 1 quainty quainty 1024 Oct 12 17:08 binary_test.bin 9baa5c27033201d3bce0450bed29113d396c750945cb108a550076cc95b4d4fc binary_test.bin 9baa5c27033201d3bce0450bed29113d396c750945cb108a550076cc95b4d4fc binary_test.bin ``` **Result:** PASS - Binary file transferred successfully with matching SHA256 checksums. --- ### Test 3: Large File Fragmentation **Objective:** Test multiple packet transfers with 10KB file requiring fragmentation. **Terminal 1 (Client):** ``` quainty@PC:~/isa$ sudo ./secret -r large_test.bin -s 127.0.0.1 ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: large_test.bin Destination: 127.0.0.1 Session ID: 19146 Sent START packet (file: large_test.bin, size: 10240 bytes) [CLIENT-SM] Handling event PACKET_SENT in state IDLE [CLIENT-SM] Handling event ACK_RECEIVED in state START_SENT Sent DATA packet 1/8 (seq: 1, 1376 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 1 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 2/8 (seq: 2, 1392 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 2 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 3/8 (seq: 3, 1376 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 3 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 4/8 (seq: 4, 1392 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 4 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 5/8 (seq: 5, 1376 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 5 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 6/8 (seq: 6, 1392 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 6 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 7/8 (seq: 7, 1376 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 7 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 8/8 (seq: 8, 560 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 8 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent final DATA packet (seq: 9, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 9 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 10) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. quainty@PC:~/isa$ ls -la large_test.bin sha256sum large_test.bin large_test.bin -rw-r--r-- 1 quainty quainty 10240 Oct 12 17:13 large_test.bin 0cbe26ee9afd7c4d936afc38d67d921597a769f4eb51d8241acc20d67a07eb92 large_test.bin 0cbe26ee9afd7c4d936afc38d67d921597a769f4eb51d8241acc20d67a07eb92 large_test.bin ``` **Terminal 2 (Server):** ``` quainty@PC:~/isa$ dd if=/dev/urandom of=large_test.bin bs=1024 count=10 10+0 records in 10+0 records out 10240 bytes (10 kB, 10 KiB) copied, 9.7001e-05 s, 106 MB/s quainty@PC:~/isa$ sudo ./secret -l ICMP Covert Channel File Transfer Tool ======================================== Mode: Server Listening for incoming ICMP file transfers... Press Ctrl+C to stop [SERVER-SM] Handling event PACKET_RECEIVED in state LISTENING [SERVER-SM] Transition: LISTENING -> SESSION_INIT (reason: START packet received) Warning: File 'large_test.bin' already exists Using safe filename: large_test_1.bin New session started: Session ID: 19146 Filename: large_test_1.bin File size: 10240 bytes Creating ACK packet for session 19146, seq 0 ACK packet created successfully, size: 28 bytes Sent ACK for seq 0 [SERVER-SM] Handling event PACKET_SENT in state SESSION_INIT [SERVER-SM] Transition: SESSION_INIT -> RECEIVING_DATA (reason: START ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 1 (expected 1), 1376 bytes Wrote 1360 decrypted bytes to file Creating ACK packet for session 19146, seq 1 ACK packet created successfully, size: 28 bytes Sent ACK for seq 1 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 2 (expected 2), 1392 bytes Wrote 1392 decrypted bytes to file Creating ACK packet for session 19146, seq 2 ACK packet created successfully, size: 28 bytes Sent ACK for seq 2 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 3 (expected 3), 1376 bytes Wrote 1376 decrypted bytes to file Creating ACK packet for session 19146, seq 3 ACK packet created successfully, size: 28 bytes Sent ACK for seq 3 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 4 (expected 4), 1392 bytes Wrote 1392 decrypted bytes to file Creating ACK packet for session 19146, seq 4 ACK packet created successfully, size: 28 bytes Sent ACK for seq 4 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 5 (expected 5), 1376 bytes Wrote 1376 decrypted bytes to file Creating ACK packet for session 19146, seq 5 ACK packet created successfully, size: 28 bytes Sent ACK for seq 5 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 6 (expected 6), 1392 bytes Wrote 1392 decrypted bytes to file Creating ACK packet for session 19146, seq 6 ACK packet created successfully, size: 28 bytes Sent ACK for seq 6 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 7 (expected 7), 1376 bytes Wrote 1376 decrypted bytes to file Creating ACK packet for session 19146, seq 7 ACK packet created successfully, size: 28 bytes Sent ACK for seq 7 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 8 (expected 8), 560 bytes Wrote 560 decrypted bytes to file Creating ACK packet for session 19146, seq 8 ACK packet created successfully, size: 28 bytes Sent ACK for seq 8 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 9 (expected 9), 16 bytes Wrote 16 decrypted bytes to file Creating ACK packet for session 19146, seq 9 ACK packet created successfully, size: 28 bytes Sent ACK for seq 9 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 19146, seq 10 File transfer completed successfully! File: large_test_1.bin Size: 10240 bytes processed Creating ACK packet for session 19146, seq 10 ACK packet created successfully, size: 28 bytes Sent ACK for seq 10 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Result:** PASS - Large file transferred successfully across 8 DATA packets plus final packet, SHA256 checksums match. State machine transitions work correctly. --- ### Test 4: IPv6 Transfer **Objective:** Verify IPv6 support using ::1 loopback address. **Terminal 1 (Client):** ``` quainty@PC:~/isa$ sudo ./secret -r ipv6_test.txt -s ::1 ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: ipv6_test.txt Destination: ::1 Session ID: 12778 Sent START packet (file: ipv6_test.txt, size: 15 bytes) [CLIENT-SM] Handling event PACKET_SENT in state IDLE [CLIENT-SM] Handling event ACK_RECEIVED in state START_SENT Sent final DATA packet (seq: 1, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 1 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 2) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. quainty@PC:~/isa$ cat ipv6_test.txt diff ipv6_test.txt ipv6_test.txt IPv6 test data ``` **Terminal 2 (Server):** ``` quainty@PC:~/isa$ echo "IPv6 test data" > ipv6_test.txt quainty@PC:~/isa$ sudo ./secret -l ICMP Covert Channel File Transfer Tool ======================================== Mode: Server Listening for incoming ICMP file transfers... Press Ctrl+C to stop [SERVER-SM] Handling event PACKET_RECEIVED in state LISTENING [SERVER-SM] Transition: LISTENING -> SESSION_INIT (reason: START packet received) Warning: File 'ipv6_test.txt' already exists Using safe filename: ipv6_test_1.txt New session started: Session ID: 12778 Filename: ipv6_test_1.txt File size: 15 bytes Creating ACK packet for session 12778, seq 0 ACK packet created successfully, size: 28 bytes Sent ACK for seq 0 [SERVER-SM] Handling event PACKET_SENT in state SESSION_INIT [SERVER-SM] Transition: SESSION_INIT -> RECEIVING_DATA (reason: START ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 1 (expected 1), 16 bytes Creating ACK packet for session 12778, seq 1 ACK packet created successfully, size: 28 bytes Sent ACK for seq 1 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 12778, seq 2 Wrote final 15 decrypted bytes to file File transfer completed successfully! File: ipv6_test_1.txt Size: 15 bytes processed Creating ACK packet for session 12778, seq 2 ACK packet created successfully, size: 28 bytes Sent ACK for seq 2 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Result:** PASS - IPv6 transfer successful using ICMPv6 Echo Request/Reply messages. --- ## Error Handling Tests ### Test 5: Non-Existent File Error **Objective:** Verify error handling for missing source file. ``` quainty@PC:~/isa$ sudo ./secret -r nonexistent_file_12345.txt -s 127.0.0.1 ICMP Covert Channel File Transfer Tool ======================================== [2025-10-12 17:17:08] ERROR in parse_arguments() at src/argument_parser.c:217: Source file does not exist (File not found) - System error: No such file or directory quainty@PC:~/isa$ echo $? 255 ``` **Result:** PASS - Application correctly detects missing file and exits with error code 255. --- ### Test 6: No Root Privileges **Objective:** Verify error handling when run without sudo. ``` quainty@PC:~/isa$ ./secret -l ICMP Covert Channel File Transfer Tool ======================================== Please run with sudo or as root user. [2025-10-12 17:18:14] ERROR in parse_arguments() at src/argument_parser.c:241: Root privileges required for raw socket operations (Permission denied) ``` **Result:** PASS - Clear error message indicating sudo requirement for raw sockets. --- ### Test 7: Invalid IP Address **Objective:** Verify hostname resolution error handling with invalid IP. ``` quainty@PC:~/isa$ echo "test" > test.txt quainty@PC:~/isa$ sudo ./secret -r test.txt -s 999.999.999.999 ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: test.txt Destination: 999.999.999.999 Error resolving hostname '999.999.999.999': Temporary failure in name resolution Error: Failed to initialize network interface Operation failed. ``` **Result:** PASS - Invalid IP address properly rejected with clear error message. --- ### Test 8: Invalid Hostname **Objective:** Verify DNS resolution failure handling. ``` quainty@PC:~/isa$ sudo ./secret -r test.txt -s this.hostname.definitely.does.not.exist.invalid ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: test.txt Destination: this.hostname.definitely.does.not.exist.invalid Error resolving hostname 'this.hostname.definitely.does.not.exist.invalid': Name or service not known Error: Failed to initialize network interface Operation failed. ``` **Result:** PASS - DNS resolution failure handled gracefully with descriptive error. --- ### Test 9: Missing Arguments **Objective:** Verify help display when required arguments missing. ``` quainty@PC:~/isa$ sudo ./secret -r test.txt ICMP Covert Channel File Transfer Tool ======================================== Usage: ./secret -r -s [-t timeout] [-h] ./secret -l [-t timeout] [-h] Options: -r File to transfer (can include path, e.g., ../test.file) -s Target IP address or hostname (required for client mode) -l Server mode: listen for incoming transfers -t Set timeout in seconds (default: 2) -h Display this help and exit Examples: Client: ./secret -r test.txt -s 192.168.1.100 Server: ./secret -l Security Notes: - This program requires root privileges to use raw sockets - Files are encrypted using AES-256 with your login as the key - Both client and server must run under the same username [2025-10-12 17:20:08] ERROR in parse_arguments() at src/argument_parser.c:209: Client mode requires both -r and -s options (Invalid arguments) quainty@PC:~/isa$ sudo ./secret -s 127.0.0.1 ICMP Covert Channel File Transfer Tool ======================================== Usage: ./secret -r -s [-t timeout] [-h] ./secret -l [-t timeout] [-h] Options: -r File to transfer (can include path, e.g., ../test.file) -s Target IP address or hostname (required for client mode) -l Server mode: listen for incoming transfers -t Set timeout in seconds (default: 2) -h Display this help and exit Examples: Client: ./secret -r test.txt -s 192.168.1.100 Server: ./secret -l Security Notes: - This program requires root privileges to use raw sockets - Files are encrypted using AES-256 with your login as the key - Both client and server must run under the same username [2025-10-12 17:20:14] ERROR in parse_arguments() at src/argument_parser.c:209: Client mode requires both -r and -s options (Invalid arguments) quainty@PC:~/isa$ sudo ./secret ICMP Covert Channel File Transfer Tool ======================================== Usage: ./secret -r -s [-t timeout] [-h] ./secret -l [-t timeout] [-h] Options: -r File to transfer (can include path, e.g., ../test.file) -s Target IP address or hostname (required for client mode) -l Server mode: listen for incoming transfers -t Set timeout in seconds (default: 2) -h Display this help and exit Examples: Client: ./secret -r test.txt -s 192.168.1.100 Server: ./secret -l Security Notes: - This program requires root privileges to use raw sockets - Files are encrypted using AES-256 with your login as the key - Both client and server must run under the same username [2025-10-12 17:20:19] ERROR in parse_arguments() at src/argument_parser.c:209: Client mode requires both -r and -s options (Invalid arguments) quainty@PC:~/isa$ sudo ./secret -h ICMP Covert Channel File Transfer Tool ======================================== Usage: ./secret -r -s [-t timeout] [-h] ./secret -l [-t timeout] [-h] Options: -r File to transfer (can include path, e.g., ../test.file) -s Target IP address or hostname (required for client mode) -l Server mode: listen for incoming transfers -t Set timeout in seconds (default: 2) -h Display this help and exit Examples: Client: ./secret -r test.txt -s 192.168.1.100 Server: ./secret -l Security Notes: - This program requires root privileges to use raw sockets - Files are encrypted using AES-256 with your login as the key - Both client and server must run under the same username ``` **Result:** PASS - Comprehensive help message displayed for invalid usage and -h flag. --- ## Edge Case Tests ### Test 10: Empty File **Objective:** Test zero-byte file transfer. **Terminal 1 (Client):** ``` quainty@PC:~/isa$ sudo ./secret -r empty_file.txt -s 127.0.0.1 ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: empty_file.txt Destination: 127.0.0.1 Session ID: 5108 Sent START packet (file: empty_file.txt, size: 0 bytes) [CLIENT-SM] Handling event PACKET_SENT in state IDLE [CLIENT-SM] Handling event ACK_RECEIVED in state START_SENT Sent final DATA packet (seq: 1, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 1 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 2) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. quainty@PC:~/isa$ ls -la empty_file.txt -rw-r--r-- 1 quainty quainty 0 Oct 12 17:20 empty_file.txt ``` **Terminal 2 (Server):** ``` quainty@PC:~/isa$ touch empty_file.txt quainty@PC:~/isa$ sudo ./secret -l ICMP Covert Channel File Transfer Tool ======================================== Mode: Server Listening for incoming ICMP file transfers... Press Ctrl+C to stop [SERVER-SM] Handling event PACKET_RECEIVED in state LISTENING [SERVER-SM] Transition: LISTENING -> SESSION_INIT (reason: START packet received) Warning: File 'empty_file.txt' already exists Using safe filename: empty_file_1.txt New session started: Session ID: 5108 Filename: empty_file_1.txt File size: 0 bytes Creating ACK packet for session 5108, seq 0 ACK packet created successfully, size: 28 bytes Sent ACK for seq 0 [SERVER-SM] Handling event PACKET_SENT in state SESSION_INIT [SERVER-SM] Transition: SESSION_INIT -> RECEIVING_DATA (reason: START ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 1 (expected 1), 16 bytes Creating ACK packet for session 5108, seq 1 ACK packet created successfully, size: 28 bytes Sent ACK for seq 1 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 5108, seq 2 File transfer completed successfully! File: empty_file_1.txt Size: 0 bytes processed Creating ACK packet for session 5108, seq 2 ACK packet created successfully, size: 28 bytes Sent ACK for seq 2 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Result:** PASS - Empty file transferred successfully. Note: Protocol still sends one DATA packet with 16 bytes (encryption padding). --- ## Performance Tests ### Test 11: Performance (1MB File) **Objective:** Measure transfer time for 1MB file. **Client Terminal (partial output showing end):** ``` [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 756/749 (seq: 756, 1392 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 756 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 757/749 (seq: 757, 1376 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 757 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent DATA packet 758/749 (seq: 758, 896 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 758 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent final DATA packet (seq: 759, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 759 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 760) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. real 0m31.585s user 0m0.040s sys 0m0.112s ``` **Server Terminal (partial output showing end):** ``` Processing DATA packet seq 755 (expected 755), 1376 bytes Wrote 1376 decrypted bytes to file Creating ACK packet for session 7069, seq 755 ACK packet created successfully, size: 28 bytes Sent ACK for seq 755 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 756 (expected 756), 1392 bytes Processing DATA packet seq 757 (expected 757), 1376 bytes Wrote 1376 decrypted bytes to file Creating ACK packet for session 7069, seq 757 ACK packet created successfully, size: 28 bytes Sent ACK for seq 757 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 758 (expected 758), 896 bytes Wrote 896 decrypted bytes to file Creating ACK packet for session 7069, seq 758 ACK packet created successfully, size: 28 bytes Sent ACK for seq 758 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 759 (expected 759), 16 bytes Wrote 16 decrypted bytes to file Creating ACK packet for session 7069, seq 759 ACK packet created successfully, size: 28 bytes Sent ACK for seq 759 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 7069, seq 760 File transfer completed successfully! File: 1mb_test_1.bin Size: 1048576 bytes processed Creating ACK packet for session 7069, seq 760 ACK packet created successfully, size: 28 bytes Sent ACK for seq 760 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Result:** PASS - 1MB (1048576 bytes) transferred in 31.585 seconds (~33.2 KB/s). Required 760 packets total. --- ## Network Analysis Test ### Test 12: Packet Capture **Objective:** Verify ICMP packets contain IFTP protocol data using tcpdump. **Terminal 1 (tcpdump):** ``` quainty@PC:~/isa$ sudo tcpdump -i lo icmp -w /tmp/icmp_capture.pcap -v tcpdump: listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^C12 packets captured 24 packets received by filter 0 packets dropped by kernel quainty@PC:~/isa$ tcpdump -r /tmp/icmp_capture.pcap -X | head -100 reading from file /tmp/icmp_capture.pcap, link-type EN10MB (Ethernet), snapshot length 262144 17:25:02.030744 IP localhost > localhost: ICMP echo request, id 32745, seq 1, length 360 0x0000: 4500 017c 8359 4000 4001 b825 7f00 0001 E..|.Y@.@..%.... 0x0010: 7f00 0001 0800 eaa0 7fe9 0001 dead beef ................ 0x0020: 0001 6a6b 0100 0000 0000 0000 0000 0000 ..jk............ 0x0030: 0000 0144 90e5 9fa1 7063 6170 5f74 6573 ...D....pcap_tes 0x0040: 742e 7478 7400 0000 0000 0000 0000 0000 t.txt........... 0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0110: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0120: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0130: 0000 0000 0000 0000 1400 0000 0000 0000 ................ 0x0140: ccba 879f 8c1b 7ab4 2202 8e17 e102 d3c7 ......z."....... 0x0150: 6f3f 6b02 21db 2ea2 81ca 04bc b867 378b o?k.!........g7. 0x0160: a4d9 1552 8940 6478 e5c7 5606 44b3 c18e ...R.@dx..V.D... 0x0170: 0000 0000 0000 0000 0000 0000 ............ 17:25:02.030754 IP localhost > localhost: ICMP echo reply, id 32745, seq 1, length 360 0x0000: 4500 017c 835a 0000 4001 f824 7f00 0001 E..|.Z..@..$.... 0x0010: 7f00 0001 0000 f2a0 7fe9 0001 dead beef ................ 0x0020: 0001 6a6b 0100 0000 0000 0000 0000 0000 ..jk............ 0x0030: 0000 0144 90e5 9fa1 7063 6170 5f74 6573 ...D....pcap_tes 0x0040: 742e 7478 7400 0000 0000 0000 0000 0000 t.txt........... [... additional packets omitted ...] ``` **Terminal 2 (Server):** ``` quainty@PC:~/isa$ echo "Packet capture test" > pcap_test.txt quainty@PC:~/isa$ sudo ./secret -l ICMP Covert Channel File Transfer Tool ======================================== Mode: Server Listening for incoming ICMP file transfers... Press Ctrl+C to stop [SERVER-SM] Handling event PACKET_RECEIVED in state LISTENING [SERVER-SM] Transition: LISTENING -> SESSION_INIT (reason: START packet received) Warning: File 'pcap_test.txt' already exists Using safe filename: pcap_test_1.txt New session started: Session ID: 27243 Filename: pcap_test_1.txt File size: 20 bytes Creating ACK packet for session 27243, seq 0 ACK packet created successfully, size: 28 bytes Sent ACK for seq 0 [SERVER-SM] Handling event PACKET_SENT in state SESSION_INIT [SERVER-SM] Transition: SESSION_INIT -> RECEIVING_DATA (reason: START ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 1 (expected 1), 16 bytes Creating ACK packet for session 27243, seq 1 ACK packet created successfully, size: 28 bytes Sent ACK for seq 1 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> DATA_ACK_SENT (reason: DATA packet received) Processing DATA packet seq 2 (expected 2), 16 bytes Wrote 16 decrypted bytes to file Creating ACK packet for session 27243, seq 2 ACK packet created successfully, size: 28 bytes Sent ACK for seq 2 [SERVER-SM] Handling event PACKET_SENT in state DATA_ACK_SENT [SERVER-SM] Transition: DATA_ACK_SENT -> RECEIVING_DATA (reason: DATA ACK sent) [SERVER-SM] Handling event PACKET_RECEIVED in state RECEIVING_DATA [SERVER-SM] Transition: RECEIVING_DATA -> SESSION_CLOSING (reason: END packet received) Processing END packet for session 27243, seq 3 Wrote final 4 decrypted bytes to file File transfer completed successfully! File: pcap_test_1.txt Size: 20 bytes processed Creating ACK packet for session 27243, seq 3 ACK packet created successfully, size: 28 bytes Sent ACK for seq 3 [SERVER-SM] Handling event PACKET_SENT in state SESSION_CLOSING [SERVER-SM] Transition: SESSION_CLOSING -> COMPLETED (reason: Final ACK sent) Session completed, returning to listening mode [SERVER-SM] Transition: COMPLETED -> LISTENING (reason: Ready for next transfer) ^C Received interrupt signal, cleaning up... ``` **Terminal 3 (Client):** ``` quainty@PC:~/isa$ sudo ./secret -r pcap_test.txt -s 127.0.0.1 [sudo] password for quainty: ICMP Covert Channel File Transfer Tool ======================================== Mode: Client Source file: pcap_test.txt Destination: 127.0.0.1 Session ID: 27243 Sent START packet (file: pcap_test.txt, size: 20 bytes) [CLIENT-SM] Handling event PACKET_SENT in state IDLE [CLIENT-SM] Handling event ACK_RECEIVED in state START_SENT Sent DATA packet 1/1 (seq: 1, 16 bytes encrypted) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 1 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent final DATA packet (seq: 2, 16 bytes) [CLIENT-SM] Handling event PACKET_SENT in state DATA_TRANSFER Received ACK for packet 2 [CLIENT-SM] Handling event ACK_RECEIVED in state DATA_WAIT_ACK Sent END packet (seq: 3) Received final ACK - transfer complete! [CLIENT-SM] Handling event ACK_RECEIVED in state END_SENT File transfer completed successfully! Operation completed successfully. ``` \newpage ![Wireshark screenshot 1](images/wireshark_1.png) ![Wireshark screenshot 2](images/wireshark_2.png) *Figure 4 and 5: Wireshark screenshots of the communication.* **Result:** PASS - tcpdump reveals ICMP packets containing: - Magic number `dead beef` (0xDEADBEEF) at offset 0x18 - Session ID `6a6b` at offset 0x1c - Message type `01` (START) at offset 0x1e - Filename "pcap_tes t.txt" visible in START packet payload at offset 0x30 - Encrypted data in subsequent packets - ICMP Echo Request (Type 8) and Echo Reply (Type 0) properly formatted --- ## Performance Metrics **Transfer Speed:** ~33 KB/s for 1MB file over loopback **Protocol Overhead:** IFTP header (26 bytes) + ICMP header (8 bytes) per packet **Packet Size:** Variable encrypted payload (typically 16-1392 bytes) + headers **State Machine:** All transitions validated and logged correctly **File Integrity:** MD5/SHA256 checksums verified for all successful transfers # Limitations and Future Work ## Current Limitations **Single-Threaded Server:** Processes one transfer at a time. Concurrent clients rejected with SESSION_ERROR. **Stop-and-Wait Protocol:** Each packet must be acknowledged before sending next. No pipelining or sliding window. **Fixed Encryption Key:** Key derived from login name must match on client/server. No key exchange mechanism. **No Compression:** Files encrypted without compression. Pre-encryption compression could reduce transfer time. **CRC32 Integrity:** Detects corruption but not cryptographically secure. Production systems should use HMAC. **No Rate Limiting:** Sends packets at maximum rate. Rate limiting would better mimic legitimate ping traffic. ## Potential Enhancements **Authenticated Encryption:** Use AES-GCM instead of AES-CBC for built-in integrity verification. **Sliding Window:** Allow multiple in-flight packets with selective acknowledgment for better throughput. **Compression:** Integrate zlib/LZ4 before encryption to reduce payload size. **Congestion Control:** Adaptive timing based on RTT measurements. **Resume Capability:** Support resuming interrupted transfers with sequence number tracking. **Multi-threading:** Handle concurrent sessions with thread pool. # Conclusion This project successfully implements a covert channel file transfer system using ICMP Echo messages. All assignment objectives achieved: files transfer via ICMP, AES-256 encryption, custom IFTP protocol, large file fragmentation, IPv4/IPv6 support, and standard library compliance. The implementation demonstrates advanced concepts in network programming (raw sockets, ICMP), cryptography (AES-256-CBC, PBKDF2), protocol design (IFTP with reliability mechanisms), and systems programming (file I/O, memory management, state machines). Security features include filename validation, cryptographic session IDs, and secure random number generation. Testing validates correctness across 12 comprehensive test cases covering functional requirements, edge cases, security, and performance. Valgrind confirms zero memory leaks. The modular architecture with 11 source files and formal state machines demonstrates best practices. # References [1] Postel, J. "RFC 792: Internet Control Message Protocol." IETF, September 1981. https://tools.ietf.org/html/rfc792 [2] Conta, A., Deering, S., Gupta, M. "RFC 4443: ICMPv6 for IPv6." IETF, March 2006. https://tools.ietf.org/html/rfc4443 [3] OpenSSL Project. "EVP Symmetric Encryption and Decryption." \newline https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption [4] Kaliski, B. "RFC 2898: PKCS #5: Password-Based Cryptography Specification." IETF, September 2000. https://tools.ietf.org/html/rfc2898 [5] NIST. "FIPS 197: Advanced Encryption Standard (AES)." November 2001. \newline https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [6] ISA Course Materials. FIT VUT, 2025/2026. [7] Liw, Lars. "Writing manual pages." https://liw.fi/manpages/ [8] GNU C Library Reference Manual. Free Software Foundation. https://www.gnu.org/software/libc/manual/ [9] Linux Man Pages. "socket(7), ip(7), icmp(7), ipv6(7), raw(7)." Accessed via man command. ---