For this and future labs, you may find it useful to use the man pages to
get more information. Manual pages (man
pages) exist on every lab machine. For each of the following commands, type
the name of the command as a search term. The search will return the
appropriate man page (e.g.
type in man mv). Read the man pages of the following
commands to refresh your memory on some linux
commands:
mv rmdir pwd cp chmod ls rm kill more mkdir
ping tcpdump
We will be using wireshark to monitor
network activity. The man page for wireshark,
a network analyzer tool, can be found on every lab machine. You can also
read about the wireshark network
analyzer at the website
http://wiki.wireshark.org/CaptureSetUp
In Lab 1, you will acquaint yourself with
the equipment of the Internet Lab, the Linux operating system, and some traffic
measurement tools.
Save your files
to a flash drive before the end of the lab. You will need the files when you
prepare your
lab report.
Most lab exercises
ask you to save data that is displayed on your monitor to a file.
NOTE:
Whenever you create a file, place the
file in the directory /Labdata. Since other
students will most likely purge the files in this directory, please remember to
save your files to a floppy disk at the end of your lab session.
Here are three methods to save data to a file on a Linux system.
1. Save data to a file with the redirection operators: Linux provides an easy
way for redirecting the output of a command to a file via the redirection
operators > and >>. (> writes a file and >> appends the
file).
2. View and save data at the same time: You can view data on the monitor and save data to a
file at the same time. For example, to display the output of command is in a
terminal window, and also to file with name fname,
you can use the command
ROOT@LAB1% ls | tee fname
or
ROOT@LAB1% ls > fname & tail f fname.
3. Save data with a text
editor (with copy and paste) Open your favorite Unix editor such as gedit, kwrite, kate, etc. Use Ctrl-C and CTRL-V to copy and paste things
into the editor window.
On LAB1, open an editor (e.g. kwrite) so that
you can save data for later use. You can
do this from the menu or the command line by typing kwrite&
(The & will cause the process to run in the
background so that you can use the window for other things. If you start a
process and then decide you want to to be running in
the background, you can shift it to run in the background by first entering
CTRL-Z to suspend the process and then entering bg to indicate that you want it to resume as a
background process.)
SETUP FOR LAB 1
Please take a few minutes to compare the
following description with the actual equipment:
Four Linux PCs, which are labeled as LAB1, LAB2, LAB3, and LAB4. The PCs have
the Linux operating system installed. All four Linux PCs have floppy drives and
CD-ROM drives. Each Linux PC has two Ethernet network interface cards (NICs)
installed, which are labeled eth0 and eth1.
An Ethernet hub with at least four ports.
A monitor, a keyboard, a mouse, and a KVM (keyboard-video-mouse) switch. The
KVM switch connects the keyboard, monitor, and mouse to the four Linux PCs. The
KVM switch gives you control over all four Linux PCs from one keyboard, one
monitor, and one mouse, but you can access only one computer at a time.
Ethernet cables. Note that there are two kinds: straight-through Ethernet
cables and crossover Ethernet cables. In Lab 1, only straight-through Ethernet
cables are used.
Before you get
started, one at a time, reboot each of the PCs to be sure that
the network settings are refreshed by typing the reboot command at the root prompt.
Dont
switch the KVM switch
while
a Linux PC is rebooting,
otherwise the keyboard
and
mouse will not work properly. After you reboot the Linux PCs, you are to configure
the IP addresses of the computers as shown in Table below. The IP addresses
listed in the table are associated with the Ethernet card of the Linux PC,
which is labeled eth0. In this lab, the second Ethernet card of the
Linux PCs, labeled eth1, is not used.
EXERCISE 1(A).
1. Set the KVM switch to LAB1 (the first light or the number 1 should light
up). Log in as root (password netlab).
2. Use the KVM switch to switch to LAB3 (the third light or the number 3 should
light up) and log in as root (password netlab).
3. Explore the desktop environment of LAB3.
4. If a terminal window is not open, open a terminal window. Recall that all
Linux commands are typed from a terminal window.
5. Set the KVM switch to LAB1
and reboot LAB1 by typing reboot on the command line at the root@LAB1% prompt
in the terminal window:
root@LAB1% reboot
Please note that when rebooting a Linux PC,
do not switch the KVM switch to another Linux PC. You have to wait until the
Linux PC is fully booted before you can make the switch. A Linux PC needs a
monitor, a keyboard, and a mouse to reboot. Switching before it is done may
cause the process to hang and you will have to start again.
EXERCISE 1(B).
In Lab 1 the
four Linux PCs must be connected to an Ethernet hub. All Linux PCs are attached to the same
Ethernet hub.
1. Attach each Linux PC to the same Ethernet hub with
(straight-through) Ethernet cables. Connect the Ethernet interface with label eth0
of each Linux PC to one of the hubs using an Ethernet cable. Do not
connect into the slot marked uplink on the hub.
2. Check to see if your
physical connections are made by assuring that the small LEDs are lit on both
the hub and on the back of the PCs. This
is often a good way to check for a physical problem that may prevent wasted
effort when the problem is really a bad cable.
EXERCISE 1(C).
To configure the IP addresses, we will be using the ifconfig
command. Before continuing, look at the
man pages for the ifconfig command.
To start, enter:
root@LAB1% ifconfig
Entering ifconfig without arguments will
give you status information for each of the network interfaces.
Take the information that you receive from
the system by running this command and save it in a file so that you can
include it in your lab report.
Lab
Report
Provide the results of the ifconfig command and explain the meaning of the different pieces of information provided.
Next enter: ifconfig
eth0
Providing the name of an interface will provide
status information on that interface only.
To set the IP address of an interface eth0 to
10.0.1.11 with a net mask of 255.255.255.0, enter the following command:
root@LAB1%ifconfig eth0 10.0.1.11/24
Set the IP address for each of the 4 devices,
according to the table.
IP addresses for the Linux PCs as shown in Table 1.1.
|
Linux PC |
IP Addresses of Ethernet Interface eth0 |
|
LAB1 |
10.0.1.11/24 |
|
LAB2 |
10.0.1.12/24 |
|
LAB3 |
10.0.1.13/24 |
|
LAB4 |
10.0.1.14/24 |
The notation 10.0.1.11/24 means that the IP address is 10.0.1.11 and
the network prefix is 24 bits long. A network prefix of 24 bits corresponds to
a netmask set to 255.255.255.0. With this netmask, all hosts are on the 10.0.1.0/24 network.
EXERCISE 1(D)
Testing connectivity between computers.
One of the most
basic, but also most effective, tools to debug IP networks is the ping command.
The ping command tests whether another host or router on the Internet is
reachable. The ping command sends an ICMP Echo Request datagram to an interface
and expects an ICMP Echo Reply datagram in return. NOTE:
On Linux systems, ping continues to send packets until you
interrupt the command
with the Ctrl-C keys.
When using ping on the Linux PCs, always send at least two ICMP Echo
Request packets. The first ICMP Echo Request may often be dropped at the
receiver. This occurs when the ICMP Echo Request packet does not reach its
destination within a certain amount of time or number of hops, e.g., when
waiting for on ARP Reply or ICMP Redirect.
After connecting the four Linux PCs to the
Ethernet hub, all four computers should be able to communicate with one
another. Verify connectivity by using the ping command.
From LAB1, ping each
of the other three machines by entering:
root@LAB1% ping c 3 <addr>
where <addr>
is replaced by each of the other three addresses in turn. If you have problems,
check your connections and settings and fix. Save the results of your ping and
include them in your report.
Lab Report
Include the results
of your ping along with a brief explanation.
Switch to LAB2 and repeat the process to
assure that each machine can be reached via LAB2.
Linux has
numerous configuration files that set the environment variables of the
operating system. For example, if you want to set up your Linux PC as an IP
router, you merely need to change a single line in one of the configuration
files. Studying configuration files also provides a way of learning what
network configuration options are available to you.
Configuration files are fundamentally different across different versions of Unix-like operating systems (e.g., AIX, Solaris, Linux, FreeBSD). Sometimes the structure of configuration files changes between releases of the same Unix version. For example, the configuration files of different Linux distributions, such as Red Hat and Slackware, are quite different. Furthermore, the configuration files between different versions of the some Linux distribution can have significant differences.
A list of the most important network configuration files follows:
/etc/sysconfig/network
This file
defines global parameters of the network configuration, such as the host name,
domain name, and IP address of the default gateway. It also includes a line to
determine whether the Linux PC acts as a router or not.
/etc/sysconfig/networkscripts /ifcfglo
/etc/sysconfig/networkscripts /ifcfgeth0
/etc /sysconfig/network-scripts /ifcfg-eth1
These files
define the configuration of the network interfaces. There is one configuration
file for each network interface. The files ifcfg-eth0 and ifcfg-eth1 are for
the two installed Ethernet interface cards. The file ifcfg
lo is for the loopback interface.
/etc/sysctl.conf
This file
specifies many kernel options related to the network configuration.
/etc/hosts
This file
specifies the mapping between the host names and IP addresses for network
devices. This file also determines the name of the local Linux system.
/etc/sysconfig/static-routes
This file contains
the settings of the static routing table, which is set when booting the Linux
PC. It may not exist or may be empty if no static routes have been previously
assigned.
EXERCISE 1(E)
On LAB2, issue a
ping to the IP address of LAB1. Also, issue a ping command to the loopback interface 127.0.0.1 Limit the number of pings to five Save
the output.
Lab Report
Include the output you saved in
this exercise.
Explain the difference between pinging the local Ethernet interface and the
loopback interface. Specifically, on PC 1, what is the difference between
typing ping 10.0.1.11 and ping 127.0.0.1. (This is a conceptual
question on the role of the loopback interface. The response to the ping
command does not provide you with the answer to this question.)
tcpdump allows you to capture traffic on a network and display
the packet headers of the captured traffic. tcpdump
can be used to identify network problems or to monitor network activities.
See the man pages for tcpdump.
EXERCISE 2A
Simple tcpdump
exercise.
Use tcpdump to observe
the network traffic that is generated by issuing ping commands.
1.
Switch to LAB1. Start tcpdump so that it monitors
all packets that contain the IP address of LAB2, by typing
ROOT@LAB1% tcpdump -n host 10.0.1.12
2. Open a new window and execute
ROOT@LAB1% ping -c 1 10.0.1.12
3. Observe the output of tcpdump.
Save the output to a file.
NOTE:
If you use the tee or tail commands
to simultaneously view and save the output from tcpdump,
you need to use the -l option of
tcpdump.
For example,
tcpdump -n -l > filename & tail f filename
tcpdump -n -l | tee filename
It-may be necessary to hit CTRLl-C to terminate the tcpdump session. It
may sometimes be best to simply redirect the output of tcpdump
straight
to a file (e.g. tcpdump > filename) and view it afterward with the more
command or a text editor.
Lab Report
Include the saved output in your lab
report. Explain the meaning of each field in the captured data.
EXERCISE
2(B).
1. On LAB1, start capturing packets
using the tcpdump -n
command.
2. Issue a ping to the nonexistent IP address 111.111.111.111:
ROOT@LAB1% ping -c 1 111.111.111.111
3. Issue a ping to the
broadcast address 10.0.1.255 using the command
ROOT@LAB1% ping -c 2 -b 10.0.1.255
Save the outputs
of ping and tcpdump to a file.
Lab Report
Include the
saved output in your lab report and interpret the results. How many of the
Linux PCs responded to the broadcast ping?
Wireshark
Wireshark is a
network protocol analyzer with a graphical user interface. Using wireshark, you can interactively capture and
examine network traffic, view summaries, and get detailed information for each
packet.
Before starting
this part of the exercise, reboot LAB1 and then reconfigure eth0 with the IP
address as before. This is important to
do before starting! Do not test the
interface after issuing the ifconfig command.
EXERCISE
3.
Running Wireshark
This exercise walks you through
the steps of capturing and saving network traffic with wireshark.
The exercise is conducted on PCI.
1.
Starting wireshark:
On LAB1, start wireshark by typing
ROOT@LAB1% wireshark
&
or select it from the icons on the bottom
of the screen.
2.
Starting
the traffic capture: Start the packet capture by selecting Capture, Itnerfaces from the top
menu. In the second window, click on the
Start button after eth0.
4. Generating
traffic: In a separate window on LAB1,
execute a ping command to LAB3.
ROOT@LAB1%
ping -c 2 10.0.1.13
Observe the output in the wireshark main window.
Click and highlight
a captured packet in the wireshark window
and view the headers of the captured traffic.
5.
Stopping the traffic capture: Click Stop in the window
Ethernet Capture.
6.
Saving captured traffic: Save the results of the captured traffic as a plain text
file. This is done by selecting export in the File menu. When a Export
window pops up, select the options and set a filename.
If you select Save in the File menu, the captured
data is saved in the format of a libpcap file. This
format con be interpreted by both tcpdump
and
wireshark. Measurements
saved in libpcap format can be analyzed at a later time.
However, libpcap files are
not plain text files and are not useful for preparing your report.
Unless you have the tcpdump and/or wireshark tools available on a system
outside of the lab, which allows you to view and save captured traffic as text
at a later time, always save captured traffic in plain text Format.
Repeat this process a second time. Restart the traffic capture on eth0 and again issue
the ping command for LAB3. Save the results
in a second file.
ROOT@LAB1%
ping -c 2 10.0.1.13
Lab Report
Include the file with the captured
data in your lab report. Save the details of the captured
traffic, using the Export window. Explain why you have different number
of packets in the second capture than
you do in the first.
Describe the
differences between the files saved by tcpdump
and by wireshark (in this part).
Your file lab report should have a heading that includes your name, the date you conducted the lab exercise, the lab number, and the names of all individuals who worked on the lab with you. It should be written with an introduction, an explanation of what occurred for each step (including problems encountered) and results along with analysis if appropriate. A conclusion should sum up lessons learned and what things you would do differently if you were to do it again. Finally, make any suggestions that you would recommend for this lab in the future.