Modern snoop lab lite version



Similar documents
Introduction to Network Security Lab 1 - Wireshark

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Lab VI Capturing and monitoring the network traffic

Own your LAN with Arp Poison Routing

BASIC ANALYSIS OF TCP/IP NETWORKS

Lab Conducting a Network Capture with Wireshark

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

Computer Networks I Laboratory Exercise 1

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

MFPConnect Monitoring. Monitoring with IPCheck Server Monitor. Integration Manual Version Edition 1

PREFACE iss.01 -

MiraCosta College now offers two ways to access your student virtual desktop.

Introduction to Analyzer and the ARP protocol

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

Installation Guide For Choic Enterprise Edition

Apple Mac VPN Service Setting up Remote Desktop

Packet Sniffing with Wireshark and Tcpdump

Computer Networking LAB 2 HTTP

For paid computer support call

Pre-lab and In-class Laboratory Exercise 10 (L10)

EKT 332/4 COMPUTER NETWORK

6.0. Getting Started Guide

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Ethereal: Getting Started

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

Life of a Packet CS 640,

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Guideline for setting up a functional VPN

Accessing vlabs using the VMware Horizon View Client for OSX

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

Configuring your network settings to use Google Public DNS

Computer Networks/DV2 Lab

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Technical Support Information Belkin internal use only

Lab 1: Packet Sniffing and Wireshark

1. LAB SNIFFING LAB ID: 10

Internet Filtering Appliance. User s Guide VERSION 1.2

Hallpass Instructions for Connecting to Mac with a Mac

HKBN Wi-Fi Service User Guide

Savvius Insight Initial Configuration

CS197U: A Hands on Introduction to Unix

Hands-on MESH Network Exercise Workbook

Manual Data Configuration

NETWORK SET UP GUIDE FOR

Configuration Manual English version

Network Configuration Settings

Wireshark Lab: Assignment 1w (Optional)

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

How to connect to the University of Exeter VPN service

Communications and Networking

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

STATIC IP SET UP GUIDE VERIZON 7500 WIRELESS ROUTER/MODEM

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

architecture: what the pieces are and how they fit together names and addresses: what's your name and number?

Quick Reference Guide: Business Mail

Configuration Guide. BES12 Cloud

Wireshark Quick-Start Guide. Instructions on Using the Wireshark Packet Analyzer

FLIR M-Series and NavNet TZtouch

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas

Mac OS VPN Set Up Guide

Dynamic DNS How-To Guide

AutoDownload: SQL Server and Network Trouble Shooting

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with Oracle Application Server 10g

Network Probe User Guide

Initial Setup of Mozilla Thunderbird with IMAP for OS X Lion

F-SECURE MESSAGING SECURITY GATEWAY

Multi-Homing Dual WAN Firewall Router

Using Remote Web Workplace Version 1.01

DNS Resolving using nslookup

Lab 1: Create a Personal Homepage

603: Enhancing mobile device experience with NetScaler MobileStream Hands-on Lab Exercise Guide

enicq 5 System Administrator s Guide

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15

Instructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app

Chapter 6 Virtual Private Networking Using SSL Connections

TCP/IP Networking An Example

Pentagon Message Exchange Setup Guide: All Devices

Configuring your client to connect to your Exchange mailbox

Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

Cisco Cable DVB/DAVIC Management Program

Using Avaya Aura Messaging Web Access

If you have questions or find errors in the guide, please, contact us under the following address:

Step by step guide for connecting PC to wired LAN at dormitories of University of Pardubice

Citrix Client Install Instructions

Actiontec GT784WN Router

Locate the My Computer icon, found either on the Start menu or the desktop

freesshd SFTP Server on Windows

How to Remotely View Security Cameras Using the Internet

User guide. Business

Weston Public Schools Virtual Desktop Access Instructions

1 You will need the following items to get started:

Wireshark Tutorial INTRODUCTION

Transcription:

Modern snoop lab lite version Lab assignment in Computer Networking OpenIPLab Department of Information Technology, Uppsala University Overview This is a lab constructed as part of the OpenIPLab project. Administration Student Name: Email: Personal number: Student Name: Email: Personal number: Agreement We have independently worked on the following assignment solution. Sign: Sign: 1

General Course instance (e.g. Datakom DV1): Date: Note to the lab assistant Comments from the lab assistant Grade: Sign: 2

1 About the lab You will only get access to the lab machines during your booked session, so make sure you get all data you need to answer the questions. You can only perform this lab on the lab machines. Objectives Understanding of network layers (e.g. TCP, IP, MAC) Understanding the role of services offered by each layer Gain deeper insight into web transactions using HTTP, and the resulting network traffic Practicing network tools and command usage Reading instructions CDK: 4.4, 9.2.3, 3.4.1-3.4.3, 3.5.1 3.4.6 Theoretical and practical questions There are a number of questions marked with a star (*) which do not require you to use your computer. I.e., these questions can be done after the lab. Please save the theoretical questions until the end of the lab in order to get all the data you need to finish the lab. 2 Lab description General In this lab you will use a network monitoring program ("sniffer") to listen to all packets that are sent on the wire that your machine s network card is connected to. It can be seen as a wire tapper, which all packet go through. Due to the network setup (switched network) you will only see packets to and from your computer + broadcast packets. That is, you can t easily eavesdrop your neighbours traffic in this kind of network by sniffing from your computer s network card. The sniffer program, Ethereal, contains a graphical interface which allows the user to see the captured packets in a systematic and structured way. The packets are seen in the order they were captured, and the program automatically parses and presents them in a tree-view based of the headers in the packet. This makes it easier for the user to quickly get an overview of the packets that are captured. However, it is important to realize that the packets that are captured are really just a chunk of bytes (as presented in the bottom window), and that Ethereal is just a tool for presenting the data. 3

Figure 1: The network setup Startup Login to the machine using the graphical login program. Enter the username lab and the password lab. Start a web browser, such as Mozilla (available in the toolbar as a big red star icon). Switch to a different virtual desktop by clicking on the upper toolbar, which contains four (grey) desktops. Press the Ethereal icon (the red apple) (or sudo ethereal in a terminal window) to start the network monitoring program. Notice your IP address for the tap3xx interface using the ifconfig command in a terminal window (the icon with a screen and a footprint). You will get an IP address of the format 10.x.1.1 where x is your team number. You will need this team number in the lab. 4

Figure 2: Ethereal screen dump Your team number: Stage 1 - Packet examination Introduction In Ethereal: use Menu bar Capture, select interface tap3xx, select Start and press the OK button. Now the program will listen to all packets that are sent to/from your computer. Make sure you select the correct interface! Go back to the web browser and go to http://www your teamnumber.openiplab.net/ (e.g. http://www2.openiplab.net). You will see a new page appear in your web browser. Wait approximately 20 seconds to capture all packets, before performing next step. Switch back to Ethereal, and press the Stop button, to stop collecting data. Now the upper table is filled with data. Each row of the table corresponds to a packet. To see more detailed information about each packet, mark the 5

row and look at the middle window. You can press the rows with a plus (+) sign to expand a category, to see more detailed information. When marking a row in the middle window, you will see the corresponding HEX dump in the bottom window. NOTE: the part of the packet called frame is not real data, but information on when the the packet was captured, packet size etc. Assignment Visit the web page at http://www your teamnumber.openiplab.net/lab1/ (e.g. http://www2.openiplab.net/lab1/). You will see a page with two links. Now start ethereal. Capture data for the first page with Ethereal. You should use the data from Ethereal to answer these questions: 1. (a) Which transport protocol is used for web traffic? (b) In which field of the IP header do you see it? (c) Which value (number) identifies this transport protocol? 6

2. (a) Which application protocol is used for web traffic? (b) Your computer receives an TCP/IP packet. How does it decide which application should handle the packet? E.g. to choose whether your web server or mail server should handle the packet? 3. Why are there so many packets (other than those that contains HTTP data) sent to/from your computer when clicking on a link? Identify the other packets. Why is it important to wait 20 seconds before ending the capture, as you did and recently carefully read in the introduction? 4. (*) Draw a picture of a complete HTTP packet (including all headers, like the IP header, etc.) and mark where the different headers and the data are located. Do not draw individual fields in the headers. Draw the packet as a rectangular box. 7

5. Restart the capturing then visit a page with pictures, more specifically, http://www your teamnumber.openiplab.net/lab1/volvo.html. Study how the browser gets the objects from the webserver. Explain in terms of HTTP objects, TCP connections and Persistent or non-persistent HTTP connections how the transfer of the pictures is done. Discuss this with your teaching assistant if you don t discover this by yourself. Note: To answer this question you must study all the packets in great detail. 6. When you click on a link in the browser you request a webpage. As you have seen in the previous questions a lot of network traffic is needed to transfer that page. Now you should calculate how much of the traffic is the actual webpage, or in other words how much is the overall overhead to tranfser the page. Request /lab1/overhead.html then do your calculation. Consider all packet types and packets both to and from your machine. The total packet size can be found in in the middle window of Ethereal, by expanding the Frame x (where x is a number). The payload is considered to be the HTML code that is sent to the client (To get the size of the HTML code you need to look inside the packet). Present your calculations and give an answer in percentage (%) 8

Stage 2 - Address resolution at different layers You will be visiting the link http://www your teamnumber.openiplab.net/search which is a minimalistic google site (http://www.google.com/). Search for pages with cars using the search word "cars". You will get a hit list of three entries. Pick the one you like most and click on it. The URL will be shown in the field at top of the web browser. Assignment 1. Where is the page located? Answer with the host name (Fully Qualified Domain Name). (Hint: use information from the URL) 2. Use DNS (Domain Name System) to resolve the IP address of the host. Try the host command in a terminal window. What is the IP adress? 3. (a) Which transport protocol is used for DNS? (b) Which protocol number has this transport protocol? (c) (*) Why do you think this protocol has been chosen? 4. Capture the packets while retrieving the web page of your choice (inside the openiplab.net domain). Look at the "Destination Address" field in the Ethernet frame of a packet sent from your machine. Try the arp -n command in a terminal window, to see the ARP (Address Resolution Protocol) cache. (HWaddress == MAC address) 9

(a) Which IP address does the MAC address resolve to? (Ignore the 192.168.0.x addresses.) (b) Look at the IP header of the packet, especially the field destination. Why do the destination address in the Ethernet II frame (which you resolved to an IP address in (a)) and the IP header differ? 5. From question 4 you will see that the packet is not sent directly to the destination. You can confirm this by running traceroute www your teamnumber.openiplab.net, which prints the route to the host. (a) How does the sender decide whether to send a packet directly or not? (Hint: route command) (b) (*) Why is routing/ip forwarding an important concept? Explain and give an example where routing/ip forwarding is necessary. 10

Stage 3 - The big picture In this step you will capture packets at the server. The server is located on 192.168.0.140 Login to 192.168.0.140 with SSH with ssh -l teamxx 192.168.0.140 in a terminal window, using the username teamxx and the password teamxx. (Replace XX with your teamnumber!) Answer yes to the question SSH prompts you with. Start Ethereal with sudo ethereal and capture data here using interface tap2xx. Important! Before accessing a web page, delete the ARP entry (if any) on your client machine for your default gateway (10.your teamnumber.1.30), e.g. sudo arp -d 10.your teamnumber.1.30. Assignment 1. Capture data at both 192.168.0.140 and your client, while accessing a web page. Compare the data from both computers. For simplicity, choose one packet (e.g. the first HTTP packet) and compare the same packet on both computers. How do they differ? 2. Compare the packets that are captured now with the packets you captured (and analyzed in stage 1, question 3). Are there any new kinds of packets appearing? What are their purposes? 11

If not, read the introduction in stage 3 and conduct those steps again, before trying to repeat the capture. 3 The report You should answer all of the questions above. Also make sure that you covered all subquestions. You may write in English or in Swedish. Hand in this printed out lab with your answers filled (in a legible style) to the lab assistant s pigeonhole. This should be done before the date announced at the lab page for your course instance. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information