Due Date: Feb 25, 2011
Before starting,
In Lab 2, you will explore what happens when things are configured wrong.
The setup for this lab is identical to the first one• Four Linux PCs, which are labeled as PC1, PC2, PC3, and PC4. The PCs have the Linux operating system installed. Each Linux PC has two Ethernet network interface cards (NICs) installed, which are labeled em1 and p1p1.
An Ethernet hub with at least four ports.
A monitor, a keyboard, a mouse, and a KVM (keyboard-video-mouse) switch. The KVM switch connects the keyboard, monitor, and mouse to the four Linux PCs. The KVM switch gives you control over all four Linux PCs from one keyboard, one monitor, and one mouse, but you can access only one computer at a time.’
Ethernet cables. Note that there are two kinds: straight-through Ethernet cables and crossover Ethernet cables. In Lab 2, only straight-through Ethernet cables are used.
Before you get started, one at a time, reboot each of the PCs to be sure that the network settings are refreshed by typing the reboot command at the root prompt. Don’t switch the KVM switch while a Linux PC is rebooting, otherwise the keyboard and mouse will not work properly. After you reboot the Linux PCs, you are to configure the IP addresses of the computers as shown in Table below. The IP addresses listed in the table are associated with the Ethernet card of the Linux PC, which is labeled em1. In this lab, the second Ethernet card of the Linux PCs, labeled p1p1, is not used.
To do many of these commands, you need to be root. To do this enter the command
netlab@Lab1% su -
Note: It is important to have the dash after the su command in order to take on the root environment.
When prompted, enter the password for root ( also netlab)
Configure the IP addresses, using the ip command according to the table below.
To set the IP address of an interface em1 to 10.0.1.11 with a net mask of 255.255.255.0, enter the following command:
Netlab@LAB1%/sbin/ip addr add 10.0.1.11/24 dev em1
Set the IP address for each of the 4 devices, according to the table.
IP addresses for the Linux PCs as shown in Table 1.1.
Linux PC
| Linux PC | IP Addresses of Ethernet Interface em1 |
| Netlab1 | 10.0.1.11/24 |
| Netlab2 | 10.0.1.12/24 |
| Netlab3 | 10.0.1.13/24 |
| Netlab4 | 10.0.1.14/24 |
1. On PC1, start wireshark
2. Setting a capture filter: You can create and use capture filters to only capture some of the traffic over a network.
a. To create a new filter, Click on "Capture", "Capture Filters." On the left pane, you will click on the button marked "new." In the properties pane below, you will see two entries, a filter name, and a filter string. You can name a filter with whatever name you wish. Filter strings need to follow certain conventions. You can find ideas at http://wiki.wireshark.org/CaptureFilters
Valid filter strings would include:
i. host 172.18.5.4 to capture only traffic to and from IP address 172.18.5.4
ii. tcp port 23 and host 10.0.0.5 to capture telnet traffic to and from host 10.0.0.5
iii. tcp port 23 and not src host 10.0.0.5 to capture telnet traffic that doesn't start from 10.0.0.5
b. To select a capture filter (and another way to create one is to select "Capture", "Interfaces" and then select "Options" after the interface that you wish to use for capturing packets. In the window that pops up, you can select "Capture Filter" and either select a filter previously created or create a new one at this time. There are many more options for filtering. It is possible for instance to capture only ARP packets or to exclude arp packets, etc.
3. Set a capture filter so that all packets that contain the IP address of PC2 are recorded.
4. Start the capture by clicking on the Start button at the bottom of the window
5. In another terminal window of PC1, issue a ping command to PC2 to send 4 ping packets.
6. Switch to PC4 and start a ssh session to PC3 (by IP address) (In a terminal window type ssh 10.0.1.13)
7. Close the session by typing exit at the SSH prompt and then open an ssh session to PC2. Do an ls command to list the files in the directory and then close the session.
8. Stop the capture process on PC1 and save your data in text format.
Lab Report: Did the capture successfully filter out all of traffic from PC 4 to PC3? Did it capture the traffic to and from PC2? Explain what in the data leads you to your conclusion.
Leave all the cables connected to the PC but replace the hub with the switch in the equipment box.
1. On PC1, start wireshark
2. In a terminal window in PC 1, ping PC 2, 3 and 4 to confirm connectivity.
3. In a terminal window in PC2, ping PC1, 3, 4.
4. Stop the capture. Did wireshark capture all of the pings? Describe the results of the capture and explain.
1. Replace the switch with the hub.
2. Start a new capture on PC1. Do not set any capture filters!
3. From a terminal window in PC3, start a sftp session to PC 4. Log in as root and do an ls command.
4. Exit from sftp and start an SSH session instead, again performing an ls command.
5. Exit from the SSH session and then start an SSH session to PC2.
6. Exit the SSH session.
7. On PC1, stop the capture.
8. Look at the first few packets of the SSH session and the first few packets of the sftp session.
9. Set a display filter of ip.addr == 10.0.1.12. Save the results in a file named Exercise 3.9.
10. Change the display filter to ip.src == 10.0.1.12. What differences do you find when you change these filters?
11. Change the filter to be SSH and ip.addr == 10.0.1.12. Explain how this is different from what you found from step 9.
1. On PC1, start a capture session that will only capture ARP packets.
2. Ping all the machines from PC1.
3. In the capture window, look at some of the ARP packets in detail. Determine the MAC address of each of the machines and complete the table.
4. In a terminal window, view the ARP cache with the command arp -a.
5. Delete all the entries with the arp -d option (See man arp if needed).
6. Issue a ping command from PC1 to PC2 that sends 2 packets.
7. In the capture window, look at some of the ARP packets in detail. What are the different values of the Type field of the Ethernet header?
8. Issue another ping command from PC1 to PC2.
9. Using a watch or clock with a second hand, every 30 seconds or so, issue an arp -a on PC1. Estimate how long the cache entries are saved before being deleted.
In your lab report, explain the answers that you obtained for the questions in the exercise.
| Linux PC | IP Addresses of em1 | Mac Address |
| Netlab1 | 10.0.1.11/24 | |
| Netlab2 | 10.0.1.12/24 | |
| Netlab3 | 10.0.1.13/24 | |
| Netlab4 | 10.0.1.14/24 |
1. Start a capture session on PC1 that will capture only those packets that contain the PC1 IP address in the source or destination.
2. Try to establish a ssh session from PC1 to the address 10.0.1.55. Observe the time interval and frequency with which PC1 transmits ARP requests. Repeat a number of times.
3. Save the captured data
Lab Report: Using the captured data, describe the time interval between ARP requests. Use your data to support your answer.
1. Change the IP address of PC4 to be 10.0.1.11 (Duplicating the address of PC1!)
2. Delete all the entries in the ARP cache on all 4 machines.
3. Run wireshark on PC3 and capture the network traffic to and from IP address 10.0.1.11
4. From PC3, star a ssh session to the duplicate IP address 10.0.1.11 and log in as root.
5. Issue the command hostname to determine which host you are connected ( you could confirm by looking at the MAC address)
6. Stop the traffic capture
7. Save all the ARP packets and the first few TCP packets captured. Also save the arp cache of PC3 using the arp -a command.
8. When you are done, reset the IP address of PC4 to 10.0.1.14
Lab Report: Explain why the ssh session was established to one of the hosts with the duplicate address and not the other. Use the arp cache and captured packets to support your explanation
Then set up the interfaces on the four machines as shown in the table below. Note that the network masks for the hosts are different!
| Linux PC | IP Addresses of Ethernet Interface em1 |
| Netlab1 | 10.0.1.100/24 |
| Netlab2 | 10.0.1.101/28 |
| Netlab3 | 10.0.1.120/24 |
| Netlab4 | 10.0.1.121/28 |
Run wireshark on PC1 and capture the packets from the following ping commands:
From PC1:
ping -c 1 10.0.1.120
ping -c 1 10.0.1.101
ping -c 1 10.0.1.121
From PC4
ping -c 1 10.0.1.100
From PC2
ping -c 1 10.0.1.121
ping -c 1 10.1.1.120
Save the wireshark output to a text file. Use your ping results and output data to explain what happened in each of the ping commands. Which ping operations were successful and which were unsuccessful? Why?
Your file lab report should have a heading that includes your name, the date you conducted the lab exercise, the lab number, and the names of all individuals who worked on the lab with you. It should be written with an introduction, an explanation of what occurred for each step (including problems encountered) and results along with analysis if appropriate. A conclusion should sum up lessons learned and what things you would do differently if you were to do it again. Finally, make any suggestions that you would recommend for this lab in the future. Do not prints reams of data! Cut and paste enough data to support your analysis.