Download Lab # 05: Building IP internetwork

King Fahd University of Petroleum and Minerals
College of Computer Science and Engineering
Information and Computer Science Department
Network Laboratory Experiments
ICS 342: Computer Network Technologies
ICS 432: Computer Network Systems
Prepared by: Dr. Nasir Al-Darwish & Mr. Mohamed Buhari
Last revised: April 25, 2004
Table of Contents
Lab # 01: Basic LAN Setup and Peer to Peer Networking ........................................... 2
Lab # 02: Protocol Layers and Encapsulation ............................................................. 19
Lab # 03: TCP/IP Services: Overview of Telnet, FTP and HTTP servers & clients 25
Lab # 04: Cornerstones of the Web: HTML and HTTP. ............................................ 42
Lab # 05: Building IP internetwork .............................................................................. 51
Lab # 06: Domain Name System – Part 1 ..................................................................... 57
Lab # 07: Domain Name System (DNS) – Part 1I ........................................................ 67
Lab # 08: Building IP internetwork .............................................................................. 81
Lab # 09: Capturing and analyzing ARP traffic .......................................................... 94
Lab # 10: Capturing and analyzing ICMP traffic ....................................................... 99
Lab # 11: Capturing and analyzing TCP traffic ........................................................ 109
Lab # 12: Configuring DHCP Servers and Clients .................................................... 117
ICS COMPUTER NETWORK LAB
1
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 01: Basic LAN Setup and Peer to Peer Networking
Objectives:

Create a simple LAN with two PCs using a single crossover cable to connect the
workstations

Create a simple LAN with two PCs using an Ethernet hub and two straight-through
cables to connect the workstations

Use the Control Panel to verify and configure the network settings

Use the Ping command to verify the TCP/IP connection between the two workstations

Use the IPCONFIG.EXE utility to verify all IP configuration settings

Have two or more PCs as members in a workgroup and practice file sharing
Background:
In this lab you learn how to connect two PCs to create a simple Peer-to-Peer LAN or workgroup.
The instructions for this lab focus on the Windows 2003 operating system. You will share a
folder on one workstation and connect to that folder from the other workstation. This lab is
divided into two exercises as follows:
ICS COMPUTER NETWORK LAB
2
Exercise A -- The two PCs (or workstations) will be connected directly to each other [Figure 1]
from one Network Interface card (NIC) [Figure 2] to the other NIC using a crossover cable. This
can be used to create a mini-lab for testing purposes without the need for a hub. Since the NICs
on the workstations are directly connected you will not be able to connect any additional
workstations.
Figure 1. Two PC Connections
Figure 2. Network Interface Card
ICS COMPUTER NETWORK LAB
3
Exercise B -- The two PCs will be connected with a hub between them [Refer Figure 3]. Using a
hub allows for more than just two workstations to be connected depending on the number of
ports on the hub. Hubs can have anywhere from 4 to 32 ports.
Figure 3. Network Connection via Hub
NOTE:
For both exercises A and B, you will verify that the workstations are functioning and that network
hardware is installed properly. You will also need to verify and configure all TCP/IP protocol network
settings for the two workstations to communicate such as IP address and subnet mask.
Tools / Preparation:
It is best to start with a fresh install of Windows. The workstations should have Network Interface Cards
(NIC) installed with the proper drivers (floppy disk or CD) available. The following resources will be
required:

Two Pentium-based workstations with a NIC in each (NIC drivers should be available)
ICS COMPUTER NETWORK LAB
4

Exercise A - One CAT5 Crossover cable to connect the workstations without a hub

Exercise B - An Ethernet hub (4 or 8 port) and two CAT5 straight-wired cables
NOTE:
The following steps 1 and 2 (physical LAN connections) will be different between exercises A and B. The
steps from 3 on should be the same since they relate only to the workstations and should be performed on
both workstations.
Step 1 - Check Local Area Network (LAN) Connections
Task: Verify the cables
Explanation: You should check the cables to verify that you have good layer 1 physical connections
Exercise A - A single CAT 5 crossover cable is used to connect the workstations together. Verify that the
pins are wired as a crossover by holding both RJ-45 connectors side by side with the clip down and
inspect them. Pairs 2 and 3 should be reversed. Refer to the Appendix for correct wire color and pin
locations.
Exercise B - Check each of the two CAT 5 cables from each workstation to the hub. Verify that the pins
are wired straight through by holding the two RJ-45 connectors for each cable side by side with the clip
down and inspect them. All pins should have the same color wire on the same pin at both ends of the
cable. (pin 1 should match pin 1 and pin 8 should match pin 8 etc.) Refer to the Appendix for correct pin
locations.
Step 2 - Plug in and connect the equipment
Task: Check the workstations (and hub for exercise B)
Explanation:
Exercises A and B - Check to make sure that the NICs are installed correctly in each workstation. Plug in
the workstations and turn them on.
Exercise B - Plug the hub or its AC adapter into a power outlet. Plug the straight through cable from
workstation 1 into port 1 of the hub and the cable from workstation 2 into port 2 of the hub. After the
workstations have booted, check the green link light on the back of each NIC and the green lights on
ports 1 and 2 of the hub to verify that the are communicating. This also verifies a good physical
connection between the Hub and the NICs in the workstations (OSI Layers 1 and 2). If the link light is not
ICS COMPUTER NETWORK LAB
5
on it usually indicates a bad cable connection, an incorrectly wired cable or the NIC or hub may not be
functioning correctly.
Step 3 - Network Adapters and Protocols
Task: Check the Network Adapter (NIC): Use the Control PanelSystemDevice Manager utility to
verify that the Network Adapter (NIC) is functioning properly for both workstations. Double click on
Network Adapters and then right click the NIC adapter in use. Click Properties to see if the device is
working properly.
Explanation: If there is a problem with the NIC or driver, the icon will show a yellow circle with an
exclamation mark in it with (possible resource conflict) or a red X indicating a serious problem (device
could cause Windows to lock up).
Step 4 - Check the TCP/IP Protocol Settings:
Task: Use the Control Panel/Network Connections (or Properties in Context Menu of My Network Places)
to display Network Connections Window. Then use Properties in Context Menu of Local Area Connection
to display Local Area Connection Properties Window. Select the TCP/IP protocol from the Configuration
Tab and click on properties. Check the IP Address and Subnet mask for both workstations on the IP
Address Tab.
Figure 4. Network Connections Window
Figure 5. Local Area Connection Properties Window
ICS COMPUTER NETWORK LAB
6
Figure 7. TCP/IP Properties Window
Explanation: The IP addresses can be set to anything as long as they are compatible and on the same
network. Record the existing settings before making any changes in case they need to be set back (for
instance, they may be DHCP clients now). For this lab, use the Class C IP network address of
192.168.230.0 and set workstation 1 to a static IP address 192.168.230.1 and set workstation 2 to
192.168.230.2 Set the default subnet mask on each workstation to 255.255.0.0. For the purpose of this
lab, you can leave the Gateway and DNS Server entries blank.
Note: The lab has been configured into 5 class C IP networks with addresses: 192.168.230.0,
192.168.231.0, 192.168.232.0, 192.168.233.0, 192.168.234.0
ICS COMPUTER NETWORK LAB
7
Step 5 - Check the TCP/IP Settings with the IPCONFIG Utility
Task: Use the ipconfig.exe command to see your TCP/IP settings on one screen. Click on
StartCommand Prompt.
Explanation: Enter ipconfig /all command to see all TCP/IP related settings for your workstation.
1. Fill in the blanks below using the results of the IPCONFIG command from each workstation:
Workstation 1 Name:
Workstation 2 Name:
IP Address:
IP Address:
Subnet Mask:
Subnet Mask:
MAC (Hardware) Address:
MAC (Hardware) Address:
Step 6 - Check the network connection with the Ping Utility
Task: Use the Ping Command to check for basic TCP/IP connectivity. Click on StartCommand Prompt.
Enter the Ping command followed by the IP address of the other workstation (Example - ping
192.168.230.1 or 192.168.230.2).
Explanation: This will verify that you have a good OSI Layers 1 through 3 connections.
Step 7 - Windows Networking Options
By default, a Windows Server 2003-based computer is installed with Client for Microsoft Networks, File
and Printer Sharing for Microsoft Networks, and TCP/IP.
Note: This indicates that just sharing a folder will have the file server enabled. Also, removing the sharing
option on the shared folders will disable the file server. So, it is not at all necessary to install the file server
on windows server 2003.
Note: You can view these services in the properties for the local area connection.
You can create a Windows Server 2003 file server and print server manually, or you can use the wizards
that are provided in the Configure Your Server Wizard administrative tool.
ICS COMPUTER NETWORK LAB
8
How to Install a File Server on Windows Server 2003 by Using the Configure Your
Server Wizard
1. Click Start, point to Administrative Tools, and then click Configure Your Server
Wizard.
2. Click Next. Click Next.
3. “Configure your server wizard” might appear.
4. Select Custom Configuration and Click Next
5. Click File server in the Server role box, and then click Next.
6. On the "File Server Disk Quotas" page, configure any quotas you need to control diskspace usage on the server, and then click Next.
7. On the "File Server Indexing Service" page, click the indexing configuration that is
appropriate for your server, and then click Next.
8. Click Next.
ICS COMPUTER NETWORK LAB
9
9. “Share a Folder” wizard appears. Click Next
10. Click “Browse” and select the folder you want to share. Click Next
11. Enter a name for the sharing.
12. Click Next
13. Click one of the basic permissions for the folder, or click Customize to set custom
permissions on the folder. Click Finish.
14. Click Close. Click Finish.
How to Manually Install a File Server on Windows Server 2003
1.
2.
3.
4.
5.
6.
7.
8.
Click Start, and then click My Computer.
Locate the folder that you want to share.
Right-click the folder, and then click Sharing and Security.
Click Share this folder, and then accept the default name or type a different name for the
share.
Optionally, configure the number of users who can connect, configure permissions for
this folder, and then configure the caching options.
Click OK.
A little hand is displayed in the Windows Explorer window to indicate that the folder is
being shared.
Quit Windows Explorer.
Step 8 - File Folders and Sharing Options
ICS COMPUTER NETWORK LAB
10
Task: Set up a File folder to share: On workstation one, use My Computer to create a folder to be shared
called "Test folder". Using StartMy Computer, select the folder and right click to share it. Enter the
name of the share and click OK.
From the other workstation, click on StartSearchOther Search OptionsComputers or PeopleA
Computer on the network. Type the name of the first workstation in ‘Computer name’ box and Click
Search. Then click the shared folder.
Start  My Computer. Click on ‘Up’ button. Select My Network PlacesEntire NetworkMicrosoft
Windows NetworkWorkgroup. Then select the workstation name and then the shared folder.
Explanation: You can map a drive to the shared folder if you wish. While working in the shared folder on
the other workstation, create a new document and save it. If you have a printer shared you may want to
print the document.
Summary Information on WORKGROUPS AND DOMAINS
ICS COMPUTER NETWORK LAB
11
This section contains a summary on Domains and Workgroups. There are many ways in which
computers can provide services, and manage users into logical groups. This section looks at
some of those approaches.
Workgroups: Peer To Peer Networks
A work-group is a collection of computers that are logically grouped together for a common purpose. In
any organization, logical work-groups exist, like sales, marketing, accounts, salaries and support. By
allowing like people to share their files and resources, it assists the way in which people work and leads to
increased productivity.
In peer networks, each computer is considered a
server, and holds its own accounts database. Each
computer can share resources that it owns, like files,
CD-ROM drives, printers, modems and fax machines.
The advantages of peer-to-peer networks are:





All workstations can make available their resources
No centralized server is required
Security is the responsibility of each workstation
Each computer has its own accounts database that secures the resources it provides to others
It is cheap and easy to set up for small groups
When the number of workstations in the network increase, problems will arise due to the cost of
administration [maintenance of security on so many workstations which have their own accounts] and
security [it is easy for loop holes to develop in which unauthorized users could gain access].
Resources in a Work-group
Typically, computers in a work-group make available resources for other members of the work-group to
use. Features of resources are:





A typical resource is a file, directory or printer
Resources given names (share names)
Resources assigned permissions (like a password)
Permissions can be read-only or full
Any user knowing the password can access the resource
ICS COMPUTER NETWORK LAB
12
Both Windows 9x and Windows NT Workstation support workgroups. Each user in a workgroup can
decide which resources on their computer they will share. Ideally, in a work-group, each person has their
own computer that is normally identified on the network by their first name.
Belonging to a workgroup
To participate in a workgroup, the computer must be configured to be a member of that workgroup. In
Windows 9x, a computer is setup to be part of a work-group via Control PanelNetworks.
The primary network log-on is set to Client For Microsoft Networks. Selecting the Identification tab
enables the user to specify the Workgroup to which the computer belongs. Please note that a computer
can only belong to a single work-group.
Sharing Resources in a workgroup
To share any resource on your computer, File and Printer Sharing must first be enabled. This is found
under Control Panel->Networks->File and Printer Sharing. Once this is enabled, passwords may be
assigned to each resource that is made available. Users cannot use that resource unless they know the
password.
Uniform Resource Locators
Sharing allows the user to specify a password and allocate a name to the resource. In Windows format,
the name of the resource is then known on the work-group as
\\computername\resourcename
For instance, if the computer name was sue, and the resource was specified as temp, then the resource is
known as
\\sue\temp
This is known as the Uniform Resource Locator [URL] for the resource.
Summary of workgroups
In summary, the features of workgroups are:







It is a collection of computers organized for a specific purpose (suits the needs of the group)
It is a peer to peer network
There is no centralized administration
A dedicated server is not required
Each computer has its own accounts database and permission lists
Users can share files, printers and applications
Each computer is identified by a unique name (normally the person using that computer)
NT 4 Domains
A domain is a logical grouping of networked computers that share a central directory database.
ICS COMPUTER NETWORK LAB
13
The domain centralizes all accounts into a
secure accounts database (SAM). When
users log on, their account details are
checked against the entries in the SAM,
and if they match, the user can log on.
Because all security account information is centralized, it means each computer that is a member of the
domain can share and access this account information, and there is no longer a need for each computer to
have its own accounts database.
The domain consists of a primary domain controller (the first computer installed as a PDC running NT 4
server), other backup domain controllers, and client workstations. When the PDC is installed, the SAM is
created and then additional user accounts and resources can be defined, as well as adding additional
computers to the domain. At regular intervals changes made to the Sam on the PDC are copied
(replicated) to the other backup domain controllers in the domain. These backup domain controllers keep
copies of the SAM that is stored on the PDC, and assist in validating user logon requests.
The domain concept attempts to solve the issues of management and security, by providing a central point
of log on to the network. This central point of log on validates the user as authentic, and only grants those
resources to the user that has been pre-assigned to them.
Having a single point of log on validation simplifies administration, as there is now only one place where
accounts need to be updated.
A domain is a logical grouping of one or more Windows NT 4 server based computers that allow them to
be managed as a single unit. Using domains, the administrator creates one account for each user. Users
log on to the domain, not the individual servers in the domain.
Users do not need a separate account on each server in the domain. They only need one user account in
the domain. This account can then be used to access any resource on any server in the domain.
ICS COMPUTER NETWORK LAB
14
A domain consists of the following




one primary domain controller
one or more backup domain controllers
resource servers
participating clients like Windows 9x and Windows NT 4 Workstation based computers
A primary domain controller



validates user log-on to the domain
centralizes user accounts and security policies into a single database
provides a single administrative unit for the network
A backup domain controller



also validates user log-on to the domain
provides redundancy in the event of the PDC going off-line
keeps a copy of the domain accounts database [replicated automatically from PDC]
A resource server



provides data storage or application software for users
does not handle domain log-on, so is more efficient
runs applications like SQL database or Remote Access
In addition, multiple domains can be combined into larger organization units or models. One domain can
utilize [trust] the accounts of another domain. This provides scalability as the organization grows.
NT 4 Domains summary





domains are logical groupings of Windows NT Server based computers
domains provide a single network log on to server based resources
they simplify administration by providing a single point of administering user accounts and
security policies
domains provide backup systems [redundancy] to take over in the event of a PDC going off-line
the accounts database is replicated to backup domain controllers
ICS COMPUTER NETWORK LAB
15
Appendix - Straight-through versus Crossover CAT 5 UTP cables
Use the following tables and diagrams and steps to create a crossover cable. One end of the cable
should be wired to the T568-A standard and the other end to the T568-B standard. This crosses the
transmit and receive pairs (2 and 3) to allow communication to take place. Only four wires (2 pairs) are
used with 10BASE-T or 100BASE-T Ethernet:
T568-A Cabling
Pin# Pair#
Function
Wire Color
Used with
Used with 100
10/100
BASE-T4 and
BASE-T
1000 BASE-T
Ethernet?
Ethernet?
1
3
Transmit
White/Green
Yes
Yes
2
3
Transmit
Green/White
Yes
Yes
3
2
Receive White/Orange
Yes
Yes
4
1
Not used
Blue/White
No
Yes
5
1
Not used
White/Blue
No
Yes
6
2
Receive Orange/White
Yes
Yes
7
4
Not used White/Brown
No
Yes
8
4
Not used Brown/White
No
Yes
Used with
Used with 100
10/100
BASE-T4 and
BASE-T
1000 BASE-T
Ethernet?
Ethernet?
T568-B Cabling
Pin# Pair#
Function
Wire Color
1
2
Transmit White/Orange
Yes
Yes
2
2
Transmit Orange/White
Yes
Yes
3
3
Receive
White/Green
Yes
Yes
4
1
Not used
Blue/White
No
Yes
5
1
Not used
White/Blue
No
Yes
ICS COMPUTER NETWORK LAB
16
6
3
Receive
Green/White
Yes
Yes
7
4
Not used White/Brown
No
Yes
8
4
Not used Brown/White
No
Yes
ICS COMPUTER NETWORK LAB
17
ICS COMPUTER NETWORK LAB
18
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 02: Protocol Layers and Encapsulation
Objectives:

Learn the concepts of protocol layers and encapsulation

Contrast ISO OSI 7-layer model with TCP/IP 5-layer model

Learn some of the functions provided by physical, data link, network, transport and
application layers

Learn the encapsulation process in a typical TCP/IP implementation over Ethernet LAN
hardware

Distinguish between Data Link layer (e.g. Ethernet) addresses and Network Layer (e.g.
IP) addresses

Use Frame Capture software to capture Ping Echo requests and Echo replies
Background Information:
Recall that a layered approach is a technique used to simplify the design of complex systems. Many
obstacles have to be overcome in order for two applications running on different computers to exchange
data in a way that is useful for end-users.
Using a layered approach, a network communication protocol is used at each layer starting with the data
link layer all the way to the application layer. A protocol will define its own protocol data unit (PDU),
which includes a header and optionally a trailer. The protocol defines the format and meaning of various
fields in its headers and trailers.
Note that a protocol is implemented by a process (program) that does the following:
On the sending side, a layer takes data from its immediate higher layer, appends its own header and
passes it to its immediate lower layer. This process is known as encapsulation.
On the receiving side, the reverse process takes place. The layer in view expects a PDU to be passed from
its immediate lower layer that it then processes and passes the content of that PDU to its immediate higher
layer.
In this lab you will first restore every machine to some normal configuration (i.e. wiring with
properly numbered (patch-panel terminated) cables and using consistent computer names and
IP configuration). Then you will install Sniffem frame capture software and use it to capture and
ICS COMPUTER NETWORK LAB
19
analyze the frame that is generated by source and destination stations when Ping command is
used.
ICS COMPUTER NETWORK LAB
20
Task 1: Structured Wiring and Consistent IP Configuration
Besides each computer there are two gray UTP cables that are tagged with certain numbers.
These cables are already terminated into a patch panel (with port number matching the number
on the cable). Ensure that these cables are connected to the network cards. Then from the
patch panel port use a short UTP cable to connect a port on the hub. This form of cabling is
known as Structured Cabling as shown in Figure 1.
Ethernet Hub
Patch Panel
Ethernet Card
Figure 1. Structured Cabling
The lab has been configured into 5 class C IP networks with addresses:
192.168.230.0 (NWLA)
192.168.231.0 (NWLB)
192.168.232.0 (NWLC)
192.168.233.0 (NWLD)
192.168.234.0 (NWLE)
Each of the above networks has 4 PCs and each PC is equipped with two Ethernet cards. A PC has a label
indicating its name and network to which it belongs. For the time being we will configure the two cards to
be on the same IP network as follows:
The 1st computer on network NWLA is labeled as ICS-NWLA1 and will use IP addresses
192.168.230.1 (for the first NIC) and 192.168.230.5 (for the second NIC).
ICS COMPUTER NETWORK LAB
21
The 2nd computer on network NWLA is labeled as ICS-NWLA2 and will use IP addresses
192.168.230.2 (for the first NIC) and 192.168.230.6 (for the second NIC).
Task: Configure each card properly then use the command ipconfig /all command to see all TCP/IP
related settings for your workstation.
Fill in the blanks below using the results of the IPCONFIG command from your workstation:
Workstation Name:
IP Address:
IP Address:
Subnet Mask:
Subnet Mask:
MAC (Hardware) Address:
MAC (Hardware) Address:
Task 2: Frame Capture and Analysis
Make sure that Sniffem software is properly installed on your computer. Once you start Sniffem
[StartAll ProgramsSniffemSniffem], select ToolsSettings from main menu. This displays the
Settings window as shown in Figure 2. On this window, select the network interface [select any one of
the 3Com adapters listed under the heading ‘Choose an Adapter from the list’] on which the frames will
be captured and click OK. Then to start capturing frames, click on the green arrow button on the toolbar.
Click the same button (which is now a red stop button) again to stop capturing.
ICS COMPUTER NETWORK LAB
22
Figure 2: Sniffem Capture
To generate traffic with ping command, do the following:
1. StartCommand Prompt
2. Type the command ‘ping 192.168.230.1’ where the IP address given is the IP address of your
nearby PC. You can use the repetitive pinging option using –t
 ping –t 192.168.230.1
3. Stop the ping using Ctrl-C after you see that the Sniffem has captured some packets
Information about the frames that have been captured by Sniffem will be shown using three views as
shown on Figure 3. The window is divided into three panes (sections, views). The top-right pane
(frame/packet list view) contains one line summary for every frame captured. The left pane (packetdecoding view) and bottom-right pane (Hex/ASCII dump view) contains detailed information about the
currently-selected frame (line) from the frame list view. Note that in Figure 3 we are seeing the details of
a Ping ICMP Echo Request packet because the TYP field in the ICMP header is set to 8.
Figure 3: Captured Output for Ping command
Network/IP Address
Ethernet/MAC/Physical/Hardware Address
Exercise:
Follow these steps to capture ICMP Echo Request and Echo Reply packets.
1. Choose the FileNew Project to start a new capture project.
ICS COMPUTER NETWORK LAB
23
2.
3.
4.
5.
Open a command prompt window and type ping <ip address> but do not hit Enter yet.
Click the green arrow button to start capturing frames.
Go back to the command prompt window and hit Enter.
Stop capture by clicking the red button [which appears on the same place as green arrow button
before].
6. Analyze the results.
a. How many Echo Request and Echo Reply frames you captured?
b. Identify source and destination addresses:
i. Ethernet (data link)
 Under MAC Header in Packet Decoding panel [Left-panel]
ii. IP (network) layers
 Under IPv4 Header in Packet Decoding panel [Left-panel]
14 byte Ethernet
Frame Header
Ethernet Destination Address
6 bytes
Ethernet Source Address
6 bytes
EtherType
20 byte
IP Header
Protocol
2 bytes: 0800 indicates that the frame
contains IP packet
1 byte: 01 indicates that the
packet contains ICMP message
IP Source Address
4 bytes
IP Destination Address
4 bytes
ICMP Message
Frame Checksum
4 bytes
Figure 4. An Ethernet frame containing IP packet that in turn contains ICMP message
Review Questions:
1. Name some of the issues that have to be addressed in the design of a computer network.
2. Draw a diagram illustrating the layers and their associated protocols during a web browser session
with the web browser running on computer A and the web server running on computer B. The two
computers are linked together using an Ethernet network.
ICS COMPUTER NETWORK LAB
24
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 03: TCP/IP Services: Overview of Telnet, FTP and HTTP servers & clients
Capturing Application Protocol Data.
Objectives:






Learn the concepts of client/server applications
Familiarize oneself with the basic services of TCP/IP and their reserved port numbers, their
application protocols (i.e. HTTP, FTP, etc.) and their transport protocols (i.e. UDP or TCP)
Learn the basic commands of Telnet
Learn the basic commands of FTP
Setup a Web server and publish a Web site
Use Buffer Decoding View in Frame Capture software to capture some application protocols data
including HTTP and FTP.
Background Information:
Networking protocols are normally developed in layers, with each layer responsible for a different facet
of the communications. A protocol suite, such as TCP/IP, is the combination of different protocols at
various layers. TCP/IP is normally considered to be a 5-layer stack as shown in Figure 1.
Application
Telnet, FTP, Web, e-mail, etc.
Transport
TCP, UDP
Network
IP, ICMP, IGMP
Data Link +Physical Device driver and interface card
Figure 1. The five layers of the TCP/IP protocol suite.
Each layer has a different responsibility:
1. The data-link and physical layers or sometimes referred to as network interface layer, normally
include the device driver in the operating system and the corresponding network interface card in
the computer. Together they handle all the hardware details of physical interfacing with the cable
(or whatever type of media is being used).
2. The network layer (sometimes called the internet layer) handles the movement of packets around
the network. Routing of packets, for example, takes place here. IP (Internet Protocol), ICMP
(Internet Control Message Protocol), and IGMP (Internet Group Management Protocol) provide
the network layer in the TCP/IP protocol suite.
3. The transport layer provides a flow of data between two hosts, for the application layer above. In
the TCP/IP protocol suite, there are two vastly different transport protocols: TCP (Transmission
Control Protocol) and UDP (User Datagram Protocol).
ICS COMPUTER NETWORK LAB
25
TCP provides a reliable flow of data between two hosts. It is concerned with things such as
dividing the data passed to it from the application into appropriately sized chunks for the network
layer below, acknowledging received packets, setting timeouts to make certain the other end
acknowledges packets that are sent, and so on. Because the transport layer provides this reliable
flow of data, the application layer can ignore all these details.
UDP, on the other hand, provides a much simpler service to the application layer. It just sends
packets of data called datagrams from one host to the other, but there is no guarantee that the
datagrams reach the other end. The application layer must add any desired reliability.
There is a use for each type of transport protocol, which we'll see when we look at the different
applications that use TCP and UDP.
4. The application layer handles the details of the particular application. There are many common
TCP/IP applications that almost every implementation provides:
o Telnet for remote login,
o FTP, the File Transfer Protocol,
o SMTP, the Simple Mail Transfer protocol, for electronic mail,
o SNMP, the Simple Network Management Protocol
If we have two hosts on a local area network (LAN) such as an Ethernet, both running FTP, Figure 2
shows the protocols involved.
Figure 2. Two hosts on a LAN running FTP
We have labeled one application box the FTP client and the other the FTP server. Most network
applications are designed so that one end is the client and the other side is the server. The server provides
some type of service to clients, in this case access to files on the server host. In the remote login
application, Telnet, the service provided to the client is the ability to login to the server's host.
ICS COMPUTER NETWORK LAB
26
Each layer has one or more protocols for communicating with its peer at the same layer. One protocol, for
example, allows the two TCP layers to communicate, and another protocol lets the two IP layers to
communicate.
On the right side of Figure 2 we have noted that normally the application layer is a user process while the
lower three layers are usually implemented in the kernel (the operating system). Although this isn't a
requirement, it's typical and this is the way it's done under UNIX.
There is another critical difference between the top layer in Figure 2 and the lower three layers. The
application layer is concerned with the details of the application and not with the movement of data across
the network. The lower three layers know nothing about the application but handle all the communication
details.
We show four protocols in Figure 2, each at a different layer. FTP is an application layer protocol, TCP is
a transport layer protocol, IP is a network layer protocol, and the Ethernet protocols operate at the data
link layer. The TCP/IP protocol suite is a combination of many protocols. Although the commonly used
name for the entire protocol suite is TCP/IP, TCP and IP are only two of the protocols. (An alternative
name is the Internet Protocol Suite.)
The purpose of the network interface layer and the application layer are obvious-the former handles the
details of the communication media (Ethernet, token ring, etc.) while the latter handles one specific user
application (FTP, Telnet, etc.). But on first glance the difference between the network layer and the
transport layer is somewhat hazy. Why is there a distinction between the two? To understand the reason,
we have to expand our perspective from a single network to a collection of networks. An internet is a
collection of networks that all use the same protocol suite. The easiest way to build an internet is to
connect two or more networks with a router. This is often a special-purpose hardware box for connecting
networks. The nice thing about routers is that they provide connections to many different types of
physical networks: Ethernet, token ring, point-to-point links, FDDI (Fiber Distributed Data Interface), and
so on.
Figure 3 shows an internet consisting of two networks: an Ethernet and a token ring, connected with a
router. Although we show only two hosts communicating, with the router connecting the two networks,
any host on the Ethernet can communicate with any host on the token ring.
In Figure 3 we can differentiate between an end system (the two hosts on either side) and an intermediate
system (the router in the middle). The application layer and the transport layer use end-to-end protocols.
In our picture, these two layers are needed only on the end systems. The network layer, however, provides
a hop-by-hop protocol and is used on the two end systems and every intermediate system.
ICS COMPUTER NETWORK LAB
27
Figure 3. Two networks connected with a router
In the TCP/IP protocol suite, the network layer [IP] provides an unreliable service. That is, it does its best
job of moving a packet from its source to its final destination, but there are no guarantees. TCP, on the
other hand, provides a reliable transport layer using the unreliable service of IP. To provide this service,
TCP performs timeout and retransmission, sends and receives end-to-end acknowledgments, and so on.
The transport layer and the network layer have distinct responsibilities.
A router, by definition, has two or more network interface layers (since it connects two or more
networks). Any system with multiple interfaces is called multihomed A host can also be multihomed but
unless it specifically forwards packets from one interface to another, it is not called a router. Also, routers
need not be special hardware boxes that only move packets around an internet. Most TCP/IP
implementations allow a multihomed host to act as a router also, but the host needs to be specifically
configured for this to happen. In this case we can call the system either a host (when an application such
as FTP or Telnet is being used) or a router (when it's forwarding packets from one network to another).
We'll use whichever term makes sense given the context.
TCP and UDP are the two predominant transport layer protocols. Both use IP as the network layer.
TCP provides a reliable transport layer, even though the service it uses (IP) is unreliable. The applications
are normally user processes.
UDP sends and receives datagrams for applications. A datagram is a unit of information (i.e., a certain
number of bytes of information that is specified by the sender) that travels from the sender to the receiver.
Unlike TCP, however, UDP is unreliable. There is no guarantee that the datagram ever gets to its final
destination.
IP is the main protocol at the network layer. It is used by both TCP and UDP. Every piece of TCP and
UDP data that gets transferred around an internet goes through the IP layer at both end systems and at
every intermediate router.
ICS COMPUTER NETWORK LAB
28
At the top of the TCP/IP protocol architecture is the Application Layer. This layer includes all processes
that use the Transport Layer protocols to deliver data. There are many applications protocols. Most
provide user services, and new services are always being added to this layer.
The most widely known and implemented applications protocols are:
Telnet
FTP
SMTP
HTTP
The Network Terminal Protocol, which provides remote login over the network.
The File Transfer Protocol, which is used for interactive file transfer.
The Simple Mail Transfer Protocol, which delivers electronic mail.
The Hypertext Transfer Protocol, which delivers Web pages over the network.
While HTTP, FTP, SMTP, and telnet are the most widely implemented TCP/IP applications, you will
work with many others as both a user and a system administrator. Some other commonly used TCP/IP
applications are:
Domain Name Service (DNS): Also called name service, this application maps IP addresses to the names
assigned to network devices.
Open Shortest Path First (OSPF): Routing is central to the way TCP/IP works. Network devices to
exchange routing information use OSPF.
Network Filesystem (NFS): This protocol allows files to be shared by various hosts on the network.
Client-Server Model
Most networking applications are written as a two parts (two sides): client and server. The client part
handles the interaction with end-use, whereas the server part may run on a different system and would
generally handle multiple clients at the same time. It is also possible (and definitely useful during the
application development) to run both parts on the same host. The server is always started before any client
and kept running indefinitely or for as long as necessary.
We can categorize servers into two classes: iterative or concurrent. An iterative server iterates through the
following steps.
I1. Wait for a client request to arrive.
I2. Process the client request.
I3. Send the response back to the client that sent the request.
I4. Go back to step I1.
The problem with an iterative server is when step I2 takes a while. During this time no other clients are
serviced. A concurrent server, on the other hand, performs the following steps.
Cl. Wait for a client request to arrive.
C2. Start a new server to handle this client's request. This may involve creating a new process, task, or
thread, depending on what the underlying operating system supports. How this step is performed depends
on the operating system. This new server handles this client's entire request. When complete, this new
server terminates.
C3. Go back to step Cl.
The advantage of a concurrent server is that the server just spawns other servers to handle the client
requests. Each client has, in essence, its own server. Assuming the operating system allows
multiprogramming, multiple clients are serviced concurrently.
ICS COMPUTER NETWORK LAB
29
The reason we categorize servers, and not clients, is because a client normally can't tell whether it's
talking to an iterative server or a concurrent server.
As a general rule, TCP servers are concurrent, and UDP servers are iterative, but there are a few
exceptions.
Port Numbers
We said that TCP and UDP identify applications using 16-bit port numbers. How are these port numbers
chosen?
Servers are normally known by their well-known port number. For example, every TCP/IP
implementation that provides an FTP server provides that service on TCP port 21. Every Telnet server is
on TCP port 23. Every implementation of TFTP (the Trivial File Transfer Protocol) is on UDP port 69.
Those services that can be provided by any implementation of TCP/IP have well-known port numbers
between 1 and 1023. The well-known ports are managed by the Internet Assigned Numbers Authority
(IANA).
Until 1992 the well-known ports were between 1 and 255. Ports between 256 and 1023 were normally
used by Unix systems for Unix-specific services, i.e., services found on a Unix system, but probably not
found on other operating systems. The IANA now manages the ports between 1 and 1023.
An example of the difference between an Internet-wide service and a Unix-specific service is the
difference between Telnet and Rlogin. Both allow us to login across a network to another host. Telnet is a
TCP/IP standard with a well-known port number of 23 and can be implemented on almost any operating
system. Rlogin, on the other hand, was originally designed for Unix systems (although many non-Unix
systems now provide it also) so its well-known port was chosen in the early 1980s as 513.
A client usually doesn't care what port number it uses on its end. All it need to be certain of is that
whatever port number it uses be unique on its host. Client port numbers are called ephemeral ports (i.e.,
short lived). This is because a client typically exists only as long as the user running the client needs its
service, while servers typically run as long as the host is up.
The well-known port numbers are contained in the file /etc/services on most Unix systems. To find the
port numbers for the Telnet server and the Domain Name System, we can execute
sun% grep telnet /etc/services
telnet 23/tcp
sun% grep domain /etc/services
domain 53/udp
domain 53/tcp
says it uses TCP port 23
says it uses
and TCP port 53
UDP
port
53
Reserved Ports
TCP/IP applications use the concept of reserved ports. Only a process with superuser privileges can
assign itself a reserved port.
ICS COMPUTER NETWORK LAB
30
These port numbers are in the range of 1 to 1023, and are used by some applications (notably Rlogin) as
part of the authentication between the client and server.
Standardization Process
Who controls the TCP/IP protocol suite, approves new standards, and the like? There are four groups
responsible for Internet technology.
1. The Internet Society (ISOC) is a professional society to facilitate, support, and promote the
evolution and growth of the Internet as a global research communications infrastructure.
2. The Internet Architecture Board (IAB) is the technical oversight and coordination body. It is
composed of about 15 international volunteers from various disciplines and serves as the final
editorial and technical review board for the quality of Internet standards. The IAB falls under the
ISOC.
3. The Internet Engineering Task Force (IETF) is the near-term, standards-oriented group, divided
into nine areas (applications, routing and addressing, security, etc.). The IETF develops the
specifications that become Internet standards. An additional Internet Engineering Steering Group
(IESG) was formed to help the IETF chair.
4. The Internet Research Task Force (IRTF) pursues long-term research projects.
Both the IRTF and the IETF fall under the IAB.
RFCs
All the official standards in the Internet community are published as a Request for Comment, or RFC.
Additionally there are lots of RFCs that are not official standards, but are published for informational
purposes. The RFCs range in size from 1 page to almost 200 pages. A number, such as RFC 1122, with
higher numbers for newer RFCs, identifies each RFC.
All the RFCs are available at no charge through electronic mail or using FTP across the Internet. Sending
electronic mail as shown here:
To: [email protected]
Subject: getting rfcs
help: ways_to_get_rfcs
returns a detailed listing of various ways to obtain the RFCs.
The latest RFC index is always a starting point when looking for something. This index specifies when a
certain RFC has been replaced by a newer RFC, and if a newer RFC updates some of the information in
that RFC. These are a few important RFCs:
1. The Assigned Numbers RFC specifies all the magic numbers and constants that are used
in the Internet protocols. At the time of this writing the latest version of this RFC is 1340.
When this RFC is updated (it is normally updated at least yearly) the index listing for
1340 will indicate which RFC has replaced it.
2. The Internet Official Protocol Standards, currently RFC 1600. This RFC specifies the
state of standardization of the various Internet protocols. Each protocol has one of the
following states of standardization: standard, draft standard, proposed standard,
experimental, informational, or historic. Additionally each protocol has a requirement
level: required, recommended, elective, limited use, or not recommended.
ICS COMPUTER NETWORK LAB
31
Like the Assigned Numbers RFC, this RFC is also reissued regularly. Be sure you're reading the
current copy.
3. The Host Requirements RFCs, 1122 and 1123. RFC 1122 handles the link layer, network
layer, and transport layer, while RFC 1123 handles the application layer. These two RFCs
make numerous corrections and interpretations of the important earlier RFCs, and are
often the starting point when looking at any of the finer details of a given protocol. They
list the features and implementation details of the protocols as either "must," "should,"
"may," "should not," or "must not."
4. The Router Requirements RFC. The official version of this is RFC 1009. This is similar
to the host requirements RFCs, but specifies the unique requirements of routers.
Standard, Simple Services
There are a few standard, simple services that almost every implementation provides. Figure 4 describes
these services. We can see from this figure that when the same service is provided using both TCP and
UDP, both port numbers are normally chosen to be the same.
Name
TCP
port
UDP
port
RFC
Description
echo
7
7
862
Server returns whatever the client sends.
discard
9
9
863
Server discards whatever the client sends.
daytime
13
13
867
Server returns the time and date in a human-readable
format.
chargen
19
19
864
TCP server sends a continual stream of characters, until
the connection is terminated by the client. UDP server
sends a datagram containing a random number of
characters each time the client sends a datagram.
Time
37
37
868
Server returns the time as a 32-bit binary number. This
number represents the number of seconds since midnight
January 1, 1900, UTC.
Figure 4. Standard, simple services provided by most implementations.
ICS COMPUTER NETWORK LAB
32
Task 1: Install and Examine TCP/IP services
To install some of the TCP/IP services in Windows 2003 use StartControl PanelAdd or Remove
ProgramsAdd/Remove Windows Components. This displays the dialogs shown in the following
Figure. Select Networking Services and click on Details. Many services are found under Networking
Services. Make sure that ‘Simple TCP/IP Services’ is selected. If not selected, select it and give OK. If
ask for CD, click OK and then provide the location as C:\software\i386.
To verify, stop and resume any of these service use StartAdministrative ToolsServices, which
displays the Services Window shown below.
ICS COMPUTER NETWORK LAB
33
Finally, one can use Telnet client to interact with any of these services. If Telnet is not enabled, you can
enable it using: StartAdministrative ToolsServicesTelnet; Right-click and select Properties.
Select Stratup typeAutomatic. You might need to click on Start button or else, right-click and then
select start.
For example, to access chargen (which listens on TCP port 19), type the following at the Start
Command Prompt: telnet 127.0.0.1 19
Note: Sometimes, you need to use the IP address of your PC.
Write down the command to access the Daytime service. What is the output?
Install Internet Information Services and the FTP Service
Because FTP depends on Microsoft Internet Information Services (IIS), IIS and the FTP Service
must be installed on the computer. To install IIS and the FTP Service, follow these steps.
NOTE: In Windows Server 2003, the FTP Service is not installed by default when you install
IIS. If you already installed IIS on the computer, you must use the Add or Remove Programs tool
in Control Panel to install the FTP Service.
1. Click Start, point to Control Panel, and then click Add or Remove Programs.
2. Click Add/Remove Windows Components.
3. In the Components list, click Application Server, click Internet Information Services
(IIS) (but do not select or clear the check box), and then click Details.
4. Click to select the following check boxes (if they are not already selected):
Common Files
File Transfer Protocol (FTP) Service
Internet Information Services Manager
World Web Wide Service
ICS COMPUTER NETWORK LAB
34
5. Click to select the check boxes next to any other IIS-related service or subcomponent that
you want to install, and then click OK.
6. Click Next.
7. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer's
CD-ROM drive or provide a path to the location of the files [C:\software\i386], and then
click OK.
8. Click Finish.
IIS and the FTP service are now installed. You must configure the FTP Service before you can
use it.
Configure The FTP Service
To configure the FTP Service to allow only anonymous connections, follow these steps:
1.
2.
3.
4.
5.
6.
Start StartAdministrative ToolsInternet Information Services Manager.
Expand Server_name, where Server_name is the name of the server.
Expand FTP Sites
Right-click Default FTP Site, and then right-click and select Properties.
Click the Security Accounts tab.
Click to select the Allow Anonymous Connections check box (if it is not already
selected), and then click to select the Allow only anonymous connections check box.
When you click to select the Allow only anonymous connections check box, you
configure the FTP Service to allow only anonymous connections. Users cannot log on by
using user names and passwords.
7. Click the Home Directory tab.
8. Click to select the Read and Log visits check boxes (if they are not already selected), and
then click to clear the Write check box (if it is not already cleared).
9. Click OK.
10. Quit Internet Information Services Manager.
ICS COMPUTER NETWORK LAB
35
The FTP server is now configured to accept incoming FTP requests. Copy or move the files that you want
to make available to the FTP publishing folder for access. The default folder is C:\Inetpub\Ftproot.
Task 2: Using FTP
Before you try to interact with your local FTP server, make sure the FTP publishing service is running
and that you have create some FTP site (i.e. published some folder through the FTP server). One-way to
do this latter step is to use the StartAdministrative ToolsInternet Information Services Manger
as shown in the Window below.
Any FTP client program can access the folder made available by FTP server. These include
chracter-based client such as the FTP command or GUI-based client such as CuteFTP and IE 6.0.
Using IE 6.0, you use the word ftp in place of http to access an FTP server as shown below.
The following is a sample interaction with an FTP server using the FTP command.
C:\>ftp 127.0.0.1 [Note: Sometimes you need to use the IP address]
Connected to 192.168.230.1.
ICS COMPUTER NETWORK LAB
36
220 Microsoft FTP service
User (192.168.230.1:(none)): anonymous
Anonymous access allowed, send identity (e-mail name) as password.
Password: [email protected]
230 anonymous user logged in.
ftp> cat
Invalid command.
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
02-25-04 02:00PM <DIR> images
226 Transfer complete.
ftp: 258 bytes received in 0.06Seconds 4.10Kbytes/sec.
ftp> help
Commands may be abbreviated. Commands are:
!
delete
literal
prompt
send
?
debug
ls
put
status
append
dir
mdelete
pwd
trace
ascii
disconnect
mdir
quit
type
bell
get
mget
quote
user
binary
glob
mkdir
recv
verbose
bye
hash
mls
remotehelp
cd
help
mput
rename
close
lcd
open
rmdir
ftp> cd images
250 CWD command successful.
ftp> dir
…
ftp> get index.html index.html
200 PORT command successful.
150 ASCII data connection for index.html (196.1.65.148,1209) (211 bytes).
226 ASCII Transfer complete.
ftp: 219 bytes received in 0.01Seconds 14.60Kbytes/sec.
ftp>
……..
ftp> get RemoteFile LocalFile
……..
ftp> put Localfile RemoteFile
ftp> quit
221 Goodbye
Task 3: Setup a Web Server and publish a Web site
To setup IIS, Microsoft-provided web server software for Windows 2003, refer to the instructions in
Task1 above. Follow these steps to publish a folder as a Web site.
1. To create a site on the IIS web server, Right Click on the corresponding directory in the Windows Explorer and
select ‘Sharing and Security…’. Select Web Sharing form the dialog and the dialog will appear as shown.
ICS COMPUTER NETWORK LAB
37
2. In the above dialog select Share this folder. You can use the suggested alias (this is the part that will follow the
host name in the URL used to access the site by the browser – see the subsequent figure. Directory browsing will
work if you enable directory browsing and there is no default document (i.e. default.htm).
3. To access the above site, launch the Browser and use any of these URLs
http://ServerName/mysite or http://ServerIPAddress/mysite
The above URLs will work from any station.
Also you can use the following URLs to access the local web server
http://127.0.0.1/mysite or http://localhost/mysite
If you are not able to access the folder, you can put an HTML file named index.htm in that FTP folder and try to
access that website. Sometimes, you need to enter the administrator along with its password to access the website.
Also sometimes, you might need to use your IP address instead of 127.0.0.1.
ICS COMPUTER NETWORK LAB
38
Note: You need to select the directory you enabled for directory listing from StartAdministrative ToolsInternet
Information Services ManagerDefault Web Site. Then Right-click the directory and click Properties. Select
Directory SecurityAuthentication and Access Control. Click Edit button. Then enable Anonymous Access.
To have more control over the IIS configuration use StartAdministrative ToolsInternet Information
Services Manager.
Task 4: Use Buffer Decoding View to display Application Protocol Data
Capturing HTTP traffic
In this experiment you will use three different stations. Have Sniffer software run on Station A and try to
capture the HTTP traffic data during a web session between stations B (web browser) and station C
(web server). This approach works only when you are connected to a hub. If connected to a switch you
should make sure that it is not configured to different VLANs.
ICS COMPUTER NETWORK LAB
39
A
B
Sniffer
Web Browser
C
Web server
As the above figure shows there are three TCP packet exchanges (three-way hand shake used to open a
TCP connection) preceding the TCP packet containing the actual GET request. Note that HTTP data
immediately follows the TCP header and is readable in the ASCII interpretation of the hex dump (rightbottom view)
Remove all the services you have installed:
1. Start Control Panel  Add or Remove Programs  Add/Remove Windows Components
2. Deselect those services you have selected before and click Next/Ok until Finish.
3. For Telnet, you can go to StartControl PanelServices and disable it [by right-click].
Buffer Decoding View
ICS COMPUTER NETWORK LAB
40
Sniffem software is able to highlight the data that is exchanged between the client and server during a
TCP or UDP session using Buffer Decoding View. This is a handy feature that can be used to trace all the
message requests and their corresponding replies and is a good way to learn how the application protocol
works.
ICS COMPUTER NETWORK LAB
41
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 04: Cornerstones of the Web: HTML and HTTP.
Objectives:






Learn the architecture of the Web and distinguish between the roles of Web browser and Web
server
Familiarize oneself with the roles played by HTML and HTTP
Master the concept of a URL and distinguish between an absolute and relative URL
Learn and utilize the primary tags in HTML including anchor, img, table, form, style
Learn the format of HTTP requests and replies
Use Telnet to execute HTTP commands directly against a Web Server
Background Information:
Recall the Web is simply one more application (What are the others?) at the Application Layer in the
TCP/IP stack. It uses a client/server model. The basic idea is that the Web server will maintain a set of
documents (files) for others to access using a Web browser. Probably the most important concept relating
to the Web is the use of hyperlinking to navigate from one document to another (possibly on another
host). This is formalized using an HTML Anchor tag and a URL.
How does the Web address the problem of locating documents on a particular subject?
A typical HTTP URL uses the form
http://hostname[:port]/path/file
The concept of a URL is generalized to identify resources accessible by other protocols such as FTP. For
example, ftp://ftp.microsoft.com takes you to Microsoft FTP site. A URL can be absolute or relative. An
absolute URL (i.e. a complete URL) is one having all the parts while a relative URL is one that is lacking
some of the initial parts such the protocol and the host. Today, the Web has evolved into a powerful
publishing medium.
At a fundamental level the Web defines two components: HTML (Hypertext Markup Language) and
HTTP (Hypertext Transfer Protocol).
HTML is the language used to describe the layout and the content of a web page. HTML revolves around
the use of tags (markup) that control the placement and looks of various page elements. Thus HTML
tags are simply instructions that have to be honored by the web browser.
HTTP on the other hand is the (application-level) protocol that specifies the format and meaning
(associated action) of messages that are exchanged between the web browser and web server. It is moreor-less a file transfer protocol. HTTP request and replies are encapsulated in TCP because for transferring
ICS COMPUTER NETWORK LAB
42
large amounts of data, it is best to use a reliable connect-oriented protocol. By default, HTTP server
software listens on TCP port 80.
Architecture of the Web
As illustrated in Figure 1, the Web communication takes place between two computers running these
programs, the Web browser and the Web server. A typical Web browser is Microsoft Internet Explorer or
Netscape Navigator (either of which run under Windows 2003) and a typical Web server is Microsoft
Internet Information Server (which run under Windows 2003) or Netscape Enterprise Server (Which run
under Windows 2003 or Unix). These two computers must be linked by some form of a physical network
such as an Ethernet Local Area Network and configured to run TCP/IP protocols. It is also possible to run
both the server and browser programs on a single computer without the need for a physical network.
HTTP Client
HTTP Server
HTTP
HTTP
TCP
TCP
IP
IP
Network Hardware
Figure 1. Architecture of the Web
Processing HTTP Requests
Every Web site has a server process (HTTP Deamon) listening on TCP port 80 for incoming
connections from clients (browsers). After the connection has been established, the client sends
one request and the server sends one reply. Then the connection is released. The HTTP protocol
is nothing but defining legal requests and replies. For example, imagine that the user just clicked
one some piece of text or an icon that points to the page whose name (URL) is
http://www.microsoft.com/default.htm. The steps that occur between the user’s click and the page
being displayed are as follows:
1. The browser makes up an absolute URL if the URL is relative (how?).
2. The browser checks if it already has the IP address of the host – in this case, the IP address of
www.microsoft.com; otherwise, it asks the DNS for the IP address.
3. Having gotten the IP address, the browser make a TCP connection specifying port 80 and the IP
address at hand.
4. The browser send the appropriate HTTP GET request (Is there a difference between HTTP 1.0 and
HTTP1.1?). For the above case the browser sends:
GET /default.htm HTTP/1.0 <cr><lf><cr><lf>
5. The server sends the file default.htm and closes the TCP connection.
6. The browser displays all the text in default.htm.
ICS COMPUTER NETWORK LAB
43
The browser fetches and displays all images referenced in the just received file (by executing
steps 1 through 6 again).
Structure of HTTP Transactions
Like most network protocols, HTTP uses the client-server model: An HTTP client opens a
connection and sends a request message to an HTTP server; the server then returns a response
message, usually containing the resource that was requested. After delivering the response, the
server closes the connection (making HTTP a stateless protocol, i.e. not maintaining any
connection information between transactions).
The format of the request and response messages is similar, and English-oriented. Both kinds of
messages consist of:
an initial line,
zero or more header lines,
a blank line (i.e. a CRLF by itself), and
an optional message body (e.g. a file, or query data, or query output).
Put another way, the format of an HTTP message is:
<initial line, different for request vs. response>
Header1: value1
Header2: value2
Header3: value3
<optional message body goes here, like file contents or query data; it can be many lines long, or even
binary data.>
Initial lines and headers should end in CRLF, though you should gracefully handle lines ending
in just LF. (More exactly, CR and LF here mean ASCII values 13 and 10, even though some
platforms may use different characters.)
Initial Request Line
The initial line is different for the request than that for the response. A request line has three
parts, separated by spaces: a method name, the local path of the requested resource, and the
version of HTTP being used. A typical request line is:
GET /path/to/file/index.html HTTP/1.0
GET is the most common HTTP method; it says, "Give me this resource". Other methods include POST
and HEAD. Method names are always uppercase.
The path is the part of the URL after the host name, also called the request URI (a URI is like a URL, but
more general). The HTTP version always takes the form "HTTP/x.x", uppercase.
Initial Response Line (Status Line)
The initial response line, called the status line, also has three parts separated by spaces: the
HTTP version, a response status code that gives the result of the request, and an English reason
phrase describing the status code. Typical status lines are:
HTTP/1.0 200 OK
ICS COMPUTER NETWORK LAB
44
or
HTTP/1.0 404 Not Found
The HTTP version is in the same format as in the request line, "HTTP/x.x".
The status code is meant to be computer-readable; the reason phrase is meant to be human-readable, and
may vary.
The status code is a three-digit integer, and the first digit identifies the general category of response:
1xx indicates an informational message only
2xx indicates success of some kind
3xx redirects the client to another URL
4xx indicates an error on the client's part
5xx indicates an error on the server's part
The most common status codes are:
200 OK
The request succeeded, and the resulting resource (e.g. file or script output) is returned in the message
body.
404 Not Found
The requested resource doesn't exist.
301 Moved Permanently
302 Moved Temporarily
303 See Other (HTTP 1.1 only)
The resource has moved to another URL (given by the Location: response header), and should be
automatically retrieved by the client.
500 Server Error
An unexpected server error. The most common cause is a server-side script that has bad syntax, fails, or
otherwise can't run correctly.
ICS COMPUTER NETWORK LAB
45
Task 1: Practice HTML tables, Styles and colors
An HTML table (<table> ... </table>) is a collection of rows. Each row (<tr> ... </tr>) is a collection of
cells – a cell is enclosed in <td> ... </td>.
Note that a table cell can contain arbitrary html including img and table tags. Therefore, HTML tables
have become a key element for proper layout of a web page. In general, it best to approach the layout of a
page by having it as a table covering the entire width and height of the page’s area as:
<body>
<table width="100%" height="100%">
...
</table>
<body>
Thus the following specifies a 2-row 3-column table.
<table cellspacing="0" width="200" border="1">
<tr><td>cell 11</td><td>cell 12</td></tr>
<tr><td>cell 11</td><td>cell 12</td></tr>
</table>
This should render as:
cell 11
cell 12
cell 13
cell 21
cell 22
cell 23
Why cell borders are doubled?
When the above table is rendered in the browser you will see that a double border surrounds each cell.
This is because when use the border="1" attribute within the table tag then each cell will be surrounded
by a one pixel border.
There are two solutions to this problem.
Solution 1: Use cellspacing="1" to reveal the table's background color.
<style> td { background-color:white; } </style>
<table cellspacing="1" width="200" style="background-color:gray;" border="0">
<tr><td>cell 11</td><td>cell 12</td></tr>
<tr><td>cell 11</td><td>cell 12</td></tr>
</table>
ICS COMPUTER NETWORK LAB
46
Solution 2 (better): Use border-collapse:collapse style specification to join adjacent borders.
<table cellspacing="0" width="200" border="1"
style="border-color:gray;border-collapse:collapse;"
<tr><td>cell 11</td><td>cell 12</td></tr>
<tr><td>cell 11</td><td>cell 12</td></tr>
</table>
>
Color-Speciation
A color value can be specified using names such as: white, red, black. Also some colors can be prefixed
with light or dark as in: lighblue, darkgreen. Alternatively a color can be specified using a 24-bit RGB
value of the form #RRGGBB, where each of these letters is replace by a hex digit (0 to F). Thus #000000
(black), #FFFFFF (white), #FF0000 (Red), #000000 (green), #00FFFF (yellow).
Styles
The recommended way to apply various format and colors to an HTML element is to use styles. The Web
standard (http://www.w3.org/Style/CSS/) for this is known as CSS (cascading style sheets). For this lab it
suffices to know that styles can be specified in one of two ways:
1. Using the style attribute within a tag. This is known as inline style.
For example,
<p style="color:green; font-family:Arial; font-size:16pt;">This text is 16pt green Arial</p>
2. Using a <style> ... </style> section. Such a section is placed within the head section or at the beginning
of the body section. For example, the following style specification say that heading h1 should be blue
16pt Time New Roman and that paragraphs (i.e. p tag) be black 12pt Arial
<style>
h1 { color:blue; font-family:Times New Roman; font-size:16pt; }
p { color:black; font-family:Arial; font-size:12pt; }
</style> >
ICS COMPUTER NETWORK LAB
47
Exercise:
Utilize tables, styles and color techniques you have learned so far to produce the following page. Follow
the hints given by the instructor.
ICS COMPUTER NETWORK LAB
48
Task 2: Examining HTTP Requests and Replies
In this task we will be using Telnet client to interact with some HTTP server. It is suggested that we use a
graphical Telnet. Once Telnet opens a TCP connection it may not echo what you are typing. Thus it is
suggested to you turn Local Echo on from TerminalPreferences menu option as shown below.
Increase the Buffer Size to 1000. Also you can log the interaction to a text file TerminalStart
Logging.
Next, choose Connect menu option and specify an IP address of the host running HTTP server and port
80 as shown below and then click the Connect button.
The figure below shows a sample HTTP 1.1 GET request and the server's reply.
Note: End headers with two <enter> clicks to indicate that there is no body in the request.
ICS COMPUTER NETWORK LAB
49
Exercise:
1.
2.
3.
4.
Web share a folder (alias test) and enable directory browsing.
Access it using the browser using the URL: http://127.0.0.1/test
Use Telnet to connect to the local http server and type: GET / HTTP/1.0<enter><enter>.
Compare the html you get from browser-view source with the body part of the HTTP reply.
King Fahd University of Petroleum and Minerals
ICS COMPUTER NETWORK LAB
50
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 05: Building IP internetwork
Part1: Using Routing Service in Windows 2003
Objectives:




Review IP Address Classes
Learn the concepts of IP internetwork
Configure Windows 2003 as a router
Test router configuration
ICS COMPUTER NETWORK LAB
51
IP Address Classes
Every interface on an IP network must have a unique IP address. Every IP packet traveling through an IP
network contains a source IP address and a destination IP address.
These addresses are 32-bit numbers. An IP address actually consists of two parts: one part identifies the
network and referred to as Network ID (or simply NetID) and another part identifies the host and referred
to as HostID. How do we know the length of each part? This information is specified through a subnet
mask, which is a 32-bit value with the bits corresponding to the NetID set to 1's and the bits
corresponding to the HostID set to 0's. For example, a subnet mask value of 255.0.0.0 specifies that the
NetID is 8 bits and the HostID is 24 bits.
These 32-bit addresses are normally written as four decimal numbers, one for each byte of the address.
This is called dotted-decimal notation.
The Internet authority divides its IP addresses into five different classes as shown in Figure 1.
The easiest way to differentiate between the different classes of addresses is to look at the first number of
a dotted-decimal address. Figure 2 shows the different classes, with the first number in boldface.
Figure 1. The five different classes of Internet addresses.
Class
Range
A
0.0.0.0 to 127.255.255.255
B
128.0.0.0 to 191.255.255.255
C
192.0.0.0 to 223.255.255.255
D
224.0.0.0 to 239.255.255.255
E
240.0.0.0 to 247.255.255.255
Figure 2. Ranges for different classes of IP addresses.
ICS COMPUTER NETWORK LAB
52
It should be noted that a multihomed host would have multiple IP addresses: one per interface.
Since every interface on an internet must have a unique IP address, there must be one central authority for
allocating these addresses for networks connected to the worldwide Internet. That authority is the Internet
Network Information Center, called the InterNIC. The InterNIC assigns only Network IDs. The
assignment of Host IDs is up to the system administrator.
Registration services for the Internet (IP addresses and DNS domain names) used to be handled by the
NIC, at nic.ddn.mil. On April 1, 1993, the InterNIC was created. Now the NIC handles these
requests only for the Defense Data Network (DDN). All other Internet users now use the InterNIC
registration services, at rs.internic.net.
There are actually three parts to the InterNIC: registration services (rs.internic.net), directory and
database services (ds.internic.net), and information services (is.internic.net).
There are three types of IP addresses: unicast (destined for a single host), broadcast (destined for all hosts
on a given network), and multicast (destined for a set of hosts that belong to a multicast group).
Exercise:
Fill the table below:
Value Range for # of bits for
Leftmost Byte
Host Part
Subnet Mask
# of Networks
# of Hosts per
Network
Class A
Class B
Class C
ICS COMPUTER NETWORK LAB
53
IP Network vesus IP Internetwork
A single IP network is formed by having a number of machines share the same datalink and physical
layer. For example all stations are connected to the same Ethernet Hub. In such network each station uses
a unique IP address but the IP addresses of all stations must agree on the net-part (Network ID) of the
address.
32 bits
8, 16, or 24 bits if class-compliant
Varies with subnet mask
Network ID
Host ID
Router
Physical LAN
That net-part (NetID) can be:
Leftmost byte only (Class A address – subnet mask: 255.0.0.0), or
Leftmost two bytes (Class B address – subnet mask: 255.255.0.0), or
Leftmost three bytes (Class C address – subnet mask: 255.255.255.0).
In general the NetID can use any number of left most bits (i.e. classless address, for example 10 bits
NetID corresponds to subnet mask: 255.192.0.0).
An internetwork consisting of two networks can be built by having a router with two interfaces, one
connected to each network. A router can be either a specially made device such as a CISCO router or an
ordinary computer running Linux or Windows 2003 and equipped with the proper network interfaces.
Each router interface is assigned an IP address compatible with the network to which it belongs. Then
every other machine on that network is configured to use a gateway address as follows: Look from that
machine toward the router noting the router's IP address and use it as the gateway address.
ICS COMPUTER NETWORK LAB
54
Task 1: Configure the Lab as a set of networks connected by routers
Since the lab contains 5 networks. We will utilize the first computer on each network to act as a router
between it and the next network in accordance with the figure below.
192.168.231.1 & CLIENTS
192.168.231.8
SM: 255.255.255.0
GW: 192.168.231.10
ROUTER
192.168.230.1
SM: 255.255.255.0
192.168.231.10
SM: 255.255.255.0
Switch A
Switch B
192.168.230.2 &
192.168.230.8
SM: 255.255.255.0
GW: 192.168.230.1
CLIENTS
To configure Windows 2003 to act as a router, do the following.
1. StartAdministrative ToolsRouting and Remote access
2. Select Local Computer and right-click it.
3. Select Configure and Enable routing and remote access. Routing and remote access wizard
appears.
4. Click Next. Configuration Window appears. Select Custom ConfigurationNext. Custom
configuration window appears.
ICS COMPUTER NETWORK LAB
55
5. Tick LAN RoutingNext. Click Finish.
6. Click Yes to start the service.
How to ensure that the router is working properly?
To ensure that the router is working properly, all you need is to ping a machine outside of your network.
But first to ensure that the router on your network is up, try to ping the IP addresses associated with the
router interfaces, then if that is successful, ping a machine on the remote network
The following is test steps to run from a computer on Network A:
1. ping 192.168.230.1
2. ping 192.168.231.5
3. ping 192.168.231.2
ICS COMPUTER NETWORK LAB
- test router interface on my side
- test router interface on remote side
- test routing to a computer on the remote network
56
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 06: Domain Name System – Part 1
Objectives:




Learn the structure of the Domain Name System and the role played by Name Servers.
Understand behind-the-scene processing of DNS queries and distinguish between recursive and
iterative queries. Also distinguish between authoritative and non-authoritative (i.e. cached)
answers (replies).
Configure Windows 2003 to use DNS server.
Use nslookup and DIG programs to issues DNS queries and analyze the results.

Use Buffer Decoding View in Sniffem software to capture DNS requests and replies.
Background Information:
To satisfy the first two objectives, please refer to the class lecture notes and slides.
ICS COMPUTER NETWORK LAB
57
Task 1: Configure Windows 2003 to use DNS
For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every
computer modify the network configurations as follows.
1. To make the PCs access the local Intranet, we need to setup the Instructor PC to enable Internet
sharing via the 172.16.0.0 Network card. If the instructor PC runs Windows 2000, we need to
select the appropriate network card and enable Sharing {TCP/IP Properties menuSharing tab}.
With enabled shared access, select the local connection as the network card with 192.168.230.0
network address. Make sure that both the network cards are enabled. If the instructor PC runs
Windows 2003, then use routing and remote access wizard.
2. Assign an IP address as follows:
Net work A: 192.168.230.1 to 192.168.230.4 & 192.168.230.5 to 192.168.230.8
Net work B: 192.168.230.11 to 192.168.230.14 & 192.168.230.15 to 192.168.230.18
Net work C: 192.168.230.21
to 192.168.230.24 & 192.168.230.25 to 192.168.230.28
Net work D: 192.168.230.31
to 192.168.230.34 & 192.168.230.35 to 192.168.230.38
Net work E: 192.168.230.41 to 192.168.230.44 & 192.168.230.45 to 192.168.230.48
3. Set the subnet mask as 255.255.255.0 & gateway address as 192.168.230.251
4. Use StartControl PanelNetwork Connections. Right Click and click ‘Open’. Click Local
Area ConnectionProperties. Select Internet Protocol(TCP/IP) and click Properties. TCP/IP
Window appears and set DNS Server to 172.16.0.1.
Optionally you can configure some suffixes that will be appended to partial domain names (i.e.
ones not ending with "."). It is suggested that you add the following suffixes:
ccse.kfupm.edu.sa
kfupm.edu.sa
192.168.230.11 &
192.168.230.15
SM: 255.255.255.0
GW: 192.168.230.251
192.168.230.1 &
192.168.230.5
SM: 255.255.255.0
GW: 192.168.230.251
ICS-NWLA1
Switch
ICS-NWLB1
Switch
Inter LAN
Inter LAN
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Hub
192.168.230.251
SM: 255.255.255.0
INSTRUCTOR PC
172.16.20.2
SM: 255.255.0.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
CCSE
Network
ICS COMPUTER NETWORK LAB
58
Task 2: Execute some DNS queries using nslookup
The nslookup (abbreviation for name server lookup) program is one of the standard TCP/IP utilities for
testing DNS server configuration. Thus nslookup is simply a DNS client.
In Windows 2003, it can be executed from the command prompt by typing: nslookup <enter> as shown
below.
As can be seen from the above figure, nslookup tries to contact the already configured DNS server and
then wait for additional commands. Type-in some host name and hit <enter>. Nslookup returns some
answer(s).
Note: nslookup assumes that the data given is a domain name and defaults to resource record type=A and
ICS COMPUTER NETWORK LAB
59
class=IN. Also note that the server identifies itself again at the start of every reply.
To use a DNS server other than the already configured you can add its IP address following the domain
name as shown blow.
How about help?
To issue MX query we need to use the Set Option command as in: set querytype=mx
Then type in some e-mail domain.
ICS COMPUTER NETWORK LAB
60
How about finding the IP addresses for root servers? How many are there?
Exercise: Find out the authoritative servers for the sa domain?
ICS COMPUTER NETWORK LAB
61
Finally, to get a detailed answer you can turn debugging on using: set debug
The above interaction shows that if the given domain name does not end with "." then nslookup tries
appending the pre-configured suffixes one at a time. Clearly, a waste of computer time!
Type exit to close the nslookup window.
ICS COMPUTER NETWORK LAB
62
Task 3: Use Buffer Decoding View to display DNS Protocol Data
Capturing DNS traffic
In this experiment you will capture the requests and replies that are generated during nslookup session.
Sniffem software is able to highlight the data that is exchanged between the client and server during a
TCP or UDP session using Buffer Decoding View. This is a handy feature that can be used to trace all
the message requests and their corresponding replies and is a good way to learn how the application
protocol works.
Follow the following steps.
1. Start Sniffem program.
2. From the command prompt executes nslookup and type:
www.kfupm.edu.sa. (Include a dot the end) but do not hit <enter> yet.
3. In Sniffem window hit Start/Stop Sniff button.
4. Go back to the command window and hit <enter>.
5. Go back to Sniffem window and hit Start/Stop Sniff button.
6. From Sniffem View Menu, select View/Buffer Decoding.
Now the left-most pane changes from Packet Decoding to Buffer Decoding where Sniffem tries to group
related packets. You should be able to see DNS data in one of these groups.
Notice also that the packets in the Packet-List view have been collapsed into a single entry.
Next double-click on the entry on the packet-list view. This should display the figure below.
Question: How does Sniffem know that these packets are related?
ICS COMPUTER NETWORK LAB
63
Exercise: Go back to the packet-list view and note the protocol/layer encapsulation process. State the
values marked with * below.
14 byte Ethernet
Frame Header
Ethernet Destination Address
6 bytes
Ethernet Source Address
6 bytes
EtherType
Ver HL*
20 byte
IP Header
UDP
Header+Data
Protocol*
2 bytes: 0800 indicates that the frame
contains IP packet
1 byte: ___** indicates that the
packet contains UDP message
IP Source Address
4 bytes
IP Destination Address
4 bytes
Source Port
Dest. Port*
Length
DNS Request
Checksum
4 bytes
Frame Checksum
ICS COMPUTER NETWORK LAB
64
ICS COMPUTER NETWORK LAB
65
Task 4: Execute some DNS queries using DIG
Assuming that you now have access to the Internet from your machine. We will use the DIG program at
http://www.freesoft.org/CIE/Course/Section2/13.cgi. You should see a screen similar to the one below.
Exercise:
Use DIG to find the number of Web servers employed by CNN for their web site (www.cnn.com). Is the
answer you are getting authoritative? How to obtain an authoritative answer?
ICS COMPUTER NETWORK LAB
66
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 07: Domain Name System (DNS) – Part 1I
Objectives:





Learn the structure of the DNS Database maintained by a Name Server
Configure Windows 2003 Server as a DNS server (i.e. a Name Server).
Create Forward Lookup and Reverse Lookup Zones
Add/Modify various types of Resource Records to a zone
Configure a DNS server to foreword to another DNS Server

Use nslookup to test the configuration of a DNS server
ICS COMPUTER NETWORK LAB
67
Background Information:
In the context of DNS, A Name Server is the application that is acting as the server for the DNS protocol.
A Name Server performs two primary tasks:
a) Maintains among other things the host-name to IP address mappings for the hosts in its zone. The
information is stored in a form resembling a database table (hence, the name DNS database) with each
record, known as a Resource Record (RR) consisting of five fields: (domain name, class, type, value,
ttl).
b) Responds to DNS queries. Recall that a query is basically a partial resource record (i.e. having the
domain name, class and type). The name server job is to return the corresponding matching resource
records. The name server will normally lookup his local database or its cache and if there is no match and
the domain in question happens to be external then the name server will forward the query to some other
name server and awaits some reply. The received reply is returned to the requester and also added to local
cache.
Sample DNS Database
Consider a stand-alone network (no outside connections), consisting of two physical networks: one has an
internet network address 129.112, the other has a network address 194.33.7, interconnected by an IP
gateway (i.e. IP router) (VM2).
Figure: A Simple Configuration - Two networks connected through an IP gateway.
Let us assign the name server function to VM1. Remember that the domain hierarchical tree forms a
logical tree, completely independent of the physical configuration. In this simple scenario, there is only
one level in the domain tree. Let's give this configuration the domain name test.example. The zone data
for the name server is shown next.
ICS COMPUTER NETWORK LAB
68
;note: an SOA record has no TTL field
;
$origin test.example.
;note 1
;
@
IN SOA VM1.test.example. ADM.VM1.test.example.
(870611
;serial number for data
1800
;secondary refreshes every 30 mn
300
;secondary reties every 5 mn
604800
;data expire after 1 week
86400)
;minimum TTL for data is 1 week
;
@
99999 IN NS VM1.test.example.
;note 2
;
VM1
99999 IN A 129.112.1.1
99999 IN WKS 129.112.1.1 TCP (SMTP
;note 3
;note 4
FTP
TELNET
NAMESRV)
;
RT1
99999 IN A
129.112.1.2
IN HINFO IBM RT/PC-AIX
RT2
99999 IN A
; note 5
129.112.1.3
IN HINFO IBM RT/PC-AIX
PC1
99999 IN A
129.112.1.11
PC2
99999 IN A
194.33.7.2
PC3
99999 IN A
194.33.7.3
;
;VM2 is an IP gateway and has 2 different IP addresses
;
VM2
99999 IN A
99999 IN A
129.112.1.4
194.33.7.1
99999 IN WKS 129.112.1.4 TCP (SMTP FTP)
IN HINFO IBM-3090-VM/CMS
;
4.1.112.129.in-addr.arpa. IN PTR VM2
;note 6
;;Some mailboxes
;
ICS COMPUTER NETWORK LAB
69
central 10
IN MX VM2.test.example.
;note 7
;;a second definition for the same mailbox, in case VM2 is down
;
central 20
IN MX VM1.test.example.
waste 10
IN MX VM2.test.example.
**** Notes ****
1 The $origin statement sets the @ variable to the zone name (test.example.). Domain names, which
do not end with a period, are suffixed with the zone name. Fully qualified domain names (those ending
with a period) are unaffected by the zone name.
2 Defines the name server for this zone.
3 Defines the Internet address of the name server for this zone.
4 Specifies well-known services for this host. These are expected to be always available.
5 Gives information about the host.
6 Used for inverse mapping queries (i.e. Find the host name corresponding to a given IP address).
7 Will allow mail to be addressed to [email protected].
Task 1: TCP/IP Configuration
This lab will use the TCP/IP configuration from the previous lab but with modified DNS configuration.
Namely, all the lab computers are hosts on network 192.168.230.0. Thus, at every computer uses the
following network configurations.
1. Enable LAN1 and disable LAN2.
2. Assign an IP address as follows:
Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number
Net work B: 192.168.230.11 to 192.168.230.14
===
Net work C: 192.168.230.21 to 192.168.230.24
===
Net work D: 192.168.230.31 to 192.168.230.34
===
Net work E: 192.168.230.41 to 192.168.230.44
===
3. Set the gateway address as 192.168.230.251
DNS Configuration
We will setup the first computer in every letter group as a DNS server and have the other computers
in the group point to it.
Thus computer 192.168.230.1 – which will be configured as a DNS server – should use
192.1.168.230.1 (or 127.0.0.1) as the IP address for DNS server. Computer 192.168.230.2 should use
192.1.168.230.1 as the IP address for DNS server.
ICS COMPUTER NETWORK LAB
70
Task 2: Configuring a fully qualified host name
A properly configured TCP/IP host should have 4 attributes (parameters) set.
1. Its own host name
2. Its own IP address
3. IP address of at least one gateway – not needed if the local network is isolated
4. IP address of a DNS server that the host can access
To set the first parameter use StartControl PanelSystem or right-click on My Computer and click
Properties. Follow the figures below to set up a computer name. You can change the computer name by
clicking on Change button on the System Properties window.
In Windows 2003, DNS suffix can be set through StartControl PanelLocal Area Connection.
Right-click and click open. On anyone of the available Local Area Connection, select Internet
Protocol(TCP/IP) and click Properties. Internet Protocol(TCP/IP) Properties window appears. To setup
the suffix for DNS, Click Advanced and select DNS tab.
ICS COMPUTER NETWORK LAB
71
Task 3 (Optional): Install and Configure a DNS Server Using the Wizard
StartControl PanelAdd/Remove Programs. Click on Add/Remove Windows Components.
Select Networking Services and check it. Then click Details button. Check Domain Name System and
Simple TCP/IP services. Click OK.
Windows Component Wizard appears. Click Next. It will for Windows 2003 CD-ROM. Enter the
directory C:\software\i386 [or select via Browse button] under Copy files from. Completing the
windows component wizard appears. Click Finish.
ICS COMPUTER NETWORK LAB
72
To configure the DNS server, StartAdministrative ToolsDNS. If you are asked whether to start the
DNS on your local computer, click Ok. If you are asked whether to add the service, click Yes.
If the message appears as ‘Cannot connect to the DNS’. Delete the DNS server you have added. Go to
StartAdministrative ToolsServices. Click DNS Server and click Start. In the DNS manager, Click
ActionConnect to DNS server. If you still face a problem, check your IP address.
To create a forward lookup zone, right-click forward lookup zone and click new zone. Click Next.
Select Primary Zone and then click Next.
New Zone Wizard appears. Enter the name as nwlab.ics.kfupm.edu.sa
ICS COMPUTER NETWORK LAB
73
Click Next. Zone file is shown. Click Next.
The window about Dynamic update appears. Select the ‘Do not allow dynamic updates’ radio
button. Click Next.
ICS COMPUTER NETWORK LAB
74
Completing the new zone wizard appears. Click Finish.
To create a reverse lookup zone, right-click reverse lookup zone and click new zone. Click Next. Select
Primary Zone and then click Next. Click Next. Click Next. Click Finish.
Task 4: Configuring the DNS Server through the Management Console
This shows up similar to the screen below. The left pane should show an icon corresponding to the local
machine. From the Context Menu you can choose to create Foreword Lookup or Reverse Lookup zone.
Then from the Context Menu for the zone allow you to add the appropriate type of resource records. The
Foreword Lookup zone can contain ordinary types such as SOA, A, MX, NS, HostInfo, ...etc., while the
Reverse Lookup Zone contains only type PTR records.
ICS COMPUTER NETWORK LAB
75
The rightmost pane shows the various Resource Records. Double-click to view or modify the
corresponding record. The window below is obtained by double-clicking which for the SOA record.
ICS COMPUTER NETWORK LAB
76
Adding a Host Address Record
Select a foreword lookup zone and from context menu select New Host (A). This brings the following
screen. Type the Name and IP address and Click Add Host to add a host. The Create PTR record option
will succeed if you have a corresponding Reverse Lookup zone for this Foreword Lookup zone. If so then
go the Reverse Lookup one and select Refresh from the Context Menu.
ICS COMPUTER NETWORK LAB
77
Where does Windows 2003 keep the DNS data?
As shown below, the data for a zone is kept as a text file in Windows\System32\dns.
Note: To ensure that the file is up-to-date choose Update Server Data File from the Context Menu for
the zone.
ICS COMPUTER NETWORK LAB
78
Task 5: Testing the DNS Server configuration
For this we use the nslookup utility. As shown below, following the nslookup prompt we till nslookup to
use the locally running name server by typing: server 127.0.0.1 <enter>.
To test Reverse Lookup use the command set type=ptr then type some IP address.
ICS COMPUTER NETWORK LAB
79
Task 6: Configuring the DNS Server to forward to other DNS Servers
In the management console [StartAdministrative ToolsDNS], point to the icon associated with the
DNS server and right-click and select properties to bring up the Window shown below. Enter the IP
address of some DNS Server that this DNS server will foreword to (e.g. the DNS server used by CCSE –
172.16.0.1). Then click the Add button.
Exercise: Use nslookup and have it use your DNS server to lookup the IP address of some host
in CCSE.
Task 7. Removing the service:
1. Put back the original IP address and the subnet masks.
2. StartAdministrative ToolsServices. Stop the DNS Server.
3. StartControl PanelAdd or remove programsAdd/Remove Windows Components.
Remove DNS under Networking Services.
ICS COMPUTER NETWORK LAB
80
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 08: Building IP internetwork
Part1I: Configuring CISCO 2600 Routers
Objectives:





Configure CICS0 2600 Router
Divide the lab network into different networks
Examine and comprehend the routing table maintained by a router
Modify routing table by adding dynamic routes
Use Ping and TraceRoute to test connectivity through a router

Use Sniffem software to capture RIP packets using a proper user-defined packet filter
Background Information:
In Lab 5 we have examined the role of IP routers in an IP internetwork and configured a PC running
Windows 2003 to act as a router. In this lab, we well utilize CISCO 2600 routers in our internetwork.
ICS COMPUTER NETWORK LAB
81
Task 1: A Quick Guide to CISCO 2600 Routers
Connecting to Router
There are two ways to connect to the Cisco router for the purposes of configuration and maintenance.
First, initially you will probably configure your router from a terminal. Second, if the router is already
configured and at least one port is configured with an IP address, and it has a physical connection to the
network, you might be able to telnet to the router and configure it across the network. If it is not
already configured, then you will have to use the first method and directly connect to it with a terminal
and a serial cable [Roll-over cable]. Using a PC running Microsoft Windows, you can use HyperTerminal
program found in AccessoriesCommunications to access the router's console. Plug a serial cable into a
serial (COM) port on the PC and the other end into the console port on the Cisco router. Start
HyperTerminal, tell it which COM port to use and click OK. Set the speed of the connection to 9600
baud and click OK. You may need to hit the Enter key to see the prompt from the router.
Modes - Unprivileged and privileged modes
When you first connect to the router and provide the password (if necessary), you enter EXEC mode, the
first mode in which you can issue commands from the command-line. From here you can use such
unprivileged commands as ping, telnet, and rlogin. You can also use some of the show
commands to obtain information about the system. In unprivileged mode you use commands like, show
version to display the version of the IOS the router is running. Typing show ? will display all the show
commands available in the mode you are presently in.
Router>show ?
You must enter privileged mode to configure the router. You do this by using the command enable.
Privileged mode will usually be password protected unless the router is unconfigured. You have the
option of not password protecting privileged mode, but it is HIGHLY recommended that you do. When
you issue the command enable and provide the password, you will enter privileged mode.
To help the user keep track of what mode they are in, the command-line prompt changes each time you
enter a different mode. When you switch from unprivileged mode to privileged mode, the prompt changes
from:
Router>
to
Router#
Within privileged mode there are many sub-modes. Cisco describes two modes, unprivileged and
privileged, and then a hierarchy of commands used in privileged mode. There to be many sub-modes of
privileged mode, which called parent mode. Once you enter privileged mode (parent mode) the prompt
ends with a pound sign (#). There are numerous modes you can enter only after entering privileged mode.
Each of these modes has a prompt of the form:
Router(arguments)#
ICS COMPUTER NETWORK LAB
82
Configuring
The command show ? will display all the show commands available in the current mode. Definitely try
out the following commands:
Router#show
Router#show
Router#show
Router#show
interfaces
ip protocols
ip route
ip arp
When you enter privileged mode by using the command enable, you are in the top-level mode of
privileged mode, also known in this document as “parent mode”. It is in this top-level or parent mode that
you can display most of the information about the router. As you now know, you do this with the show
commands. Here you can learn the configuration of interfaces and whether they are up or down. You can
display what IP protocols are in use, such as dynamic routing protocols. You can view the route and ARP
tables, and these are just a few of the more important options.
As you configure the router, you will enter various sub-modes to set options and then return to the parent
mode to display the results of your commands. You also return to the parent mode to enter other submodes. To return to the parent mode, you hit ctrl-z. This puts any commands you have just issued into
affect, and returns you to parent mode.
Global configuration (config)
To configure any feature of the router, you must enter configuration mode. This is the first sub-mode of
the parent mode. In the parent mode, you issue the command config.
Router#config
Router(config)#
In configuration mode you can set options that apply system-wide, also referred to as “global
configurations”. For instance, it is a good idea to name your router so that you can easily identify it. You
do this in configuration mode with the hostname command.
Router(config)#hostname r1
r1(config)#
As demonstrated above, when you set the name of the host with the hostname command, the prompt
immediately changes by replacing Router with r1.
Configuring interfaces
To display the configuration of that interface you use the command:
r1#show interface fastethernet 0/0
r1#show interface serial 1/0
Here is an example of configuring a serial port with an IP address:
r1#config
r1(config)#interface serial 1/0
ICS COMPUTER NETWORK LAB
83
r1(config-if)#ip address 172.1.1.1 255.255.0.0
r1(config-if)#no shutdown
r1(config-if)#ctrl-Z
r1#
Then to verify configuration:
r1#show interface serial 1/0
Note the no shutdown command. An interface may be correctly configured and physically connected,
yet be “administratively down”. In this state it will not function.
In the Cisco IOS, the way to reverse or delete the results of any command is to simply put no in front of
it. For instance, if we wanted to unassign the IP address we had assigned to interface serial 1/1:
r1(config)#interface serial 1/0
r1(config-if)#no ip address 172.1.1.1 255.255.0.0
r1(config-if)ctrl-Z
r1#show interface serial 1/0
Routing
IP routing is automatically enabled on Cisco routers. If it has been previously disabled on your router, you
turn it back on in config mode with the command ip routing.
r1(config)#ip routing
r1(config)#ctrl-Z
There are two main ways a router knows where to send packets. The administrator can assign static
routes, or the router can learn routes by employing a dynamic routing protocol.
These days static routes are generally used in very simple networks or in particular cases that necessitate
their use. To create a static route, the administrator tells the router operating system that any network
traffic destined for a specified network layer address should be forwarded to a similarly specified network
layer address. In the Cisco IOS this is done with the ip route command.
r1#config
r1(config)#ip route 172.16.0.0 255.255.255.0 192.168.2.1
r1(config)#ctrl-Z
r1#show ip route
Two things are to be said about this example. First, the packet destination address must include the subnet
mask for that destination network. Second, the address it is to be forwarded is the specified address of the
next router along the path to the destination. This is the most common way of setting up a static route.
Dynamic routing protocols, running on connected routers, enable those routers to share routing
information. This enables routers to learn the routes available to them. The advantage of this method is
that routers are able to adjust to changes in network topologies. If a route is physically removed, or a
neighbor router goes down, the routing protocol searches for a new route. Routing protocols can even
dynamically choose between possible routes based on variables such as network congestion or network
reliability.
ICS COMPUTER NETWORK LAB
84
Configure the Routing Information Protocol (RIP) on Cisco routers. From the command-line, we must
explicitly tell the router which protocol to use, and what networks the protocol will route for.
r1#config
r1(config)#router rip
r1(config-router)#network 192.168.230.0
r1(config-router)#network 192.168.231.0
r1(config-router)#ctrl-Z
r1#show ip protocols
Now when you issue the show ip protocols command, you should see an entry describing RIP
configuration.
Saving your configuration
If you turned the router off right now, and turned it on again, you would have to start configuration over
again. Your running configuration is not saved to any permanent storage media. You can see this
configuration with the command show running
r1#show running
If you do want to save your successful running configuration, issue the command copy running
startup
r1#copy running startup
Your configuration is now saved to non-volatile RAM (NVRAM). Then, issue the command show
startup
r1#show startup
Now any time you need to return your router to that configuration, issue the command copy startup
running
r1#copy startup running
Viewing Configuration
sh ip route  gives you the current routing table.
 If you get ‘ICMP redirect cache is empty’, then that means the ip routing is not enabled.
 sh run  check whether ‘no ip routing’ exists. If yes, then we need to enable ip routing. Issue the
command ‘ip routing’ at the (config)#
sh run  gives you the running configuration.
sh ver  used to get details about the router.
What version of the IOS is running?
What is the name of the Cisco IOS image file loaded?
What kind of router (platform type) is this?
What is the revision level of the image?
How much NVRAM (startup config) memory is there?
How much RAM is there?
ICS COMPUTER NETWORK LAB
85
Task 2: Configure Router in your Segment
Setup the lab network according to the figure given below.
192.168.235.240
255.255.255.0
192.168.230.240
255.255.255.0
192.168.230.230
255.255.255.0
192.168.230.1
255.255.255.0
192.168.230.2
255.255.255.0
192.168.235.241
255.255.255.0
192.168.231.240
255.255.255.0
192.168.232.240
255.255.255.0
192.168.231.230
255.255.255.0
192.168.231.2
255.255.255.0
192.168.231.1
255.255.255.0
192.168.232.230
255.255.255.0
192.168.232.1
255.255.255.0
192.168.232.2
255.255.255.0
192.168.233.240
255.255.255.0
192.168.233.230
255.255.255.0
192.168.233.2 192.168.233.1
255.255.255.0 255.255.255.0
Step 1: You should configure the TCP/IP setting in each host appropriately with respective subnet mask
and gateway addresses. The gateway address is the interface address of the router that is connected to the
specific network. For example, the first host on LAN Segment B should use the following setting:
IP Address: 192.168.231.1
Subnet Mask: 255.255.255.0
Gateway: 192.168.231.240
Step 2: You need to configure the router for few things:
1. To connect to the router, you need to assign an IP address for each interface of the router. When
we get a new router, we use console cable to assign an IP address and then connect via telnet.
2. We need to assign an IP address for both the fast Ethernet interface cards. We should be at the
privileged mode. An example is given below:
#config t
(config)# interface FastEthernet 0/0  configure Ethernet interface 0/0
(config-if)#ip address 192.168.230.240 255.255.255.0
(config-if)#no shut (or no shutdown)  ensure that interface is not administratively down
(config-if)#ctrl-z (or exit)  execute all of the above and return to parent
3. Now the connection between networks connected via a single router should work. We can ping
among 192.168.230.0 & 192.168.231.0 network and between 192.168.232.0 & 192.168.233.0
networks.
4. All the hosts can connect to the router using telnet. You can telnet to the respective gateway
address. The routing table at this time can be viewed using show ip route
ICS COMPUTER NETWORK LAB
86
5. Now we need to assign an IP address for the Serial interface. We should be at the privileged
mode.
#config t
(config)# interface Serial 1/0  configure Serial interface 1/0
(config-if)#ip address 192.168.230.240 255.255.255.0
(config-if)#no shutdown (or no shut)
(config-if)#bandwidth 64
(config-if)#clock rate 64000 will work only with DCE connections
(config-if)#ctrl-z (or exit)  execute all of the above and return to parent
6. From the hosts, the users should be able to ping to IP address of the serial interface present in the
router connected to their network.
7. All the necessary IP address setups are done. We need to enable routing protocols to have the
necessary routing among the networks connected to different routers. To setup the RIP protocol,
we do as below:
# config t
(config)# router rip
(config-router)# network 192.168.230.0
Note: We need to add the network entries for the serial connection that connects different
routers. We need to add entry for all the directly connected networks [both fastethernet and
serial].
8. All the necessary connections are done and all the hosts should be able to ping other hosts present
in different networks. Show ip route command will show that routes are learnt using RIP
protocol.
9. We can refer to various configuration settings on the router using:
#show ip protocols
#show ip route  shows routing table
#show running-conf or show run
#show interfaces
10. We can view the actual RIP packets using the command:
#debug ip rip  displays RIP routing updates as they are sent or received
If we are not able to see the RIP information at our telnet prompt, issue the command,
#terminal monitor
To stop viewing the RIP routing information,
#undebug all  stop display debug information
Exercise: Using the appropriate command to dump the IP routing table in your segment and write it
below.
ICS COMPUTER NETWORK LAB
87
Using Static Routes
Static routes can serve as an alternative to using RIP. For example, we could disable RIP on router A and
add static routes for networks B, C, D and E as follows:
(config)#no router rip  disable RIP
(config)#ip route 192.168.230.0
(config)#ip route 192.168.231.0
(config)#ip route 192.168.232.0
(config)#ip route 192.168.233.0
255.255.255.0
255.255.255.0
255.255.255.0
255.255.255.0
192.168.235.240
192.168.235.240
192.168.235.241
192.168.235.241
Adding a static default route
To have Router A use the Instructor's router as the default route (used when there is no match with
ordinary entries in the routing table), use the following command (a default route is entered with IP
address 0.0.0.0 and a subnet mask 0.0.0.0),
(config)#ip route 0.0.0.0
0.0.0.0 192.168.230.251
Question: Is the presence of the Instructor's router necessary to route traffic between the segments A and
C? Justify your answer.
Exercise: Testing Router Connectivity
A good test to ensure that the router in your segment is working properly is to ping a host outside of your
network. Another useful test is to use TraceRoute (sometimes abbreviated as TraceRT) command to print
the IP addresses of routers along the path to a target host.
From your host, traceroute to the first host on a segment that is next to your segment.
For example, if you happen to be on Segment C then issue the command: tracert 196.1.168.230.97. Write
down the results below.
ICS COMPUTER NETWORK LAB
88
Task 3: Capturing RIP traffic
RIP data is encapsulated in UDP messages which source port and destination port are both set to 520.
Aren't we violating the principle behind layering (i.e. Information hiding) when having data related to the
network layer (i.e. routing info.) encapsulated in a transport layer protocol (i.e. UDP)?
Rather than trying to find RIP packets among a huge number of captured packets, we will use one
important feature in Sniffem, which is Packet/Frame Filters.
Basically we will tell Sniffem to capture only frames containing UDP packets whose UDP source and
destination ports are set to 520. Follow these steps.
1. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select
Enable Filter checkbox and then click on the Add button.
2. In the above screen – on the High Level Protocols tab select inclusive matches option and IP
(Code:0x0800) from the list. Then click the Low Level Protocols tab.
3. In the above screen select inclusive matches option and UDP protocol (number 17). Then click Next
button.
ICS COMPUTER NETWORK LAB
89
4. Click Next on IP Filter Screen above.
5. On the Port Filter screen enter 520 for Src Port and Dest Port and click the Add button. Then click Next
button
6. Click Next on MAC Filter screen above.
ICS COMPUTER NETWORK LAB
90
7. Click Next on Hex (ASCII) Filter screen above.
8. Click Next on Advanced Filter screen above.
ICS COMPUTER NETWORK LAB
91
9. In the Finish Filter screen, type a meaningful name for this filter and note the summary information
about the filter you have just created.
Now that you have created the filter, to enable it: use FilterSoftware FiltersEdit FilterEnable.
You should see near the middle of in the status bar "Filter On" – see the screen below. In the capture
shown below note that RIP is sent as IP broadcast.
Exercise: Fill in the values marked with * below.
ICS COMPUTER NETWORK LAB
92
14 byte Ethernet
Frame Header
Ethernet Destination Address
Ethernet Source Address
6 bytes
2 bytes: 0800 indicates that the frame
contains IP packet
EtherType
Ver * HL*
20 byte
IP Header
UDP
Header+Data
6 bytes
Protocol*
1 byte: ___* indicates that the
packet contains UDP message
IP Source Address
4 bytes
IP Destination Address*
4 bytes
Source Port*
Dest. Port*
Length
RIP data Checksum
4 bytes
Frame Checksum
Student Worksheet
Student ID/Name:
Host Configuration:
Machine Label:
IP Address:
Subnet mask:
Gateway Address:
Exercise 1: Routing Table in your Segment's Router
Exercise 2: TraceRoute to first host on segment next to your segment (write down command and reply).
ICS COMPUTER NETWORK LAB
93
King Fahd University of Petroleum and Minerals
Information and Computer Science Dept.
ICS 432 Computer Network Systems
Lab # 09: Capturing and analyzing ARP traffic
Objectives:



Comprehend the role played by ARP protocol
Analyze the ARP request that is issued in two cases: target host is on the local network vs. a
remote network
View and modify ARP cache

Use Sniffem software to capture ARP packets using a proper user-defined packet filter
ICS COMPUTER NETWORK LAB
94
Task 1: Capturing ARP traffic
On an Ethernet LAN, an ARP message (i.e. a request or a reply) is directly encapsulated in an Ethernet
frame with EtherType value set to (0x0806). Thus the simplest way to capture ARP traffic is to use a filter
on the EtherType field. Follow these steps.
1. Start Sniff’em software. From the Menu select FilterSoftware FilterEdit Filter to bring up the
screen below. Select Enable Filter checkbox and then click on the Add button.
2. In the above screen – on the High Level Protocols tab select inclusive matches option and ARP
(Code:0x0806) from the list. Then click next on all subsequent screens till you reach the Finish Filter
screen shown below. In the Finish Filter screen, type a meaningful name for this filter and note the
summary information about the filter you have just created.
Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable.
3. You should start the capturing in Sniff’em software by clicking on CaptureStart. To generate
traffic, you can use the ping command. Ping to any PC within your network and analyze the captured
ICS COMPUTER NETWORK LAB
95
packets. You can view the ARP cache from Command Prompt {DOS prompt} by using the command
arp –a.
You should see near the middle of in the status bar "Filter On" – see the screen below.
Exercise: Fill in the values marked with * below for an Ethernet frame containing an ARP Request.
14 byte Ethernet
Frame Header
Ethernet Destination Address *
6 bytes
Ethernet Source Address
6 bytes
2 bytes: 0806 indicates that the frame
EtherType*
contains ARP message
ARP Message* (Specify
the format)
Frame Checksum
ICS COMPUTER NETWORK LAB
4 bytes
96
Task 2: Capturing frames coming to and outgoing from a specific network card
In this task we would like to ascertain when and how ARP is used. You will issue a ping from your
computer and track the outgoing and incoming frames. You will consider two cases:
Case 1: The machine being pinged is on your network
Case 2: The machine being pinged is outside of your network
In either case, to capture frames coming to and going from your Ethernet network interface card, find out
your computer's Ethernet address using ipconfig /all then use it as the MAC source or destination address
in the MAC Filter screen as shown below.
Then for Case 1, set Sniffem to capture with above filter enabled and ping your neighbor's machine. If all
is ok then you should see a screen similar to the one shown below, which in effect indicates that before
the IP packet containing the ICMP Echo request is sent, the MAC address of the station being pinged
must be obtained using ARP.
ICS COMPUTER NETWORK LAB
97
Viewing the ARP cache
At the command prompt type the command: arp –a. Do you see an entry for the machine you just
pinged? How long does this entry remain in the cache?
Exercise: Do Case 2 and interpret the results. Do you ever see an entry in the ARP cache for a machine
outside of your network? Why?
ICS COMPUTER NETWORK LAB
98
King Fahd University of Petroleum and Minerals
Information and Computer Science Department
ICS 432 Computer Network Systems
Lab # 10: Capturing and analyzing ICMP traffic
Objectives:







Comprehend the role played by ICMP protocol
Examine the ICMP message structure and encapsulation
Examine some ICMP messages and the conditions under which they are generated
Expose the role played by ICMP in Ping and TraceRoute utilities
Generate and capture ICMP Destination Unreachable messages
Generate and capture a fragmented IP packet
Show ICMP statistics using netstat command.
ICS COMPUTER NETWORK LAB
99
Task 1: Configure your computer
For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every
computer modify the network configurations as follows.
1. Enable LAN1 and disable LAN2.
2. Assign an IP address as follows:
Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number
Net work B: 192.168.230.11 to 192.168.230.14
===
Net work C: 192.168.230.21 to 192.168.230.24
===
Net work D: 192.168.230.31 to 192.168.230.34
===
Net work E: 192.168.230.41 to 192.168.230.44
===
3. Set the gateway address as 192.168.230.251
4. Set the DNS Server as 172.16.0.1
ICS COMPUTER NETWORK LAB
100
Task 2: Capturing ICMP traffic
An ICMP message (i.e. a request or a reply) is directly encapsulated in an IP packet with protocol field in
the IP header set to 1. On an Ethernet LAN, the IP packet itself is encapsulated in an Ethernet frame with
EtherType value set to (0x0800). Thus the simplest way to capture ICMP traffic is to use a filter on the
Protocol field in the IP header. Follow these steps. However to further limit the number of packets that are
captured you should restrict the MAC source or destination address to match that of your station. Follow
these steps.
1. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select
Enable Filter checkbox and then click on the Add button.
2. In the above screen – on the Low Level Protocols tab select inclusive matches option and ICMP
(Number: 1) from the list. Then click next on all subsequent screens till you reach the MAC Filter screen.
3. In the above screen, add your machine's Ethernet address. Then click next till reaching the Finish
Filter screen shown below. Give this filter a name, say MyICMP and click Finish button.
ICS COMPUTER NETWORK LAB
101
Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable.
You should see near the middle of in the status bar "Filter On" – see the screen below.
4. Have Sniffem set to Capture Mode and ping your neighbor's IP address.
Exercise: Based on the above capture state how Ping works. Also fill in the values marked with * below
for an Ethernet frame containing an ICMP Echo Request. State the role of the ICMP fields: type, code,
checksum, identification, seqno, data.
ICS COMPUTER NETWORK LAB
102
14 byte Ethernet
Frame Header
Ethernet Destination Address
6 bytes
Ethernet Source Address
6 bytes
EtherType
2 bytes: 0800 indicates that the frame
contains IP packet
Ver * HL*
20 byte
IP Header
Protocol
*
IP Source Address
4 bytes
IP Destination Address
4 bytes
type
ICMP
Header+Data
1 byte: ___** indicates that the
packet contains ICMP message
code
Identification
checksum
SeqNo
4 bytes
4 bytes
Data (variable length)
Frame Checksum
ICS COMPUTER NETWORK LAB
103
Task 3: Capture ICMP packets generated and received during TraceRoute
TraceRoute (sometimes abbreviated as TraceRT) is one of the basic IP diagnostic tools. It is used to
discover the routers that an IP packet would traverse to reach a given target host (i.e. IP address).
TraceRoute first sends one or more ICMP Echo Request packets with TTL=1. Any packet with TTL=1
will be discarded by the first router along the path to destination but the router will send an ICMP Time
Exceeded message (type/code= ____ / _____) to the source host. TraceRoute receives this ICMP message
and notes the IP source address as the address of the first router.
Then TraceRoute sends one or more ICMP Echo Request packets with TTL value=2. Any such packet
crosses the first router where its TTL value is decremented by 1. At the second router, the packet is
dropped and an ICMP Time Exceeded message is sent back to the source host. The IP source address of
this message is that of the second router.
The process continues until TraceRoute actually gets an ICMP Echo Reply from the target host or the
TTL value exceeds some preset maximum.
To verify all of this, follow theses steps.
1. From your computer, traceroute to KFUPM (or CCSE) Web Server by issuing the command:
tracert www.kfupm.edu.sa. You should get results similar to the one shown below.
2. Use Sniffem with the filter set as in the previous task and capture the resulting traffic.
ICS COMPUTER NETWORK LAB
104
Exercise: Traceroute to some host on the Internet, say www.ibm.com. Explain the result.
ICS COMPUTER NETWORK LAB
105
Task 4: Capturing ICMP Destination Unreachable message
This ICMP message uses a Type field value of 3 and is generated under various conditions (cases)
indicated by the value used for the Code field. Here we will consider two cases only.
Case 1: Host Unreachable
Recall that when an IP packet finally reaches a router attached to the destination network, the router
would then encapsulate the received packet in a frame addressed to the destination host. Thus the router
will issue an ARP Request for the MAC address corresponding to the destination IP address, and if no
ARP Reply is received, the router will discard the packet and send an ICMP Destination
Unreachable/Host Unreachable message back to the source host.
To capture such message, use filter as set previously and run the command:
ping <ipaddress of a dead host on a remote network>
Case 2: Port Unreachable
The destination host generates this message when there is no process listening on the specified TCP (or
UDP) destination port.
To capture such message, use filter as set previously and run the command:
Telnet <ipaddress of your neighbor> 1000 - assume no process listens on port 1000.
ICS COMPUTER NETWORK LAB
106
Task 5: Generate IP fragmented packet
To see the IP fragmentation process in action, one can use the Ping command with the option for the size
of Ping data set large enough to causes the IP packet size to exceed the underlying data link layer
Maximum Transmission Unit (MTU) - For Ethernet, MTU is 1500 bytes. Subtracting 20 bytes for IP
header and 8 bytes for ICMP header  maximum ICMP data of 1472 byes. Thus setting a Ping length
option of 1473 will lead to a fragmented packet.
Exercise: Setup a filter to capture IP/ICMP and run the command:
ping –n 1 –l 1473 <ipaddress>.
If all goes well, you should get a screen like the one shown below. Note that the size of the first IP packet
is set to 1500 (i.e. subtracting the length of IP header (20)  fragment size is 1480). Can you guess the
value of the fragment offset for in the IP packet containing the second fragment?
ICS COMPUTER NETWORK LAB
107
Viewing ICMP statistics
As shown in the snapshot below, one can use the netstat command. At the command prompt type the
command: netstat –s.
Note: It is good to know that the command netsat –e gives statistics about the local Ethernet's interface. A
value of zero for received erroneous frames would indicate a network free of bad (or lose) wiring and
malfunctioning network interface cards.
ICS COMPUTER NETWORK LAB
108
King Fahd University of Petroleum and Minerals
Information and Computer Science Department
ICS 432 Computer Network Systems
Lab # 11: Capturing and analyzing TCP traffic
Objectives:




Comprehend the role played by TCP protocol
Examine the TCP Segment structure and encapsulation
Examine the three phases of a TCP connection:
1. Open Connection phase using Three-Way handshake
2. Data Exchange phase
3. Close Connection phase
Capture and analyze the TCP traffic generated during a Web session
ICS COMPUTER NETWORK LAB
109
Task 1: Configure your computer
For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every computer modify
the network configurations as follows.
1. Enable LAN1 and disable LAN2.
2. Assign an IP address as follows:
Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number
Net work B: 192.168.230.11 to 192.168.230.14
===
Net work C: 192.168.230.21 to 192.168.230.24
===
Net work D: 192.168.230.31 to 192.168.230.34
===
Net work E: 192.168.230.41 to 192.168.230.44
===
3. Set the gateway address as 192.168.230.251
4. Set the DNS Server as 172.16.0.1.
ICS COMPUTER NETWORK LAB
110
Task 2: What goes on during a Web surfing session?
HTTP is an example of an Application Layer protocol that is encapsulated in TCP. Thus one way to
capture TCP Segments is use the browser to fetch some URL and at the same time capture the frames that
go out or come to the network interface associated with the local station. Therefore, we will use a filter
that restricts the MAC source or destination address to match that of local station. Follow these steps.
1. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select
Enable Filter checkbox and then click on the Add button. Then keep clicking Next button till you reach
the MAC Filter screen.
2. In the above screen, add your machine's Ethernet address. Then click Next till reaching the Finish
Filter screen shown below. Give this filter a name, say FromToMe and click Finish button.
Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable.
You should see near the middle of in the status bar "Filter On" – see the screen below.
ICS COMPUTER NETWORK LAB
111
3. Have Sniffem set to Capture Mode and browse to some site such as http://www.kfupm.edu.sa. If all
goes well then you should get a capture similar to the one shown below.
Based on the above capture write down the steps (tasks) that the browser goes through.
Step (Task)
Application/Transport
Protocols used
1. Use DNS to find the DNS/UDP
IP address of the host
part in the URL
2. Open a TCP TCP Syn-SynAck-Ack
connection
3. Send an HTTP GET HTTP/TCP
Request
4. Get Reply
HTTP/TCP
5. Repeat Steps 3, 4 a HTTP/TCP
number of times
6. Close the TCP TCP Fin and Ack
Connection
# of application-data ARP Request for
packets exchanged
2
Who owns IP address of
default gateway. Why
not DNS server?
Note that before a TCP connection is opened (Frame#5 above) the IP address of the host in URL is
needed. Thus a DNS query needs to be issued**. The DNS query will be encapsulated in a frame destined
ICS COMPUTER NETWORK LAB
112
to the IP address of DNS server but what would be the MAC address? Will we send an ARP request
asking for MAC address of DNS server?
**If you don't see DNS Query and Reply this in your capture, can you explain why?
ICS COMPUTER NETWORK LAB
113
Task 3: Structure and Encapsulation of a TCP segment
By considering one of the frames that contains a TCP segment verifies that the encapsulation and the
structure of a TCP segment is in accordance with the diagram shown below.
14 byte Ethernet
Frame Header
Ethernet Destination Address
Ethernet Source Address
6 bytes
2 bytes: 0800 indicates that the frame
contains IP packet
EtherType
Ver * HL*
20 byte
IP Header
1 byte: 6* indicates that the
packet contains TCP message
Protocol
*
IP Source Address
IP Destination Address
source port
dest. port
4 bytes
4 bytes
4 bytes
4 bytes
SeqNo
AckNo
TCP Header
6 bytes
4 bytes
offset-re-uaprsf
win size
checksum
urg ptr
options + padding
TCP data
Frame Checksum
ICS COMPUTER NETWORK LAB
4 bytes
114
Task 4: Analyzing the Phases of a TCP connection
A TCP connection goes through three phases in sequence:
1. Open Connection phase using Three-Way handshake
2. Data Exchange phase
3. Close Connection phase
The Connection Opening Phase uses the three-way handshake.
Client
Server
Syn, SeqNo=200
Syn, Ack, SeqNo=500
AckNo=201
Ack, SeqNo=201
AckNo=501
The Data Exchange Phase uses the sliding window technique including the provision for SeqNo and
AckNo to allow the proper ordering of the data. The flow control is manage used the Window Size field.
Note that for an outgoing segment we set the AckNo using the formula,
AckNo = (SeqNo + Data Size) of the last correctly received segment
Note: For the Initial Syn Segments we assume a data size of 1 byte.
Exercise: Verify the above formula by tracking a received segment (say, the one containing the first GET
request) and the segment that is sent following it.
SeqNo (Hex)
AckNo (Hex)
Data Size (in bytes)
Received Segment
Sent Segment
The Close Connection Phase uses a pair of Fin-Ack segments (i.e. two Fins and two Acks). When one
side has no more data then he should send a Fin segment and when acknowledged he must not send any
more data but can continue sending Ack segments for the data it receives. After a while the other side
ICS COMPUTER NETWORK LAB
115
ICS COMPUTER NETWORK LAB
116
King Fahd University of Petroleum and Minerals
Information and Computer Science Department
ICS 432 Computer Network Systems
Lab # 12: Configuring DHCP Servers and Clients
Objectives:




Comprehend the role played by DHCP protocol
Configure Windows 2003 as a DHCP Client
Configure Windows 2003 Server as a DHCP Server
Capture and analyze DHCP traffic generated
ICS COMPUTER NETWORK LAB
117
Background Information
To communicate successfully with each other, all TCP/IP hosts must be properly configured. These
hosts require a valid IP address that is unique on the host's internetwork, a subnet mask, and a default
gateway. If the host is to communicate only on the local subnet, the default gateway can be omitted. For
larger networks, additional configuration items are required, such as Domain Name System (DNS) server
IP addresses, Windows Internet Name Service (WINS) server IP addresses, and NetBIOS node types.
In small networks, carrying out this configuration requires a degree of TCP/IP skill that might not be
readily available. On large networks, ensuring that all hosts are properly configured can be a considerable
management and administrative task, especially in a dynamic network with roaming users and laptops.
Manual configuration or reconfiguration of a large number of computers can be time consuming, and
errors in configuring an IP host can result in the host being unable to communicate with the rest of the
network.
DHCP is a client/server protocol that simplifies the management of client IP configuration and the
assignment of IP configuration data. With DHCP, administrators define all necessary configuration
parameters on a central server or a set of servers, which are then able to provide hosts with all necessary
IP configuration information.
DHCP provides four key benefits to those planning, designing, and maintaining an IP network:



Centralized administration of IP configuration: The DHCP administrator can centrally
manage all IP configuration information. This eliminates the need to manually configure
individual hosts when TCP/IP is first deployed, or when IP infrastructure changes are required.
Seamless IP host configuration: The use of DHCP ensures that DHCP clients get accurate and
timely IP configuration parameters without user intervention. Because the configuration is
automatic, troubleshooting is largely eliminated.
Flexibility: Using DHCP gives the administrator increased flexibility over changes in IP
configuration information, allowing the administrator to change IP configuration more simply as
infrastructure changes are needed.
What Is DHCP?
DHCP is a client/server protocol that automatically provides an IP host with its IP address and other
related configuration information such as the subnet mask and default gateway. RFCs 2131 and 2132
define DHCP as an Internet Engineering Task Force (IETF) standard based on the Boot Protocol
(BOOTP), with which it shares many implementation details. DHCP allows hosts to obtain all necessary
TCP/IP configuration information from a DHCP server.
DHCP Overview and Key Terms
Before examining DHCP in detail, you should be familiar with the following key DHCP-related terms:
DHCP Clients and Servers
A computer that gets its configuration information from DHCP is known as a DHCP client. DHCP clients
communicate with a DHCP server to obtain IP addresses and related TCP/IP configuration information.
ICS COMPUTER NETWORK LAB
118
DHCP servers hold information about available IP addresses and related configuration information as
defined by the DHCP administrator.
DHCP Scopes and Options
A set of IP addresses and associated configuration information that can be supplied to a DHCP client is
known as a scope. A scope is a set of IP addresses that the server can issue to DHCP clients, along with
one or more options. An option is a specific configuration item such as a subnet mask and a default
gateway IP address, which the DHCP administrator wants the DHCP server to provide to the DHCP
client.
A DHCP administrator can create one or more scopes on one or more Windows Server 2003 servers
running the DHCP Server service. However, because DHCP servers do not communicate scope
information with each other, the administrator must be careful to ensure that the scopes are defined
carefully so that multiple DHCP servers are not handing out the same IP address to different clients, or
handing out addresses that are taken by existing, manually configured IP hosts.
The IP addresses defined in a DHCP scope are continuous and are associated with a subnet mask. To
allow for the possibility that some IP addresses in the scope might have been already assigned and in use,
the DHCP administrator can specify an exclusion—one or more IP addresses in the scope that are not
handed out to DHCP clients.
NOTE: In networks with multiple subnets and multiple networks, it is useful to have standards for
separating the dynamic IP addresses given out by DHCP from the addresses used by manually configured
hosts.
In the DHCP protocol packet, each option begins with a single tag octet, which defines the option. An
option can be fixed length, such as the NetBIOS Node Type (Option 46); variable length, such as the
Domain Name System (DNS) Domain Name (Option 15); or an array of items, such as the list of DNS
Servers (Option 6).
With the Windows Server 2003 DHCP Server service, the DHCP administrator can manage options at the
following five levels:





Predefined options: Allow the DHCP administrator to specify default option values for all
options supported on the DHCP server and to create new option types for use on this server.
Server options: Values assigned to all clients and scopes defined on the DHCP server (unless
they are overridden by scope, class, or client-assigned options).
Scope options: Values applied only to clients of a specific scope (unless they are overridden by
class or client-assigned options).
Class options: Allow the administrator to set user- or vendor-defined option classes, providing
option data to a specified class of DHCP clients (for example, all Windows 2000 or later DHCP
clients). Options set at this level are overridden only by options assigned at the client level.
Reserved client options: Set for an individual reserved DHCP client. Only properties manually
configured at the client computer can override options assigned at this level.
DHCP Messages
DHCP clients communicate with DHCP servers by sending application layer messages to, and receiving
messages from, a DHCP server. There are eight DHCP message types, which are sent using User
ICS COMPUTER NETWORK LAB
119
Datagram Protocol (UDP). DHCP clients with a bound IP address and a valid lease communicate with the
DHCP server using unicast IP datagrams, whereas clients in the process of obtaining an IP address
communicate using broadcast packets, sent to the limited broadcast IP address 255.255.255.255. The
DHCP client binds to UDP port 68, and the DHCP server binds to UDP port 67.
There are eight DHCP message types:








DHCPDISCOVER: Sent by a DHCP client broadcast to locate a DHCP server.
DHCPOFFER: Sent by a DHCP server to a DHCP client, in response to DHCPDISCOVER,
along with offered configuration parameters.
DHCPREQUEST: Sent by the DHCP client to DHCP servers to request parameters from one
server while implicitly declining offers from other servers, and to confirm the validity of
previously allocated addresses (for example, after a reboot or to extend an existing DHCP lease).
DHCPACK: Sent by a DHCP server to a DHCP client to confirm an IP address and provide the
client with those configuration parameters that the client has requested and the server is
configured to provide.
DHCPNAK: Sent by a DHCP server to a DHCP client denying the client's DHCPREQUEST.
This might occur if the requested address is incorrect because of the client having moved to a new
subnet or because the DHCP client's lease has expired and cannot be renewed.
DHCPDECLINE: Sent by a DHCP client to a DHCP server, informing the server that the
offered IP address is declined because it appears to be in use by another computer.
DHCPRELEASE: Sent by a DHCP client to a DHCP server, relinquishing an IP address and
canceling the remaining lease. This is sent to the server that provided the lease.
DHCPINFORM: Sent from a DHCP client to a DHCP server, asking only for additional local
configuration parameters; the client already has a configured IP address. This message type is
also used for rogue server detection.
DHCP Leases and Reservations
The IP addresses acquired by DHCP generally are not permanent. When a DHCP client is configured
using DHCP, it acquires a lease on the assigned address. The DHCP administrator defines the lease
duration, either when the lease is created, or subsequently. In Windows Server 2003, the administrator
can specify either a specific lease time, between 1 minute and 999 days, or an unlimited lease time.
Although most IP addresses are dynamically allocated, Windows Server 2003 allows a DHCP
administrator to create a reservation, a permanent address lease that the DHCP administrator creates to
assign a specific IP address (and DHCP options) to a specific DHCP client. The administrator creates the
reservation by specifying the IP address to be allocated and the host's media access control (MAC)
address. The reservation ensures that the DHCP client with a network interface card (NIC) having that
MAC address always obtains the same IP address and options.
DHCP Relay Agents
When a Windows DHCP client computer is started, it broadcasts DHCP messages to obtain or renew a
lease from a DHCP server. A DHCP relay agent, also referred to as a BOOTP relay agent, is either a host
or an IP router that listens for DHCP client messages being broadcast on a subnet and then forwards those
DHCP messages to a configured DHCP server. The DHCP server sends DHCP response messages back
to the relay agent, which then broadcasts them onto the subnet for the DHCP client. The DHCP
administrator uses DHCP relay agents to centralize DHCP servers, avoiding the need for a DHCP server
on each subnet.
ICS COMPUTER NETWORK LAB
120
The Routing and Remote Access service of Windows Server 2003 includes a DHCP relay agent. A DHCP
administrator needs to enable the Routing and Remote Access service and configure the DHCP relay
agent with interfaces and the IP addresses of DHCP servers. In addition, most modern hardware routers
can be configured to provide relay facilities. On some routers, the DHCP relay function is referred to as
BOOTP forwarding.
How DHCP Works
Hosts use the DHCP protocol to obtain an initial lease, to renew an existing lease, and to detect
unauthorized DHCP servers.
Obtaining an Initial Lease
A DHCP client acquires an initial lease the first time the client boots up using a series of
messages exchanged with a DHCP server. The following Network Monitor trace provides an
example of this process:
1 4.426365
KAPOHO10
*BROADCAST
DHCP
Discover (xid=43474883)
Offer
(xid=43474883)
DHCP
Request (xid=43474883)
ACK
(xid=43474883)
0.0.0.0 255.255.255.255 IP
2 4.426365
LOCAL
*BROADCAST
DHCP
TALLGUY
255.255.255.255 IP
3 4.426365
KAPOHO10
*BROADCAST
0.0.0.0 255.255.255.255 IP
4 4.436379
LOCAL
*BROADCAST
DHCP
TALLGUY
255.255.255.255 IP
In this trace, the DHCP client broadcasts a DHCPDISCOVER message to find a DHCP server. Because
the host does not have an IP address, it communicates with the DHCP server by means of a local area
broadcast. On receipt of a DHCPDISCOVER message, a DHCP server responds with an offer of an IP
lease by sending a DHCPOFFER message. If there is more than one DHCP server able to provide the
DHCP client with a lease, the DHCP client could receive more than one DHCPOFFER response. If this
occurs, the client chooses the "best" offer, which for Windows DHCP clients is the first offer received. To
help other clients determine the best offer, the DHCPOFFER message contains values for options that the
client has requested and that are configured on the offering DHCP server.
Any DHCP server that receives a DHCPREQUEST message and can assign the DHCP client a lease
issues a DHCPOFFER message. This message contains an offered IP address and values for any option
that the DHCP server has been configured to issue. If the client can accept an offered lease, it sends a
DHCPREQUEST message to the offering DHCP server, requesting the offered IP address. This request
also contains all the configuration options that the DHCP client wishes to obtain.
If it is still willing to offer the lease, the DHCP server sends a DHCPACK message to the DHCP client,
confirming that the DHCP client now has the lease on the IP address. The DHCPACK also provides
ICS COMPUTER NETWORK LAB
121
values for the requested options that were specified by the DHCP administrator on the server issuing the
DHCPACK.
Renewing a Lease
Because the IP lease has a finite lifetime, the client must renew the lease at some point after obtaining it.
Windows DHCP clients attempt to renew the lease, either at each reboot or at regular intervals after the
DHCP client has initialized.
The following Network Monitor trace demonstrates the renewal of a lease:
1 81.757561
KAPOHO10
*BROADCAST
DHCP
Request (xid=492D15B9)
ACK
(xid=492D15B9)
0.0.0.0
255.255.255.255
2 81.767576
255.255.255.255
IP
LOCA
*BROADCAST
DHCP
TALLGUY
IP
As shown in the Network Monitor trace, a lease renewal involves just two DHCP messages DHCPREQUEST and DHCPACK. If a Windows DHCP client renews a lease while booting up,
broadcast IP packets are used to send these messages. If the lease renewal is made while the Windows
DHCP client is running, the DHCP client and the DHCP server communicate using unicast messages.
When a client obtains a lease, DHCP provides values for the configuration options that were requested by
the DHCP client and are configured on the DHCP server. By reducing the lease time, the DHCP
administrator can force clients to regularly renew leases and obtain updated configuration details. This
can be useful when the administrator wishes to change a scope's IP configuration or configuration
options.
A DHCP client first attempts to reacquire its lease at half the lease time, known as T1. The DHCP client
obtains the value of T1 from the DHCPACK messages that confirmed the IP lease. If the lease
reacquisition fails, the DHCP client attempts a further lease renewal at 87.5 percent of the lease time,
known as T2. Like T1, T2 is specified in the DHCPACK message. If the lease is not reacquired before it
expires (if, for example, the DHCP server is unreachable for an extended period of time), as soon as the
lease expires, the client immediately unbinds the IP address and attempts to acquire a new lease.
Changing Subnets and DHCP Servers
If the DHCP client requests a lease through a DHCPREQUEST message that the DHCP server
cannot fulfill (for example, when a laptop is moved to a different subnet), the DHCP server sends
a DHCPNAK message to the client. This informs the client that the requested IP lease will not be
renewed. The client then acquires a new lease using the lease acquisition process described
earlier.
The following Network Monitor trace demonstrates a client that has moved subnets and as a result needs
to acquire a different IP lease:
1
68.198064
KAPOHO10
ICS COMPUTER NETWORK LAB
*BROADCAST
DHCP
Request
(xid=2DBB2B8B)
122
0.0.0.0
255.255.255.255
2
LOCAL
68.198064
*BROADCAST
TALLGUY
255.255.255.255
3
KAPOHO10
69.419821
0.0.0.0
255.255.255.255
4
LOCAL
69.419821
255.255.255.255
5
KAPOHO10
0.0.0.0
255.255.255.255
6 69.429836
LOCAL
TALLGUY
255.255.255.255
DHCP
NACK
(xid=2DBB2B8B)
DHCP
Discover
Offer
(xid=749C146A)
DHCP
Request
ACK
(xid=749C146A)
IP
*BROADCAST
(xid=749C146A)
IP
*BROADCAST
TALLGUY
69.429836
IP
DHCP
IP
*BROADCAST
(xid=749C146A)
IP
*BROADCAST
DHCP
IP
When a Windows DHCP client boots up, it broadcasts a DHCPREQUEST message to renew its lease.
This ensures that the DHCP renewal request is sent to the DHCP server that provides DHCP addresses for
the subnet the client is currently on. This could be different from the server that provided the initial lease.
When the DHCP server receives the broadcast, it compares the address the DHCP client is requesting
with the scopes configured on the server and the subnet from which the DHCPREQUEST message was
received. If it is not possible to satisfy the client request, the DHCP server issues a DHCPNAK, and the
DHCP client then acquires a new lease.
If the DHCP client is unable to locate any DHCP server when rebooting, to renew its lease, it issues an
ARP broadcast for the default gateway that was previously obtained, if one was provided. If the IP
address of the gateway is successfully resolved, the DHCP client assumes that it remains located on the
same network where it obtained its current lease and continues to use this lease.
If the ARP broadcast that the client sent for the default gateway receives no response, the client assumes
that it has been moved to a network that has no DHCP services currently available (such as a home
network), and it autoconfigures itself using either APIPA or alternate configuration. Once it
autoconfigures itself, the DHCP client tries to locate a DHCP server every 5 minutes.
ICS COMPUTER NETWORK LAB
123
Task 1: Configure your computer
For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every
computer modify the network configurations as follows:
1. Enable LAN1 and disable LAN2.
2. Assign an IP address as follows:
Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number
Net work B: 192.168.230.11 to 192.168.230.14
===
Net work C: 192.168.230.21 to 192.168.230.24
===
Net work D: 192.168.230.31 to 192.168.230.34
===
Net work E: 192.168.230.41 to 192.168.230.44
===
3. Set the gateway address as 192.168.230.251
4. Set the DNS Server as 172.16.0.1.
ICS COMPUTER NETWORK LAB
124
Task 2: Configure Windows 2003 as a DHCP Client
StartControl PanelNetwork Connections. Right-click and select Open. Select anyone of the local
area connections and click. Click Properties. Local Area connection properties window appears.
Select Internet Protocol (TCP/IP) and click Properties. Internet Protocol (TCP/IP) Properties
window appears. Select the radio button ‘obtain an IP address automatically’.
ICS COMPUTER NETWORK LAB
125
Task 3: Configure Windows 2003 as a DHCP Server
StartControl PanelAdd/Remove Programs. Click on Add/Remove Windows Components.
Select Networking Essentials and check it. Then click Details button. Select DHCP and Simple TCP/IP
Services. Click Ok. Click Next. Click Finish.
StartAdministrative ToolsDHCP. DHCP Manager appears. Click on the computer and rightclick and select New Scope. New Scope Wizard appears. Enter the name of the scope and its
description. Enter the starting and ending IP address of the scope as instructed by the instructor.
Click Next. If needed, add exclusion range and click Add. Click Next. On the lease duration, click Next
unless specified by the instructor.
ICS COMPUTER NETWORK LAB
126
Select Yes for DHCP configure options and Click Next. If needed specify the router [default gateway]
address and click Add. Click Next.
Click Next [for DNS server]. Click Next [for WINS server]. Select Yes for activating the scope. Click
Next. Completing the new scope wizard appears. Click Finish. DHCP window appears.
ICS COMPUTER NETWORK LAB
127
ICS COMPUTER NETWORK LAB
128
Task 4: Capture DHCP traffic
We will use a filter that restricts the MAC source or destination address to match that of local station.
Follow these steps.
1. From the Menu select Filtersoftware FilterEdit Filter to bring up the screen below. Select
Enable Filter checkbox and then click on the Add button. Then keep clicking Next till you reach the
MAC Filter screen.
2. In the above screen, add your machine's Ethernet address. Then click Next till reaching the Finish
Filter screen shown below. Give this filter a name, say FromToMe and click Finish button.
ICS COMPUTER NETWORK LAB
129
Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable.
You should see near the middle of in the status bar "Filter On" – see the screen below.
3. Have Sniffem set to Capture Mode and browse to some site such as http://www.kfupm.edu.sa. If all
goes well then you should get a capture similar to the one shown below.
ICS COMPUTER NETWORK LAB
130