Basics Experiment A. Objectives

Department of Engineering Science

Basics-Lab

ES465 9/30/2014

Ver. 2

1

Basics Experiment

A. Objectives 1. Understand the wiring infrastructure of the Huawei Internet Laboratory (HIL) 2. Package management in Ubuntu using APT (e.g., apt-get) 3. Find out the Ethernet and IP addresses of your host station 4. Test connectivity between your computers 5. Cross-over and straight-through cables 6. Monitor traffic at specific ports 7. Learn about networking tools: tcpdump, netstat and ping 8. Setting up vsftp server 9. Learn about ARP and ICMP protocol 10. How to associate host name to IP address 11. Practice with CIDR and slash notations 12. Review how to use basic Linux commands to manipulate files

B. Time of Completion This laboratory activity is designed for students with very little knowledge of networking. The practical part of the lab should take about 3 hours to complete.

C. Requirements None D. Procedure

Pay attention to how the PC numbers are setup. As you complete each part respond to each question. Submit only your responses. All submissions must be typed.

Figure 1 – Example of Group Configuration on Station A

Layer-2 Switch CISCO 3600

FTP Server

192.168.0.26/24 192.168.0.28/24

192.168.0.27/24 192.168.0.29/24

PCAPCB

PCCPCD


Basics-Lab

ES465 9/30/2014

Ver. 2

2

PART I 1. Boot up your computer. Login the Linux machine (do not login as Guest).

After the machine is ready, in a terminal window, using the ifconfig command, determine if you are connected to the Internet. Check and make sure your computer has the latest updates. How do you do it? See Appendix.

YOUR RESPONSE:

2. Check the back of your computer and see which eth (eth0, eth1, etc.) is connected to the LAN cable. This will be your ACTIVE eth. What is your active eth card (DO NOT remove or change the LAN cable)?

YOUR RESPONSE: 3. Use the “sudo ifconfig ethy down” (ethy is your active eth) command to take

down your active eth card. Turn back the eth card to active mode by bringing it up. Make sure you disable (take down) the inactive eth (the one not connected to the LAN). Identify which is the motherboard’s eth. Complete the table below. Rearrange your cables as shown in the table. Note that the eth value for the NIC can be different for different computers. Make sure you know what yours is. Turn on your NIC corresponding to eth2 on the patch panel and use it as the active port.

NIC CARD Software eth Value Patch Panel Motherboard 1 2 3 Change your cables to the following: NIC CARD Software eth Value Patch Panel Motherboard Internet 1 Green=eth1 2 Gray=eth2 3 Yellow=eth3

4. In the top right corner of your computer (as shown in the figure) disable the Internet connection – click on Disconnect (You should not see the double sided arrow when you are using Ubuntu 12.04).

Motherboard eth

NIC 1NIC 2NIC 3

Active eth

Inactive eth


Basics-Lab

ES465 9/30/2014

Ver. 2

3

Use the “ifconfig” command to attach to the eth of your computer the IP address 192.168.0.x. You need to go to the root level for the configuration using the “sudo command”. For the active eth ipaddress, use 192.168.0.x, where “x” is the computer number in the decimal for PCA through PCB located in Stations 1 through 6: 1a= 1x16+10=26; 1b= 1x16+11=27; 1c= 1x16+12=28; 1d= 1x16+13=29. For example for PCA in Station 1 (as shown in Figure 1)

ifconfig ethx 192.168.0.26 netmask 255.255.255.0 broadcast 192.168.0.255

Check and ensure the new address is in effect. From the subnet mask, determine the number of hosts the subnet can accommodate.

YOUR RESPONSE:

5. Display the configuration of all the interfaces using the “ifconfig” command to make sure that appropriate interface is up and active. Pay attention to the following: • Ethernet and IP addresses of the active interface – Note: If there is no IP address most likely

your machine is not connected to the Internet. • The corresponding Subnet Masks.

6. Pin exactly 5 times the active eth of your computer and check the connectivity. Refer to “man

ping” for the command format. How long does it take to receive the response? Record min/average/max/mdev of your result.

Turn on the layer-2 switch. Check your networking rack and make sure your cables are correctly connected as shown in Figure 1.

7. You need two LAN cables (use the Yellow cables) to connect two PCs together via the switch. Connect the cables from the patch panel to the switch. The switch’s Green LED must be turned ON if the cable is connected properly. As you plugin the cables, your IP addresses may reset. Check your IP address. Use straight-through cables.

8. Answer the following questions. Please note that you can download ethtool package to get information about your NIC interface. For more information see Appendix. You can also use sudo lshw –class network command or ifconfig command when needed.

a. What is your computer mask? b. What is your broadcast address? c. What is MTU? What is your MTU set to? d. What kind of LAN cable are you connecting to you switch? e. Does your computer have an IPv6 address? f. What is the MAC address of your NIC card? g. Does the ping connection via the switch work with either straight-through or cross-over

cables? h. Can you connect the cables to any ports on the switch? i. What is the model of the layer-2 switch you are using? What is the manufacturer? j. What is the purpose of a layer-2 switch?


Basics-Lab

ES465 9/30/2014

Ver. 2

4

k. If you connect the two PCs directly together via the patch panel, what kind of LAN cable will you need?

l. What is the difference between a straight-through and cross-over cable. Use a picture to explain.

m. What is the selected speed for your NIC card? n. Is your NIC setup as Full-Duplex or Half-Duplex? What is the difference? o. Is the NIC setup for optical interface or Twisted cable? How do you know?

YOUR RESPONSE: Ping (5 pings) between your computer and the active eth of another computer in your Group. What do you observe? What is the response to the Ping command? Record min/average/max/mdev of your result. Can you ping a PC outside your group? Why? YOUR RESPONSE: In the following sections use the “wireshark” as a protocol analyzer to monitor the traffic. Use the command “sudo wireshark” to run wireshark. 9. In order to generate some traffic at the active eth port, you can ask your partner (in the same group)

to continuously ping the active eth interface of your computer with a packet size of 100 bytes and packet content (or pattern) of all FF for exactly five times. Make sure the interval for each ping is set to 5 sec. Write down the single command to do these operations.

YOUR RESPONSE: 10. Capture the ping traffic. Stop the packet capturing by going to CaptureàStop, or pressing Cntl + E.

After stopping the packet capturing you can (but not necessary to) Save your file and copy it in your flash drive (if you cannot copy the file use the following command to change the file permission: sudo chmod 777 <file>.

11. In wireshark’s filter type “icmp” since ping is an icmp packet. For each ping packet there is a pair of request and response packets. Select one of the request packets and identify its individual components using the wireshark panels. Locate the packet content (or pattern) of all ff. Take a snap shot of your results. Based on your snapshot answer the following questions:

YOUR RESPONSE: a. What is the time interval between two ping Requests? b. What is the data size of each ping Request? c. How many replies do you observe in your captured file? d. What is the time interval between a Request and its Reply? e. What is the data pattern of the Request and Reply? f. What is the IP addresses of the two hosts? g. What is the MAC address of the computer being pinged? h. Draw the frame stack for ICMP. i. Using a timing diagram show how the request and reply work in ping.


Basics-Lab

ES465 9/30/2014

Ver. 2

5

12. How does the IP header identify its content (for example if it is carrying TCP or something else)?

What is the content of the IP packet in the case above? YOUR RESPONSE: 13. What will wireshark capture if you ping your local host (local host)? YOUR RESPONSE: 14. What will wireshark capture if you ping the IP address of your own machine? Elaborate on your

answer. YOUR RESPONSE:


Basics-Lab

ES465 9/30/2014

Ver. 2

6

PART II Make sure you can ping each other on the same station. Ensure your IP address is correctly setup and cables are connected to the switch properly.

15. Make sure you have disabled the network connection on the top right corner of your screen. Open a terminal. Type sudo tcpdump –i ethx -n. Ethx is the NIC you are connected to. In a different terminal ping one of the PCs in your group such that the packet size is 100 bytes and packet content (or pattern) is set to all FF. Ping exactly FIVE times. When the pinging is completed you can press Cntl C to stop tcpdump. Answer the following questions:

a. What is the purpose of tcpdump command? You can do a man on the command. b. What is –n option for? c. How can you redirect the results of tcpdump into a file called tcpdump_result.txt?

What is the command? Open tcpdump_result.txt and check its content. d. From the command line, using grep command how can you verify how many icmp packets

where sent? What is the command you will be using? e. What is the length size of ICMP packets as it appears by tcpdump command (on the

screen)? What is the header size of ICMP? f. Make sure you delete the tcpdump_result.txt file from your computer.

YOUR RESPONSE: 16. In this exercise you manipulate the static mapping of host names and IP addresses using the

/etc/hosts file. Does the following command work? Why? ping PCA YOUR RESPONSE: 17. On your PC terminal first copy the file /etc/hosts:

sudo cp /etc/hosts /etc/hosts_back 18. Inspect the content of file /etc/hosts with gedit:

sudo gedit /etc/hosts 19. Associate host names with the IP addresses and save the changes. Use the names PC1, PC2,

and so on, as used throughout this lab to refer to the PCs as shown in the table below (this table is only an example for Group 1; change it according to your group). NOTE: To associate names with the IP addresses, you should add a line in the structure below at the end of the file: IP-ADDRESS HOST. For examples: 192.168.0.xxx PCxxx

Linux PC IP Addresses of Ethernet for Group 1 PCA 192.168.0.26/24

PCB 192.168.0.27/24

PCC 192.168.0.28/24

PCD 192.168.0.29/24

20. Try pinging PCA, PCB, and so on. Does it work? 21. Reset the /etc/hosts file to its original state. That is, remove the changes you have

made in this exercise, and save the file.


Basics-Lab

ES465 9/30/2014

Ver. 2

7

22. What do you think will happen if you have multiple IP addresses associated with the same

hostname in the /etc/hosts file? You should try this to see what really happens.

YOUR RESPONSE:

Show your results to the Instructor before you proceed!

23. Reset the /etc/hosts file to its original state. That is, remove the changes you have made in this exercise, and save the file.

24. Linux command netstat displays information on the network configuration and activity of a Linux system, including network connections, routing tables, interface statistics, and multicast memberships. The following exercise explores how to use the netstat command to extract different types of information about the network configuration of a host. Try these commands:

Display information on the network interfaces (currently configured) by typing netstat -in Display the content of the IP routing table by typing netstat -rn Display information on TCP and UDP ports that are currently in use by typing netstat -a Display the statistics of various networking protocols by typing netstat -s

25. After typing (netstat -s) record the values of ICMP messages received. Ping exactly five times your own terminal from another machine. Issues (netstat -s) again.

a. What do you observe? b. Can the number of received ICMP messages be larger than the number of received IP

packets? Explain your answer.

YOUR RESPONSE:

Show your results to the Instructor before you proceed!

PART III In this part we explore the operation of the Address Resolution Protocol (ARP), which resolves a MAC address for a given IP address. The lab exercises use the Linux command arp, for displaying and manipulating the contents of the ARP cache.

1. The ARP cache is a table that holds entries of the form <IPaddress, MACaddress>.The most common uses of the arp command are listed below – make sure you try them:

Display the content of the ARP cache, arp –a Delete the entry with the IP address ( arp -d IPAddress –i eth_Number Add a static entry to the ARP cache that is never overwritten by network events. The MAC address is entered as 6 hexadecimal bytes separated by colons. arp -s IPaddress MACAddress


Basics-Lab

ES465 9/30/2014

Ver. 2

8

Example: arp –s 192.168.0.212 00:02:2D:0D:68:C1 Check and see if the new static entry is in the cache. What exactly do you see? What is the PERM for?

YOUR RESPONSE: From your terminal, view the ARP cache with arp -a and delete all entries with the -d option as described above. Start wireshark on your terminal.

2. Issue exactly TWO ping commands from your terminal to your partner’s. You should observe the

ARP a n d D H C P packets in the wireshark window. If this is not the case redo the experiment. Save the wireshark file packets containing all the captured packets. You may want to save it on your laptop for future reference.

a. What is the exact value you enter in order to filter the IP packets of the machine you pinged (your partner’s machine)?

b. What is the MAC address of your partner’s machine? c. Examine the ARP packets. Draw the ARP packet and identify the size of each header. d. How large (in bytes) is the ARP packet portion (ARP data only)? e. Do you observe any DHCP packet? f. Examine one of the DHCP packets. Which node is sending this packet? How do you

know? Show a snapshot of the captured packets to justify your response. g. What is the protocol name as it appears in the wireshark? h. Explain why DHCP packets are generated.

YOUR RESPONSE:

3. Using the captured file, examine the following fields: The destination MAC address of the ARP Request packets & The Type field in the Ethernet headers of ARP packets and ICMP messages.

a. What is the destination MAC address of an ARP Request packet? b. What are the different values of the Type field in the Ethernet headers that you observed?

YOUR RESPONSE:


Basics-Lab

ES465 9/30/2014

Ver. 2

9

Appendix: Useful Linux Commands

1. The apt-get command is a powerful command-line tool used to work with Ubuntu's Advanced Packaging Tool (APT) performing such functions as installation of new software packages, upgrade of existing software packages, updating of the package list index, and even upgrading the entire Ubuntu system.For more information go here: https://help.ubuntu.com/10.04/serverguide/apt-get.html

2. tcpdump command will work on most flavors of unix operating system. tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command. We can also use open source software like wireshark to read the tcpdump pcap files. For more information see http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/

Documents

Basics Experiment A. Objectives