EE984 Laboratory Experiment 2: Protocol Analysis



Similar documents
Introduction to Analyzer and the ARP protocol

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab

Technical Support Information Belkin internal use only

Objectives of Lecture. Network Architecture. Protocols. Contents

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Module 1: Reviewing the Suite of TCP/IP Protocols

TCP/IP Network Essentials. Linux System Administration and IP Services

Internet Protocols. Addressing & Services. Updated:

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF

Wireshark Tutorial INTRODUCTION

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Chapter 3: Review of Important Networking Concepts. Magda El Zarki Dept. of CS UC Irvine

Network Security TCP/IP Refresher

RARP: Reverse Address Resolution Protocol

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

Introduction to Network Security Lab 1 - Wireshark

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

UPPER LAYER SWITCHING

Networking Test 4 Study Guide

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

Project 2: Firewall Design (Phase I)

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

PART OF THE PICTURE: The TCP/IP Communications Architecture

Fundamentals of UNIX Lab Networking Commands (Estimated time: 45 min.)

A PPENDIX L TCP/IP and OSI

BASIC ANALYSIS OF TCP/IP NETWORKS

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Homework 3 TCP/IP Network Monitoring and Management

Overview of TCP/IP. TCP/IP and Internet

Firewall Implementation

Communications and Computer Networks

Troubleshooting Tools

Chapter 9. IP Secure

Lecture 15. IP address space managed by Internet Assigned Numbers Authority (IANA)

Transport and Network Layer

Solution of Exercise Sheet 5

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Note! The problem set consists of two parts: Part I: The problem specifications pages Part II: The answer pages

Attack Lab: Attacks on TCP/IP Protocols

Computer Networks - Xarxes de Computadors

Network Traffic Analysis

Protocol Data Units and Encapsulation

A Heterogeneous Internetworking Model with Enhanced Management and Security Functions

Ethernet. Ethernet. Network Devices

Lecture Computer Networks

VLAN for DekTec Network Adapters

COMPUTER NETWORK TECHNOLOGY (300)

Guideline for setting up a functional VPN

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

NETWORK LAYER/INTERNET PROTOCOLS

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)

CSE 3461 / 5461: Computer Networking & Internet Technologies

LAB THREE STATIC ROUTING

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

CHAPTER 3 STATIC ROUTING

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

Lecture 8. IP Fundamentals

TCP/IP Networking An Example

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Unix System Administration

Multi-Homing Dual WAN Firewall Router

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Linux Network Security

Packet Sniffing with Wireshark and Tcpdump

Network layer: Overview. Network layer functions IP Routing and forwarding

Subnetting,Supernetting, VLSM & CIDR

CSET 4750 Computer Networks and Data Communications (4 semester credit hours) CSET Required IT Required

SFWR 4C03: Computer Networks & Computer Security Jan 3-7, Lecturer: Kartik Krishnan Lecture 1-3

IP Subnetting and Addressing

Network Security In Linux: Scanning and Hacking

DO NOT REPLICATE. Analyze IP. Given a Windows Server 2003 computer, you will use Network Monitor to view and analyze all the fields of IP.

Introduction To Computer Networking

Lab Developing ACLs to Implement Firewall Rule Sets

Innominate mguard Version 6

EXPLORER. TFT Filter CONFIGURATION

IP Addressing. IP Addresses. Introductory material.

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

Lab VI Capturing and monitoring the network traffic

The internetworking solution of the Internet. Single networks. The Internet approach to internetworking. Protocol stacks in the Internet

Internetworking and IP Address

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)

Network Security: Workshop

This chapter describes how to set up and manage VPN service in Mac OS X Server.

TOE2-IP FTP Server Demo Reference Design Manual Rev1.0 9-Jan-15

Tcpdump Lab: Wired Network Traffic Sniffing

How To Design A Layered Network In A Computer Network

Linux Routers and Community Networks

Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004

Laboratory work 4. Application of Windows OS Built-in Networks Diagnostic Tools

Transcription:

EE984 Laboratory Experiment 2: Protocol Analysis Abstract This experiment provides an introduction to protocols used in computer communications. The equipment used comprises of four PCs connected via a single hub to an Ethernet. Together with software protocol analysers, these facilities will enable you to gain an insight into protocol operations, and allow you to examine the effect of changing parameters within these protocols. The protocols to be examined will be at the MAC, Network and Transport layers of the Open Systems Interconnection (OSI) model - in particular TCP/IP protocols. Table of Content 1. Network Environment in the Networks Lab... 2 2. Tasks and Objectives... 2 3. Experimental Features... 3 3.1. Experimental Set-up... 3 3.2. tcpdump: network monitoring software... 3 3.3. traffic: traffic generating software... 4 3.4. listener: verifies the traffic generator operation... 4 3.5. ftp: creates TCP/IP packets within the sub-net... 5 3.6. Parsing program... 5 4. A simple introduction to a packet and headers... 5 5. Experimental Procedure... 8 6. Method of Assessment... 9 References... 9 1

1. Network Environment in the Networks Lab The MSc Network Laboratory is located in the ESE PC Laboratory on level 4, (room 4SB.5.1). A number of experimental networks may be found in the laboratory (esenet[1-5],esenet[6-10] and esenet[11-14], where only the first four machines should be used in the case of the first two networks). Each experimental computer network consists of four PCs running the Linux operating system, connected to a single hub. The network is physically connected to but logically isolated from the main campus network for security reasons by employing a firewall. The firewall will still permit the user to access home directories and perform ftp transactions, but prohibits campus-wide operations such as password changes. Use the logon username and password given at the start of the laboratory session to access the workstations. On the machine you have normal access to familiar programs but in addition superuser privileges for monitoring traffic flowing on this local network using tcpdump. Access to all other workstations on the campus network is prohibited except to mount home directories and perform ftp operations. 2. Tasks and Objectives It is essential to do some background reading on the technical aspects of the network. To understand the experiment you must understand how Ethernet (CSMA/CD bus network) and TCP/IP work, in particular, the structure of the Ethernet frame, IP datagram and TCP segment. Please refer to the references if current course notes are insufficient. Using the network monitoring software (tcpdump) capture the statistics associated with a data transfer from one machine to another. Then write a piece of code to parse (filter) the data returned by the network monitor and decode and identify the various aspects of the packet. The code may be implemented using Java, C, C++ or even a high level scripting language such as TCL or csh and awk. Once the session is completed, analyse TCP/IP fields of all the frames captured to gain a clear undestanding of the protocol operations during the session. Record in your report some captured data and give a detailed explanation of the exchange of the TCP control segments. Your understanding of the conversation between the two workstations at a TCP level is crucial to the final outcome of your report. The experimental set-up is provided with a piece of software which generates traffic within the sub network. The above procedure should be repeated both with and without the synthetically generated traffic to investigate the effects on the TCP packets. Final reports should include discussion on the decoding of the frame, the encapsulation of the packet, and the effects of traffic levels on the packet. The discussion should be reinforced by use of examples. 2

3. Experimental Features 3.1. Experimental Set-up Features of the experiment are as follows: 4 PCs running LINUX; ESENET[1-5], ESENET[6-10], ESENET[11-14] a single hub to which each block of four machines are connected. a firewall for security purposes. superuser priveleges for tcpdump network monitoring software. a UDP traffic generator program (called traffic ). a listen program ( listener ) which verifies the traffic generator operation. a program such as ftp to generate the TCP/IP packets to be monitored a program written by you to parse the output data from tcpdump Figure 1: Experiment Overview Figure 1 shows the experimental overview. Which machine runs which piece of software is an arbitrary decision. In the set-up shown ESENET1 is running tcpdump, which is monitoring traffic from a campus machine to ESENET4. ESENT2 is running the traffic software that is sending UDP packets to ESENT3. ESENT3 is monitoring the UDP traffic it is receiving from ESENT2. 3.2. tcpdump: network monitoring software tcpdump is a powerful network monitoring facility that allows you to capture the headers of packets on a network interface. In addition, tcpdump provides various options for protocol analysis. 3

tcpdump [ -adeflnnopqstvx ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ] The man page for tcpdump should be consulted for a full description of the facility. Read the man page carefully and try out various options until you are confident in its use. As an example: tcpdump -x dst host eses25 and src host esenet4 outputs the hexadecimal (-x) TCP/IP packet headers for communications from esenet4 (dst host) to eses25 (src host) (but not back!). Additionally using the -e option will also print out the MAC level header including the Ethernet address. 3.3. traffic: traffic generating software traffic generates UDP packets and sends them to a specified destination. The software simulates a network under high traffic load. The software is invoked using the command line arguments: traffic [hostipaddress] [packetsize] [hostname] A typical command line would be traffic 155.245.32.49 50000 esenet11 which loads the mini network by about 1Mbit/s, sending the traffic to the host esenet11 with the IP address 155.245.32.49. 3.4. listener: verifies the traffic generator operation Invoked by typing simply listen provides an indication of the number and size of UDP packets being received per second, the program must be run on the machine to which the traffic generator is sending the UDP packets to function. Your group will be supplied with traffic and listen on a floppy disk. Copy these files to the floppy disk in a Linux shell using Dos commands with the prefix m (or use the linux commands if you are familiar with them). For example mcopy a:\traffic 4

To run the program you may need to refer to it as./traffic (i.e., traffic is in the current directory) and also change the permissions on it:- chmod 777./traffic 3.5. ftp: creates TCP/IP packets within the sub-net Use sftp (secure ftp) to get a reasonably large file from a campus account and monitor the connection between the selected ESENET machine and campus machine by using the appropriate command line invocation of tcpdump. Sftp needs to be used because the laboratory is behind the firewall. By using sftp to connect to any valid campus machine (e.g. UNIX1) and supplying your username and password you will access your files. 3.6. Parsing program A parser is a program, which filters specific data items from a larger collection of data, some of the information is therefore not required for display. This program is absent from the set of features provided for the experiment and must be written by you. 4. A simple introduction to a packet and headers Suppose you want to send a registered letter to your friend in London. The following actions happen: Layer 3. You write the letter, put it in a stamped addressed envelope, and then take it to a post office. Layer 2. A clerk deals with the registration details and stamps a code on the envelope. Layer 1. The letter is transported from the source to the destination using the address. Layer 2. A postman takes note of the registration details and passes the letter to your friend. Layer 3. Your friend opens the envelope and reads the letter. The same kinds of operation happen when computers exchange information with one another. The required information is packaged, encoded and passed through various layers before it is sent to another computer. In each layer some control information is added to the original message. The control information and the original message are then passed on to the neighbouring layer where it is treated as a single piece of data for transmission. 5

The control information added at each layer is based on a protocol, or in other words a set of rules. They identify the source and destination, the sequence number of the message, what to do with the message when received, whether to acknowledge it, and so on. In order to transmit one message, there is actually a 'conversation' between the computers, which goes through several phases like establishing the link, transferring the message, reliability control (error checking) and eventually terminating the conversation. Figure 2 shows the headers, which are present in the experiment. TCP header information is used to fragment and guarantee delivery and in order reconstruction of packets. This `rides on top' of basic internet protocol (IP) which offers no guarantee of delivery. Below this is the link level header, which deals with addressing within the campus Ethernet LAN. If you understand the protocol, have the means to capture packets and the ability to decode the packets captured, you can eavesdrop and understand a conversation between computers. In default mode tcpdump only allows the header to be observed. Figure 2: Packet Header 6

A typical output from tcpdump which is monitoring traffic between esenet4 and eses25 (and eses25 and esenet4, where eses25 is a host in other of the networks) is shown below, the example was for a remote login from esenet4 to eses25. The link level header can be output by using the tcpdump -e option. The region shown in bold is the Ethernet addresses of the two machines produced using the command line: tcpdump -x -e host eses25 and host esenet4 04:22:55.151486 0:80:c8:90:5f:b4 8:0:69:b:2f:f7 ip 67: esenet4.1023 > voice.login: P 3378538272:3378538273(1) ack 1222859677 win 32120 <nop,nop,timestamp 44429479 859195 to (DF) [tos 0x10] 4510 0035 9a01 4000 4006 f081 9bf5 a483 9bf5 d3c1 03ff 0201 c960 6720 48e3 5b9d 8018 7d78 f874 0000 0101 080a 02a5 f0a7 000d 1c3b 66 The non hexadecimal region (second line) says that tcp port 1023 on esenet4 sent a packet to a login port on voice. The P indicates the PUSH flag is set, the packet sequence number was 3378538272 and one byte was sent. The notation is `first:last(nbytes)' which means `sequence numbers first up to but not including last which is nbytes bytes of user data'. There was a piggyback acknowledgement. The available receive window is 32120 bytes. Please man tcpdump for a more complete explanation. The hexadecimal region: 4510 0035 9a01 4000 4006 f081 9bf5 a483 9bf5 d3c1 03ff 0201 c960 6720 48e3 5b9d 8018 7d78 f874 0000 0101 080a 02a5 f0a7 000d 1c3b 66 This example can be broken down as follows, starting from the top left start ip header hex 4 is the version (4 dec). hex 5 is the header length (5 dec) in 32 bit words). 7

hex 10 is the type of service (16 dec) i.e.reliability/speed. hex 0035 is the total length (53 dec). hex 9a01 is the identification as to which datagram the packet belongs. hex 4000 describes how to fragment the datagram. hex 40 is the time to live (64 dec). hex 06 is the protocol. hex f081 is the header checksum. hex 9b f5 a4 83 is the source address (155 245 164 131) esenet4 hex 9b f5 d3 c1 is the destination (155 245 211 193) voice end ip header verify for yourself the following from the textural part of the tcpdump output start TCP header hex 03ff is the esenet4 port number (dec 1023) hex c960 6720 is the sequence number (dec 3378538167) hex 48e3 58e7 is the piggyback acknowledgement (dec 1222858983) hex 8018, 8 is the tcp header length 018 is the flag field hex 7d78 is the available receive window (dec 32120) the rest are optional fields. 5. Experimental Procedure Become familiar with tcpdump and run it on one of the four machines in the experimental sub-net. Monitor traffic from one of the free ESENET machines to a campus machine and also the return path from the campus machine back to the ESENET machine using the correct expression primitive (see man pages). Once invoked tcpdump should return `monitoring eth0', until TCP traffic becomes present. To make traffic on the link, FTP another machine from CAMPUS and transfer a data file (any file will do). The machine running tcpdump, which is monitoring the link should then display a number of packet headers of the format shown in section 5. Once this is verified, examine and discuss the findings. Now repeat the experiment, but this time redirect the output to a file for later examination. Section 4 gave a brief explanation of the meanings of the hex output seen from tcpdump. Write a program that takes the tcpdump output (that you redirected to a file) and automatically sorts such things as source address, packet size, TTL etc. The specific 8

operation of the program is left to you the designer, but could for example use the following syntax: parse tcpdump_output.text [-t TTL_stamp packetsize] [-s source_address] etc.. to output for example: 64 1024 155 245 211 193 64 1012 155 245 211 193 64 2048 155 245 211 193... Once this has successfully been accomplished, the traffic program discussed in section 4.3 should be run on one of the two remaining free machines and the UDP packets should be directed towards the remaining idle machine. The tcpdump output should again be parsed but this time in the presence of the generated traffic. With your knowledge of CSMA/CD which parameters in the header would you expect to change and why? Is this verified by the experimental data? Would you expect to observe packet loss in the congested experimental network? 6. Method of Assessment Assignment only. The report will be graded according to the following breakdown. 20% parser program 50% demonstration of an understanding of the protocols 30% report presentation The report should be limited in size to a maximum of 20 pages, excluding appendices, which may be used to present code etc. The report should be submitted by Friday of Week 16 (Spring Term) at the latest. References [1] Computer Networks, 3rd edition, A Tanenbaum, (Prentice Hall) pp. 276-282, 412-424 and 521-542. [2] Data and Computer Communication, 4th edition, W Stallings, (Macmillan) pp. 368-376, 450-462, 513-515 and 578-587. 9

[3] Data Communications Computer Networks and Open Systems, 4th edition, F Halsall, (Addison-Wesley) pp. 271-292, 494-504, and 641-656. [4] Internetworking with TCP/IP, Vol. 1, D E Comer, (Prentice-Hall International). An expert book on TCP/IP and its popular underlying network, Ethernet. [5] You can also easily find relevant tutorial materials on Ethernet (CSMA/CD) and TCP/IP on the Internet Dr. J.C. Woods, October 2000. Updated 2002 by Dr S. Monaghan; Updated 2003 by Dr K. Yang 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information