* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download SI202: Week 1
Survey
Document related concepts
IEEE 802.1aq wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Network tap wikipedia , lookup
Computer network wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Transcript
EC312 Practical Exercise 28 Introduction Let’s put to use the networking skills we have learned to date to better understand routing at the router. 1. Set-Up Equipment required: Your issued Laptop. o Turn off the wireless adapter. o Connect the blue Ethernet cable at your desk to your issued laptop. A printed or electronic copy of this security exercise. o If printed, separate the network diagram and answer sheet and have them ready to fill in. VMware Workstation o Power on your Cyber2 VM, then click VM and Settings. o Select Network Adapter and ensure that Connected, Connected at power on, and Bridged: Connected directly to the physical network, and Replicate physical network connection state are selected or checked, then click OK. o Open a terminal in your Cyber2 VM and execute the command sudo dhclient Once it finishes, execute the command ifconfig You screen should look similar to Figure 1 on the top of page 2. Interface eth1 should be assigned an IP address of 192.168.XX.YYY, where XX is your classroom number and YYY is a number between 100 and 199. If not, notify your instructor or lab technician. 1 Figure 1 – ifconfig executed after initial lab setup. Part 1: Getting the Lay of the Land 2. Where Am I? Locate EC312 MID on your network diagram. This is your Cyber2 VM which has just joined a virtual network in a virtual world. You have an Ethernet card in your virtual machine called eth1 that has been assigned an IP address on the virtual network. Identify a) your IP address and compute b) your network address and network mask in CIDR notation using the information from ifconfig. Label parts a) and b) of your network diagram. In order for your packets to leave this virtual network and venture out into the virtual world, your virtual machine must send them to a Gateway Router. Router A is serving this purpose for the network you are connected to. To send your packets to Router A and out into the world, you must know its IP address first. Execute the command route –n Identify the IP address of the Gateway Router. Look under the Gateway column of the Kernel’s IP routing table (see Figure 1 for reference). Recall that address 0.0.0.0 is used to represent any IP address and is not the Gateway Router’s address. Label part c) of your network diagram. 3. Where Do I Go Next? In this virtual world there is an important website located at http://www.usna.edu. Verify the website www.usna.edu exists by opening Firefox and navigating to the website address. Access Firefox by selecting Applications, Internet, Firefox from the system toolbar at the top of your virtual machine (see the figure at the top of the next page for reference). 2 Browse the website to see what information is available. Question 1: Who maintains the website at www.usna.edu? In order for your virtual machine to access this website it first must know the webserver’s IP address. Recall from SI110 that the Domain Name System (DNS) provides a convenient way for us to remember a website’s name rather than a bunch of numbers for an IP address. Both are interchangeable through a series of ‘phonebooks’ (DNS name servers) on the Internet that perform lookups on our behalf. If you provide the phonebook (DNS name server) the name of the webserver you would like to access, it will give you its IP address in response or vice versa as shown in the example in Figure 2 below. Figure 2 – DNS query and response. The query above was generated using a utility called dig to find the IP address for www.cynicalmids.tumblr.com. dig allows you to query a DNS name server and resolve its IP address. Identify the IP address of the website www.usna.edu by executing the following command dig www.usna.edu Label part d) of your network diagram with the IP address belonging to the eth0 interface of the webserver www.usna.edu. 4. How Do I Get There? There are two methods to discover information about the path between you and the webserver www.usna.edu. The first method is the utility ping with record route. It will tell you the IP addresses of the OUTGOING interfaces along the way to and from the final destination. 3 Figure 3 – Example use of ping with record route option. For example, in Figure 3, after the command ping –R –c1 –n 2.2.2.15 is executed, the OUTGOING interfaces are listed in order beginning with: 1) 3.3.3.5 2) 2.2.2.1 3) 2.2.2.15 – the host computer’s interface. – Router A’s eth1. – the webserver’s interface. The OUTGOING interfaces of the return trip are listed in order beginning with: 4) 2.2.2.15 5) 3.3.3.1 6) 3.3.3.5 – the webserver’s interface. – Router A’s eth0. – the host computer’s interface. Identify the IP addresses of the interfaces traversed between you and the webserver www.usna.edu using the ping command (do not forget the –R and –c1 and –n options). Label parts e) through g) of your network diagram. The second method is the utility traceroute, which works similar to ping, except it tells you the address of the INCOMING interface along the path between you and your destination. For example, in Figure 4 on the top of page 5, after the command traceroute –n 2.2.2.15 is executed, the INCOMING interfaces are listed in order beginning with: 1) 3.3.3.1 2) 2.2.2.15 – Router A’s INCOMING interface. – the webserver’s interface. Execute a traceroute to the webserver www.usna.edu (do not forget the –n option). Question 2: Compare your traceroute results with your network diagram. Did they match the expected results obtained from the ping command? 4 Figure 4 – Example of traceroute command. 5. Is Anyone Else Out There? Routers B and C are also present in this virtual world and are responsible forwarding packets between the networks they are connected to and learning about other networks from other routers. Recall from Lecture #28 that routers learn about each other’s networks by using a routing protocol such as the Open Shortest Path First (OSPF) protocol. In OSPF, routers use Link State Packets (LSPs) to communicate with each other and learn about the network topology. Let’s take a closer look at this communication. Launch Wireshark (as root) by selecting Applications, Internet, Wireshark (as root) from the system toolbar at the top of your virtual machine. Open the packet capture labeled sx15 in the ec310code folder in your home directory. Examine the captured OSPF hello packets in the packet details pane. Be sure to expand the OSPF Header and the OSPF Hello Packet portions (see the figure at the top of the next page for reference). These packets were captured from one of the routers in your virtual world. 5 Recall from Lesson 28 that in OSPF routers send Hello Packets at a specific interval in order to let other routers know they are alive. This interval is called the Hello Interval. Question 3: Using the information in the captured Hello Packets, what is the Hello Interval for the router they were captured from? Verify the Hello Interval by observing the amount of time between two OSPF hello packets in your packet capture. Is it equal to the Hello Interval? If after a certain amount of time a router does not receive a Hello Packet from another router it deems that router to be ‘dead’ and removes all routes that were advertised by that router. The time duration before a router is declared dead is known as the Dead Interval. This allows OSPF to respond well to dynamic changes in the network topology. Question 4: What is the Dead Interval for the router’s captured Hello Packets? If you could stop a router’s hello packets from being advertised, would you disable that router? Hello Packets also serve the important function of beginning a neighbor association between two routers when they first meet. Before the new routers agree to swap routing information they must agree on a basic set of parameters and become neighbors first. A router begins this process by identifying itself in the OSPF Header of the packet under the Source OSPF Router field. Question 5: Look inside the OSPF Header of the captured Hello Packet. What IP address is listed in the Source OSPF Router field (note: this IP address does not begin with 192.168.65.XX)? This is IP address is very important. It is known as the Router’s ID and uniquely identifies this router to all other routers. Who is responsible for assigning IP addresses anyway? The network administrator is responsible for assigning IP addresses among many other tasks in maintaining the network. They assign blocks of IP addresses as part of the design of the network architecture to best meet the needs of their clients. What are the routers talking about with each other and why do they need to communicate so often? There are a number of internal measures routers use in order increase efficiency and prevent unnecessary information from clogging up the network, such as electing a Designated Router (DR) and Backup Designated Router (BDR) and managing Link State Updates (LSU). To learn more about OSPF, see http://www.ietf.org/rfc/rfc2328.txt. 6. Could Anyone Hurt Me? Lastly, an evil instructor (because aren’t all instructors evil?) is also present in this virtual world. He or she is located on the 5.5.5.0/25 network and your final task is to find him or her. nmap is powerful utility which allows us to scan networks and identify which hosts are active among many other useful tasks. Execute the command below to scan the 5.5.5.0/25 network and determine which hosts are ‘up’ (i.e., active). It may take a few minutes. nmap –sP 5.5.5.0/25 6 Use traceroute or ping to identify the path to each of the hosts identified as ‘up’ by nmap. Question 6: Using your network diagram and the results from traceroute or ping, what is the most likely IP address of the evil instructor? Confirm the IP address identified with your instructor or lab technician. Label part h) of your network diagram. Use traceroute or ping to verify the interfaces between you and the evil instructor. Label parts i) through k) on your network diagram. 7. Clean Up VMware Workstation o In the VMware Workstation menu click VM and Settings. o Select Network Adapter and ensure that Connected, Connected at power on, and NAT: Used to share the host’s IP address are selected or checked, then click OK. o Suspend your Cyber2 VM. Disconnect the blue Ethernet cable. Turn on your wireless adapter. Maj. Agur Adams, USMC Help us improve these notes! Send comments, corrections and clarifications to [email protected]. 7 EC312 Practical Exercise 28 Name: Question 1: Question 2: Question 3: Question 4: Question 5: Question 6: 8 RA, eth3, c) g) 4.4.4.0/24 4.4.4.1 RC d) f) ___.___.___.___ 4.4.5.0/24 SX#16 Only Evil Instructor ___.___.___.___ /___ m) www.usna.edu ___.___.___.___ RC, eth4, web, eth0, RB ___.___.___.___ ___.___.___.___ 2.2.2.0/29 RA, eth4, RA, eth5, e) i) ___.___.___.___ ___.___.___.___ 5.5.5.0/25 1.1.1.0/29 RB, eth3, ___.___.___.___ RA ___.___.___.___ RC, eth5, EC312 Practical Exercise 28 & 29 RC, eth3, ___.___.___.___ j) RB, eth2, k) ___.___.___.___ ___.___.___.___ /__ b) MID, eth1, a) EC312 MID h) EVL, eth0, 9