270 likes | 456 Views
Project 4. 2. TABLE OF CONTENTS. Project OverviewReport FormatEnvironment and ToolsUnderstanding WindumpUnderstanding EtherealUnderstanding ARPUnderstanding NetstatUnderstanding ipconfigCapturing Network Traffic . Project 4. 3. Project Overview. The purpose of this Project is to become fami
E N D
1. Project 4 1 Computer NetworksCS 280 Project 4
Understanding Protocols
Fall, 2003
2. Project 4 2 TABLE OF CONTENTS Project Overview
Report Format
Environment and Tools
Understanding Windump
Understanding Ethereal
Understanding ARP
Understanding Netstat
Understanding ipconfig
Capturing Network Traffic
3. Project 4 3 Project Overview The purpose of this Project is to become familiar with a number of tools that can be used for probing what’s happening at the Transport, Network, and Link Level of your machine.
This consists of trying various commands to understand the configuration of your machine. It also includes using tools to watch and understand packets traveling across the network.
Have fun.
Schedule:
November 13 - Project Kickoff
December 4 - Project turned in
December 4 - Lab exam on this material
4. Project 4 4 Report Format Throughput this project, you will be asked to answer questions and document your results.
Each section should answer the questions specified.
Each section should contain the output from the tool (windump or ethereal)
Rules about this output:
The output should demonstrate what the questions are asking for.
This output may vary in size – try to give me enough output to satisfy this demonstration, but not so much that it goes on and on – the right strategy is to specify an output that’s relatively large, and then edit out the portions before and after the points of interest.
Do NOT edit out the data in the range that you’re demonstrating.
Highlight/Emphasize/what you want me to see in your outputs – don’t assume that I know where to look (in addition, your highlights let me see that you know where to look yourself.)
Please hand me a PAPER copy on or before the due date.
5. Project 4 5 Environment and Tools Some of the simple tools you will use include
ARP Netstat Ipconfig ping ftp telnet ssh
You can read about these for your system as described later.
There are two sniffing tools you will use.
Windump is available from http://windump.polito.it
Install it on your machine.
A manual describing its behavior is at:
http://babbage.clarku.edu/~jbreecher/docs/ethereal_user_guide.pdf
Ethereal can be downloaded from http://www.ethereal.com/
Install it on your machine.
A manual describing its behavior is at:
http://babbage.clarku.edu/~jbreecher/docs/WinDump_Manual.htm
There are two major thing you’ll want to understand about these sniffing tools:
How to use filters – how to capture only the information of interest to you.
How to read the outputs.
6. Project 4 6 Environment and Tools It’s assumed in these commands that you are running on a Windows machine. You may well have a LINUX installation and everything we’re doing here will work just fine.
The arguments used on the various commands will be different for Windows and Linux; even though the lab has been written with Windows in mind, it should be easy to run on your LINUX machine.
This lab is NOT doable on the machines in the lab. This is because Windump and Ethereal both require special privileges. The tools allow you to snoop what is happening on the network and as such you are denied from using them in the lab.
7. Project 4 7 Environment and Tools Throughout this lab we refer to a number of IP addresses and host names. Here’s an explanation of those addresses you’ll be needing.
Your own address: The address of your host machine.
Local Network Address: The address of a machine on your local network, such that no travel through a router is required. You’ll find this machine by watching Ethereal and determining the local traffic.
Remote Network Address: The IP address of a host NOT on your local network. Using this from your room, yahoo.com would be a good example.
A Non-Existent Address: An IP address that you can’t get to. Using this address, non of the ARP or Naming Services give successful results. An address like 10.0.1.xx meets this need.
Note that the destination e-net address ff:ff:ff:ff:ff:ff is a broadcast. All nodes on your local network will accept this address. Used by ARP.
Black.clarku.edu is a good telnet target.
8. Project 4 8 Understanding Windump Exercise 1. Simple windump capture of ping
Use windump to observe the network traffic that is generated by issuing ping commands.
1. Start windump so that it monitors all packets that contain the IP address of the target PC, by typing
windump –n host <local-network-address> >win.out
2. Open a new window and execute
ping –c 1 10.0.1.12
3. Observe the output of windump. Save the output to a file.
Note: you may need to use the –l option of windump.
Note: It may be necessary to hit Ctrl-c to terminate the windump session.
Lab Report:
Include the saved output in your lab report. Explain the meaning of each field in the captured data.
9. Project 4 9 Understanding Windump Exercise 2. Another Simple windump capture of ping
1. On your PC, start capturing packets using the windump -n command.
2. Issue a ping to the non-existing IP address 10.0.1.xx:
ping –c 1 10.0.1.xx
3. Issue a ping to the broadcast address 10.0.1.255 using the command:
ping –c 2 –b 10.0.1.255
4. Save the outputs of ping and windump to a file.
Lab Report
Include the saved output in your lab report and interpret the results.
How many of the nodes on your network responded to the broadcast ping?
10. Project 4 10 Understanding ethereal Ethereal is a network protocol analyzer with a graphical user interface. Using ethereal, you can interactively capture and examine network traffic, view summaries and get detailed information for each packet. In Section 3 of the Introduction we provide more details on the use of ethereal.
Running ethereal
This exercise walks you through the steps of capturing and saving network traffic with
ethereal.
1. Starting ethereal: On your PC, start ethereal by typing ethereal
This displays the ethereal main window on your desktop as shown in the figure on the next slide
2. Selecting the capture options: Use the instructions in the next text slide to set the options of ethereal in preparation for capturing traffic. Use the same options in other labs, whenever ethereal is started.
11. Project 4 11 Understanding ethereal