Before
starting,
·
Reboot
the 4 Linux PCs.
·
During
the lab, when you need to save files, save them tot the directory
/labdata
·
Save
your files to a flash drive and CONFIRM that you can read them
on a networked device before deleting data files.
·
When
you finish the lab, return all machines to their original state and
remove all the files that you have created.
·
We
will be using wireshark to monitor
network activity. The man page for wireshark,
a network analyzer tool, can be found on every lab machine. You can
also
read about the wireshark network
analyzer at the website http://wiki.wireshark.org/
In Lab 2, you will explore what
happens when
things are configured wrong.
SETUP FOR LAB 2
The setup for this lab is identical
to the
first one• Four Linux PCs, which are labeled as PC1, PC2, PC3, and PC4.
The PCs
have the Linux operating system installed. Each Linux PC has two
Ethernet network
interface
cards (NICs) installed, which are labeled eth0 and eth1.
• An Ethernet hub with at least four ports.
• A monitor, a keyboard, a mouse, and a KVM (keyboard-video-mouse)
switch. The
KVM switch connects the keyboard, monitor, and mouse to the four Linux
PCs. The
KVM switch gives you control over all four Linux PCs from one keyboard,
one
monitor, and one mouse, but you can access only one computer at a
time.’
• Ethernet cables. Note that there are two kinds: straight-through
Ethernet
cables and crossover Ethernet cables. In Lab 2, only straight-through
Ethernet
cables are used.
• Before
you get
started,
one at a time, reboot each of the
PCs to be sure that
the network settings are refreshed
by typing
the reboot command at the root prompt.
Don’t
switch the KVM switch
while
a Linux PC is rebooting,
otherwise the keyboard
and
mouse will not work properly. After you reboot the Linux PCs, you are to
configure the
IP addresses of the computers as shown in Table below. The IP addresses
listed
in the table are associated with the Ethernet card of the Linux PC,
which is
labeled eth0. In this lab, the second Ethernet card of the
Linux PCs,
labeled eth1, is not used.
1.
Attach
each Linux PC to the same Ethernet hub with
(straight-through) Ethernet cables. Connect the Ethernet interface with
label eth0
of each Linux PC to one of the hubs using an Ethernet cable. Do
not
connect into the slot marked uplink on the hub.
2.
Check
to see if your
physical connections are made by assuring that the small LEDs are lit
on both
the hub and on the back of the PC’s.
This is often a good way to check for a physical problem that
may
prevent wasted effort when the problem is really a bad cable.
3.
Set the KVM
switch to each machine in turn and log in as root (password netlab).
Configure the IP addresses, using the ifconfig command according to the table below.
To set the IP address of an interface
eth0 to
10.0.1.11 with a net mask of 255.255.255.0, enter the following command:
root@PC1%ifconfig
eth0 10.0.1.11/24
Set the IP address for each of the 4
devices,
according to the table.
• IP addresses for the Linux PCs as shown in Table 1.1.
|
Linux PC |
IP Addresses of Ethernet Interface eth0 |
|
PC1 |
10.0.1.11/24 |
|
PC2 |
10.0.1.12/24 |
|
PC3 |
10.0.1.13/24 |
|
PC4 |
10.0.1.14/24 |
1.
On
PC1, start
wireshark by typing
ROOT@PC1% wireshark
&
or
select it from the icons on the bottom of the screen.
2.
Setting a capture filter: You can create and use capture filters to
only capture
some of the traffic over a network.
a.
To
create a new filter, Click on “Capture”,
“Capture Filters.” On the left pane, you will click on the button
marked
“new.” In the properties pane below, you will see two entries, a filter
name,
and a filter string. You can name a
filter with whatever name you wish.
Filter strings need to follow certain conventions.
You can find ideas at http://wiki.wireshark.org/CaptureFilters
Valid filter strings would include:
i. host 172.18.5.4 to capture only traffic to and from IP address 172.18.5.4
ii.
tcp port 23 and host 10.0.0.5 to capture telnet traffic to and from host 10.0.0.5
iii. tcp port 23 and not src host 10.0.0.5 to capture telnet traffic that doesn’t start from 10.0.0.5
b. To select a capture filter (and another way to create one is to select “Capture”, “Interfaces” and then select “Options” after the interface that you wish to use for capturing packets. In the window that pops up, you can select “Capture Filter” and either select a filter previously created or create a new one at this time. There are many more options for filtering. It is possible for instance to capture only ARP packets or to exclude arp packets, etc.
3.
Set a
capture filter so that all packets
that contain the IP address of PC2 are recorded.
4.
Start
the capture by clicking on the Start
button at the bottom of the window
5.
In
another terminal window of PC1, issue a
ping command to PC2 to send 4 ping packets.
6.
Switch
to PC4 and start a ssh session to PC3 (by
IP address) (In a terminal window
type:
ssh 10.0.1.13)
7.
Close
the session by typing exit at the SSH prompt and then
open an ssh session to PC2. Do an ls command to list the files in
the directory and then close the session.
8.
Stop
the capture process on PC1 and save
your data in text format.
Lab Report: Did
the
capture successfully filter out all of traffic from PC 4 to PC3? Did it capture the traffic to and from PC2?
Explain what in the data leads you to your conclusion.
Exercise 2
Leave
all the cables connected to the PC but replace the hub with the switch
in the
equipment box.
1.
On
PC1, start wireshark
by typing
ROOT@PC1% wireshark
&
or
select it from the icons on the bottom of the screen.
2.
In a
terminal window in PC 1, ping PC 2, 3 and 4 to
confirm connectivity.
3.
In a
terminal window in PC2, ping PC1, 3, 4.
4.
Stop
the capture.
Did wireshark capture all of the
pings? Describe the
results of the capture and explain.
1.
Replace
the switch with the hub.
2.
Start
a new capture on PC1. Do not set any capture filters!
3.
From
a terminal window in PC3, start a sftp
session to PC 4. Log in as root and do an ls command.
4.
Exit
from sftp and start an
SSH session instead, again performing an ls command.
5.
Exit
from the SSH session and then start an SSH
session to PC2.
6.
Exit
the SSH session.
7.
On
PC1, stop the capture.
8.
Look
at the first few packets of the SSH session and
the first few packets of the sftp session.
9.
Set
a display filter of ip.addr
== 10.0.1.12. Save the results in a file named Exercise2.7.
10.
Change
the display filter to ip.src == 10.0.1.12. What
differences do you find when you change
these filters?
11.
Change
the filter to be protocol = SSH and ip.addr
== 10.0.1.12.
Explain how this is different from what you found from step 8.
1.
On
PC1, start a capture session that will only capture ARP packets.
2.
Ping
all the machines from PC1.
3.
In
the capture window, look at some of the ARP packets in detail. Determine the MAC address of each of the
machines and complete the table.
4.
In
a terminal window, view the ARP cache with the command arp
–a.
5.
Delete
all the entries with the arp –d option
(See man arp if needed).
6.
Issue
a ping command from PC1 to PC2 that sends 2 packets.
7.
In
the capture window, look at some of the ARP packets in detail. What are the different values of the Type
field of the Ethernet header?
8.
Issue another ping command from PC1 to PC2.
9.
Using
a watch or clock with a second hand, every 30 seconds or so, issue an arp –a on PC1.
Estimate how long the cache entries are saved before being
deleted.
In
your lab report, explain the answers that you obtained for the
questions in the
exercise.
|
Linux PC |
IP Addresses of Ethernet Interface eth0 |
Mac
Address |
|
PC1 |
10.0.1.11/24 |
|
|
PC2 |
10.0.1.12/24 |
|
|
PC3 |
10.0.1.13/24 |
|
|
PC4 |
10.0.1.14/24 |
|
1. Start a capture session on PC1 that will capture only those packets that contain the PC1 IP address in the source or destination.
2. Try to establish a ssh session from PC1 to the address 10.0.1.55. Observe the time interval and frequency with which PC1 transmits ARP requests. Repeat a number of times.
3. Save the captured data
Lab Report: Using the captured data, describe the time interval between ARP requests. Use your data to support your answer.
1. Change the IP address of PC4 to be 10.0.1.11 (Duplicating the address of PC1!)
2. Delete all the entries in the ARP cache on all 4 machines.
3. Run wireshark on PC3 and capture the network traffic to and from IP address 10.0.1.11
4. From PC3, star a ssh session to the duplicate IP address 10.0.1.11 and log in as root.
5. Issue the command hostname to determine which host you are connected ( you could confirm by looking at the MAC address)
6. Stop the traffic capture
7. Save all the ARP packets and the first few TCP packets captured. Also save the arp cache of PC3 using the arp –a command.
8. When you are done, reset the IP address of PC4 to 10.0.1.14
Lab Report: Explain why the ssh session was established to one of the hosts with the duplicate address and not the other. Use the arp cache and captured packets to support your explanation
Set up the interfaces on the four machines as shown in the table below. Note that the network masks for the hosts are different!
|
Linux PC |
IP Addresses of Ethernet Interface eth0 |
|
PC1 |
10.0.1.100/24 |
|
PC2 |
10.0.1.101/28 |
|
PC3 |
10.0.1.120/24 |
|
PC4 |
10.0.1.121/28 |
Run wireshark
on PC1 and capture the packets from the following ping commands:
From PC1:
ping
–c 1 10.0.1.120
ping
–c 1 10.0.1.101
ping
–c 1 10.0.1.121
From PC4
ping
–c 1 10.0.1.100
From PC2
ping
–c-1 10.0.1.121
ping
–c 1 10.1.1.120
Save the wireshark output to a text file. Use your ping results and output data to explain what happened in each of the ping commands. Which ping operations were successful and which were unsuccessful? Why?
Your file lab report should have a heading that includes your name, the date you conducted the lab exercise, the lab number, and the names of all individuals who worked on the lab with you. It should be written with an introduction, an explanation of what occurred for each step (including problems encountered) and results along with analysis if appropriate. A conclusion should sum up lessons learned and what things you would do differently if you were to do it again. Finally, make any suggestions that you would recommend for this lab in the future.