Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
King Fahd University of Petroleum and Minerals College of Computer Science and Engineering Information and Computer Science Department Network Laboratory Experiments ICS 342: Computer Network Technologies ICS 432: Computer Network Systems Prepared by: Dr. Nasir Al-Darwish & Mr. Mohamed Buhari Last revised: April 25, 2004 Table of Contents Lab # 01: Basic LAN Setup and Peer to Peer Networking ........................................... 2 Lab # 02: Protocol Layers and Encapsulation ............................................................. 19 Lab # 03: TCP/IP Services: Overview of Telnet, FTP and HTTP servers & clients 25 Lab # 04: Cornerstones of the Web: HTML and HTTP. ............................................ 42 Lab # 05: Building IP internetwork .............................................................................. 51 Lab # 06: Domain Name System – Part 1 ..................................................................... 57 Lab # 07: Domain Name System (DNS) – Part 1I ........................................................ 67 Lab # 08: Building IP internetwork .............................................................................. 81 Lab # 09: Capturing and analyzing ARP traffic .......................................................... 94 Lab # 10: Capturing and analyzing ICMP traffic ....................................................... 99 Lab # 11: Capturing and analyzing TCP traffic ........................................................ 109 Lab # 12: Configuring DHCP Servers and Clients .................................................... 117 ICS COMPUTER NETWORK LAB 1 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 01: Basic LAN Setup and Peer to Peer Networking Objectives: Create a simple LAN with two PCs using a single crossover cable to connect the workstations Create a simple LAN with two PCs using an Ethernet hub and two straight-through cables to connect the workstations Use the Control Panel to verify and configure the network settings Use the Ping command to verify the TCP/IP connection between the two workstations Use the IPCONFIG.EXE utility to verify all IP configuration settings Have two or more PCs as members in a workgroup and practice file sharing Background: In this lab you learn how to connect two PCs to create a simple Peer-to-Peer LAN or workgroup. The instructions for this lab focus on the Windows 2003 operating system. You will share a folder on one workstation and connect to that folder from the other workstation. This lab is divided into two exercises as follows: ICS COMPUTER NETWORK LAB 2 Exercise A -- The two PCs (or workstations) will be connected directly to each other [Figure 1] from one Network Interface card (NIC) [Figure 2] to the other NIC using a crossover cable. This can be used to create a mini-lab for testing purposes without the need for a hub. Since the NICs on the workstations are directly connected you will not be able to connect any additional workstations. Figure 1. Two PC Connections Figure 2. Network Interface Card ICS COMPUTER NETWORK LAB 3 Exercise B -- The two PCs will be connected with a hub between them [Refer Figure 3]. Using a hub allows for more than just two workstations to be connected depending on the number of ports on the hub. Hubs can have anywhere from 4 to 32 ports. Figure 3. Network Connection via Hub NOTE: For both exercises A and B, you will verify that the workstations are functioning and that network hardware is installed properly. You will also need to verify and configure all TCP/IP protocol network settings for the two workstations to communicate such as IP address and subnet mask. Tools / Preparation: It is best to start with a fresh install of Windows. The workstations should have Network Interface Cards (NIC) installed with the proper drivers (floppy disk or CD) available. The following resources will be required: Two Pentium-based workstations with a NIC in each (NIC drivers should be available) ICS COMPUTER NETWORK LAB 4 Exercise A - One CAT5 Crossover cable to connect the workstations without a hub Exercise B - An Ethernet hub (4 or 8 port) and two CAT5 straight-wired cables NOTE: The following steps 1 and 2 (physical LAN connections) will be different between exercises A and B. The steps from 3 on should be the same since they relate only to the workstations and should be performed on both workstations. Step 1 - Check Local Area Network (LAN) Connections Task: Verify the cables Explanation: You should check the cables to verify that you have good layer 1 physical connections Exercise A - A single CAT 5 crossover cable is used to connect the workstations together. Verify that the pins are wired as a crossover by holding both RJ-45 connectors side by side with the clip down and inspect them. Pairs 2 and 3 should be reversed. Refer to the Appendix for correct wire color and pin locations. Exercise B - Check each of the two CAT 5 cables from each workstation to the hub. Verify that the pins are wired straight through by holding the two RJ-45 connectors for each cable side by side with the clip down and inspect them. All pins should have the same color wire on the same pin at both ends of the cable. (pin 1 should match pin 1 and pin 8 should match pin 8 etc.) Refer to the Appendix for correct pin locations. Step 2 - Plug in and connect the equipment Task: Check the workstations (and hub for exercise B) Explanation: Exercises A and B - Check to make sure that the NICs are installed correctly in each workstation. Plug in the workstations and turn them on. Exercise B - Plug the hub or its AC adapter into a power outlet. Plug the straight through cable from workstation 1 into port 1 of the hub and the cable from workstation 2 into port 2 of the hub. After the workstations have booted, check the green link light on the back of each NIC and the green lights on ports 1 and 2 of the hub to verify that the are communicating. This also verifies a good physical connection between the Hub and the NICs in the workstations (OSI Layers 1 and 2). If the link light is not ICS COMPUTER NETWORK LAB 5 on it usually indicates a bad cable connection, an incorrectly wired cable or the NIC or hub may not be functioning correctly. Step 3 - Network Adapters and Protocols Task: Check the Network Adapter (NIC): Use the Control PanelSystemDevice Manager utility to verify that the Network Adapter (NIC) is functioning properly for both workstations. Double click on Network Adapters and then right click the NIC adapter in use. Click Properties to see if the device is working properly. Explanation: If there is a problem with the NIC or driver, the icon will show a yellow circle with an exclamation mark in it with (possible resource conflict) or a red X indicating a serious problem (device could cause Windows to lock up). Step 4 - Check the TCP/IP Protocol Settings: Task: Use the Control Panel/Network Connections (or Properties in Context Menu of My Network Places) to display Network Connections Window. Then use Properties in Context Menu of Local Area Connection to display Local Area Connection Properties Window. Select the TCP/IP protocol from the Configuration Tab and click on properties. Check the IP Address and Subnet mask for both workstations on the IP Address Tab. Figure 4. Network Connections Window Figure 5. Local Area Connection Properties Window ICS COMPUTER NETWORK LAB 6 Figure 7. TCP/IP Properties Window Explanation: The IP addresses can be set to anything as long as they are compatible and on the same network. Record the existing settings before making any changes in case they need to be set back (for instance, they may be DHCP clients now). For this lab, use the Class C IP network address of 192.168.230.0 and set workstation 1 to a static IP address 192.168.230.1 and set workstation 2 to 192.168.230.2 Set the default subnet mask on each workstation to 255.255.0.0. For the purpose of this lab, you can leave the Gateway and DNS Server entries blank. Note: The lab has been configured into 5 class C IP networks with addresses: 192.168.230.0, 192.168.231.0, 192.168.232.0, 192.168.233.0, 192.168.234.0 ICS COMPUTER NETWORK LAB 7 Step 5 - Check the TCP/IP Settings with the IPCONFIG Utility Task: Use the ipconfig.exe command to see your TCP/IP settings on one screen. Click on StartCommand Prompt. Explanation: Enter ipconfig /all command to see all TCP/IP related settings for your workstation. 1. Fill in the blanks below using the results of the IPCONFIG command from each workstation: Workstation 1 Name: Workstation 2 Name: IP Address: IP Address: Subnet Mask: Subnet Mask: MAC (Hardware) Address: MAC (Hardware) Address: Step 6 - Check the network connection with the Ping Utility Task: Use the Ping Command to check for basic TCP/IP connectivity. Click on StartCommand Prompt. Enter the Ping command followed by the IP address of the other workstation (Example - ping 192.168.230.1 or 192.168.230.2). Explanation: This will verify that you have a good OSI Layers 1 through 3 connections. Step 7 - Windows Networking Options By default, a Windows Server 2003-based computer is installed with Client for Microsoft Networks, File and Printer Sharing for Microsoft Networks, and TCP/IP. Note: This indicates that just sharing a folder will have the file server enabled. Also, removing the sharing option on the shared folders will disable the file server. So, it is not at all necessary to install the file server on windows server 2003. Note: You can view these services in the properties for the local area connection. You can create a Windows Server 2003 file server and print server manually, or you can use the wizards that are provided in the Configure Your Server Wizard administrative tool. ICS COMPUTER NETWORK LAB 8 How to Install a File Server on Windows Server 2003 by Using the Configure Your Server Wizard 1. Click Start, point to Administrative Tools, and then click Configure Your Server Wizard. 2. Click Next. Click Next. 3. “Configure your server wizard” might appear. 4. Select Custom Configuration and Click Next 5. Click File server in the Server role box, and then click Next. 6. On the "File Server Disk Quotas" page, configure any quotas you need to control diskspace usage on the server, and then click Next. 7. On the "File Server Indexing Service" page, click the indexing configuration that is appropriate for your server, and then click Next. 8. Click Next. ICS COMPUTER NETWORK LAB 9 9. “Share a Folder” wizard appears. Click Next 10. Click “Browse” and select the folder you want to share. Click Next 11. Enter a name for the sharing. 12. Click Next 13. Click one of the basic permissions for the folder, or click Customize to set custom permissions on the folder. Click Finish. 14. Click Close. Click Finish. How to Manually Install a File Server on Windows Server 2003 1. 2. 3. 4. 5. 6. 7. 8. Click Start, and then click My Computer. Locate the folder that you want to share. Right-click the folder, and then click Sharing and Security. Click Share this folder, and then accept the default name or type a different name for the share. Optionally, configure the number of users who can connect, configure permissions for this folder, and then configure the caching options. Click OK. A little hand is displayed in the Windows Explorer window to indicate that the folder is being shared. Quit Windows Explorer. Step 8 - File Folders and Sharing Options ICS COMPUTER NETWORK LAB 10 Task: Set up a File folder to share: On workstation one, use My Computer to create a folder to be shared called "Test folder". Using StartMy Computer, select the folder and right click to share it. Enter the name of the share and click OK. From the other workstation, click on StartSearchOther Search OptionsComputers or PeopleA Computer on the network. Type the name of the first workstation in ‘Computer name’ box and Click Search. Then click the shared folder. Start My Computer. Click on ‘Up’ button. Select My Network PlacesEntire NetworkMicrosoft Windows NetworkWorkgroup. Then select the workstation name and then the shared folder. Explanation: You can map a drive to the shared folder if you wish. While working in the shared folder on the other workstation, create a new document and save it. If you have a printer shared you may want to print the document. Summary Information on WORKGROUPS AND DOMAINS ICS COMPUTER NETWORK LAB 11 This section contains a summary on Domains and Workgroups. There are many ways in which computers can provide services, and manage users into logical groups. This section looks at some of those approaches. Workgroups: Peer To Peer Networks A work-group is a collection of computers that are logically grouped together for a common purpose. In any organization, logical work-groups exist, like sales, marketing, accounts, salaries and support. By allowing like people to share their files and resources, it assists the way in which people work and leads to increased productivity. In peer networks, each computer is considered a server, and holds its own accounts database. Each computer can share resources that it owns, like files, CD-ROM drives, printers, modems and fax machines. The advantages of peer-to-peer networks are: All workstations can make available their resources No centralized server is required Security is the responsibility of each workstation Each computer has its own accounts database that secures the resources it provides to others It is cheap and easy to set up for small groups When the number of workstations in the network increase, problems will arise due to the cost of administration [maintenance of security on so many workstations which have their own accounts] and security [it is easy for loop holes to develop in which unauthorized users could gain access]. Resources in a Work-group Typically, computers in a work-group make available resources for other members of the work-group to use. Features of resources are: A typical resource is a file, directory or printer Resources given names (share names) Resources assigned permissions (like a password) Permissions can be read-only or full Any user knowing the password can access the resource ICS COMPUTER NETWORK LAB 12 Both Windows 9x and Windows NT Workstation support workgroups. Each user in a workgroup can decide which resources on their computer they will share. Ideally, in a work-group, each person has their own computer that is normally identified on the network by their first name. Belonging to a workgroup To participate in a workgroup, the computer must be configured to be a member of that workgroup. In Windows 9x, a computer is setup to be part of a work-group via Control PanelNetworks. The primary network log-on is set to Client For Microsoft Networks. Selecting the Identification tab enables the user to specify the Workgroup to which the computer belongs. Please note that a computer can only belong to a single work-group. Sharing Resources in a workgroup To share any resource on your computer, File and Printer Sharing must first be enabled. This is found under Control Panel->Networks->File and Printer Sharing. Once this is enabled, passwords may be assigned to each resource that is made available. Users cannot use that resource unless they know the password. Uniform Resource Locators Sharing allows the user to specify a password and allocate a name to the resource. In Windows format, the name of the resource is then known on the work-group as \\computername\resourcename For instance, if the computer name was sue, and the resource was specified as temp, then the resource is known as \\sue\temp This is known as the Uniform Resource Locator [URL] for the resource. Summary of workgroups In summary, the features of workgroups are: It is a collection of computers organized for a specific purpose (suits the needs of the group) It is a peer to peer network There is no centralized administration A dedicated server is not required Each computer has its own accounts database and permission lists Users can share files, printers and applications Each computer is identified by a unique name (normally the person using that computer) NT 4 Domains A domain is a logical grouping of networked computers that share a central directory database. ICS COMPUTER NETWORK LAB 13 The domain centralizes all accounts into a secure accounts database (SAM). When users log on, their account details are checked against the entries in the SAM, and if they match, the user can log on. Because all security account information is centralized, it means each computer that is a member of the domain can share and access this account information, and there is no longer a need for each computer to have its own accounts database. The domain consists of a primary domain controller (the first computer installed as a PDC running NT 4 server), other backup domain controllers, and client workstations. When the PDC is installed, the SAM is created and then additional user accounts and resources can be defined, as well as adding additional computers to the domain. At regular intervals changes made to the Sam on the PDC are copied (replicated) to the other backup domain controllers in the domain. These backup domain controllers keep copies of the SAM that is stored on the PDC, and assist in validating user logon requests. The domain concept attempts to solve the issues of management and security, by providing a central point of log on to the network. This central point of log on validates the user as authentic, and only grants those resources to the user that has been pre-assigned to them. Having a single point of log on validation simplifies administration, as there is now only one place where accounts need to be updated. A domain is a logical grouping of one or more Windows NT 4 server based computers that allow them to be managed as a single unit. Using domains, the administrator creates one account for each user. Users log on to the domain, not the individual servers in the domain. Users do not need a separate account on each server in the domain. They only need one user account in the domain. This account can then be used to access any resource on any server in the domain. ICS COMPUTER NETWORK LAB 14 A domain consists of the following one primary domain controller one or more backup domain controllers resource servers participating clients like Windows 9x and Windows NT 4 Workstation based computers A primary domain controller validates user log-on to the domain centralizes user accounts and security policies into a single database provides a single administrative unit for the network A backup domain controller also validates user log-on to the domain provides redundancy in the event of the PDC going off-line keeps a copy of the domain accounts database [replicated automatically from PDC] A resource server provides data storage or application software for users does not handle domain log-on, so is more efficient runs applications like SQL database or Remote Access In addition, multiple domains can be combined into larger organization units or models. One domain can utilize [trust] the accounts of another domain. This provides scalability as the organization grows. NT 4 Domains summary domains are logical groupings of Windows NT Server based computers domains provide a single network log on to server based resources they simplify administration by providing a single point of administering user accounts and security policies domains provide backup systems [redundancy] to take over in the event of a PDC going off-line the accounts database is replicated to backup domain controllers ICS COMPUTER NETWORK LAB 15 Appendix - Straight-through versus Crossover CAT 5 UTP cables Use the following tables and diagrams and steps to create a crossover cable. One end of the cable should be wired to the T568-A standard and the other end to the T568-B standard. This crosses the transmit and receive pairs (2 and 3) to allow communication to take place. Only four wires (2 pairs) are used with 10BASE-T or 100BASE-T Ethernet: T568-A Cabling Pin# Pair# Function Wire Color Used with Used with 100 10/100 BASE-T4 and BASE-T 1000 BASE-T Ethernet? Ethernet? 1 3 Transmit White/Green Yes Yes 2 3 Transmit Green/White Yes Yes 3 2 Receive White/Orange Yes Yes 4 1 Not used Blue/White No Yes 5 1 Not used White/Blue No Yes 6 2 Receive Orange/White Yes Yes 7 4 Not used White/Brown No Yes 8 4 Not used Brown/White No Yes Used with Used with 100 10/100 BASE-T4 and BASE-T 1000 BASE-T Ethernet? Ethernet? T568-B Cabling Pin# Pair# Function Wire Color 1 2 Transmit White/Orange Yes Yes 2 2 Transmit Orange/White Yes Yes 3 3 Receive White/Green Yes Yes 4 1 Not used Blue/White No Yes 5 1 Not used White/Blue No Yes ICS COMPUTER NETWORK LAB 16 6 3 Receive Green/White Yes Yes 7 4 Not used White/Brown No Yes 8 4 Not used Brown/White No Yes ICS COMPUTER NETWORK LAB 17 ICS COMPUTER NETWORK LAB 18 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 02: Protocol Layers and Encapsulation Objectives: Learn the concepts of protocol layers and encapsulation Contrast ISO OSI 7-layer model with TCP/IP 5-layer model Learn some of the functions provided by physical, data link, network, transport and application layers Learn the encapsulation process in a typical TCP/IP implementation over Ethernet LAN hardware Distinguish between Data Link layer (e.g. Ethernet) addresses and Network Layer (e.g. IP) addresses Use Frame Capture software to capture Ping Echo requests and Echo replies Background Information: Recall that a layered approach is a technique used to simplify the design of complex systems. Many obstacles have to be overcome in order for two applications running on different computers to exchange data in a way that is useful for end-users. Using a layered approach, a network communication protocol is used at each layer starting with the data link layer all the way to the application layer. A protocol will define its own protocol data unit (PDU), which includes a header and optionally a trailer. The protocol defines the format and meaning of various fields in its headers and trailers. Note that a protocol is implemented by a process (program) that does the following: On the sending side, a layer takes data from its immediate higher layer, appends its own header and passes it to its immediate lower layer. This process is known as encapsulation. On the receiving side, the reverse process takes place. The layer in view expects a PDU to be passed from its immediate lower layer that it then processes and passes the content of that PDU to its immediate higher layer. In this lab you will first restore every machine to some normal configuration (i.e. wiring with properly numbered (patch-panel terminated) cables and using consistent computer names and IP configuration). Then you will install Sniffem frame capture software and use it to capture and ICS COMPUTER NETWORK LAB 19 analyze the frame that is generated by source and destination stations when Ping command is used. ICS COMPUTER NETWORK LAB 20 Task 1: Structured Wiring and Consistent IP Configuration Besides each computer there are two gray UTP cables that are tagged with certain numbers. These cables are already terminated into a patch panel (with port number matching the number on the cable). Ensure that these cables are connected to the network cards. Then from the patch panel port use a short UTP cable to connect a port on the hub. This form of cabling is known as Structured Cabling as shown in Figure 1. Ethernet Hub Patch Panel Ethernet Card Figure 1. Structured Cabling The lab has been configured into 5 class C IP networks with addresses: 192.168.230.0 (NWLA) 192.168.231.0 (NWLB) 192.168.232.0 (NWLC) 192.168.233.0 (NWLD) 192.168.234.0 (NWLE) Each of the above networks has 4 PCs and each PC is equipped with two Ethernet cards. A PC has a label indicating its name and network to which it belongs. For the time being we will configure the two cards to be on the same IP network as follows: The 1st computer on network NWLA is labeled as ICS-NWLA1 and will use IP addresses 192.168.230.1 (for the first NIC) and 192.168.230.5 (for the second NIC). ICS COMPUTER NETWORK LAB 21 The 2nd computer on network NWLA is labeled as ICS-NWLA2 and will use IP addresses 192.168.230.2 (for the first NIC) and 192.168.230.6 (for the second NIC). Task: Configure each card properly then use the command ipconfig /all command to see all TCP/IP related settings for your workstation. Fill in the blanks below using the results of the IPCONFIG command from your workstation: Workstation Name: IP Address: IP Address: Subnet Mask: Subnet Mask: MAC (Hardware) Address: MAC (Hardware) Address: Task 2: Frame Capture and Analysis Make sure that Sniffem software is properly installed on your computer. Once you start Sniffem [StartAll ProgramsSniffemSniffem], select ToolsSettings from main menu. This displays the Settings window as shown in Figure 2. On this window, select the network interface [select any one of the 3Com adapters listed under the heading ‘Choose an Adapter from the list’] on which the frames will be captured and click OK. Then to start capturing frames, click on the green arrow button on the toolbar. Click the same button (which is now a red stop button) again to stop capturing. ICS COMPUTER NETWORK LAB 22 Figure 2: Sniffem Capture To generate traffic with ping command, do the following: 1. StartCommand Prompt 2. Type the command ‘ping 192.168.230.1’ where the IP address given is the IP address of your nearby PC. You can use the repetitive pinging option using –t ping –t 192.168.230.1 3. Stop the ping using Ctrl-C after you see that the Sniffem has captured some packets Information about the frames that have been captured by Sniffem will be shown using three views as shown on Figure 3. The window is divided into three panes (sections, views). The top-right pane (frame/packet list view) contains one line summary for every frame captured. The left pane (packetdecoding view) and bottom-right pane (Hex/ASCII dump view) contains detailed information about the currently-selected frame (line) from the frame list view. Note that in Figure 3 we are seeing the details of a Ping ICMP Echo Request packet because the TYP field in the ICMP header is set to 8. Figure 3: Captured Output for Ping command Network/IP Address Ethernet/MAC/Physical/Hardware Address Exercise: Follow these steps to capture ICMP Echo Request and Echo Reply packets. 1. Choose the FileNew Project to start a new capture project. ICS COMPUTER NETWORK LAB 23 2. 3. 4. 5. Open a command prompt window and type ping <ip address> but do not hit Enter yet. Click the green arrow button to start capturing frames. Go back to the command prompt window and hit Enter. Stop capture by clicking the red button [which appears on the same place as green arrow button before]. 6. Analyze the results. a. How many Echo Request and Echo Reply frames you captured? b. Identify source and destination addresses: i. Ethernet (data link) Under MAC Header in Packet Decoding panel [Left-panel] ii. IP (network) layers Under IPv4 Header in Packet Decoding panel [Left-panel] 14 byte Ethernet Frame Header Ethernet Destination Address 6 bytes Ethernet Source Address 6 bytes EtherType 20 byte IP Header Protocol 2 bytes: 0800 indicates that the frame contains IP packet 1 byte: 01 indicates that the packet contains ICMP message IP Source Address 4 bytes IP Destination Address 4 bytes ICMP Message Frame Checksum 4 bytes Figure 4. An Ethernet frame containing IP packet that in turn contains ICMP message Review Questions: 1. Name some of the issues that have to be addressed in the design of a computer network. 2. Draw a diagram illustrating the layers and their associated protocols during a web browser session with the web browser running on computer A and the web server running on computer B. The two computers are linked together using an Ethernet network. ICS COMPUTER NETWORK LAB 24 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 03: TCP/IP Services: Overview of Telnet, FTP and HTTP servers & clients Capturing Application Protocol Data. Objectives: Learn the concepts of client/server applications Familiarize oneself with the basic services of TCP/IP and their reserved port numbers, their application protocols (i.e. HTTP, FTP, etc.) and their transport protocols (i.e. UDP or TCP) Learn the basic commands of Telnet Learn the basic commands of FTP Setup a Web server and publish a Web site Use Buffer Decoding View in Frame Capture software to capture some application protocols data including HTTP and FTP. Background Information: Networking protocols are normally developed in layers, with each layer responsible for a different facet of the communications. A protocol suite, such as TCP/IP, is the combination of different protocols at various layers. TCP/IP is normally considered to be a 5-layer stack as shown in Figure 1. Application Telnet, FTP, Web, e-mail, etc. Transport TCP, UDP Network IP, ICMP, IGMP Data Link +Physical Device driver and interface card Figure 1. The five layers of the TCP/IP protocol suite. Each layer has a different responsibility: 1. The data-link and physical layers or sometimes referred to as network interface layer, normally include the device driver in the operating system and the corresponding network interface card in the computer. Together they handle all the hardware details of physical interfacing with the cable (or whatever type of media is being used). 2. The network layer (sometimes called the internet layer) handles the movement of packets around the network. Routing of packets, for example, takes place here. IP (Internet Protocol), ICMP (Internet Control Message Protocol), and IGMP (Internet Group Management Protocol) provide the network layer in the TCP/IP protocol suite. 3. The transport layer provides a flow of data between two hosts, for the application layer above. In the TCP/IP protocol suite, there are two vastly different transport protocols: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). ICS COMPUTER NETWORK LAB 25 TCP provides a reliable flow of data between two hosts. It is concerned with things such as dividing the data passed to it from the application into appropriately sized chunks for the network layer below, acknowledging received packets, setting timeouts to make certain the other end acknowledges packets that are sent, and so on. Because the transport layer provides this reliable flow of data, the application layer can ignore all these details. UDP, on the other hand, provides a much simpler service to the application layer. It just sends packets of data called datagrams from one host to the other, but there is no guarantee that the datagrams reach the other end. The application layer must add any desired reliability. There is a use for each type of transport protocol, which we'll see when we look at the different applications that use TCP and UDP. 4. The application layer handles the details of the particular application. There are many common TCP/IP applications that almost every implementation provides: o Telnet for remote login, o FTP, the File Transfer Protocol, o SMTP, the Simple Mail Transfer protocol, for electronic mail, o SNMP, the Simple Network Management Protocol If we have two hosts on a local area network (LAN) such as an Ethernet, both running FTP, Figure 2 shows the protocols involved. Figure 2. Two hosts on a LAN running FTP We have labeled one application box the FTP client and the other the FTP server. Most network applications are designed so that one end is the client and the other side is the server. The server provides some type of service to clients, in this case access to files on the server host. In the remote login application, Telnet, the service provided to the client is the ability to login to the server's host. ICS COMPUTER NETWORK LAB 26 Each layer has one or more protocols for communicating with its peer at the same layer. One protocol, for example, allows the two TCP layers to communicate, and another protocol lets the two IP layers to communicate. On the right side of Figure 2 we have noted that normally the application layer is a user process while the lower three layers are usually implemented in the kernel (the operating system). Although this isn't a requirement, it's typical and this is the way it's done under UNIX. There is another critical difference between the top layer in Figure 2 and the lower three layers. The application layer is concerned with the details of the application and not with the movement of data across the network. The lower three layers know nothing about the application but handle all the communication details. We show four protocols in Figure 2, each at a different layer. FTP is an application layer protocol, TCP is a transport layer protocol, IP is a network layer protocol, and the Ethernet protocols operate at the data link layer. The TCP/IP protocol suite is a combination of many protocols. Although the commonly used name for the entire protocol suite is TCP/IP, TCP and IP are only two of the protocols. (An alternative name is the Internet Protocol Suite.) The purpose of the network interface layer and the application layer are obvious-the former handles the details of the communication media (Ethernet, token ring, etc.) while the latter handles one specific user application (FTP, Telnet, etc.). But on first glance the difference between the network layer and the transport layer is somewhat hazy. Why is there a distinction between the two? To understand the reason, we have to expand our perspective from a single network to a collection of networks. An internet is a collection of networks that all use the same protocol suite. The easiest way to build an internet is to connect two or more networks with a router. This is often a special-purpose hardware box for connecting networks. The nice thing about routers is that they provide connections to many different types of physical networks: Ethernet, token ring, point-to-point links, FDDI (Fiber Distributed Data Interface), and so on. Figure 3 shows an internet consisting of two networks: an Ethernet and a token ring, connected with a router. Although we show only two hosts communicating, with the router connecting the two networks, any host on the Ethernet can communicate with any host on the token ring. In Figure 3 we can differentiate between an end system (the two hosts on either side) and an intermediate system (the router in the middle). The application layer and the transport layer use end-to-end protocols. In our picture, these two layers are needed only on the end systems. The network layer, however, provides a hop-by-hop protocol and is used on the two end systems and every intermediate system. ICS COMPUTER NETWORK LAB 27 Figure 3. Two networks connected with a router In the TCP/IP protocol suite, the network layer [IP] provides an unreliable service. That is, it does its best job of moving a packet from its source to its final destination, but there are no guarantees. TCP, on the other hand, provides a reliable transport layer using the unreliable service of IP. To provide this service, TCP performs timeout and retransmission, sends and receives end-to-end acknowledgments, and so on. The transport layer and the network layer have distinct responsibilities. A router, by definition, has two or more network interface layers (since it connects two or more networks). Any system with multiple interfaces is called multihomed A host can also be multihomed but unless it specifically forwards packets from one interface to another, it is not called a router. Also, routers need not be special hardware boxes that only move packets around an internet. Most TCP/IP implementations allow a multihomed host to act as a router also, but the host needs to be specifically configured for this to happen. In this case we can call the system either a host (when an application such as FTP or Telnet is being used) or a router (when it's forwarding packets from one network to another). We'll use whichever term makes sense given the context. TCP and UDP are the two predominant transport layer protocols. Both use IP as the network layer. TCP provides a reliable transport layer, even though the service it uses (IP) is unreliable. The applications are normally user processes. UDP sends and receives datagrams for applications. A datagram is a unit of information (i.e., a certain number of bytes of information that is specified by the sender) that travels from the sender to the receiver. Unlike TCP, however, UDP is unreliable. There is no guarantee that the datagram ever gets to its final destination. IP is the main protocol at the network layer. It is used by both TCP and UDP. Every piece of TCP and UDP data that gets transferred around an internet goes through the IP layer at both end systems and at every intermediate router. ICS COMPUTER NETWORK LAB 28 At the top of the TCP/IP protocol architecture is the Application Layer. This layer includes all processes that use the Transport Layer protocols to deliver data. There are many applications protocols. Most provide user services, and new services are always being added to this layer. The most widely known and implemented applications protocols are: Telnet FTP SMTP HTTP The Network Terminal Protocol, which provides remote login over the network. The File Transfer Protocol, which is used for interactive file transfer. The Simple Mail Transfer Protocol, which delivers electronic mail. The Hypertext Transfer Protocol, which delivers Web pages over the network. While HTTP, FTP, SMTP, and telnet are the most widely implemented TCP/IP applications, you will work with many others as both a user and a system administrator. Some other commonly used TCP/IP applications are: Domain Name Service (DNS): Also called name service, this application maps IP addresses to the names assigned to network devices. Open Shortest Path First (OSPF): Routing is central to the way TCP/IP works. Network devices to exchange routing information use OSPF. Network Filesystem (NFS): This protocol allows files to be shared by various hosts on the network. Client-Server Model Most networking applications are written as a two parts (two sides): client and server. The client part handles the interaction with end-use, whereas the server part may run on a different system and would generally handle multiple clients at the same time. It is also possible (and definitely useful during the application development) to run both parts on the same host. The server is always started before any client and kept running indefinitely or for as long as necessary. We can categorize servers into two classes: iterative or concurrent. An iterative server iterates through the following steps. I1. Wait for a client request to arrive. I2. Process the client request. I3. Send the response back to the client that sent the request. I4. Go back to step I1. The problem with an iterative server is when step I2 takes a while. During this time no other clients are serviced. A concurrent server, on the other hand, performs the following steps. Cl. Wait for a client request to arrive. C2. Start a new server to handle this client's request. This may involve creating a new process, task, or thread, depending on what the underlying operating system supports. How this step is performed depends on the operating system. This new server handles this client's entire request. When complete, this new server terminates. C3. Go back to step Cl. The advantage of a concurrent server is that the server just spawns other servers to handle the client requests. Each client has, in essence, its own server. Assuming the operating system allows multiprogramming, multiple clients are serviced concurrently. ICS COMPUTER NETWORK LAB 29 The reason we categorize servers, and not clients, is because a client normally can't tell whether it's talking to an iterative server or a concurrent server. As a general rule, TCP servers are concurrent, and UDP servers are iterative, but there are a few exceptions. Port Numbers We said that TCP and UDP identify applications using 16-bit port numbers. How are these port numbers chosen? Servers are normally known by their well-known port number. For example, every TCP/IP implementation that provides an FTP server provides that service on TCP port 21. Every Telnet server is on TCP port 23. Every implementation of TFTP (the Trivial File Transfer Protocol) is on UDP port 69. Those services that can be provided by any implementation of TCP/IP have well-known port numbers between 1 and 1023. The well-known ports are managed by the Internet Assigned Numbers Authority (IANA). Until 1992 the well-known ports were between 1 and 255. Ports between 256 and 1023 were normally used by Unix systems for Unix-specific services, i.e., services found on a Unix system, but probably not found on other operating systems. The IANA now manages the ports between 1 and 1023. An example of the difference between an Internet-wide service and a Unix-specific service is the difference between Telnet and Rlogin. Both allow us to login across a network to another host. Telnet is a TCP/IP standard with a well-known port number of 23 and can be implemented on almost any operating system. Rlogin, on the other hand, was originally designed for Unix systems (although many non-Unix systems now provide it also) so its well-known port was chosen in the early 1980s as 513. A client usually doesn't care what port number it uses on its end. All it need to be certain of is that whatever port number it uses be unique on its host. Client port numbers are called ephemeral ports (i.e., short lived). This is because a client typically exists only as long as the user running the client needs its service, while servers typically run as long as the host is up. The well-known port numbers are contained in the file /etc/services on most Unix systems. To find the port numbers for the Telnet server and the Domain Name System, we can execute sun% grep telnet /etc/services telnet 23/tcp sun% grep domain /etc/services domain 53/udp domain 53/tcp says it uses TCP port 23 says it uses and TCP port 53 UDP port 53 Reserved Ports TCP/IP applications use the concept of reserved ports. Only a process with superuser privileges can assign itself a reserved port. ICS COMPUTER NETWORK LAB 30 These port numbers are in the range of 1 to 1023, and are used by some applications (notably Rlogin) as part of the authentication between the client and server. Standardization Process Who controls the TCP/IP protocol suite, approves new standards, and the like? There are four groups responsible for Internet technology. 1. The Internet Society (ISOC) is a professional society to facilitate, support, and promote the evolution and growth of the Internet as a global research communications infrastructure. 2. The Internet Architecture Board (IAB) is the technical oversight and coordination body. It is composed of about 15 international volunteers from various disciplines and serves as the final editorial and technical review board for the quality of Internet standards. The IAB falls under the ISOC. 3. The Internet Engineering Task Force (IETF) is the near-term, standards-oriented group, divided into nine areas (applications, routing and addressing, security, etc.). The IETF develops the specifications that become Internet standards. An additional Internet Engineering Steering Group (IESG) was formed to help the IETF chair. 4. The Internet Research Task Force (IRTF) pursues long-term research projects. Both the IRTF and the IETF fall under the IAB. RFCs All the official standards in the Internet community are published as a Request for Comment, or RFC. Additionally there are lots of RFCs that are not official standards, but are published for informational purposes. The RFCs range in size from 1 page to almost 200 pages. A number, such as RFC 1122, with higher numbers for newer RFCs, identifies each RFC. All the RFCs are available at no charge through electronic mail or using FTP across the Internet. Sending electronic mail as shown here: To: [email protected] Subject: getting rfcs help: ways_to_get_rfcs returns a detailed listing of various ways to obtain the RFCs. The latest RFC index is always a starting point when looking for something. This index specifies when a certain RFC has been replaced by a newer RFC, and if a newer RFC updates some of the information in that RFC. These are a few important RFCs: 1. The Assigned Numbers RFC specifies all the magic numbers and constants that are used in the Internet protocols. At the time of this writing the latest version of this RFC is 1340. When this RFC is updated (it is normally updated at least yearly) the index listing for 1340 will indicate which RFC has replaced it. 2. The Internet Official Protocol Standards, currently RFC 1600. This RFC specifies the state of standardization of the various Internet protocols. Each protocol has one of the following states of standardization: standard, draft standard, proposed standard, experimental, informational, or historic. Additionally each protocol has a requirement level: required, recommended, elective, limited use, or not recommended. ICS COMPUTER NETWORK LAB 31 Like the Assigned Numbers RFC, this RFC is also reissued regularly. Be sure you're reading the current copy. 3. The Host Requirements RFCs, 1122 and 1123. RFC 1122 handles the link layer, network layer, and transport layer, while RFC 1123 handles the application layer. These two RFCs make numerous corrections and interpretations of the important earlier RFCs, and are often the starting point when looking at any of the finer details of a given protocol. They list the features and implementation details of the protocols as either "must," "should," "may," "should not," or "must not." 4. The Router Requirements RFC. The official version of this is RFC 1009. This is similar to the host requirements RFCs, but specifies the unique requirements of routers. Standard, Simple Services There are a few standard, simple services that almost every implementation provides. Figure 4 describes these services. We can see from this figure that when the same service is provided using both TCP and UDP, both port numbers are normally chosen to be the same. Name TCP port UDP port RFC Description echo 7 7 862 Server returns whatever the client sends. discard 9 9 863 Server discards whatever the client sends. daytime 13 13 867 Server returns the time and date in a human-readable format. chargen 19 19 864 TCP server sends a continual stream of characters, until the connection is terminated by the client. UDP server sends a datagram containing a random number of characters each time the client sends a datagram. Time 37 37 868 Server returns the time as a 32-bit binary number. This number represents the number of seconds since midnight January 1, 1900, UTC. Figure 4. Standard, simple services provided by most implementations. ICS COMPUTER NETWORK LAB 32 Task 1: Install and Examine TCP/IP services To install some of the TCP/IP services in Windows 2003 use StartControl PanelAdd or Remove ProgramsAdd/Remove Windows Components. This displays the dialogs shown in the following Figure. Select Networking Services and click on Details. Many services are found under Networking Services. Make sure that ‘Simple TCP/IP Services’ is selected. If not selected, select it and give OK. If ask for CD, click OK and then provide the location as C:\software\i386. To verify, stop and resume any of these service use StartAdministrative ToolsServices, which displays the Services Window shown below. ICS COMPUTER NETWORK LAB 33 Finally, one can use Telnet client to interact with any of these services. If Telnet is not enabled, you can enable it using: StartAdministrative ToolsServicesTelnet; Right-click and select Properties. Select Stratup typeAutomatic. You might need to click on Start button or else, right-click and then select start. For example, to access chargen (which listens on TCP port 19), type the following at the Start Command Prompt: telnet 127.0.0.1 19 Note: Sometimes, you need to use the IP address of your PC. Write down the command to access the Daytime service. What is the output? Install Internet Information Services and the FTP Service Because FTP depends on Microsoft Internet Information Services (IIS), IIS and the FTP Service must be installed on the computer. To install IIS and the FTP Service, follow these steps. NOTE: In Windows Server 2003, the FTP Service is not installed by default when you install IIS. If you already installed IIS on the computer, you must use the Add or Remove Programs tool in Control Panel to install the FTP Service. 1. Click Start, point to Control Panel, and then click Add or Remove Programs. 2. Click Add/Remove Windows Components. 3. In the Components list, click Application Server, click Internet Information Services (IIS) (but do not select or clear the check box), and then click Details. 4. Click to select the following check boxes (if they are not already selected): Common Files File Transfer Protocol (FTP) Service Internet Information Services Manager World Web Wide Service ICS COMPUTER NETWORK LAB 34 5. Click to select the check boxes next to any other IIS-related service or subcomponent that you want to install, and then click OK. 6. Click Next. 7. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer's CD-ROM drive or provide a path to the location of the files [C:\software\i386], and then click OK. 8. Click Finish. IIS and the FTP service are now installed. You must configure the FTP Service before you can use it. Configure The FTP Service To configure the FTP Service to allow only anonymous connections, follow these steps: 1. 2. 3. 4. 5. 6. Start StartAdministrative ToolsInternet Information Services Manager. Expand Server_name, where Server_name is the name of the server. Expand FTP Sites Right-click Default FTP Site, and then right-click and select Properties. Click the Security Accounts tab. Click to select the Allow Anonymous Connections check box (if it is not already selected), and then click to select the Allow only anonymous connections check box. When you click to select the Allow only anonymous connections check box, you configure the FTP Service to allow only anonymous connections. Users cannot log on by using user names and passwords. 7. Click the Home Directory tab. 8. Click to select the Read and Log visits check boxes (if they are not already selected), and then click to clear the Write check box (if it is not already cleared). 9. Click OK. 10. Quit Internet Information Services Manager. ICS COMPUTER NETWORK LAB 35 The FTP server is now configured to accept incoming FTP requests. Copy or move the files that you want to make available to the FTP publishing folder for access. The default folder is C:\Inetpub\Ftproot. Task 2: Using FTP Before you try to interact with your local FTP server, make sure the FTP publishing service is running and that you have create some FTP site (i.e. published some folder through the FTP server). One-way to do this latter step is to use the StartAdministrative ToolsInternet Information Services Manger as shown in the Window below. Any FTP client program can access the folder made available by FTP server. These include chracter-based client such as the FTP command or GUI-based client such as CuteFTP and IE 6.0. Using IE 6.0, you use the word ftp in place of http to access an FTP server as shown below. The following is a sample interaction with an FTP server using the FTP command. C:\>ftp 127.0.0.1 [Note: Sometimes you need to use the IP address] Connected to 192.168.230.1. ICS COMPUTER NETWORK LAB 36 220 Microsoft FTP service User (192.168.230.1:(none)): anonymous Anonymous access allowed, send identity (e-mail name) as password. Password: [email protected] 230 anonymous user logged in. ftp> cat Invalid command. ftp> dir 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. 02-25-04 02:00PM <DIR> images 226 Transfer complete. ftp: 258 bytes received in 0.06Seconds 4.10Kbytes/sec. ftp> help Commands may be abbreviated. Commands are: ! delete literal prompt send ? debug ls put status append dir mdelete pwd trace ascii disconnect mdir quit type bell get mget quote user binary glob mkdir recv verbose bye hash mls remotehelp cd help mput rename close lcd open rmdir ftp> cd images 250 CWD command successful. ftp> dir … ftp> get index.html index.html 200 PORT command successful. 150 ASCII data connection for index.html (196.1.65.148,1209) (211 bytes). 226 ASCII Transfer complete. ftp: 219 bytes received in 0.01Seconds 14.60Kbytes/sec. ftp> …….. ftp> get RemoteFile LocalFile …….. ftp> put Localfile RemoteFile ftp> quit 221 Goodbye Task 3: Setup a Web Server and publish a Web site To setup IIS, Microsoft-provided web server software for Windows 2003, refer to the instructions in Task1 above. Follow these steps to publish a folder as a Web site. 1. To create a site on the IIS web server, Right Click on the corresponding directory in the Windows Explorer and select ‘Sharing and Security…’. Select Web Sharing form the dialog and the dialog will appear as shown. ICS COMPUTER NETWORK LAB 37 2. In the above dialog select Share this folder. You can use the suggested alias (this is the part that will follow the host name in the URL used to access the site by the browser – see the subsequent figure. Directory browsing will work if you enable directory browsing and there is no default document (i.e. default.htm). 3. To access the above site, launch the Browser and use any of these URLs http://ServerName/mysite or http://ServerIPAddress/mysite The above URLs will work from any station. Also you can use the following URLs to access the local web server http://127.0.0.1/mysite or http://localhost/mysite If you are not able to access the folder, you can put an HTML file named index.htm in that FTP folder and try to access that website. Sometimes, you need to enter the administrator along with its password to access the website. Also sometimes, you might need to use your IP address instead of 127.0.0.1. ICS COMPUTER NETWORK LAB 38 Note: You need to select the directory you enabled for directory listing from StartAdministrative ToolsInternet Information Services ManagerDefault Web Site. Then Right-click the directory and click Properties. Select Directory SecurityAuthentication and Access Control. Click Edit button. Then enable Anonymous Access. To have more control over the IIS configuration use StartAdministrative ToolsInternet Information Services Manager. Task 4: Use Buffer Decoding View to display Application Protocol Data Capturing HTTP traffic In this experiment you will use three different stations. Have Sniffer software run on Station A and try to capture the HTTP traffic data during a web session between stations B (web browser) and station C (web server). This approach works only when you are connected to a hub. If connected to a switch you should make sure that it is not configured to different VLANs. ICS COMPUTER NETWORK LAB 39 A B Sniffer Web Browser C Web server As the above figure shows there are three TCP packet exchanges (three-way hand shake used to open a TCP connection) preceding the TCP packet containing the actual GET request. Note that HTTP data immediately follows the TCP header and is readable in the ASCII interpretation of the hex dump (rightbottom view) Remove all the services you have installed: 1. Start Control Panel Add or Remove Programs Add/Remove Windows Components 2. Deselect those services you have selected before and click Next/Ok until Finish. 3. For Telnet, you can go to StartControl PanelServices and disable it [by right-click]. Buffer Decoding View ICS COMPUTER NETWORK LAB 40 Sniffem software is able to highlight the data that is exchanged between the client and server during a TCP or UDP session using Buffer Decoding View. This is a handy feature that can be used to trace all the message requests and their corresponding replies and is a good way to learn how the application protocol works. ICS COMPUTER NETWORK LAB 41 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 04: Cornerstones of the Web: HTML and HTTP. Objectives: Learn the architecture of the Web and distinguish between the roles of Web browser and Web server Familiarize oneself with the roles played by HTML and HTTP Master the concept of a URL and distinguish between an absolute and relative URL Learn and utilize the primary tags in HTML including anchor, img, table, form, style Learn the format of HTTP requests and replies Use Telnet to execute HTTP commands directly against a Web Server Background Information: Recall the Web is simply one more application (What are the others?) at the Application Layer in the TCP/IP stack. It uses a client/server model. The basic idea is that the Web server will maintain a set of documents (files) for others to access using a Web browser. Probably the most important concept relating to the Web is the use of hyperlinking to navigate from one document to another (possibly on another host). This is formalized using an HTML Anchor tag and a URL. How does the Web address the problem of locating documents on a particular subject? A typical HTTP URL uses the form http://hostname[:port]/path/file The concept of a URL is generalized to identify resources accessible by other protocols such as FTP. For example, ftp://ftp.microsoft.com takes you to Microsoft FTP site. A URL can be absolute or relative. An absolute URL (i.e. a complete URL) is one having all the parts while a relative URL is one that is lacking some of the initial parts such the protocol and the host. Today, the Web has evolved into a powerful publishing medium. At a fundamental level the Web defines two components: HTML (Hypertext Markup Language) and HTTP (Hypertext Transfer Protocol). HTML is the language used to describe the layout and the content of a web page. HTML revolves around the use of tags (markup) that control the placement and looks of various page elements. Thus HTML tags are simply instructions that have to be honored by the web browser. HTTP on the other hand is the (application-level) protocol that specifies the format and meaning (associated action) of messages that are exchanged between the web browser and web server. It is moreor-less a file transfer protocol. HTTP request and replies are encapsulated in TCP because for transferring ICS COMPUTER NETWORK LAB 42 large amounts of data, it is best to use a reliable connect-oriented protocol. By default, HTTP server software listens on TCP port 80. Architecture of the Web As illustrated in Figure 1, the Web communication takes place between two computers running these programs, the Web browser and the Web server. A typical Web browser is Microsoft Internet Explorer or Netscape Navigator (either of which run under Windows 2003) and a typical Web server is Microsoft Internet Information Server (which run under Windows 2003) or Netscape Enterprise Server (Which run under Windows 2003 or Unix). These two computers must be linked by some form of a physical network such as an Ethernet Local Area Network and configured to run TCP/IP protocols. It is also possible to run both the server and browser programs on a single computer without the need for a physical network. HTTP Client HTTP Server HTTP HTTP TCP TCP IP IP Network Hardware Figure 1. Architecture of the Web Processing HTTP Requests Every Web site has a server process (HTTP Deamon) listening on TCP port 80 for incoming connections from clients (browsers). After the connection has been established, the client sends one request and the server sends one reply. Then the connection is released. The HTTP protocol is nothing but defining legal requests and replies. For example, imagine that the user just clicked one some piece of text or an icon that points to the page whose name (URL) is http://www.microsoft.com/default.htm. The steps that occur between the user’s click and the page being displayed are as follows: 1. The browser makes up an absolute URL if the URL is relative (how?). 2. The browser checks if it already has the IP address of the host – in this case, the IP address of www.microsoft.com; otherwise, it asks the DNS for the IP address. 3. Having gotten the IP address, the browser make a TCP connection specifying port 80 and the IP address at hand. 4. The browser send the appropriate HTTP GET request (Is there a difference between HTTP 1.0 and HTTP1.1?). For the above case the browser sends: GET /default.htm HTTP/1.0 <cr><lf><cr><lf> 5. The server sends the file default.htm and closes the TCP connection. 6. The browser displays all the text in default.htm. ICS COMPUTER NETWORK LAB 43 The browser fetches and displays all images referenced in the just received file (by executing steps 1 through 6 again). Structure of HTTP Transactions Like most network protocols, HTTP uses the client-server model: An HTTP client opens a connection and sends a request message to an HTTP server; the server then returns a response message, usually containing the resource that was requested. After delivering the response, the server closes the connection (making HTTP a stateless protocol, i.e. not maintaining any connection information between transactions). The format of the request and response messages is similar, and English-oriented. Both kinds of messages consist of: an initial line, zero or more header lines, a blank line (i.e. a CRLF by itself), and an optional message body (e.g. a file, or query data, or query output). Put another way, the format of an HTTP message is: <initial line, different for request vs. response> Header1: value1 Header2: value2 Header3: value3 <optional message body goes here, like file contents or query data; it can be many lines long, or even binary data.> Initial lines and headers should end in CRLF, though you should gracefully handle lines ending in just LF. (More exactly, CR and LF here mean ASCII values 13 and 10, even though some platforms may use different characters.) Initial Request Line The initial line is different for the request than that for the response. A request line has three parts, separated by spaces: a method name, the local path of the requested resource, and the version of HTTP being used. A typical request line is: GET /path/to/file/index.html HTTP/1.0 GET is the most common HTTP method; it says, "Give me this resource". Other methods include POST and HEAD. Method names are always uppercase. The path is the part of the URL after the host name, also called the request URI (a URI is like a URL, but more general). The HTTP version always takes the form "HTTP/x.x", uppercase. Initial Response Line (Status Line) The initial response line, called the status line, also has three parts separated by spaces: the HTTP version, a response status code that gives the result of the request, and an English reason phrase describing the status code. Typical status lines are: HTTP/1.0 200 OK ICS COMPUTER NETWORK LAB 44 or HTTP/1.0 404 Not Found The HTTP version is in the same format as in the request line, "HTTP/x.x". The status code is meant to be computer-readable; the reason phrase is meant to be human-readable, and may vary. The status code is a three-digit integer, and the first digit identifies the general category of response: 1xx indicates an informational message only 2xx indicates success of some kind 3xx redirects the client to another URL 4xx indicates an error on the client's part 5xx indicates an error on the server's part The most common status codes are: 200 OK The request succeeded, and the resulting resource (e.g. file or script output) is returned in the message body. 404 Not Found The requested resource doesn't exist. 301 Moved Permanently 302 Moved Temporarily 303 See Other (HTTP 1.1 only) The resource has moved to another URL (given by the Location: response header), and should be automatically retrieved by the client. 500 Server Error An unexpected server error. The most common cause is a server-side script that has bad syntax, fails, or otherwise can't run correctly. ICS COMPUTER NETWORK LAB 45 Task 1: Practice HTML tables, Styles and colors An HTML table (<table> ... </table>) is a collection of rows. Each row (<tr> ... </tr>) is a collection of cells – a cell is enclosed in <td> ... </td>. Note that a table cell can contain arbitrary html including img and table tags. Therefore, HTML tables have become a key element for proper layout of a web page. In general, it best to approach the layout of a page by having it as a table covering the entire width and height of the page’s area as: <body> <table width="100%" height="100%"> ... </table> <body> Thus the following specifies a 2-row 3-column table. <table cellspacing="0" width="200" border="1"> <tr><td>cell 11</td><td>cell 12</td></tr> <tr><td>cell 11</td><td>cell 12</td></tr> </table> This should render as: cell 11 cell 12 cell 13 cell 21 cell 22 cell 23 Why cell borders are doubled? When the above table is rendered in the browser you will see that a double border surrounds each cell. This is because when use the border="1" attribute within the table tag then each cell will be surrounded by a one pixel border. There are two solutions to this problem. Solution 1: Use cellspacing="1" to reveal the table's background color. <style> td { background-color:white; } </style> <table cellspacing="1" width="200" style="background-color:gray;" border="0"> <tr><td>cell 11</td><td>cell 12</td></tr> <tr><td>cell 11</td><td>cell 12</td></tr> </table> ICS COMPUTER NETWORK LAB 46 Solution 2 (better): Use border-collapse:collapse style specification to join adjacent borders. <table cellspacing="0" width="200" border="1" style="border-color:gray;border-collapse:collapse;" <tr><td>cell 11</td><td>cell 12</td></tr> <tr><td>cell 11</td><td>cell 12</td></tr> </table> > Color-Speciation A color value can be specified using names such as: white, red, black. Also some colors can be prefixed with light or dark as in: lighblue, darkgreen. Alternatively a color can be specified using a 24-bit RGB value of the form #RRGGBB, where each of these letters is replace by a hex digit (0 to F). Thus #000000 (black), #FFFFFF (white), #FF0000 (Red), #000000 (green), #00FFFF (yellow). Styles The recommended way to apply various format and colors to an HTML element is to use styles. The Web standard (http://www.w3.org/Style/CSS/) for this is known as CSS (cascading style sheets). For this lab it suffices to know that styles can be specified in one of two ways: 1. Using the style attribute within a tag. This is known as inline style. For example, <p style="color:green; font-family:Arial; font-size:16pt;">This text is 16pt green Arial</p> 2. Using a <style> ... </style> section. Such a section is placed within the head section or at the beginning of the body section. For example, the following style specification say that heading h1 should be blue 16pt Time New Roman and that paragraphs (i.e. p tag) be black 12pt Arial <style> h1 { color:blue; font-family:Times New Roman; font-size:16pt; } p { color:black; font-family:Arial; font-size:12pt; } </style> > ICS COMPUTER NETWORK LAB 47 Exercise: Utilize tables, styles and color techniques you have learned so far to produce the following page. Follow the hints given by the instructor. ICS COMPUTER NETWORK LAB 48 Task 2: Examining HTTP Requests and Replies In this task we will be using Telnet client to interact with some HTTP server. It is suggested that we use a graphical Telnet. Once Telnet opens a TCP connection it may not echo what you are typing. Thus it is suggested to you turn Local Echo on from TerminalPreferences menu option as shown below. Increase the Buffer Size to 1000. Also you can log the interaction to a text file TerminalStart Logging. Next, choose Connect menu option and specify an IP address of the host running HTTP server and port 80 as shown below and then click the Connect button. The figure below shows a sample HTTP 1.1 GET request and the server's reply. Note: End headers with two <enter> clicks to indicate that there is no body in the request. ICS COMPUTER NETWORK LAB 49 Exercise: 1. 2. 3. 4. Web share a folder (alias test) and enable directory browsing. Access it using the browser using the URL: http://127.0.0.1/test Use Telnet to connect to the local http server and type: GET / HTTP/1.0<enter><enter>. Compare the html you get from browser-view source with the body part of the HTTP reply. King Fahd University of Petroleum and Minerals ICS COMPUTER NETWORK LAB 50 Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 05: Building IP internetwork Part1: Using Routing Service in Windows 2003 Objectives: Review IP Address Classes Learn the concepts of IP internetwork Configure Windows 2003 as a router Test router configuration ICS COMPUTER NETWORK LAB 51 IP Address Classes Every interface on an IP network must have a unique IP address. Every IP packet traveling through an IP network contains a source IP address and a destination IP address. These addresses are 32-bit numbers. An IP address actually consists of two parts: one part identifies the network and referred to as Network ID (or simply NetID) and another part identifies the host and referred to as HostID. How do we know the length of each part? This information is specified through a subnet mask, which is a 32-bit value with the bits corresponding to the NetID set to 1's and the bits corresponding to the HostID set to 0's. For example, a subnet mask value of 255.0.0.0 specifies that the NetID is 8 bits and the HostID is 24 bits. These 32-bit addresses are normally written as four decimal numbers, one for each byte of the address. This is called dotted-decimal notation. The Internet authority divides its IP addresses into five different classes as shown in Figure 1. The easiest way to differentiate between the different classes of addresses is to look at the first number of a dotted-decimal address. Figure 2 shows the different classes, with the first number in boldface. Figure 1. The five different classes of Internet addresses. Class Range A 0.0.0.0 to 127.255.255.255 B 128.0.0.0 to 191.255.255.255 C 192.0.0.0 to 223.255.255.255 D 224.0.0.0 to 239.255.255.255 E 240.0.0.0 to 247.255.255.255 Figure 2. Ranges for different classes of IP addresses. ICS COMPUTER NETWORK LAB 52 It should be noted that a multihomed host would have multiple IP addresses: one per interface. Since every interface on an internet must have a unique IP address, there must be one central authority for allocating these addresses for networks connected to the worldwide Internet. That authority is the Internet Network Information Center, called the InterNIC. The InterNIC assigns only Network IDs. The assignment of Host IDs is up to the system administrator. Registration services for the Internet (IP addresses and DNS domain names) used to be handled by the NIC, at nic.ddn.mil. On April 1, 1993, the InterNIC was created. Now the NIC handles these requests only for the Defense Data Network (DDN). All other Internet users now use the InterNIC registration services, at rs.internic.net. There are actually three parts to the InterNIC: registration services (rs.internic.net), directory and database services (ds.internic.net), and information services (is.internic.net). There are three types of IP addresses: unicast (destined for a single host), broadcast (destined for all hosts on a given network), and multicast (destined for a set of hosts that belong to a multicast group). Exercise: Fill the table below: Value Range for # of bits for Leftmost Byte Host Part Subnet Mask # of Networks # of Hosts per Network Class A Class B Class C ICS COMPUTER NETWORK LAB 53 IP Network vesus IP Internetwork A single IP network is formed by having a number of machines share the same datalink and physical layer. For example all stations are connected to the same Ethernet Hub. In such network each station uses a unique IP address but the IP addresses of all stations must agree on the net-part (Network ID) of the address. 32 bits 8, 16, or 24 bits if class-compliant Varies with subnet mask Network ID Host ID Router Physical LAN That net-part (NetID) can be: Leftmost byte only (Class A address – subnet mask: 255.0.0.0), or Leftmost two bytes (Class B address – subnet mask: 255.255.0.0), or Leftmost three bytes (Class C address – subnet mask: 255.255.255.0). In general the NetID can use any number of left most bits (i.e. classless address, for example 10 bits NetID corresponds to subnet mask: 255.192.0.0). An internetwork consisting of two networks can be built by having a router with two interfaces, one connected to each network. A router can be either a specially made device such as a CISCO router or an ordinary computer running Linux or Windows 2003 and equipped with the proper network interfaces. Each router interface is assigned an IP address compatible with the network to which it belongs. Then every other machine on that network is configured to use a gateway address as follows: Look from that machine toward the router noting the router's IP address and use it as the gateway address. ICS COMPUTER NETWORK LAB 54 Task 1: Configure the Lab as a set of networks connected by routers Since the lab contains 5 networks. We will utilize the first computer on each network to act as a router between it and the next network in accordance with the figure below. 192.168.231.1 & CLIENTS 192.168.231.8 SM: 255.255.255.0 GW: 192.168.231.10 ROUTER 192.168.230.1 SM: 255.255.255.0 192.168.231.10 SM: 255.255.255.0 Switch A Switch B 192.168.230.2 & 192.168.230.8 SM: 255.255.255.0 GW: 192.168.230.1 CLIENTS To configure Windows 2003 to act as a router, do the following. 1. StartAdministrative ToolsRouting and Remote access 2. Select Local Computer and right-click it. 3. Select Configure and Enable routing and remote access. Routing and remote access wizard appears. 4. Click Next. Configuration Window appears. Select Custom ConfigurationNext. Custom configuration window appears. ICS COMPUTER NETWORK LAB 55 5. Tick LAN RoutingNext. Click Finish. 6. Click Yes to start the service. How to ensure that the router is working properly? To ensure that the router is working properly, all you need is to ping a machine outside of your network. But first to ensure that the router on your network is up, try to ping the IP addresses associated with the router interfaces, then if that is successful, ping a machine on the remote network The following is test steps to run from a computer on Network A: 1. ping 192.168.230.1 2. ping 192.168.231.5 3. ping 192.168.231.2 ICS COMPUTER NETWORK LAB - test router interface on my side - test router interface on remote side - test routing to a computer on the remote network 56 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 06: Domain Name System – Part 1 Objectives: Learn the structure of the Domain Name System and the role played by Name Servers. Understand behind-the-scene processing of DNS queries and distinguish between recursive and iterative queries. Also distinguish between authoritative and non-authoritative (i.e. cached) answers (replies). Configure Windows 2003 to use DNS server. Use nslookup and DIG programs to issues DNS queries and analyze the results. Use Buffer Decoding View in Sniffem software to capture DNS requests and replies. Background Information: To satisfy the first two objectives, please refer to the class lecture notes and slides. ICS COMPUTER NETWORK LAB 57 Task 1: Configure Windows 2003 to use DNS For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every computer modify the network configurations as follows. 1. To make the PCs access the local Intranet, we need to setup the Instructor PC to enable Internet sharing via the 172.16.0.0 Network card. If the instructor PC runs Windows 2000, we need to select the appropriate network card and enable Sharing {TCP/IP Properties menuSharing tab}. With enabled shared access, select the local connection as the network card with 192.168.230.0 network address. Make sure that both the network cards are enabled. If the instructor PC runs Windows 2003, then use routing and remote access wizard. 2. Assign an IP address as follows: Net work A: 192.168.230.1 to 192.168.230.4 & 192.168.230.5 to 192.168.230.8 Net work B: 192.168.230.11 to 192.168.230.14 & 192.168.230.15 to 192.168.230.18 Net work C: 192.168.230.21 to 192.168.230.24 & 192.168.230.25 to 192.168.230.28 Net work D: 192.168.230.31 to 192.168.230.34 & 192.168.230.35 to 192.168.230.38 Net work E: 192.168.230.41 to 192.168.230.44 & 192.168.230.45 to 192.168.230.48 3. Set the subnet mask as 255.255.255.0 & gateway address as 192.168.230.251 4. Use StartControl PanelNetwork Connections. Right Click and click ‘Open’. Click Local Area ConnectionProperties. Select Internet Protocol(TCP/IP) and click Properties. TCP/IP Window appears and set DNS Server to 172.16.0.1. Optionally you can configure some suffixes that will be appended to partial domain names (i.e. ones not ending with "."). It is suggested that you add the following suffixes: ccse.kfupm.edu.sa kfupm.edu.sa 192.168.230.11 & 192.168.230.15 SM: 255.255.255.0 GW: 192.168.230.251 192.168.230.1 & 192.168.230.5 SM: 255.255.255.0 GW: 192.168.230.251 ICS-NWLA1 Switch ICS-NWLB1 Switch Inter LAN Inter LAN 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 Hub 192.168.230.251 SM: 255.255.255.0 INSTRUCTOR PC 172.16.20.2 SM: 255.255.0.0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 CCSE Network ICS COMPUTER NETWORK LAB 58 Task 2: Execute some DNS queries using nslookup The nslookup (abbreviation for name server lookup) program is one of the standard TCP/IP utilities for testing DNS server configuration. Thus nslookup is simply a DNS client. In Windows 2003, it can be executed from the command prompt by typing: nslookup <enter> as shown below. As can be seen from the above figure, nslookup tries to contact the already configured DNS server and then wait for additional commands. Type-in some host name and hit <enter>. Nslookup returns some answer(s). Note: nslookup assumes that the data given is a domain name and defaults to resource record type=A and ICS COMPUTER NETWORK LAB 59 class=IN. Also note that the server identifies itself again at the start of every reply. To use a DNS server other than the already configured you can add its IP address following the domain name as shown blow. How about help? To issue MX query we need to use the Set Option command as in: set querytype=mx Then type in some e-mail domain. ICS COMPUTER NETWORK LAB 60 How about finding the IP addresses for root servers? How many are there? Exercise: Find out the authoritative servers for the sa domain? ICS COMPUTER NETWORK LAB 61 Finally, to get a detailed answer you can turn debugging on using: set debug The above interaction shows that if the given domain name does not end with "." then nslookup tries appending the pre-configured suffixes one at a time. Clearly, a waste of computer time! Type exit to close the nslookup window. ICS COMPUTER NETWORK LAB 62 Task 3: Use Buffer Decoding View to display DNS Protocol Data Capturing DNS traffic In this experiment you will capture the requests and replies that are generated during nslookup session. Sniffem software is able to highlight the data that is exchanged between the client and server during a TCP or UDP session using Buffer Decoding View. This is a handy feature that can be used to trace all the message requests and their corresponding replies and is a good way to learn how the application protocol works. Follow the following steps. 1. Start Sniffem program. 2. From the command prompt executes nslookup and type: www.kfupm.edu.sa. (Include a dot the end) but do not hit <enter> yet. 3. In Sniffem window hit Start/Stop Sniff button. 4. Go back to the command window and hit <enter>. 5. Go back to Sniffem window and hit Start/Stop Sniff button. 6. From Sniffem View Menu, select View/Buffer Decoding. Now the left-most pane changes from Packet Decoding to Buffer Decoding where Sniffem tries to group related packets. You should be able to see DNS data in one of these groups. Notice also that the packets in the Packet-List view have been collapsed into a single entry. Next double-click on the entry on the packet-list view. This should display the figure below. Question: How does Sniffem know that these packets are related? ICS COMPUTER NETWORK LAB 63 Exercise: Go back to the packet-list view and note the protocol/layer encapsulation process. State the values marked with * below. 14 byte Ethernet Frame Header Ethernet Destination Address 6 bytes Ethernet Source Address 6 bytes EtherType Ver HL* 20 byte IP Header UDP Header+Data Protocol* 2 bytes: 0800 indicates that the frame contains IP packet 1 byte: ___** indicates that the packet contains UDP message IP Source Address 4 bytes IP Destination Address 4 bytes Source Port Dest. Port* Length DNS Request Checksum 4 bytes Frame Checksum ICS COMPUTER NETWORK LAB 64 ICS COMPUTER NETWORK LAB 65 Task 4: Execute some DNS queries using DIG Assuming that you now have access to the Internet from your machine. We will use the DIG program at http://www.freesoft.org/CIE/Course/Section2/13.cgi. You should see a screen similar to the one below. Exercise: Use DIG to find the number of Web servers employed by CNN for their web site (www.cnn.com). Is the answer you are getting authoritative? How to obtain an authoritative answer? ICS COMPUTER NETWORK LAB 66 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 07: Domain Name System (DNS) – Part 1I Objectives: Learn the structure of the DNS Database maintained by a Name Server Configure Windows 2003 Server as a DNS server (i.e. a Name Server). Create Forward Lookup and Reverse Lookup Zones Add/Modify various types of Resource Records to a zone Configure a DNS server to foreword to another DNS Server Use nslookup to test the configuration of a DNS server ICS COMPUTER NETWORK LAB 67 Background Information: In the context of DNS, A Name Server is the application that is acting as the server for the DNS protocol. A Name Server performs two primary tasks: a) Maintains among other things the host-name to IP address mappings for the hosts in its zone. The information is stored in a form resembling a database table (hence, the name DNS database) with each record, known as a Resource Record (RR) consisting of five fields: (domain name, class, type, value, ttl). b) Responds to DNS queries. Recall that a query is basically a partial resource record (i.e. having the domain name, class and type). The name server job is to return the corresponding matching resource records. The name server will normally lookup his local database or its cache and if there is no match and the domain in question happens to be external then the name server will forward the query to some other name server and awaits some reply. The received reply is returned to the requester and also added to local cache. Sample DNS Database Consider a stand-alone network (no outside connections), consisting of two physical networks: one has an internet network address 129.112, the other has a network address 194.33.7, interconnected by an IP gateway (i.e. IP router) (VM2). Figure: A Simple Configuration - Two networks connected through an IP gateway. Let us assign the name server function to VM1. Remember that the domain hierarchical tree forms a logical tree, completely independent of the physical configuration. In this simple scenario, there is only one level in the domain tree. Let's give this configuration the domain name test.example. The zone data for the name server is shown next. ICS COMPUTER NETWORK LAB 68 ;note: an SOA record has no TTL field ; $origin test.example. ;note 1 ; @ IN SOA VM1.test.example. ADM.VM1.test.example. (870611 ;serial number for data 1800 ;secondary refreshes every 30 mn 300 ;secondary reties every 5 mn 604800 ;data expire after 1 week 86400) ;minimum TTL for data is 1 week ; @ 99999 IN NS VM1.test.example. ;note 2 ; VM1 99999 IN A 129.112.1.1 99999 IN WKS 129.112.1.1 TCP (SMTP ;note 3 ;note 4 FTP TELNET NAMESRV) ; RT1 99999 IN A 129.112.1.2 IN HINFO IBM RT/PC-AIX RT2 99999 IN A ; note 5 129.112.1.3 IN HINFO IBM RT/PC-AIX PC1 99999 IN A 129.112.1.11 PC2 99999 IN A 194.33.7.2 PC3 99999 IN A 194.33.7.3 ; ;VM2 is an IP gateway and has 2 different IP addresses ; VM2 99999 IN A 99999 IN A 129.112.1.4 194.33.7.1 99999 IN WKS 129.112.1.4 TCP (SMTP FTP) IN HINFO IBM-3090-VM/CMS ; 4.1.112.129.in-addr.arpa. IN PTR VM2 ;note 6 ;;Some mailboxes ; ICS COMPUTER NETWORK LAB 69 central 10 IN MX VM2.test.example. ;note 7 ;;a second definition for the same mailbox, in case VM2 is down ; central 20 IN MX VM1.test.example. waste 10 IN MX VM2.test.example. **** Notes **** 1 The $origin statement sets the @ variable to the zone name (test.example.). Domain names, which do not end with a period, are suffixed with the zone name. Fully qualified domain names (those ending with a period) are unaffected by the zone name. 2 Defines the name server for this zone. 3 Defines the Internet address of the name server for this zone. 4 Specifies well-known services for this host. These are expected to be always available. 5 Gives information about the host. 6 Used for inverse mapping queries (i.e. Find the host name corresponding to a given IP address). 7 Will allow mail to be addressed to [email protected]. Task 1: TCP/IP Configuration This lab will use the TCP/IP configuration from the previous lab but with modified DNS configuration. Namely, all the lab computers are hosts on network 192.168.230.0. Thus, at every computer uses the following network configurations. 1. Enable LAN1 and disable LAN2. 2. Assign an IP address as follows: Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number Net work B: 192.168.230.11 to 192.168.230.14 === Net work C: 192.168.230.21 to 192.168.230.24 === Net work D: 192.168.230.31 to 192.168.230.34 === Net work E: 192.168.230.41 to 192.168.230.44 === 3. Set the gateway address as 192.168.230.251 DNS Configuration We will setup the first computer in every letter group as a DNS server and have the other computers in the group point to it. Thus computer 192.168.230.1 – which will be configured as a DNS server – should use 192.1.168.230.1 (or 127.0.0.1) as the IP address for DNS server. Computer 192.168.230.2 should use 192.1.168.230.1 as the IP address for DNS server. ICS COMPUTER NETWORK LAB 70 Task 2: Configuring a fully qualified host name A properly configured TCP/IP host should have 4 attributes (parameters) set. 1. Its own host name 2. Its own IP address 3. IP address of at least one gateway – not needed if the local network is isolated 4. IP address of a DNS server that the host can access To set the first parameter use StartControl PanelSystem or right-click on My Computer and click Properties. Follow the figures below to set up a computer name. You can change the computer name by clicking on Change button on the System Properties window. In Windows 2003, DNS suffix can be set through StartControl PanelLocal Area Connection. Right-click and click open. On anyone of the available Local Area Connection, select Internet Protocol(TCP/IP) and click Properties. Internet Protocol(TCP/IP) Properties window appears. To setup the suffix for DNS, Click Advanced and select DNS tab. ICS COMPUTER NETWORK LAB 71 Task 3 (Optional): Install and Configure a DNS Server Using the Wizard StartControl PanelAdd/Remove Programs. Click on Add/Remove Windows Components. Select Networking Services and check it. Then click Details button. Check Domain Name System and Simple TCP/IP services. Click OK. Windows Component Wizard appears. Click Next. It will for Windows 2003 CD-ROM. Enter the directory C:\software\i386 [or select via Browse button] under Copy files from. Completing the windows component wizard appears. Click Finish. ICS COMPUTER NETWORK LAB 72 To configure the DNS server, StartAdministrative ToolsDNS. If you are asked whether to start the DNS on your local computer, click Ok. If you are asked whether to add the service, click Yes. If the message appears as ‘Cannot connect to the DNS’. Delete the DNS server you have added. Go to StartAdministrative ToolsServices. Click DNS Server and click Start. In the DNS manager, Click ActionConnect to DNS server. If you still face a problem, check your IP address. To create a forward lookup zone, right-click forward lookup zone and click new zone. Click Next. Select Primary Zone and then click Next. New Zone Wizard appears. Enter the name as nwlab.ics.kfupm.edu.sa ICS COMPUTER NETWORK LAB 73 Click Next. Zone file is shown. Click Next. The window about Dynamic update appears. Select the ‘Do not allow dynamic updates’ radio button. Click Next. ICS COMPUTER NETWORK LAB 74 Completing the new zone wizard appears. Click Finish. To create a reverse lookup zone, right-click reverse lookup zone and click new zone. Click Next. Select Primary Zone and then click Next. Click Next. Click Next. Click Finish. Task 4: Configuring the DNS Server through the Management Console This shows up similar to the screen below. The left pane should show an icon corresponding to the local machine. From the Context Menu you can choose to create Foreword Lookup or Reverse Lookup zone. Then from the Context Menu for the zone allow you to add the appropriate type of resource records. The Foreword Lookup zone can contain ordinary types such as SOA, A, MX, NS, HostInfo, ...etc., while the Reverse Lookup Zone contains only type PTR records. ICS COMPUTER NETWORK LAB 75 The rightmost pane shows the various Resource Records. Double-click to view or modify the corresponding record. The window below is obtained by double-clicking which for the SOA record. ICS COMPUTER NETWORK LAB 76 Adding a Host Address Record Select a foreword lookup zone and from context menu select New Host (A). This brings the following screen. Type the Name and IP address and Click Add Host to add a host. The Create PTR record option will succeed if you have a corresponding Reverse Lookup zone for this Foreword Lookup zone. If so then go the Reverse Lookup one and select Refresh from the Context Menu. ICS COMPUTER NETWORK LAB 77 Where does Windows 2003 keep the DNS data? As shown below, the data for a zone is kept as a text file in Windows\System32\dns. Note: To ensure that the file is up-to-date choose Update Server Data File from the Context Menu for the zone. ICS COMPUTER NETWORK LAB 78 Task 5: Testing the DNS Server configuration For this we use the nslookup utility. As shown below, following the nslookup prompt we till nslookup to use the locally running name server by typing: server 127.0.0.1 <enter>. To test Reverse Lookup use the command set type=ptr then type some IP address. ICS COMPUTER NETWORK LAB 79 Task 6: Configuring the DNS Server to forward to other DNS Servers In the management console [StartAdministrative ToolsDNS], point to the icon associated with the DNS server and right-click and select properties to bring up the Window shown below. Enter the IP address of some DNS Server that this DNS server will foreword to (e.g. the DNS server used by CCSE – 172.16.0.1). Then click the Add button. Exercise: Use nslookup and have it use your DNS server to lookup the IP address of some host in CCSE. Task 7. Removing the service: 1. Put back the original IP address and the subnet masks. 2. StartAdministrative ToolsServices. Stop the DNS Server. 3. StartControl PanelAdd or remove programsAdd/Remove Windows Components. Remove DNS under Networking Services. ICS COMPUTER NETWORK LAB 80 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 08: Building IP internetwork Part1I: Configuring CISCO 2600 Routers Objectives: Configure CICS0 2600 Router Divide the lab network into different networks Examine and comprehend the routing table maintained by a router Modify routing table by adding dynamic routes Use Ping and TraceRoute to test connectivity through a router Use Sniffem software to capture RIP packets using a proper user-defined packet filter Background Information: In Lab 5 we have examined the role of IP routers in an IP internetwork and configured a PC running Windows 2003 to act as a router. In this lab, we well utilize CISCO 2600 routers in our internetwork. ICS COMPUTER NETWORK LAB 81 Task 1: A Quick Guide to CISCO 2600 Routers Connecting to Router There are two ways to connect to the Cisco router for the purposes of configuration and maintenance. First, initially you will probably configure your router from a terminal. Second, if the router is already configured and at least one port is configured with an IP address, and it has a physical connection to the network, you might be able to telnet to the router and configure it across the network. If it is not already configured, then you will have to use the first method and directly connect to it with a terminal and a serial cable [Roll-over cable]. Using a PC running Microsoft Windows, you can use HyperTerminal program found in AccessoriesCommunications to access the router's console. Plug a serial cable into a serial (COM) port on the PC and the other end into the console port on the Cisco router. Start HyperTerminal, tell it which COM port to use and click OK. Set the speed of the connection to 9600 baud and click OK. You may need to hit the Enter key to see the prompt from the router. Modes - Unprivileged and privileged modes When you first connect to the router and provide the password (if necessary), you enter EXEC mode, the first mode in which you can issue commands from the command-line. From here you can use such unprivileged commands as ping, telnet, and rlogin. You can also use some of the show commands to obtain information about the system. In unprivileged mode you use commands like, show version to display the version of the IOS the router is running. Typing show ? will display all the show commands available in the mode you are presently in. Router>show ? You must enter privileged mode to configure the router. You do this by using the command enable. Privileged mode will usually be password protected unless the router is unconfigured. You have the option of not password protecting privileged mode, but it is HIGHLY recommended that you do. When you issue the command enable and provide the password, you will enter privileged mode. To help the user keep track of what mode they are in, the command-line prompt changes each time you enter a different mode. When you switch from unprivileged mode to privileged mode, the prompt changes from: Router> to Router# Within privileged mode there are many sub-modes. Cisco describes two modes, unprivileged and privileged, and then a hierarchy of commands used in privileged mode. There to be many sub-modes of privileged mode, which called parent mode. Once you enter privileged mode (parent mode) the prompt ends with a pound sign (#). There are numerous modes you can enter only after entering privileged mode. Each of these modes has a prompt of the form: Router(arguments)# ICS COMPUTER NETWORK LAB 82 Configuring The command show ? will display all the show commands available in the current mode. Definitely try out the following commands: Router#show Router#show Router#show Router#show interfaces ip protocols ip route ip arp When you enter privileged mode by using the command enable, you are in the top-level mode of privileged mode, also known in this document as “parent mode”. It is in this top-level or parent mode that you can display most of the information about the router. As you now know, you do this with the show commands. Here you can learn the configuration of interfaces and whether they are up or down. You can display what IP protocols are in use, such as dynamic routing protocols. You can view the route and ARP tables, and these are just a few of the more important options. As you configure the router, you will enter various sub-modes to set options and then return to the parent mode to display the results of your commands. You also return to the parent mode to enter other submodes. To return to the parent mode, you hit ctrl-z. This puts any commands you have just issued into affect, and returns you to parent mode. Global configuration (config) To configure any feature of the router, you must enter configuration mode. This is the first sub-mode of the parent mode. In the parent mode, you issue the command config. Router#config Router(config)# In configuration mode you can set options that apply system-wide, also referred to as “global configurations”. For instance, it is a good idea to name your router so that you can easily identify it. You do this in configuration mode with the hostname command. Router(config)#hostname r1 r1(config)# As demonstrated above, when you set the name of the host with the hostname command, the prompt immediately changes by replacing Router with r1. Configuring interfaces To display the configuration of that interface you use the command: r1#show interface fastethernet 0/0 r1#show interface serial 1/0 Here is an example of configuring a serial port with an IP address: r1#config r1(config)#interface serial 1/0 ICS COMPUTER NETWORK LAB 83 r1(config-if)#ip address 172.1.1.1 255.255.0.0 r1(config-if)#no shutdown r1(config-if)#ctrl-Z r1# Then to verify configuration: r1#show interface serial 1/0 Note the no shutdown command. An interface may be correctly configured and physically connected, yet be “administratively down”. In this state it will not function. In the Cisco IOS, the way to reverse or delete the results of any command is to simply put no in front of it. For instance, if we wanted to unassign the IP address we had assigned to interface serial 1/1: r1(config)#interface serial 1/0 r1(config-if)#no ip address 172.1.1.1 255.255.0.0 r1(config-if)ctrl-Z r1#show interface serial 1/0 Routing IP routing is automatically enabled on Cisco routers. If it has been previously disabled on your router, you turn it back on in config mode with the command ip routing. r1(config)#ip routing r1(config)#ctrl-Z There are two main ways a router knows where to send packets. The administrator can assign static routes, or the router can learn routes by employing a dynamic routing protocol. These days static routes are generally used in very simple networks or in particular cases that necessitate their use. To create a static route, the administrator tells the router operating system that any network traffic destined for a specified network layer address should be forwarded to a similarly specified network layer address. In the Cisco IOS this is done with the ip route command. r1#config r1(config)#ip route 172.16.0.0 255.255.255.0 192.168.2.1 r1(config)#ctrl-Z r1#show ip route Two things are to be said about this example. First, the packet destination address must include the subnet mask for that destination network. Second, the address it is to be forwarded is the specified address of the next router along the path to the destination. This is the most common way of setting up a static route. Dynamic routing protocols, running on connected routers, enable those routers to share routing information. This enables routers to learn the routes available to them. The advantage of this method is that routers are able to adjust to changes in network topologies. If a route is physically removed, or a neighbor router goes down, the routing protocol searches for a new route. Routing protocols can even dynamically choose between possible routes based on variables such as network congestion or network reliability. ICS COMPUTER NETWORK LAB 84 Configure the Routing Information Protocol (RIP) on Cisco routers. From the command-line, we must explicitly tell the router which protocol to use, and what networks the protocol will route for. r1#config r1(config)#router rip r1(config-router)#network 192.168.230.0 r1(config-router)#network 192.168.231.0 r1(config-router)#ctrl-Z r1#show ip protocols Now when you issue the show ip protocols command, you should see an entry describing RIP configuration. Saving your configuration If you turned the router off right now, and turned it on again, you would have to start configuration over again. Your running configuration is not saved to any permanent storage media. You can see this configuration with the command show running r1#show running If you do want to save your successful running configuration, issue the command copy running startup r1#copy running startup Your configuration is now saved to non-volatile RAM (NVRAM). Then, issue the command show startup r1#show startup Now any time you need to return your router to that configuration, issue the command copy startup running r1#copy startup running Viewing Configuration sh ip route gives you the current routing table. If you get ‘ICMP redirect cache is empty’, then that means the ip routing is not enabled. sh run check whether ‘no ip routing’ exists. If yes, then we need to enable ip routing. Issue the command ‘ip routing’ at the (config)# sh run gives you the running configuration. sh ver used to get details about the router. What version of the IOS is running? What is the name of the Cisco IOS image file loaded? What kind of router (platform type) is this? What is the revision level of the image? How much NVRAM (startup config) memory is there? How much RAM is there? ICS COMPUTER NETWORK LAB 85 Task 2: Configure Router in your Segment Setup the lab network according to the figure given below. 192.168.235.240 255.255.255.0 192.168.230.240 255.255.255.0 192.168.230.230 255.255.255.0 192.168.230.1 255.255.255.0 192.168.230.2 255.255.255.0 192.168.235.241 255.255.255.0 192.168.231.240 255.255.255.0 192.168.232.240 255.255.255.0 192.168.231.230 255.255.255.0 192.168.231.2 255.255.255.0 192.168.231.1 255.255.255.0 192.168.232.230 255.255.255.0 192.168.232.1 255.255.255.0 192.168.232.2 255.255.255.0 192.168.233.240 255.255.255.0 192.168.233.230 255.255.255.0 192.168.233.2 192.168.233.1 255.255.255.0 255.255.255.0 Step 1: You should configure the TCP/IP setting in each host appropriately with respective subnet mask and gateway addresses. The gateway address is the interface address of the router that is connected to the specific network. For example, the first host on LAN Segment B should use the following setting: IP Address: 192.168.231.1 Subnet Mask: 255.255.255.0 Gateway: 192.168.231.240 Step 2: You need to configure the router for few things: 1. To connect to the router, you need to assign an IP address for each interface of the router. When we get a new router, we use console cable to assign an IP address and then connect via telnet. 2. We need to assign an IP address for both the fast Ethernet interface cards. We should be at the privileged mode. An example is given below: #config t (config)# interface FastEthernet 0/0 configure Ethernet interface 0/0 (config-if)#ip address 192.168.230.240 255.255.255.0 (config-if)#no shut (or no shutdown) ensure that interface is not administratively down (config-if)#ctrl-z (or exit) execute all of the above and return to parent 3. Now the connection between networks connected via a single router should work. We can ping among 192.168.230.0 & 192.168.231.0 network and between 192.168.232.0 & 192.168.233.0 networks. 4. All the hosts can connect to the router using telnet. You can telnet to the respective gateway address. The routing table at this time can be viewed using show ip route ICS COMPUTER NETWORK LAB 86 5. Now we need to assign an IP address for the Serial interface. We should be at the privileged mode. #config t (config)# interface Serial 1/0 configure Serial interface 1/0 (config-if)#ip address 192.168.230.240 255.255.255.0 (config-if)#no shutdown (or no shut) (config-if)#bandwidth 64 (config-if)#clock rate 64000 will work only with DCE connections (config-if)#ctrl-z (or exit) execute all of the above and return to parent 6. From the hosts, the users should be able to ping to IP address of the serial interface present in the router connected to their network. 7. All the necessary IP address setups are done. We need to enable routing protocols to have the necessary routing among the networks connected to different routers. To setup the RIP protocol, we do as below: # config t (config)# router rip (config-router)# network 192.168.230.0 Note: We need to add the network entries for the serial connection that connects different routers. We need to add entry for all the directly connected networks [both fastethernet and serial]. 8. All the necessary connections are done and all the hosts should be able to ping other hosts present in different networks. Show ip route command will show that routes are learnt using RIP protocol. 9. We can refer to various configuration settings on the router using: #show ip protocols #show ip route shows routing table #show running-conf or show run #show interfaces 10. We can view the actual RIP packets using the command: #debug ip rip displays RIP routing updates as they are sent or received If we are not able to see the RIP information at our telnet prompt, issue the command, #terminal monitor To stop viewing the RIP routing information, #undebug all stop display debug information Exercise: Using the appropriate command to dump the IP routing table in your segment and write it below. ICS COMPUTER NETWORK LAB 87 Using Static Routes Static routes can serve as an alternative to using RIP. For example, we could disable RIP on router A and add static routes for networks B, C, D and E as follows: (config)#no router rip disable RIP (config)#ip route 192.168.230.0 (config)#ip route 192.168.231.0 (config)#ip route 192.168.232.0 (config)#ip route 192.168.233.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 192.168.235.240 192.168.235.240 192.168.235.241 192.168.235.241 Adding a static default route To have Router A use the Instructor's router as the default route (used when there is no match with ordinary entries in the routing table), use the following command (a default route is entered with IP address 0.0.0.0 and a subnet mask 0.0.0.0), (config)#ip route 0.0.0.0 0.0.0.0 192.168.230.251 Question: Is the presence of the Instructor's router necessary to route traffic between the segments A and C? Justify your answer. Exercise: Testing Router Connectivity A good test to ensure that the router in your segment is working properly is to ping a host outside of your network. Another useful test is to use TraceRoute (sometimes abbreviated as TraceRT) command to print the IP addresses of routers along the path to a target host. From your host, traceroute to the first host on a segment that is next to your segment. For example, if you happen to be on Segment C then issue the command: tracert 196.1.168.230.97. Write down the results below. ICS COMPUTER NETWORK LAB 88 Task 3: Capturing RIP traffic RIP data is encapsulated in UDP messages which source port and destination port are both set to 520. Aren't we violating the principle behind layering (i.e. Information hiding) when having data related to the network layer (i.e. routing info.) encapsulated in a transport layer protocol (i.e. UDP)? Rather than trying to find RIP packets among a huge number of captured packets, we will use one important feature in Sniffem, which is Packet/Frame Filters. Basically we will tell Sniffem to capture only frames containing UDP packets whose UDP source and destination ports are set to 520. Follow these steps. 1. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select Enable Filter checkbox and then click on the Add button. 2. In the above screen – on the High Level Protocols tab select inclusive matches option and IP (Code:0x0800) from the list. Then click the Low Level Protocols tab. 3. In the above screen select inclusive matches option and UDP protocol (number 17). Then click Next button. ICS COMPUTER NETWORK LAB 89 4. Click Next on IP Filter Screen above. 5. On the Port Filter screen enter 520 for Src Port and Dest Port and click the Add button. Then click Next button 6. Click Next on MAC Filter screen above. ICS COMPUTER NETWORK LAB 90 7. Click Next on Hex (ASCII) Filter screen above. 8. Click Next on Advanced Filter screen above. ICS COMPUTER NETWORK LAB 91 9. In the Finish Filter screen, type a meaningful name for this filter and note the summary information about the filter you have just created. Now that you have created the filter, to enable it: use FilterSoftware FiltersEdit FilterEnable. You should see near the middle of in the status bar "Filter On" – see the screen below. In the capture shown below note that RIP is sent as IP broadcast. Exercise: Fill in the values marked with * below. ICS COMPUTER NETWORK LAB 92 14 byte Ethernet Frame Header Ethernet Destination Address Ethernet Source Address 6 bytes 2 bytes: 0800 indicates that the frame contains IP packet EtherType Ver * HL* 20 byte IP Header UDP Header+Data 6 bytes Protocol* 1 byte: ___* indicates that the packet contains UDP message IP Source Address 4 bytes IP Destination Address* 4 bytes Source Port* Dest. Port* Length RIP data Checksum 4 bytes Frame Checksum Student Worksheet Student ID/Name: Host Configuration: Machine Label: IP Address: Subnet mask: Gateway Address: Exercise 1: Routing Table in your Segment's Router Exercise 2: TraceRoute to first host on segment next to your segment (write down command and reply). ICS COMPUTER NETWORK LAB 93 King Fahd University of Petroleum and Minerals Information and Computer Science Dept. ICS 432 Computer Network Systems Lab # 09: Capturing and analyzing ARP traffic Objectives: Comprehend the role played by ARP protocol Analyze the ARP request that is issued in two cases: target host is on the local network vs. a remote network View and modify ARP cache Use Sniffem software to capture ARP packets using a proper user-defined packet filter ICS COMPUTER NETWORK LAB 94 Task 1: Capturing ARP traffic On an Ethernet LAN, an ARP message (i.e. a request or a reply) is directly encapsulated in an Ethernet frame with EtherType value set to (0x0806). Thus the simplest way to capture ARP traffic is to use a filter on the EtherType field. Follow these steps. 1. Start Sniff’em software. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select Enable Filter checkbox and then click on the Add button. 2. In the above screen – on the High Level Protocols tab select inclusive matches option and ARP (Code:0x0806) from the list. Then click next on all subsequent screens till you reach the Finish Filter screen shown below. In the Finish Filter screen, type a meaningful name for this filter and note the summary information about the filter you have just created. Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable. 3. You should start the capturing in Sniff’em software by clicking on CaptureStart. To generate traffic, you can use the ping command. Ping to any PC within your network and analyze the captured ICS COMPUTER NETWORK LAB 95 packets. You can view the ARP cache from Command Prompt {DOS prompt} by using the command arp –a. You should see near the middle of in the status bar "Filter On" – see the screen below. Exercise: Fill in the values marked with * below for an Ethernet frame containing an ARP Request. 14 byte Ethernet Frame Header Ethernet Destination Address * 6 bytes Ethernet Source Address 6 bytes 2 bytes: 0806 indicates that the frame EtherType* contains ARP message ARP Message* (Specify the format) Frame Checksum ICS COMPUTER NETWORK LAB 4 bytes 96 Task 2: Capturing frames coming to and outgoing from a specific network card In this task we would like to ascertain when and how ARP is used. You will issue a ping from your computer and track the outgoing and incoming frames. You will consider two cases: Case 1: The machine being pinged is on your network Case 2: The machine being pinged is outside of your network In either case, to capture frames coming to and going from your Ethernet network interface card, find out your computer's Ethernet address using ipconfig /all then use it as the MAC source or destination address in the MAC Filter screen as shown below. Then for Case 1, set Sniffem to capture with above filter enabled and ping your neighbor's machine. If all is ok then you should see a screen similar to the one shown below, which in effect indicates that before the IP packet containing the ICMP Echo request is sent, the MAC address of the station being pinged must be obtained using ARP. ICS COMPUTER NETWORK LAB 97 Viewing the ARP cache At the command prompt type the command: arp –a. Do you see an entry for the machine you just pinged? How long does this entry remain in the cache? Exercise: Do Case 2 and interpret the results. Do you ever see an entry in the ARP cache for a machine outside of your network? Why? ICS COMPUTER NETWORK LAB 98 King Fahd University of Petroleum and Minerals Information and Computer Science Department ICS 432 Computer Network Systems Lab # 10: Capturing and analyzing ICMP traffic Objectives: Comprehend the role played by ICMP protocol Examine the ICMP message structure and encapsulation Examine some ICMP messages and the conditions under which they are generated Expose the role played by ICMP in Ping and TraceRoute utilities Generate and capture ICMP Destination Unreachable messages Generate and capture a fragmented IP packet Show ICMP statistics using netstat command. ICS COMPUTER NETWORK LAB 99 Task 1: Configure your computer For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every computer modify the network configurations as follows. 1. Enable LAN1 and disable LAN2. 2. Assign an IP address as follows: Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number Net work B: 192.168.230.11 to 192.168.230.14 === Net work C: 192.168.230.21 to 192.168.230.24 === Net work D: 192.168.230.31 to 192.168.230.34 === Net work E: 192.168.230.41 to 192.168.230.44 === 3. Set the gateway address as 192.168.230.251 4. Set the DNS Server as 172.16.0.1 ICS COMPUTER NETWORK LAB 100 Task 2: Capturing ICMP traffic An ICMP message (i.e. a request or a reply) is directly encapsulated in an IP packet with protocol field in the IP header set to 1. On an Ethernet LAN, the IP packet itself is encapsulated in an Ethernet frame with EtherType value set to (0x0800). Thus the simplest way to capture ICMP traffic is to use a filter on the Protocol field in the IP header. Follow these steps. However to further limit the number of packets that are captured you should restrict the MAC source or destination address to match that of your station. Follow these steps. 1. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select Enable Filter checkbox and then click on the Add button. 2. In the above screen – on the Low Level Protocols tab select inclusive matches option and ICMP (Number: 1) from the list. Then click next on all subsequent screens till you reach the MAC Filter screen. 3. In the above screen, add your machine's Ethernet address. Then click next till reaching the Finish Filter screen shown below. Give this filter a name, say MyICMP and click Finish button. ICS COMPUTER NETWORK LAB 101 Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable. You should see near the middle of in the status bar "Filter On" – see the screen below. 4. Have Sniffem set to Capture Mode and ping your neighbor's IP address. Exercise: Based on the above capture state how Ping works. Also fill in the values marked with * below for an Ethernet frame containing an ICMP Echo Request. State the role of the ICMP fields: type, code, checksum, identification, seqno, data. ICS COMPUTER NETWORK LAB 102 14 byte Ethernet Frame Header Ethernet Destination Address 6 bytes Ethernet Source Address 6 bytes EtherType 2 bytes: 0800 indicates that the frame contains IP packet Ver * HL* 20 byte IP Header Protocol * IP Source Address 4 bytes IP Destination Address 4 bytes type ICMP Header+Data 1 byte: ___** indicates that the packet contains ICMP message code Identification checksum SeqNo 4 bytes 4 bytes Data (variable length) Frame Checksum ICS COMPUTER NETWORK LAB 103 Task 3: Capture ICMP packets generated and received during TraceRoute TraceRoute (sometimes abbreviated as TraceRT) is one of the basic IP diagnostic tools. It is used to discover the routers that an IP packet would traverse to reach a given target host (i.e. IP address). TraceRoute first sends one or more ICMP Echo Request packets with TTL=1. Any packet with TTL=1 will be discarded by the first router along the path to destination but the router will send an ICMP Time Exceeded message (type/code= ____ / _____) to the source host. TraceRoute receives this ICMP message and notes the IP source address as the address of the first router. Then TraceRoute sends one or more ICMP Echo Request packets with TTL value=2. Any such packet crosses the first router where its TTL value is decremented by 1. At the second router, the packet is dropped and an ICMP Time Exceeded message is sent back to the source host. The IP source address of this message is that of the second router. The process continues until TraceRoute actually gets an ICMP Echo Reply from the target host or the TTL value exceeds some preset maximum. To verify all of this, follow theses steps. 1. From your computer, traceroute to KFUPM (or CCSE) Web Server by issuing the command: tracert www.kfupm.edu.sa. You should get results similar to the one shown below. 2. Use Sniffem with the filter set as in the previous task and capture the resulting traffic. ICS COMPUTER NETWORK LAB 104 Exercise: Traceroute to some host on the Internet, say www.ibm.com. Explain the result. ICS COMPUTER NETWORK LAB 105 Task 4: Capturing ICMP Destination Unreachable message This ICMP message uses a Type field value of 3 and is generated under various conditions (cases) indicated by the value used for the Code field. Here we will consider two cases only. Case 1: Host Unreachable Recall that when an IP packet finally reaches a router attached to the destination network, the router would then encapsulate the received packet in a frame addressed to the destination host. Thus the router will issue an ARP Request for the MAC address corresponding to the destination IP address, and if no ARP Reply is received, the router will discard the packet and send an ICMP Destination Unreachable/Host Unreachable message back to the source host. To capture such message, use filter as set previously and run the command: ping <ipaddress of a dead host on a remote network> Case 2: Port Unreachable The destination host generates this message when there is no process listening on the specified TCP (or UDP) destination port. To capture such message, use filter as set previously and run the command: Telnet <ipaddress of your neighbor> 1000 - assume no process listens on port 1000. ICS COMPUTER NETWORK LAB 106 Task 5: Generate IP fragmented packet To see the IP fragmentation process in action, one can use the Ping command with the option for the size of Ping data set large enough to causes the IP packet size to exceed the underlying data link layer Maximum Transmission Unit (MTU) - For Ethernet, MTU is 1500 bytes. Subtracting 20 bytes for IP header and 8 bytes for ICMP header maximum ICMP data of 1472 byes. Thus setting a Ping length option of 1473 will lead to a fragmented packet. Exercise: Setup a filter to capture IP/ICMP and run the command: ping –n 1 –l 1473 <ipaddress>. If all goes well, you should get a screen like the one shown below. Note that the size of the first IP packet is set to 1500 (i.e. subtracting the length of IP header (20) fragment size is 1480). Can you guess the value of the fragment offset for in the IP packet containing the second fragment? ICS COMPUTER NETWORK LAB 107 Viewing ICMP statistics As shown in the snapshot below, one can use the netstat command. At the command prompt type the command: netstat –s. Note: It is good to know that the command netsat –e gives statistics about the local Ethernet's interface. A value of zero for received erroneous frames would indicate a network free of bad (or lose) wiring and malfunctioning network interface cards. ICS COMPUTER NETWORK LAB 108 King Fahd University of Petroleum and Minerals Information and Computer Science Department ICS 432 Computer Network Systems Lab # 11: Capturing and analyzing TCP traffic Objectives: Comprehend the role played by TCP protocol Examine the TCP Segment structure and encapsulation Examine the three phases of a TCP connection: 1. Open Connection phase using Three-Way handshake 2. Data Exchange phase 3. Close Connection phase Capture and analyze the TCP traffic generated during a Web session ICS COMPUTER NETWORK LAB 109 Task 1: Configure your computer For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every computer modify the network configurations as follows. 1. Enable LAN1 and disable LAN2. 2. Assign an IP address as follows: Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number Net work B: 192.168.230.11 to 192.168.230.14 === Net work C: 192.168.230.21 to 192.168.230.24 === Net work D: 192.168.230.31 to 192.168.230.34 === Net work E: 192.168.230.41 to 192.168.230.44 === 3. Set the gateway address as 192.168.230.251 4. Set the DNS Server as 172.16.0.1. ICS COMPUTER NETWORK LAB 110 Task 2: What goes on during a Web surfing session? HTTP is an example of an Application Layer protocol that is encapsulated in TCP. Thus one way to capture TCP Segments is use the browser to fetch some URL and at the same time capture the frames that go out or come to the network interface associated with the local station. Therefore, we will use a filter that restricts the MAC source or destination address to match that of local station. Follow these steps. 1. From the Menu select FilterSoftware FilterEdit Filter to bring up the screen below. Select Enable Filter checkbox and then click on the Add button. Then keep clicking Next button till you reach the MAC Filter screen. 2. In the above screen, add your machine's Ethernet address. Then click Next till reaching the Finish Filter screen shown below. Give this filter a name, say FromToMe and click Finish button. Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable. You should see near the middle of in the status bar "Filter On" – see the screen below. ICS COMPUTER NETWORK LAB 111 3. Have Sniffem set to Capture Mode and browse to some site such as http://www.kfupm.edu.sa. If all goes well then you should get a capture similar to the one shown below. Based on the above capture write down the steps (tasks) that the browser goes through. Step (Task) Application/Transport Protocols used 1. Use DNS to find the DNS/UDP IP address of the host part in the URL 2. Open a TCP TCP Syn-SynAck-Ack connection 3. Send an HTTP GET HTTP/TCP Request 4. Get Reply HTTP/TCP 5. Repeat Steps 3, 4 a HTTP/TCP number of times 6. Close the TCP TCP Fin and Ack Connection # of application-data ARP Request for packets exchanged 2 Who owns IP address of default gateway. Why not DNS server? Note that before a TCP connection is opened (Frame#5 above) the IP address of the host in URL is needed. Thus a DNS query needs to be issued**. The DNS query will be encapsulated in a frame destined ICS COMPUTER NETWORK LAB 112 to the IP address of DNS server but what would be the MAC address? Will we send an ARP request asking for MAC address of DNS server? **If you don't see DNS Query and Reply this in your capture, can you explain why? ICS COMPUTER NETWORK LAB 113 Task 3: Structure and Encapsulation of a TCP segment By considering one of the frames that contains a TCP segment verifies that the encapsulation and the structure of a TCP segment is in accordance with the diagram shown below. 14 byte Ethernet Frame Header Ethernet Destination Address Ethernet Source Address 6 bytes 2 bytes: 0800 indicates that the frame contains IP packet EtherType Ver * HL* 20 byte IP Header 1 byte: 6* indicates that the packet contains TCP message Protocol * IP Source Address IP Destination Address source port dest. port 4 bytes 4 bytes 4 bytes 4 bytes SeqNo AckNo TCP Header 6 bytes 4 bytes offset-re-uaprsf win size checksum urg ptr options + padding TCP data Frame Checksum ICS COMPUTER NETWORK LAB 4 bytes 114 Task 4: Analyzing the Phases of a TCP connection A TCP connection goes through three phases in sequence: 1. Open Connection phase using Three-Way handshake 2. Data Exchange phase 3. Close Connection phase The Connection Opening Phase uses the three-way handshake. Client Server Syn, SeqNo=200 Syn, Ack, SeqNo=500 AckNo=201 Ack, SeqNo=201 AckNo=501 The Data Exchange Phase uses the sliding window technique including the provision for SeqNo and AckNo to allow the proper ordering of the data. The flow control is manage used the Window Size field. Note that for an outgoing segment we set the AckNo using the formula, AckNo = (SeqNo + Data Size) of the last correctly received segment Note: For the Initial Syn Segments we assume a data size of 1 byte. Exercise: Verify the above formula by tracking a received segment (say, the one containing the first GET request) and the segment that is sent following it. SeqNo (Hex) AckNo (Hex) Data Size (in bytes) Received Segment Sent Segment The Close Connection Phase uses a pair of Fin-Ack segments (i.e. two Fins and two Acks). When one side has no more data then he should send a Fin segment and when acknowledged he must not send any more data but can continue sending Ack segments for the data it receives. After a while the other side ICS COMPUTER NETWORK LAB 115 ICS COMPUTER NETWORK LAB 116 King Fahd University of Petroleum and Minerals Information and Computer Science Department ICS 432 Computer Network Systems Lab # 12: Configuring DHCP Servers and Clients Objectives: Comprehend the role played by DHCP protocol Configure Windows 2003 as a DHCP Client Configure Windows 2003 Server as a DHCP Server Capture and analyze DHCP traffic generated ICS COMPUTER NETWORK LAB 117 Background Information To communicate successfully with each other, all TCP/IP hosts must be properly configured. These hosts require a valid IP address that is unique on the host's internetwork, a subnet mask, and a default gateway. If the host is to communicate only on the local subnet, the default gateway can be omitted. For larger networks, additional configuration items are required, such as Domain Name System (DNS) server IP addresses, Windows Internet Name Service (WINS) server IP addresses, and NetBIOS node types. In small networks, carrying out this configuration requires a degree of TCP/IP skill that might not be readily available. On large networks, ensuring that all hosts are properly configured can be a considerable management and administrative task, especially in a dynamic network with roaming users and laptops. Manual configuration or reconfiguration of a large number of computers can be time consuming, and errors in configuring an IP host can result in the host being unable to communicate with the rest of the network. DHCP is a client/server protocol that simplifies the management of client IP configuration and the assignment of IP configuration data. With DHCP, administrators define all necessary configuration parameters on a central server or a set of servers, which are then able to provide hosts with all necessary IP configuration information. DHCP provides four key benefits to those planning, designing, and maintaining an IP network: Centralized administration of IP configuration: The DHCP administrator can centrally manage all IP configuration information. This eliminates the need to manually configure individual hosts when TCP/IP is first deployed, or when IP infrastructure changes are required. Seamless IP host configuration: The use of DHCP ensures that DHCP clients get accurate and timely IP configuration parameters without user intervention. Because the configuration is automatic, troubleshooting is largely eliminated. Flexibility: Using DHCP gives the administrator increased flexibility over changes in IP configuration information, allowing the administrator to change IP configuration more simply as infrastructure changes are needed. What Is DHCP? DHCP is a client/server protocol that automatically provides an IP host with its IP address and other related configuration information such as the subnet mask and default gateway. RFCs 2131 and 2132 define DHCP as an Internet Engineering Task Force (IETF) standard based on the Boot Protocol (BOOTP), with which it shares many implementation details. DHCP allows hosts to obtain all necessary TCP/IP configuration information from a DHCP server. DHCP Overview and Key Terms Before examining DHCP in detail, you should be familiar with the following key DHCP-related terms: DHCP Clients and Servers A computer that gets its configuration information from DHCP is known as a DHCP client. DHCP clients communicate with a DHCP server to obtain IP addresses and related TCP/IP configuration information. ICS COMPUTER NETWORK LAB 118 DHCP servers hold information about available IP addresses and related configuration information as defined by the DHCP administrator. DHCP Scopes and Options A set of IP addresses and associated configuration information that can be supplied to a DHCP client is known as a scope. A scope is a set of IP addresses that the server can issue to DHCP clients, along with one or more options. An option is a specific configuration item such as a subnet mask and a default gateway IP address, which the DHCP administrator wants the DHCP server to provide to the DHCP client. A DHCP administrator can create one or more scopes on one or more Windows Server 2003 servers running the DHCP Server service. However, because DHCP servers do not communicate scope information with each other, the administrator must be careful to ensure that the scopes are defined carefully so that multiple DHCP servers are not handing out the same IP address to different clients, or handing out addresses that are taken by existing, manually configured IP hosts. The IP addresses defined in a DHCP scope are continuous and are associated with a subnet mask. To allow for the possibility that some IP addresses in the scope might have been already assigned and in use, the DHCP administrator can specify an exclusion—one or more IP addresses in the scope that are not handed out to DHCP clients. NOTE: In networks with multiple subnets and multiple networks, it is useful to have standards for separating the dynamic IP addresses given out by DHCP from the addresses used by manually configured hosts. In the DHCP protocol packet, each option begins with a single tag octet, which defines the option. An option can be fixed length, such as the NetBIOS Node Type (Option 46); variable length, such as the Domain Name System (DNS) Domain Name (Option 15); or an array of items, such as the list of DNS Servers (Option 6). With the Windows Server 2003 DHCP Server service, the DHCP administrator can manage options at the following five levels: Predefined options: Allow the DHCP administrator to specify default option values for all options supported on the DHCP server and to create new option types for use on this server. Server options: Values assigned to all clients and scopes defined on the DHCP server (unless they are overridden by scope, class, or client-assigned options). Scope options: Values applied only to clients of a specific scope (unless they are overridden by class or client-assigned options). Class options: Allow the administrator to set user- or vendor-defined option classes, providing option data to a specified class of DHCP clients (for example, all Windows 2000 or later DHCP clients). Options set at this level are overridden only by options assigned at the client level. Reserved client options: Set for an individual reserved DHCP client. Only properties manually configured at the client computer can override options assigned at this level. DHCP Messages DHCP clients communicate with DHCP servers by sending application layer messages to, and receiving messages from, a DHCP server. There are eight DHCP message types, which are sent using User ICS COMPUTER NETWORK LAB 119 Datagram Protocol (UDP). DHCP clients with a bound IP address and a valid lease communicate with the DHCP server using unicast IP datagrams, whereas clients in the process of obtaining an IP address communicate using broadcast packets, sent to the limited broadcast IP address 255.255.255.255. The DHCP client binds to UDP port 68, and the DHCP server binds to UDP port 67. There are eight DHCP message types: DHCPDISCOVER: Sent by a DHCP client broadcast to locate a DHCP server. DHCPOFFER: Sent by a DHCP server to a DHCP client, in response to DHCPDISCOVER, along with offered configuration parameters. DHCPREQUEST: Sent by the DHCP client to DHCP servers to request parameters from one server while implicitly declining offers from other servers, and to confirm the validity of previously allocated addresses (for example, after a reboot or to extend an existing DHCP lease). DHCPACK: Sent by a DHCP server to a DHCP client to confirm an IP address and provide the client with those configuration parameters that the client has requested and the server is configured to provide. DHCPNAK: Sent by a DHCP server to a DHCP client denying the client's DHCPREQUEST. This might occur if the requested address is incorrect because of the client having moved to a new subnet or because the DHCP client's lease has expired and cannot be renewed. DHCPDECLINE: Sent by a DHCP client to a DHCP server, informing the server that the offered IP address is declined because it appears to be in use by another computer. DHCPRELEASE: Sent by a DHCP client to a DHCP server, relinquishing an IP address and canceling the remaining lease. This is sent to the server that provided the lease. DHCPINFORM: Sent from a DHCP client to a DHCP server, asking only for additional local configuration parameters; the client already has a configured IP address. This message type is also used for rogue server detection. DHCP Leases and Reservations The IP addresses acquired by DHCP generally are not permanent. When a DHCP client is configured using DHCP, it acquires a lease on the assigned address. The DHCP administrator defines the lease duration, either when the lease is created, or subsequently. In Windows Server 2003, the administrator can specify either a specific lease time, between 1 minute and 999 days, or an unlimited lease time. Although most IP addresses are dynamically allocated, Windows Server 2003 allows a DHCP administrator to create a reservation, a permanent address lease that the DHCP administrator creates to assign a specific IP address (and DHCP options) to a specific DHCP client. The administrator creates the reservation by specifying the IP address to be allocated and the host's media access control (MAC) address. The reservation ensures that the DHCP client with a network interface card (NIC) having that MAC address always obtains the same IP address and options. DHCP Relay Agents When a Windows DHCP client computer is started, it broadcasts DHCP messages to obtain or renew a lease from a DHCP server. A DHCP relay agent, also referred to as a BOOTP relay agent, is either a host or an IP router that listens for DHCP client messages being broadcast on a subnet and then forwards those DHCP messages to a configured DHCP server. The DHCP server sends DHCP response messages back to the relay agent, which then broadcasts them onto the subnet for the DHCP client. The DHCP administrator uses DHCP relay agents to centralize DHCP servers, avoiding the need for a DHCP server on each subnet. ICS COMPUTER NETWORK LAB 120 The Routing and Remote Access service of Windows Server 2003 includes a DHCP relay agent. A DHCP administrator needs to enable the Routing and Remote Access service and configure the DHCP relay agent with interfaces and the IP addresses of DHCP servers. In addition, most modern hardware routers can be configured to provide relay facilities. On some routers, the DHCP relay function is referred to as BOOTP forwarding. How DHCP Works Hosts use the DHCP protocol to obtain an initial lease, to renew an existing lease, and to detect unauthorized DHCP servers. Obtaining an Initial Lease A DHCP client acquires an initial lease the first time the client boots up using a series of messages exchanged with a DHCP server. The following Network Monitor trace provides an example of this process: 1 4.426365 KAPOHO10 *BROADCAST DHCP Discover (xid=43474883) Offer (xid=43474883) DHCP Request (xid=43474883) ACK (xid=43474883) 0.0.0.0 255.255.255.255 IP 2 4.426365 LOCAL *BROADCAST DHCP TALLGUY 255.255.255.255 IP 3 4.426365 KAPOHO10 *BROADCAST 0.0.0.0 255.255.255.255 IP 4 4.436379 LOCAL *BROADCAST DHCP TALLGUY 255.255.255.255 IP In this trace, the DHCP client broadcasts a DHCPDISCOVER message to find a DHCP server. Because the host does not have an IP address, it communicates with the DHCP server by means of a local area broadcast. On receipt of a DHCPDISCOVER message, a DHCP server responds with an offer of an IP lease by sending a DHCPOFFER message. If there is more than one DHCP server able to provide the DHCP client with a lease, the DHCP client could receive more than one DHCPOFFER response. If this occurs, the client chooses the "best" offer, which for Windows DHCP clients is the first offer received. To help other clients determine the best offer, the DHCPOFFER message contains values for options that the client has requested and that are configured on the offering DHCP server. Any DHCP server that receives a DHCPREQUEST message and can assign the DHCP client a lease issues a DHCPOFFER message. This message contains an offered IP address and values for any option that the DHCP server has been configured to issue. If the client can accept an offered lease, it sends a DHCPREQUEST message to the offering DHCP server, requesting the offered IP address. This request also contains all the configuration options that the DHCP client wishes to obtain. If it is still willing to offer the lease, the DHCP server sends a DHCPACK message to the DHCP client, confirming that the DHCP client now has the lease on the IP address. The DHCPACK also provides ICS COMPUTER NETWORK LAB 121 values for the requested options that were specified by the DHCP administrator on the server issuing the DHCPACK. Renewing a Lease Because the IP lease has a finite lifetime, the client must renew the lease at some point after obtaining it. Windows DHCP clients attempt to renew the lease, either at each reboot or at regular intervals after the DHCP client has initialized. The following Network Monitor trace demonstrates the renewal of a lease: 1 81.757561 KAPOHO10 *BROADCAST DHCP Request (xid=492D15B9) ACK (xid=492D15B9) 0.0.0.0 255.255.255.255 2 81.767576 255.255.255.255 IP LOCA *BROADCAST DHCP TALLGUY IP As shown in the Network Monitor trace, a lease renewal involves just two DHCP messages DHCPREQUEST and DHCPACK. If a Windows DHCP client renews a lease while booting up, broadcast IP packets are used to send these messages. If the lease renewal is made while the Windows DHCP client is running, the DHCP client and the DHCP server communicate using unicast messages. When a client obtains a lease, DHCP provides values for the configuration options that were requested by the DHCP client and are configured on the DHCP server. By reducing the lease time, the DHCP administrator can force clients to regularly renew leases and obtain updated configuration details. This can be useful when the administrator wishes to change a scope's IP configuration or configuration options. A DHCP client first attempts to reacquire its lease at half the lease time, known as T1. The DHCP client obtains the value of T1 from the DHCPACK messages that confirmed the IP lease. If the lease reacquisition fails, the DHCP client attempts a further lease renewal at 87.5 percent of the lease time, known as T2. Like T1, T2 is specified in the DHCPACK message. If the lease is not reacquired before it expires (if, for example, the DHCP server is unreachable for an extended period of time), as soon as the lease expires, the client immediately unbinds the IP address and attempts to acquire a new lease. Changing Subnets and DHCP Servers If the DHCP client requests a lease through a DHCPREQUEST message that the DHCP server cannot fulfill (for example, when a laptop is moved to a different subnet), the DHCP server sends a DHCPNAK message to the client. This informs the client that the requested IP lease will not be renewed. The client then acquires a new lease using the lease acquisition process described earlier. The following Network Monitor trace demonstrates a client that has moved subnets and as a result needs to acquire a different IP lease: 1 68.198064 KAPOHO10 ICS COMPUTER NETWORK LAB *BROADCAST DHCP Request (xid=2DBB2B8B) 122 0.0.0.0 255.255.255.255 2 LOCAL 68.198064 *BROADCAST TALLGUY 255.255.255.255 3 KAPOHO10 69.419821 0.0.0.0 255.255.255.255 4 LOCAL 69.419821 255.255.255.255 5 KAPOHO10 0.0.0.0 255.255.255.255 6 69.429836 LOCAL TALLGUY 255.255.255.255 DHCP NACK (xid=2DBB2B8B) DHCP Discover Offer (xid=749C146A) DHCP Request ACK (xid=749C146A) IP *BROADCAST (xid=749C146A) IP *BROADCAST TALLGUY 69.429836 IP DHCP IP *BROADCAST (xid=749C146A) IP *BROADCAST DHCP IP When a Windows DHCP client boots up, it broadcasts a DHCPREQUEST message to renew its lease. This ensures that the DHCP renewal request is sent to the DHCP server that provides DHCP addresses for the subnet the client is currently on. This could be different from the server that provided the initial lease. When the DHCP server receives the broadcast, it compares the address the DHCP client is requesting with the scopes configured on the server and the subnet from which the DHCPREQUEST message was received. If it is not possible to satisfy the client request, the DHCP server issues a DHCPNAK, and the DHCP client then acquires a new lease. If the DHCP client is unable to locate any DHCP server when rebooting, to renew its lease, it issues an ARP broadcast for the default gateway that was previously obtained, if one was provided. If the IP address of the gateway is successfully resolved, the DHCP client assumes that it remains located on the same network where it obtained its current lease and continues to use this lease. If the ARP broadcast that the client sent for the default gateway receives no response, the client assumes that it has been moved to a network that has no DHCP services currently available (such as a home network), and it autoconfigures itself using either APIPA or alternate configuration. Once it autoconfigures itself, the DHCP client tries to locate a DHCP server every 5 minutes. ICS COMPUTER NETWORK LAB 123 Task 1: Configure your computer For this lab we will make all the lab computers as hosts on network 192.168.230.0. Thus at every computer modify the network configurations as follows: 1. Enable LAN1 and disable LAN2. 2. Assign an IP address as follows: Net work A: 192.168.230.1 to 192.168.230.4 depending on the machine number Net work B: 192.168.230.11 to 192.168.230.14 === Net work C: 192.168.230.21 to 192.168.230.24 === Net work D: 192.168.230.31 to 192.168.230.34 === Net work E: 192.168.230.41 to 192.168.230.44 === 3. Set the gateway address as 192.168.230.251 4. Set the DNS Server as 172.16.0.1. ICS COMPUTER NETWORK LAB 124 Task 2: Configure Windows 2003 as a DHCP Client StartControl PanelNetwork Connections. Right-click and select Open. Select anyone of the local area connections and click. Click Properties. Local Area connection properties window appears. Select Internet Protocol (TCP/IP) and click Properties. Internet Protocol (TCP/IP) Properties window appears. Select the radio button ‘obtain an IP address automatically’. ICS COMPUTER NETWORK LAB 125 Task 3: Configure Windows 2003 as a DHCP Server StartControl PanelAdd/Remove Programs. Click on Add/Remove Windows Components. Select Networking Essentials and check it. Then click Details button. Select DHCP and Simple TCP/IP Services. Click Ok. Click Next. Click Finish. StartAdministrative ToolsDHCP. DHCP Manager appears. Click on the computer and rightclick and select New Scope. New Scope Wizard appears. Enter the name of the scope and its description. Enter the starting and ending IP address of the scope as instructed by the instructor. Click Next. If needed, add exclusion range and click Add. Click Next. On the lease duration, click Next unless specified by the instructor. ICS COMPUTER NETWORK LAB 126 Select Yes for DHCP configure options and Click Next. If needed specify the router [default gateway] address and click Add. Click Next. Click Next [for DNS server]. Click Next [for WINS server]. Select Yes for activating the scope. Click Next. Completing the new scope wizard appears. Click Finish. DHCP window appears. ICS COMPUTER NETWORK LAB 127 ICS COMPUTER NETWORK LAB 128 Task 4: Capture DHCP traffic We will use a filter that restricts the MAC source or destination address to match that of local station. Follow these steps. 1. From the Menu select Filtersoftware FilterEdit Filter to bring up the screen below. Select Enable Filter checkbox and then click on the Add button. Then keep clicking Next till you reach the MAC Filter screen. 2. In the above screen, add your machine's Ethernet address. Then click Next till reaching the Finish Filter screen shown below. Give this filter a name, say FromToMe and click Finish button. ICS COMPUTER NETWORK LAB 129 Now that you have created the filter, to enable it – use FilterSoftware FiltersEdit FilterEnable. You should see near the middle of in the status bar "Filter On" – see the screen below. 3. Have Sniffem set to Capture Mode and browse to some site such as http://www.kfupm.edu.sa. If all goes well then you should get a capture similar to the one shown below. ICS COMPUTER NETWORK LAB 130