University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                                  Graduate Program in Telecommuni...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                             Graduate Program in Telecommunicatio...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
University of Pittsburgh: School of Information Sciences
                           Graduate Program in Telecommunications...
Upcoming SlideShare
Loading in …5
×

Network-Layer Protocols Lab: IP

826 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
826
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network-Layer Protocols Lab: IP

  1. 1. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking TELCOM 2000 Introduction to Telecommunications IP Network Layer Protocol Lab Manual version 1.0 Last edited September 23 2005 Student’s name: ____________________________________ Group Members: ____________________________________ ____________________________________ ____________________________________ ____________________________________ Date of the Experiment: ________________________ IP Network Layer Protocol Lab 1
  2. 2. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Part I: Objective The goal of this lab is to give students the opportunity to observe and analyze some of the fundamental aspects of the network layer as they are implemented in the Internet Protocol (IP). IP is a best-effort, connectionless network-layer protocol that is specified in RFC-791. In order to provide its basic connectionless service, IP provides addressing, routing and address resolution functions. Address resolution is provided by ARP (Address Resolution Protocol), which is an integral part of all IP implementations. Students will use a protocol analyzer to observe and explain: • How ARP binds IP addresses to hardware (MAC) addresses. • How domain names are resolved into IP addresses. • How IP routes packets when the target address is on a remote network. • The insecure issue of IP networks. Students will use the DOS-based LANdecoder/e protocol analyzer to capture and analyze IP traffic flowing between two Windows PCs. After logging into one Windows PC, students will ping another Windows PC attached to the local subnetwork while capturing filtered network traffic using the DOS-based analyzer. Students will observe and record the results of the initial ping and will then repeat the procedure, noting and understanding any differences in what they observe. Next, students will be asked to analyze what happens when they ping a host located on a remote network. In the last part of the lab, students will experience the basic security issue of IP networks by observing packets when they telnet to a host. Ping is an application that utilizes Internet Control Message Protocol (ICMP) echo request and echo reply packets to test the reachability of IP hosts on an Internet. ICMP is a connectionless protocol specified in RFC-792. ICMP packets are encapsulated and routed by IP. Hosts not responding to ICMP echo requests may either be unreachable, configured not to respond to echo requests, or protected by a firewall that shields it from echo requests. IP Network Layer Protocol Lab 2
  3. 3. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Telnet is an application that opens up a communication channel to a remote host. Telnet is a connection-oriented protocol specified in RFC-854. A telnet packet is a simple and plaintext formatted packet. Part II: Equipment List Sign-up sheets will be posted on the bulletin board outside the Tele Lab. This lab works better for small groups. Please be prompt and be sure to show up during your selected time slot. • Estimated time to complete the lab: 1 hour • This lab uses a DOS PC and two Windows PCs. The DOS PC is called Foxglove and is used to run Landecoder/e protocol analysis software. The Windows PCs are called Cuckoo and Albatros. Starting LANdecoder and Setting Up the Capture Filters: Protocol analyzers can capture packets on a network regardless of to whom they are addressed. On a LAN, this is accomplished by putting the LAN adapter into promiscuous mode in which it copies every frame into its receive buffers. A significant number of frames may be transmitted on a busy LAN. Depending upon the quality of the device and load on the LAN, it is likely to drop some of these frames. Analysis can be difficult when all traffic is captured. Therefore, if you know something about the traffic you want to analyze, e.g. hardware address, protocol, etc., it is helpful to ignore unwanted frames. A protocol analyzer has the ability to filter out unwanted traffic both before capturing and after capturing. When we know the address of the PC we want to monitor, it makes sense to filter the traffic by hardware address and capture only the frames that we wish to see. Therefore, before we capture the IP traffic, we will pre-set the LANdecoder/e protocol analyzer to filter out unwanted traffic. • Reboot Foxglove. Start the LANdecoder/e software by: IP Network Layer Protocol Lab 3
  4. 4. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking First Menu: select 2100: Kermit..HDLC..Lan..Ftp and hit <CR> Second menu: select 2100: Ethernet Analyzer • To select the pre-configured filters on LANdecoder/e, highlight Capture Filters and press Enter. The setting should be: Broadcast, Cuckoo <-> Any Station • Highlight Capture Traffic but wait to press the Enter key until you are ready to actually start capturing traffic. This keeps the capture buffer from getting too full before you capture what you are really interested in. • Log in to Cuckoo with the following username and password: Username: gsa Password: tele831 • Reboot Cuckoo to clear ARP cache: • When Cuckoo finishes boot up procedure, login again as specified above: IP Network Layer Protocol Lab 4
  5. 5. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Part III: Lab Procedures Part 3.1: Pinging a Host on the Same Subnetwork: Overview: In this part of the lab, you will use an IP client PC (Cuckoo) to ping a host (Albatros) attached to the local subnet. As part of the procedure, you will observe the contents of the client PC’s ARP cache and you will decode and analyze the network traffic that was captured by a protocol analyzer during the procedure. With the protocol analyzer capturing network traffic, you will use the IP client PC (Cuckoo) to ping another host (Albatros) on the same subnet as the client PC. If the host is found and is in operation, you will see the message: “reply from the xxx.xxx.xxx.xxx: byte=32 time<10ms TTL=225” on the client PC. You should also see that the protocol analyzer has captured a number of packets. You will then check the status of the client PC’s ARP cache. • Click start -> run, input “command”. • To observe the current state of the ARP table: Type: arp –a on the command window The contents of the ARP cache will be displayed. Enter this data in Table 1-A. The list may be very short or may show ARP broadcasts for other computers on the same subnetwork that are elsewhere in the same room. • Press the Enter key after selecting Capture Traffic on Foxglove • Ping Albatros by typing the following at Cuckoo in the command window: IP Network Layer Protocol Lab 5
  6. 6. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Ping albatros.tele.pitt.edu • Look at the ARP cache on Cuckoo now by typing: arp -a • Write in Table 1-A what is now shown in the ARP cache. Table 1-A: Ping an On-Campus Host: Albatros Before Ping After Ping Entry # IP Address Hardware Address IP Address Hardware Address Example 136.142.117.49 00:60:08:33:EB:D4 1 2 3 4 On the LANdecoder/e, you will now decode the captured frames. • Press the Escape key to stop the capturing. • Highlight Decode Frames and press the Enter key. You should see a summary of all the frames that LANdecoder/e has captured. You will see the frame type at the top of the screen. Record the frame type in the rightmost column of Table 1-B, ignoring all the ATalkBdcast packets shown on either the source or destination column. • Highlight the frame you want to see by using the up or down arrow keys. • Press the Enter key to decode the selected frame. • In the center window, scroll back and forward to see the hardware Ethernet and IP addresses. Write the data in Table 1-B. To save so much writing, you may write the hostname (cuckoo, Albatros, DNS server, or 117 Router) rather than the 12 Hex digits. Pressing the Tab key while decoding will advance to the next frame. Pressing the Shift IP Network Layer Protocol Lab 6
  7. 7. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking key and the Tab key at the same time will go backward one frame. You can press F8 key to scroll through the protocol layer stack of the captured packets/frames. Table 1-B Results of Decoded Ping Frame Hardware Address IP Address Frame Number Destination Source Destination Source Type Examples 08:00:2B:39:C3:1C 00:60:08:33:EB:D4 136.142.117.12 136.142.117.49 DNS.Req 1 2 3 4 5 6 7 8 9 10 11 12 Legend ARP.req = ARP Request Frame ARP.reply = ARP Reply Frame DNS.req = Domain Name Server Request DNS.reply = Domain Name Server Reply ICMP_echo.req = ICMP Echo Request ICMP_echo.reply = ICMP Echo Reply IP Network Layer Protocol Lab 7
  8. 8. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Referencing the frames in Table 1-B, explain the purpose that each frame serves and indicate what new information is learned from that frame. ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ____________________________________________________________ IP Network Layer Protocol Lab 8
  9. 9. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Part 3.2: Pinging a Network Host on a Remote Network Overview: In this part of the lab, you will use the client PC (Cuckoo) to ping a network host on a remote network. As part of the procedure, you will observe the contents of the client PC’s ARP cache and you will decode and analyze the network traffic that was captured by the protocol analyzer during the procedure. The network host will be sent an ICMP Echo Request using ping so that you may observe and understand the operation of ARP and how IP performs routing to reach remote networks. • Look at the ARP cache on Cuckoo. Write this data in Table 2-A. • Ping any host outside of Pitt’s network (anything that does not have pitt in the address such as mail.psu.edu). • Look at the ARP cache on Cuckoo again. Write this data in Table 2-A. • Clear the capture buffer in the LANdecoder and start capturing again. • Ping the same remote host that you just pinged so that the frames can be captured. • Decode the frames and write the data in Table 2-B. Table 2-A: Results of ARP –A Before Ping After Ping Entry # IP Address Hardware Address IP Address Hardware Address Example 136.142.117.49 00:60:08:33:EB:D4 1 2 3 4 IP Network Layer Protocol Lab 9
  10. 10. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Table 2-B. Results of Decoded Ping Frame Hardware Address IP Address Frame Number Destination Source Destination Source Type Examples 08:00:2B:39:C3:1C 00:60:08:33:EB:D4 136.142.117.12 136.142.117.49 DNS.Req 1 2 3 4 5 6 7 8 9 10 11 12 Legend ARP.req = ARP Request Frame ARP.reply = ARP Reply Frame DNS.req = Domain Name Server Request DNS.reply = Domain Name Server Reply ICMP_echo.req = ICMP Echo Request ICMP_echo.reply = ICMP Echo Reply Referencing the frames in Table 2-B, explain the purpose that each frame serves and indicate what new information is learned from that frame. ______________________________________________________________________________ ______________________________________________________________________________ IP Network Layer Protocol Lab 10
  11. 11. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________________________________________________________________________ ______________ IP Network Layer Protocol Lab 11
  12. 12. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Part 3.3: Telnet to a Network Host on a Local Network Overview: In this part of the lab, you will use an IP client PC (Cuckoo) to telnet to a network host (Albatros) on the local network. As part of the procedure, you will observe the contents of the client PC’s ARP cache and decode and analyze the network traffic that was captured by the protocol analyzer during the procedure. By filtering the captured packet, you should be able to observe your login name and password displayed in plain text. • Clear the capture buffer in the LANdecoder and start capturing again. • At the command prompt on Cuckoo, type: telnet albatros.tele.pitt.edu • For the username, use gsa. The password is tele831. • Stop capturing on the LANdecoder and decode the frames. Take a close look at what information is passed between the two machines during the telnet session and answer the following questions. When you have finished the lab, log out of Cuckoo. IP Network Layer Protocol Lab 12
  13. 13. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Part IV: Questions 1. Briefly explain the basic operation of ARP and DNS. 2. Explain what you observed the first time that you pinged Albatros. What kind of packets did you see? Who sent and received them? 3. How many Hardware / MAC addresses may one NIC have? Is that Hardware / MAC address unique, or may it be used on another piece of hardware elsewhere? Is it possible for one MAC Address to have more than one IP Address assigned to it? In the lab, when a network host on a remote network (outside of Pitt) was pinged, would the IP address contained within the ICMP Echo Request frame have changed or would it have continually stayed the same throughout its trip? If the IP address would have changed, explain how so and why. IP Network Layer Protocol Lab 13
  14. 14. University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking 4. After looking at the decoded packets of the telnet session, what potential security issue did you see? IP Network Layer Protocol Lab 14

×