For this
and future labs, you may find it useful to use the man pages to
get more information. Manual
pages (man
pages) exist on every lab machine. For each of the following
commands, type
the name of the command as a search term. The search will return the
appropriate man page (e.g.
type in man mv).
Read the man pages of the following
commands to refresh your memory on some linux
commands:
mv rmdir pwd cp chmod
ls rm kill more mkdir
ping tcpdump
We will
be using wireshark to monitor
network activity. The man page for wireshark,
a network analyzer tool, can be found on every lab machine. You can
also
read about the wireshark network
analyzer at the website
http://wiki.wireshark.org/CaptureSetUp
In Lab 1, you will acquaint yourself
with
the equipment of the Internet Lab, the Linux operating system, and some
traffic
measurement tools.
***
Note that after you save your data to the flash drive and before you
remove the flash drive, you must umount the drive or you will likely lose your data!
When you insert the flash drive into the computer, an icon for the
drive should show up on the desktop. To umount the drive,
rightclick on the icon and select safely remove (or some similar
command). Once this is done, you can safely remove the
drive. If you bring insert the drive into one of the linux
machines in the main lab, you must do the same or you may corrupt your
drive. If you cannot find the drive on the desktop, you can try opening
"Konquerer" and entering system:media as the address to look at.
***
Whenever you create a file, place the
file in the directory /Labdata. Since
other
students will most likely purge the files in this directory, please
remember to
save your files to a flash drive at the end of your lab session.
Here are three methods to save data to a file on a Linux system.
1. Save
data to a file with the redirection
operators: Linux provides an easy
way for redirecting the output of a command to a file via the
redirection
operators > and >>. (> writes a file and >> appends
the
file).
2. View and save data at the
same time: You can view data on the monitor
and save data to a
file at the same time. For example, to display the output of command is
in a
terminal window, and also to file with name fname,
you can use the command
ROOT@LAB1% ls
| tee fname
or
ROOT@LAB1% ls > fname
& tail f fname.
3. Save data with a text
editor (with copy and paste) Open
your favorite Unix editor such as gedit, kwrite, kate, etc.
Use Ctrl-C and CTRL-V to copy and paste things
into the editor window. From a terminal window, you will need to
use the top menus edit, copy
to grab data from the window and paste into an editor window.
On LAB1, open an editor (e.g. kwrite) so that
you can save data for later use. You can
do this from the menu or the command line by typing kwrite&
(The & will cause the process to run in
the
background so that you can use the window for other things. If you
start a
process and then decide you want to to be
running in
the background, you can shift it to run in the background by first
entering
CTRL-Z to suspend the process and then entering bg to indicate that
you want it to resume it as a
background process.)
SETUP FOR LAB 1
Please take a few minutes to compare
the
following description with the actual equipment:
Four Linux PCs, which are labeled as LAB1, LAB2, LAB3, and LAB4. The
PCs have
the Linux operating system installed. All four Linux PCs have floppy
drives and
CD-ROM drives. Each Linux PC has two Ethernet network interface cards
(NICs)
installed, which are labeled eth0 and eth1.
An Ethernet hub with at least four ports.
A monitor, a keyboard, a mouse, and a KVM (keyboard-video-mouse)
switch. The
KVM switch connects the keyboard, monitor, and mouse to the four Linux
PCs. The
KVM switch gives you control over all four Linux PCs from one keyboard,
one
monitor, and one mouse, but you can access only one computer at a
time.
Ethernet cables. Note that there are two kinds: straight-through
Ethernet
cables (blue in color)
and crossover Ethernet cables. In Lab 1, only straight-through Ethernet
cables are used.
Before
you get
started,
one at a time, reboot each of the
PCs to be sure that
the network settings are refreshed
by typing
the reboot command at the root prompt.
Dont
switch the KVM switch
while
a Linux PC is rebooting,
otherwise the keyboard
and
mouse will not work properly. After you reboot the Linux PCs, you are to
configure
the IP addresses of the computers as shown in Table below. The IP
addresses
listed in the table are associated with the Ethernet card of the Linux
PC,
which is labeled eth0. In this lab, the second Ethernet card
of the
Linux PCs, labeled eth1, is not used.
EXERCISE
1(A).
1. Set the KVM switch to LAB1 (the first light or the number 1 should
light
up). Log in as root (password
netlab).
2. Use the KVM switch to switch to LAB3 (the third light or the number
3 should
light up) and log in as root (password netlab).
3. Explore the desktop environment of LAB3.
4. If a terminal window is not open, open a terminal window. Recall
that all
Linux commands are typed from a terminal window.
5. Set the KVM switch to LAB1
and reboot LAB1 by typing reboot on the command line at the root@LAB1%
prompt
in the terminal window:
root@LAB1% reboot
Please note that when rebooting a
Linux PC,
do not switch the KVM switch to another Linux PC. You have to wait
until the
Linux PC is fully booted before you can make the switch. A Linux PC
needs a
monitor, a keyboard, and a mouse to reboot. Switching before it is done
may
cause the process to hang and you will have to start again.
EXERCISE
1(B).
In Lab 1
the
four Linux PCs must be connected to an Ethernet hub.
All Linux PCs are attached to the same
Ethernet hub.
1.
Attach
each Linux PC to the same Ethernet hub with
(straight-through) Ethernet cables. Connect the Ethernet interface with
label eth0
of each Linux PC to one of the hubs using an Ethernet cable. Do
not
connect into the slot marked uplink on the hub.
2.
Check
to see if your
physical connections are made by assuring that the small LEDs are lit
on both
the hub and on the back of the PCs. This
is often a good way to check for a physical problem that may prevent
wasted
effort when the problem is really a bad cable.
EXERCISE
1(C).
To configure the IP
addresses, we will be using the ifconfig
command. Before continuing, look at the
man pages for the ifconfig command.
To start, enter:
root@LAB1% ifconfig
Entering ifconfig without arguments will
give you status information for each of the network interfaces.
Take the information that you receive
from
the system by running this command and save it in a file so that you
can
include it in your lab report.
Lab
Report
Provide the results of the ifconfig command and explain the meaning of the different pieces of information provided.
Next enter: ifconfig
eth0
Providing the name of an interface
will provide
status information on that interface only.
To set the IP address of an interface
eth0 to
10.0.1.11 with a net mask of 255.255.255.0, enter the following command:
root@LAB1%ifconfig eth0
10.0.1.11/24
Set the IP address for each of the 4
devices,
according to the table.
IP addresses for the Linux PCs as shown in Table 1.1.
|
Linux PC |
IP Addresses of Ethernet Interface eth0 |
|
LAB1 |
10.0.1.11/24 |
|
LAB2 |
10.0.1.12/24 |
|
LAB3 |
10.0.1.13/24 |
|
LAB4 |
10.0.1.14/24 |
The notation 10.0.1.11/24 means that the IP address is
10.0.1.11 and
the network prefix is 24 bits long. A network prefix of 24 bits
corresponds to
a netmask set to 255.255.255.0. With
this netmask, all hosts are on the
10.0.1.0/24 network.
EXERCISE
1(D)
Testing connectivity between computers.
One of
the most
basic, but also most effective, tools to debug IP networks is the ping
command.
The ping command tests whether another host or router on the Internet
is
reachable. The ping command sends an ICMP Echo Request datagram to an
interface
and expects an ICMP Echo Reply datagram in return. NOTE:
On Linux systems, ping continues to send packets until
you
interrupt the command
with the Ctrl-C keys.
When using ping on the Linux PCs, always send at least two
ICMP Echo
Request packets. The first ICMP Echo Request may often be dropped at
the
receiver. This occurs when the ICMP Echo Request packet does not reach
its
destination within a certain amount of time or number of hops, e.g.,
when
waiting for on ARP Reply or ICMP Redirect.
After connecting the four Linux PCs
to the
Ethernet hub, all four computers should be able to communicate with one
another. Verify connectivity by using the ping command.
From LAB1, ping
each
of the other three machines by entering:
root@LAB1% ping c 3 <addr>
where <addr>
is replaced by each of the other three addresses in turn. If you have
problems,
check your connections and settings and fix. Save the results of your
ping and
include them in your report.
Lab Report
Include
the results
of your ping along with a brief explanation.
Switch to LAB2 and repeat the process
to
assure that each machine can be reached via LAB2.
Linux
has
numerous configuration files that set the environment variables of the
operating system. For example, if you want to set up your Linux PC as
an IP
router, you merely need to change a single line in one of the
configuration
files. Studying configuration files also provides a way of learning
what
network configuration options are available to you.
Configuration files are fundamentally different across different versions of Unix-like operating systems (e.g., AIX, Solaris, Linux, FreeBSD). Sometimes the structure of configuration files changes between releases of the same Unix version. For example, the configuration files of different Linux distributions, such as Red Hat and Slackware, are quite different. Furthermore, the configuration files between different versions of the some Linux distribution can have significant differences.
A list of the most important network configuration files follows:
/etc/sysconfig/network
This
file
defines global parameters of the network configuration, such as the
host name,
domain name, and IP address of the default gateway. It also includes a
line to
determine whether the Linux PC acts as a router or not.
/etc/sysconfig/networkscripts /ifcfglo
/etc/sysconfig/networkscripts /ifcfgeth0
/etc /sysconfig/network-scripts /ifcfg-eth1
These
files
define the configuration of the network interfaces. There is one
configuration
file for each network interface. The files ifcfg-eth0 and ifcfg-eth1
are for
the two installed Ethernet interface cards. The file ifcfg
lo is for the loopback interface.
/etc/sysctl.conf
This
file
specifies many kernel options related to the network configuration.
/etc/hosts
This
file
specifies the mapping between the host names and IP addresses for
network
devices. This file also determines the name of the local Linux system.
/etc/sysconfig/static-routes
This
file contains
the settings of the static routing table, which is set when booting the
Linux
PC. It may not exist or may be empty if no static routes have been
previously
assigned.
EXERCISE 1(E)
On
LAB2, issue a
ping to the IP address of LAB1. Also, issue a ping command to the loopback interface 127.0.0.1
Limit the number of pings to five Save
the output.
Lab
Report
Include the output you
saved in
this exercise.
Explain the difference between pinging the local Ethernet interface
and the
loopback interface. Specifically, on PC 1, what is the difference
between
typing ping 10.0.1.11 and ping 127.0.0.1. (This is a
conceptual
question on the role of the loopback interface. The response to the
ping
command does not provide you with the answer to this question.)
tcpdump allows
you to capture traffic on a network and display
the packet headers of the captured traffic. tcpdump
can be used to identify network problems or to monitor network
activities.
See the man pages for tcpdump.
EXERCISE
2A
Simple tcpdump
exercise.
Use tcpdump to
observe
the network traffic that is generated by issuing ping commands.
1.
Switch to LAB1. Start tcpdump so that it monitors
all packets that contain the IP address of LAB2, by typing
ROOT@LAB1% tcpdump -n host 10.0.1.12
2. Open a new window and execute
ROOT@LAB1% ping -c 1 10.0.1.12
3. Observe the output of tcpdump.
Save the output to a file.
NOTE:
If you use the tee or tail
commands
to simultaneously view and save the output from tcpdump,
you need to use the -l option of
tcpdump.
For example,
tcpdump -n -l >
filename
&
tail f filename
tcpdump -n -l | tee filename
It-may be necessary
to hit CTRLl-C to
terminate the tcpdump session. It
may sometimes be best to simply redirect the output of tcpdump
straight
to a file (e.g. tcpdump > filename) and
view it afterward with the more
command or a text editor.
Lab Report
Include the saved output in your
lab
report. Explain the meaning of each field in the captured data.
EXERCISE
2(B).
1. On LAB1, start capturing
packets
using the tcpdump -n
command.
2. Issue a ping to the nonexistent IP address 111.111.111.111:
ROOT@LAB1% ping -c 1
111.111.111.111
3. Issue a ping to the
broadcast address 10.0.1.255 using the command
ROOT@LAB1% ping -c 2
-b 10.0.1.255
Save the
outputs
of ping and tcpdump to
a file.
Lab Report
Include
the
saved output in your lab report and interpret the results. How many of
the
Linux PCs responded to the broadcast ping?
Wireshark
Wireshark is
a
network protocol analyzer with a graphical user interface. Using wireshark, you can interactively
capture and
examine network traffic, view summaries, and get detailed information
for each
packet.
Before
starting
this part of the exercise, reboot LAB1 and then reconfigure eth0 with
the IP
address as before. This is important to
do before starting! Do not test the
interface after issuing the ifconfig
command.
EXERCISE
3.
Running
Wireshark
This exercise walks you
through
the steps of capturing and saving network traffic with wireshark.
The exercise is conducted on PCI.
1.
Starting
wireshark:
On LAB1, start wireshark by typing
ROOT@LAB1% wireshark
&
or
select it from the icons on the bottom
of the screen.
2.
Starting
the traffic capture: Start the packet capture
by selecting Capture, Itnerfaces
from the top
menu. In the second window, click on the
Start button after eth0.
4. Generating
traffic: In a separate window
on LAB1,
execute a ping command to LAB3.
ROOT@LAB1%
ping -c 2 10.0.1.13
Observe the output in the wireshark main window.
Click
and highlight
a captured packet in the wireshark
window
and view the headers of the captured traffic.
5.
Stopping the
traffic capture:
Click Stop in the window
Ethernet Capture.
6.
Saving captured
traffic: Save the results of the captured traffic as a
plain text
file. This is done by selecting export in the File menu.
When a Export
window pops up, select the options and set a filename.
If you select Save in
the File menu,
the captured
data is saved in the format of a libpcap file.
This
format con be interpreted by both tcpdump
and
wireshark. Measurements
saved in libpcap format can
be analyzed at a later time.
However, libpcap files
are
not plain text files and are not useful for preparing your report.
Unless you have the tcpdump
and/or
wireshark tools
available on a system
outside of the lab, which allows you to view and save captured traffic
as text
at a later time, always save captured traffic in plain text Format.
Repeat
this process a second time. Restart the
traffic capture on eth0 and again issue
the ping command for LAB3. Save the
results
in a second file.
ROOT@LAB1%
ping -c 2 10.0.1.13
Lab
Report
Include the file with the
captured
data in your lab report. Save the details of the captured
traffic, using the Export window. Explain why you have
different number
of packets in the second capture than
you do in the first.
Describe
the
differences between the files saved by tcpdump
and by wireshark (in
this part).
Your file lab report should have a heading that includes your name, the date you conducted the lab exercise, the lab number, and the names of all individuals who worked on the lab with you. It should be written with an introduction, an explanation of what occurred for each step (including problems encountered) and results along with analysis if appropriate. A conclusion should sum up lessons learned and what things you would do differently if you were to do it again. Finally, make any suggestions that you would recommend for this lab in the future.