3. 699434/CMPRPATI
Introduction
A proposed graphical network diagram with comparative network topology;
Tree and star were designed as possibly alternatives for site 1 design of the
city wide network. Analysis of physical media and network components has
been incorporated to justify decisions.
IP addressing for the main four sites is assigned to the diagram and
investigating TCP and UDP protocols to be applied when implementing
network applications. Finalise with summarising.
Findings
A full working design was created for the commercial company and
demonstrates all for sites across the city built and provision of connectivity
between the sites and includes connection to the internet. In more detail site
1 has been developed to include 5 departments; Human Resources, Finance,
Technical Support, Sales and Marketing.
Collision Domain
The collision domain is part of the network where data packets are sent using
Ethernet or Fast Ethernet devices and connected by hubs or repeaters which
can collide and cause loss of packets. One device/node has the ability to
transmit within the collision domain. The hub is contained in the physical layer
and is unable to recognize Ethernet frame or protocols.
When devices / nodes share an Ethernet / fast Ethernet local area network
using CSMA/CD (Carrier Sense Multi Access / Collision Detection) rules in
relation to the same collision domain means that when a collision happens, all
who are on the network will be affected and suffer losing data packets i.e.
emails.
3
4. 699434/CMPRPATI
It is easier to not use hubs instead implement multi-switches which act as a
bridge can fully understand the Ethernet frame or protocols. In this instance
data packets will be forwarded and received to the correct port on the specific
multi-switch. Using the multi-switch allows for the designed network to splits
into multiple collision domains and less complicated when expanding because
it avoids any restrictions placed on the network.
Broadcast Domain
A broadcast domain is different to the collision domain it is processed by a
multi-switch and data packets are sent out to every port. The switch is a single
broadcast domain. All devices / nodes connected would receive a broadcast
message generated by any of the devices connected to the network using the
multi-switch. Consideration of 3 to 4 multi-switches which will be connected
across the city would cause unneeded problems.
Using VPN it would be better to implement individual single ports. Allowing all
traffic to be separated and configuration of specified numbers associated to
each device / node. This means traffic generated in site 1 can only be
forwarded within site 1. No crosses traffic to other sites is permitted. This is
why IP addresses across the sub network will be different for traffic to
recognise devices / nodes.
The router is the border control to stop broadcasts moving around the whole
network. Traffic will require being received to other sites. Using the router on
the VPN will be able to recognise specific sub network and will find the correct
pathway to another sub network and send the data packets to the correct
device / node.
The difference between collision domain and broadcast domain are the
switches and routers. When designing the network this will make it simpler to
recognise will is to developed for data packets to communicated across the
4
5. 699434/CMPRPATI
city wide network. The collision is more possible as is lessens the potential for
packets colliding.
Whereas broadcast domains are to locate and define where broadcasts are
being sent to. It is possible to use combination and the graphical design in
Figure 3 illustrates this point because both routers and multi-switches have
been realised.
Physical Media
A wireless connection is to be installed to run alongside the VPN network.
There may be some elements requiring CAT5 or CAT6 for an Ethernet
connection, as a back-up system in each site. Making this more of a full proof
way to ensure datagram’s are transmitted throughout the network and no
down time occurs to any of the sites or sun networks if connectivity issues
arise.
The Remote access VPN will connect users remotely via an enterprise
network. Workstations and all other devices will connect using an access
circuit; cabling, DSL or wirelesses to the ISP (internet service provider) for
example BT or Virgin but depends on cost to install.
Using a client-model for the company (Figure 3) software applications
installed onto the workstations will have a built-in encrypted tunnel from all
sites running to the ISP using the Internet Security Protocol (IPSec), with
Layer 2 Tunnelling Protocol, or use point to point Tunnelling Protocol(PPTP).
Authentication will be required on the network for all users to login because it
will be a protected network which runs in conjunction with the ISP and
internet. During implementation an encrypted tunnel will be built connecting
the sites VPN router or concentrator.
5
6. 699434/CMPRPATI
There are many servers which could be installed such as TACAS or RADIUS
authentic all users on the remote network. Allowing all employees,
management and partners to gain specific rights and differing levels of access
to the company network; for example a partner would have a higher grade
access than that of a receptionist for security and information assurance.
On completion remote users will then be authenticated onto the local
Windows domain Server, UNIX server or other mainframe hosts which are
available on search of the internet for costing and dependant on requirement
of the client. These hosts will have their own network account which can be
added to the VPN with simple login details.
Disadvantage’s to this mainly comes down to security ISP is less secured but
cost wise is more advantageous for company requirements. A client initiated
frame is better due to encryption and tunnel from which it is built from the ISP
side to the company VPN router or VPN concentrator. The tunnel itself will be
built using L2TP (Layer 2 Tunnel Protocol) or L2F (Layer 2 Forwarding)
Extranet
This type of VPN connects the departments within the company network;
operated by building a secure VPN connection from the department’s router to
the company VPN router or concentrator. Tunnelling in this instance uses
more specific tunnelling protocol which is functionally dependant on if there is
a router or remote dial-up connection.
There are options for a router connected extranet VPN which are classified as
IPSec or the Generic Routing Encapsulation (GRE). The dial-up connection
for extranet will also use and utilise L2TP or L2F.
Intranet
6
7. 699434/CMPRPATI
Similar to the extranet VPN, the intranet VPN is a separate network and
connects all offices within the company using the secure network and same
processes of IPSec and GRE due to the tunnelling protocols. A front screen
on workstations allows all users on the network to connect anywhere within
the company, with use of the good old login and password.
There are three elements to IPSec better known as 3DES encryption, the IKE
Key exchange authentication and MD5 route authentication, by providing
authentication, authorisation and most importantly confidentiality.
Network Topology
The network topology is the logical layout for non-commercial / home /
business / education/ scientific / military / government system using
connected devices. Designing a network requires planning and understanding
of how devices communicate and are connected on a local area network
(LAN) and a wide area network (WAN). There are different types of topology;
Bus, Ring, Mesh, Star and Tree.
The company will be using a star topology for the VPN. This can be created
by using hosts remotely which connects through a VPN concentrator (or
better known as the central point). VPN concentrator will create the secure
tunnel to the individual hosts.
For example, if the reception communications to the researchers, data sent
from reception will pass through the VPN and on the researcher host. The
concentrator is able to maintain and support multiple connections. A tunnel is
found and secured to each of the chosen remote hosts.
Figure 1: Tree Topology Figure 2: Star Topology
7
8. 699434/CMPRPATI
There is only one real problem with using the star topology if both
workstations are in close proximity they still need to use the central point to
transfer information. Figure 2 clearly shows the configuration is centralised.
This leads to maintenance carried singularly and minimises the effort or
requirement of an IT technician. With this ease it also incorporates single
point control, access and finance.
If the central point is turned off or broken, means a back-up system or a
second central point would be best kept in the server rooms to minimise down
time for the business. Also, if there is failure on individual ports the network
will keep running due to single port failure. Power of processing of the
concentrator for new connections is sectioned. There is no communication
between hosts due to the central point.
The tree topology shown in Figure 1 is a configuration of both the bus and star
and the most applied type of network for set-up and implementation and
connects all different star networks together. In this scenario the switch is
device connecting the LAN to WAN. Variant of a Tree is the Hybrid topology
8
9. 699434/CMPRPATI
and can hold varying physical structures and connected using a single back
bone channel.
The star topology is more simplified and each device uses a point-to-point link
to the central controller named “Hub-PT”, this acts as the interchange point for
packets to exchange across the network. Traffic is minimal because it is non-
direct to all devices, transmission happen only through the hub itself. A device
is able to send data to one or more devices by passing it through the hub and
relay the data to specified devices on the network.
Strengths of the tree it is quick and simply to and more devices such as
another hub. The network can be separated for isolation purposes and priority
communications are allowed between different devices. There is also no
queuing for any data packets which are time sensitive. Weaknesses mean
distance of signal is increased. Cabling increases cost and if a hub is faulty all
connections are lost due to network being down.
Network Components
The VPN infrastructure will require the following network components to be
installed across the whole network:
• 30 Laptops X 4.
• 2 Printers X 4.
• 1 Router X 4.
• 1 Multi-Switch X 4h.
• 1 Server X 4.
• 1 Linksys (Remote access point for clients and use of classless IP
addresses).
• Workstations; 33-Sales, 40-Finance, 38-Human Resources, 26-
Technical Support and 40-Marketing X 4
9
10. 699434/CMPRPATI
Inclusion of multi-switches, routers, and servers will be considered in the
implementation of the solution. An ISP provider would also need to research
for the best deal for example BT Business Hub. Perhaps, the ISP could
provide cost effective advantage by adding Hosting, Domain Name and
Emailing service.
Applications
VPN can hold many applications on its network. The need to be tied to a desk
is also long gone with advancements in technologies, software and devices
the possibilities are endless but in other ways. Technology can be too far
advanced and not be able to cope with its supported applications.
For example, Windows 8, Microsoft was amazed with its own innovation that it
forgot about its users and how it would be applied. They had to go back to the
drawing board and reconfigure it which is why 8.1 versions were released.
Users wanted and missed the original features of windows such as the tool
bar. Business and internet needs have automatically changed with these
advancements.
Including the laptop is not a primary device which would now be how users
would connect to the internet and be on the move. The smart phone and
tablets are the new in thing and are fully integrated into society.
Users are completely tuned in and consume internet data through these new
devices due to the marvellous innovation of technologies. It is on this point
that businesses should be concerned with private and public privacy, online
security, and protection using WI-FI hotspots. It is essential that a VPN is
applied when in these places or even at work.
VPN Apps
10
11. 699434/CMPRPATI
Microsoft does hold the market where these apps are concerned. Blackberry
did try and take over the market but the public didn’t take to it and is still trying
to break in Microsoft’s share. There are other competitors who have managed
to Apple with the Idevice hardware operating IOS software and Google with its
Android software.
IOS Apps
It’s true the VPN space has only been supportive towards IOS and Android
which is more of the clear champion than Apple; Apple not allowing the
OpenVPN on any IOS device which is their downfall. They believe that PPTP
and L2PT protocols are enough to support IOS. Apple soon changed this and
gave permission for OpenVPN connect to be used and allowing connection to
an OpenVPN server with use of standard OpenVPN CA certificates.
Android Apps
The play store uses the OpenVPN which permits any OpenVPN service to be
configured on Android devices. In return VPN providers now release Android
apps for their support of the network. Free Android VPN apps are available
(1).
Other Apps
There are many VPN apps ready available on the internet. One of these is the
Speedtest.net app and can run on the IOS and Android. It checks
performance and can be downloaded direct to any device such as a phone or
tablet.
Scalability
The company is growing to a point where advancements of working form one
office is no longer a valid solution for the business. All employees,
11
12. 699434/CMPRPATI
management, partners require a secure way to access resources on the
network via both onsite and offsite locations.
A dial-up remote access server would not meet the requirements of the
business. Adding modems to a network to cope with capacity and even
mounting financial costs is an issue to which the solution does not require.
The best way forward is to implement the VPN, it allows for the business to
grow without the requirement of taking out the existing network or perhaps
remodelling. This is why scalability is important to look at and make it cost-
effective and scalable from the start.
Installation of devices
Hardware and software devices connected to the network are demonstrated
on the concept diagram Figure 3; Specifics are as listed below:
Workstations
All workstations will be connected and assigned IP addresses specific to area.
All employees will be given their own login and password names which gives
a feeling freedom and owning their specific stations whilst working and space.
Printers
Two printers will be connected and shared accordingly in site 1. Due to the
volume of employees and workload, there is more need to manage
documentation. At present it is a smaller undeveloped site which does have
potential for expansion and could possibly include more printers later on.
12
13. 699434/CMPRPATI
The VPN does allow the system to connect and work in the same way
seamlessly even if not in the same location as it. Known as printer sharing,
including wireless connection communication can happen. Allowing users to
print documents on machines located across town or country.
This is carried out by using the built-in printer sharer software. This operation
can work on any VPN, regardless of commercialism or using a free web
application. Naming is essential, and clicking the right criteria is needed.
Sending clients personal data to a different office is not a good idea and
waste of resources.
Laptops
Introduction of laptops to departments will allow for them to work away from
the office but still be connected to the network on a remote access
connection. However, this may not be required with free WIFI the connection
may not be necessary.
Multi -Switches
The choice to use Switch VPN application gives unique algorithms which are
a preventive measure against hackers and sniffers. They are compatible for
using with Windows, Mac, Linux, IOS Android, and DD-WRT routers.
Operating and by creating a virtual router which performs IP routing between
multi virtual hubs on the VPN server. This allows for layer 3 between Virtual
hubs sections via operating out the IP routing which would be in accordance
with the Administrator.
Servers
13
14. 699434/CMPRPATI
Servers can be added to the VPN and will also feature which allow solicitors
to use a login server and as router server for the network. Installation and
activation will be applied by Windows VPN. This is carried out before users
can log into the network from a VPN session. A VPN session is established
via the internet, allowing users to log onto the office network from anywhere –
home or away.
Firewalls
The firewall uses packet filtering to give permission or non-permission for
traffic flow. This can be applied through specific types of network traffic. The
IP packet filtering system allows for precise what traffic is to transport through
the firewall. It is essential for filtering traffic via connecting to private intranets
and onto the internet and vice versa.
Looking at VPN and Firewalls, analysis shows there are two methods for
applying both the VPN and firewall together (2):
• VPN already has a connection to the internet and the firewall is in the
middle of the server and intranet, acting like a doorway requiring
permissions to pass through.
• The firewall is interconnected to the internet and VPN server, the VPN
server is in between the firewall and intranet.
Cloud
VPN permits access to be extended to be able to access from remote
locations. Using a Gladinet Cloud server for example, any device can be
added and used securely with the need to use the VPN. Allowing employees
to become more productive and focused on the job in hand than trying access
IPSec/VPN.
14
15. 699434/CMPRPATI
BT Business Hub
This hub is designed to operate with a whole range of VNP solutions. The
main reason why it would be best suited to the Solicitors solution. It is well
known brand and takes into consideration line rental, broadband and domain
hosting.
In more detail it allows for (3):
• Outbound VPN client Connections
• Inbound connections to local VPN server
VPN Server & Appliance
The Windows Server and Windows Server 2003 have built in VPN server
function. Using software firewalls. For example, Microsoft ISA Server, Check
Point and Symantec Enterprise Firewall do include built in VPN gateway
function.
There are other variations which act as alternatives to the normal solution
which are dedicated VPN appliance or VPN contractors and can be found on
the internet - Cisco, Shiva, Citrix, AEP Networks, Evidian (TrustWay).The
provision of a gateway and operations are given by firewall appliances which
are Cisco, SonicWall, WatchGuard, Netscreen, Nokia (based on Check
Point).
Website
The company would be better to pay for a web hosting company, to create a
front end website for its business. Allowing site 1 to be the Host Identity
15
16. 699434/CMPRPATI
Protocol; permits the IP network to recognise the business by giving it a
generated Domain Name. All that would be required is to configure the
workstations. There is support for varying machines and devices which
include iPads, Android, Windows and Macs.
Benefits include being able to access sites such as Facebook, Twitter and
Flickr. Not only is this access to streaming and watching BBC iPlayer also
attainable. Installation would only take minutes but with a larger network
perhaps a little longer with checking that all configuration settings are correct
before going live.
Email
The best way to set up a pop Email on a VPN server would be to use a
Microsoft server which offers a routing and remote access application on its
software. It has a VPN service that would enable a private encrypted
connection whilst using the internet. Allowing the server to also host the
terminal; using a DSL as the high speed service provider which would require
the email. The easiest way would be to configure the POP and then the server
could use both.
Which to choose from?
Use of turn-key appliances does make installation easier and to deploy it.
Limitations do exist with how many connections can be supported. Leading to
the fact of dealing with upgrading of software is harder when extra users are
required on the network. Adding hardware to cope with the eventuality is the
quickest option but may not by the best.
Running a VPN server on a normal network operating system with a standard
server, more RAM can be added, the processor upgraded and the network
16
17. 699434/CMPRPATI
interface cards to change. Innovating and upgrading the hardware will add
increased capabilities without requirement of buying new devices.
Performance & Fault Management
Requirements for a fast visible network service with inclusion of planning are
necessary. Finding faults and detecting issues is a major part of the
management system. Include full handling of network management and
equipment. This is important to enable and differentiate form other companies
by offering a high value service to customers and clients.
Leveraging network based applications ensures the endless capabilities and
pre integrate software to be compatible and give a full and final solution to
scalability with minimal fuss and financial constraints.
Throughput deals with how much traffic is transferred from one location to
another within a selected time. Using to measure the performance of hard
drives and the RAM; including the internet and the connections the network
uses.
Network Manager
This a software program which is to help understand and make it easier to
use the computer network on operating systems such a Windows or Linux –
based systems. There are two components of the utility:
1. Network Manager itself – the software manages all connections and
sends reports about network changes.
2. The user interface changes dependent on what is being used. For
example, Shell, KDE Plasma Workspaces and Cinnamon.
Mobile broadband configuration is in development and older versions were
first developed in April 2008. This allowed for mobiles to also be configured in
a more relatively easy process. It basically is a set of tools which make
17
18. 699434/CMPRPATI
networking straight forward. Whether this be through the WI-FI, Ethernet,
bond, and bridge, 3G or Bluetooth..
Integration of applications gives power and flexibility to the network manager.
It provides facilities for other apps such as browsers, client emails, or system
services making its user aware of its status i.e. online or offline.
Line Utilisation
Ensuring the line is utilised to its full capacity would be to look at the full line
utilization and CPU utilization. An application called MTRG is the Multi Router
Traffic Grapher. This is a tool which can monitor the traffic load on the links. It
is free under the GNU terms (General Public License).
It can generate a HTML page displaying images that provide a live visual
representation of the company’s traffic. However, there is another way to look
how the network is being utilized is by logging onto the router and use “show
interface serial x” command, which allows to look at the interface load.
User Response Times
Using a remote user with a VPN client can bring up some issues of lost
connection from the main office or opening documents takes a long to open.
Attaching laptops to the domain also can cause disruption due to trafficking. It
is essential that there are enough logon caches to support the growing VPN
solution.
If at any time the VPN becomes fragmented it could cause some really
problematic errors which could take time solve, which means the network will
be slow but once everything is resolved runtime should be back to normal.
Getting users to ping the buffer size which with Microsoft is around 1500 but
situations require 1400 drop to avoid problems arising when connecting via
ISP and the network.
18
19. 699434/CMPRPATI
Configuration of network
The configuration of the network will be using a VPN. The Virtual Private
Network allows for an installation of a secure network around 1000 devices –
workstations, printers, servers, switches and possible inclusion of laptops by
creating a physical network.
The VPN will be built on top of the existing network infrastructure, using a
simple level which will have the requirement of the L2TP to binding VPN data
packets into datagram’s and then using IPSec to encrypt the data packets.
VPN means a virtual way of connecting a network as it does not require
additional physical devices. Private access is gained to the network,
controlled and its traffic is encrypted. Clients can then connect to the available
network service.
The company is best suited to this solution they will be provided with access
to LAN (Local Area Network) resources to remote users being connected to
entrusted public networks which configure a VPN Gateway.
Gateway will control access to all resources on the company’s private
network. Management will be given remote access that can then connect to
the VPN gateway using a public interface or website once it has been
authenticated, partners will be able to access private resources not seen by
the other users on the network.
Ensuring all traffic in between the workstations and company network will be
encrypted and could possible include a special client-side server which is a
part of the VPN gateway package. There is room for configuration of a peer-
to-peer, this basically means clients are configured with sharing capabilities
via VPN configuration. This type of network can only exist when two or more
peers are running which will be a future development.
19
20. 699434/CMPRPATI
User Access
Creating a VPN between the networks will require an address group system
which will represent the local network and the address for remote network.
Creating an address object for each sides of the VPN and then add to the full
group.
It is essential that remote and local address groups are carried out and
maintained accordingly. SonicWall is a good piece of software which allows
this to happen. Otherwise an individual VPN tunnel may be required:
Local group = 142.212.182.0 - 255.255.255.0
Remote group = 142.212.182.9 - 255.255.255.0
Using the same peer public IP address means a separate tunnel for each
subnet would be required communicate accordingly. The initial VPN lan-lan
installation should permit a mask or default class b mask. There may be
space for a supernet mask or summarization mask.
Graphical Network Diagram
The final concept design for the companies VPN solution clearly
demonstrates how all 4 sites with sub networks and departments will be set-
up and implemented across the city. It is a good way to keep all data and
personal information safe whilst using a public network called WIFI with
remote access.
Figure 3: Company VNP network:
20
21. 699434/CMPRPATI
Time taken to design a full proof network and would fully function would take
around three weeks; with analysis of users, employees and proposed outline
of the perimeters of the implementation. Looking at the design it was decided
to colour code each department and give it a naming scheme to make it
easier to look back and reference where errors or maintenance work could
possibly be needed.
It clearly shows firewalls, internet connection and communication to and from
each office. Remote access for laptops, PDA’s and tablets. There is a
safeguard of firewalls within the routers but extra software is to be provided as
a secondary security measure. Due to the nature of the work all employees in
each department will be undertaking training, all work stations will require a
high-speed internet connection.
A levelling system will also be required looking at the aspect of different roles
and trust issues as respect of the office admin would have the same rights or
privacy policies as those of management.
For example, a simple way to deal with is would be to have different partial
drive areas:
(C :) = Human Resources and IT Drive Space
(P :) = Management Drive Space
21
22. 699434/CMPRPATI
(E :) All other employees Drive Space
Shared storage space will also allow all users to gain access to files and other
relevant information. Each staff member will have a personal account which
will allow them to login to any work station in both offices.
Address Allocation
An IP addressing system was assigned to the router; computer and or devices
(end system). Human errors were common and problems difficult to resolve
due to time and lack of realising where faults happen. Auto configuration is
mainly used but IP’s can still be manually designated and in this case the IP
addresses have been assigned manually to devices on the network.
Comparing to technologies in the 80’s; a telephone number was used as an
IP address and could identify the caller. This was defined as BOOTP
(Bootstrap Protocol) it is the first transmission control protocol / internet
protocol (TCP/IP) network configuration. It was invented to prevent requiring
to manually assigning IP addresses.
IP Address Design
Creation of the IP addressing table for the city-wide network over 4 sites,
including showing 4 subnets is demonstrated in Figure 4. 4,000 hosts were
equally divided across the 4 sites. In more detail of a further two tables are
included in Figure 5 and 6 showing implementation of IP addresses being
assigned to devices and named interfaces to correlate with the VPN design
network.
Remote access to the company site will allow for IP’s to be assigned to
devices and clients will be able to connect on and off the website application
22
23. 699434/CMPRPATI
by acquiring these IP addresses when using the company web page. Once a
client has finished, the IP will be reassigned to another device.
A classless IP address block was formed from the base IP address:
124.212.128.0 and calculated proof to support the evidence of the information
in tables are provided below:
• IP base address: 142.212.128.0
• Sub network: 255.255.0.0/16
• Address Class type: Class B (128.0.x.x) to (192.255.x.x), this is a
classful IP address.
• Network - sub networks = 4
• Variable Length Subnet Mask (VLSM) = 255/255/192/0.
Sub netting:
1. Classless Inter Domain Routing (CIDR) Prefix = 18.
2. Max hosts/subnet = 16382.
3. Max subnets = 65536.
4. Bits for sub netting = 2.
5. Bits for network = 16.
6. Bits for hosts in subnets = 14.
Two layers on network; Layer 1 will deal with the collision domain. If there are
for example 24 interfaces on the multi-switch then 24 collision domains will be
created. This will be if all interfaces are connected to the network. Layer 2 is
the broadcast domain and allows the multi-switch to be faster at transmitting
communications over the network using:
• Network ID = 142/212/0/0.
• Network Broadcast = 142/212/0/255.
Splitting the IP addresses was derived by the following calculation:
23
24. 699434/CMPRPATI
1. 4000 hosts / 4 sites = 1000 hosts for each site.
2. 1000 hosts were divided up by the amount of devices to be set-up:
• 30 Laptops.
• 2 Printers.
• 1 Router.
• 1 Multi-Switch.
• 1 Server.
• 1 Linksys (Remote access point for clients and use of classless IP
addresses).
• Workstations; 33-Sales, 40-Finance, 38-Human Resources, 26-
Technical Support and 40-Marketing.
In total 212 hosts assigned to the network. This was implemented as a failsafe
in case the internet connection was lost, the network could still function and
vice versa.
388 hosts are still available to be assigned when the company grows and
would like to expand; capability is preinstalled into the design for all sites to
become interchangeable.
Figure 4: IP Addressing Table
Network Sub network ID Host IP Range (Start – End Number)
1 142.212.0.0 142.212.0.1 - 142.212.63.254
2 142.212.64.0 142.212.64.1 - 142.212.127.254
3 142.212.128.0 142.212.128.1 - 142.212.191.254
4 142.212.192.0 142.212.192.1 - 142.212.255.254
24
25. 699434/CMPRPATI
An IP addressing table was devised to assign IP addresses to specific
devices and location on the network. Ensuring correctness and error free
handling of the VNP network and using a naming scheme – Figure 5,
allowed for all devices to be accounted for and IT technical support to resolve
issues with understanding where a problem may lay.
Figure 5: IP addressing sample table for Site 1, using network 3 with sub
network ID 142.212.128.0 from Figure 4:
IP Addressing Table
Site 1
Devic
e
Interface IP Address Depart Login Passwo
rd
Shar
e
Grou
p
Domai
n
Comp HR 142.212.128.
14
Human
Resourc
es
******* ******* 2 1 +
Comp FIN 142.212.128.
15
Finance ******* ******* 2 2 +
Comp TS 142.212.128.
16
Technica
l Support
******* ******* 2 3 +
Comp SAL 142.212.128.
17
Sales ******* ******* 2 4 +
Comp MARK 142.212.128.
18
Marketin
g
******* ******* 2 5 +
Print Printer1 142.212.128.
26
Printer ******* ******* 2 6 +
Print Printer1
a.
142.212.128.
27
Printer ******* ******* 2 6 +
Laptops
Lap HRtLap
1
142.212.128
.38
Human
Resource
******* ******** 2 1 +
25
26. 699434/CMPRPATI
s
Lap FINLap2 142.212.128
.39
Finance ******* ******** 2 2 +
Lap TSLap3 142.212.128
.40
Technical
Support
******* ******** 2 3 +
Lap SALLap
4
142.212.128
.41
Sales ******* ******** 2 4 +
Lap MARLap
5
142.212.128
.42
Marketing ******* ******** 2 5 +
The table will grow with more devices connected and IP addresses assigned
and level of security given to each employee. All connection devices are
listed in Figure 6. Pinpointing errors or faults on the network is reduced and
locating problems quicker because devices are matched to a specific network
site using the interface name and IP address.
Figure 6: The IP Address Table for the VPN design.
Device Interface IP Address Subnet Mask Default
Gateway
ISP/CLOUD WAN 136.212.128.
240
255.255.255.2
55
0.0.0.0
INTRANET LAN1 142.212.3.0 255.255.255.0 10.211.254.2
54
INTRANET LAN2 142.212.4.0 255.255.255.0 10.211.254.2
54
INTRANET LAN3 142.212.5.0 255.255.255.0 10.211.254.2
54
INTERNET LAN4 142.212.6.0 255.255.255.0 10.211.254.2
54
VPN HOST 142.54.0.1 255.255.255.0 10.211.254.2
54
ROUTER 1 FA 0/0 142.212.128. 255.255.255.0 10.211.254.2
26
28. 699434/CMPRPATI
TE4 0 54
ENCRYPTION 168-BIT 3-
DES
AUTHENTICATION HMAC-
MD5
The table details all devices required for the whole network to be installed
across the city. All unassigned IP addresses will be implemented in the
remote access addressing scheme to provide wider usage for customers and
employees connecting on devices outside of the LAN.
Wireshark Lab: IP
Investigation of the IP protocol was carried out with analysis of a trace IP
datagram which has been sent and received and answering questions to
show understanding from the IP Wireshark lab and illustrate using
screenshots:
Lab Activity 4 - IP
Figure 7 identifies ICMP Echo Requests or better known as PING which can
be traced to the client computer through intermediate routers.
Figure 7: ICMP Echo Request capture.
28
29. 699434/CMPRPATI
Activity 6.a - IP
1. Select the first ICMP Echo Request message sent in this trace, and expand
the Internet Protocol par of the packet in the packet details window. What is
the source IP address?
Answer – Using figure 7: the source of the IP address is 192.168.1.102.
2. Within the IP packet header, what is the value in the upper layer protocol
field?
Answer- The value in the upper layer protocol is ICMP (1).
3. Has this IP datagram been fragmented? Explain how you determined
whether or not the datagram has been fragmented.
Answer – The IP datagram not been fragmented. This is determined by the
more fragments bit = 0, meaning the data was not fragmented.
Activity 6.b - Fragmentation
1. Has that message been fragmented across more than one IP datagram?
Answer- The packet has been fragmented across more than one IP
datagram:
29
30. 699434/CMPRPATI
Figure 8: ICMP Echo Request packet size = 2000, first fragment
The first ICMP Echo Request message which was sent to the computer after
the Packet Size was changed in Wireshark to 2000 is shown in Figure 8.
2. Print out the first fragment of the fragmented IP datagram. What information
in the IP header indicates that the datagram has been fragmented? What
information in the IP header indicates whether this is the first fragment versus
a latter fragment? How long is this IP datagram?
Answer – The IP header indicates that the datagram has been fragmented
by looking at the flags bit is set which has been fragmented. Understanding
the first and second fragment is to look at the fragment which is offset at 0;
the first fragment is 0. The IP datagram is 1500 in total length and includes
the header.
30
31. 699434/CMPRPATI
Figure 9: ICMP Echo Request packet size = 2000, second fragment
3. Print out the second fragment of the fragmented IP datagram. What
information in the IP header indicates that this is not the first datagram?
Answer - The second fragment can be identified in Figure 9 by looking at
the IP header and the fragment offset has changed to 1480. There are more
fragments because the flag is not set.
Transport Layer Protocols
The transport layer is the host to host within the TCP/IP model. It is the
conversion point between the hardware layers, at the architectural centre and
above software orientated layers. Protocols functioning at the transport layer
are required to ensure services are working to run the software applications
above to run an internetwork.
They allow connections to be established and maintained between software
services on devices furthest away on the network. Acting like a bridge
31
32. 699434/CMPRPATI
between the higher layer applications to send data reliably without error
corrections, loss of data, flow management and the network layer protocols
(where unreliability occurs with no acknowledgement).
TCP (Transmission Control Protocol) – sustains high throughput and
consumes high-speed transfers over a wide distance. There is development
of Fast TCP which is a comparison to TCP and congestion control.
UDP (User Datagram Protocol) – this is similar to TCP and operates
over IP networks. There are fewer error recovery systems with UDP, relying
on a user resending datagram’s if they are lost. It is a more direct and quicker
way to send and receive data for broadcasts.
Wireshark Lab: TCP
Investigation of TCP was carried out with analysis of the behaviour in terms of
how they are sent and received by transferring a 150KB file named alice.txt.
Answering questions to show understanding of TCP Wireshark lab and
illustrate using screenshots:
Lab Activity 3 – TCP
Figure 6 is a screenshot displaying filtered packets using a TCP protocol.
32
33. 699434/CMPRPATI
Figure 6: TCP Protocol
Lab Activity 4.a
1. What is the IP address and TCP port number used by the client computer
(source) that is transferring the file to gaia.cs.umass.edu?
Answer – The IP address is 192.168.1.102 and TCP port number is 1161
used by the client computer when transferring the file to gaia.cs.umass.edu.
2. What is the IP address of gaia.cs.umass.edu? On what port number is it
sending and receiving TCP segments for this connection?
Answer – The IP address of gaia.cs.umass.edu is 128.119.245.12 and port
number 80 is used for the connection which indicates a web server.
Lab Activity 4.b
1. What is the sequence number of the TCP SYN segment that is used to
initiate the TCP connection between the client computer and
gaia.cs.umass.edu? What is it in the segment that identifies the segment as a
SYN segment?
33
34. 699434/CMPRPATI
Answer – 0 is the sequence number of the TCP SYN segment to initiate the
TCP connection with the client computer and gaia.cs.umass.edu. The
segment can be set to 1 which will identify it as segment and can be located
in the flag section.
2. What is the sequence number of the SYNACK segment sent by
gaia.cs.umass.edu to the client computer in reply to the SYN? What is the
value of the Acknowledgement field in the SYNACK segment? How
didgaia.cs.umass.edu determine that value? What is it in the segment that
identifies the segment as a SYNACK segment?
Answer – The sequence number of the SYNACK segment sent by
gaia.cs.umass.edu to the client computer in reply is 0. The Acknowledgement
number: 1 is the value of the acknowledgement field and gaia.cs.umass.edu
determined using value by adding 1 to the sequence number of the previous
segment. The segment can be identified as a SYNACK Acknowledgement
and syn bits are both set.
3. What is the sequence number of the TCP segment containing the HTTP
POST command? Note that in order to find the POST command, you’ll need
to dig into the packet content field at the bottom of the Wireshark window,
looking for a segment with a “POST” within its DATA field.
Answer - The sequence number of the TCP segment containing the HTTP
POST command is 1.
Types of Data Transfer with VPN
The VPN is interchangeable and can offer both TCP and UDP connections to
the network server. The company is given more flexibility with TCP and is
more reliable than UDP. Once a packet is sent with TCP, an ACK
34
35. 699434/CMPRPATI
(acknowledgement) packet is received as a reply confirmation acknowledging
it has been sent and received but is not always needed with VPN.
Connections using TCP are allowed networks which use firewalls with ports
such as 80, 443, unlike UDP traffic may be possibly blocked especially in
commercial networks. Disadvantages to TCP with VPN means connection is
slower than UDP. To try and fasten the process would be to source a VPN
provider who offers L2TP or consider OpenVPN on a UDP for that faster
connection.
Choosing to use UDP does mean that the connection is faster in comparison
to TCP. Depending what its purpose UDP is more consistent fir video/audio
streaming and P2P traffic. The OpenVPN connection is more suited for UDP
in terms if functioning over non-blocked ports likes 53/UDP (DNS). Unlike
TCP the UDP can become unreliable and there is no guarantee or
acknowledgement when packets are delivered.
The company can allow to run both TCP/UDP and should consider more what
data or information is being sent. TCP is more likely to be used with the VPN
with the majority of employees will requiring using the internet, send emails
and would like the network traffic to be strong link and not have data going
missing.
Social media is fast becoming the new fad with streaming videos and posting
photos using (Netflix, Face book and Twitter) TCP would be too slow and
would buffer whilst waiting for all the packets to be sent and received in the
right order. The UDP is a quicker way and the image/video would be instant.
In the case of loss of connection, the image/video would be resent once it was
realised it had not be received.
Protocol Considerations
35
36. 699434/CMPRPATI
The VPN has secure tunnels through the use of the internet. This is created
by the company’s remote access site 1; these are also site to site VPN and
include the VPN servers on the network. Various tunnelling protocols are
available and put into place as the actual VPN or the VPN connection.
Some of these which can be considered are:
(PPTP) – Point to Point Tunnelling Protocol.
(L2T) – Layer 2 Tunnelling Protocol
(IPSec) Internet Protocol Security tunnel mode
(SSL) Secure Sockets Layer
The implementation of the VPN solution will include the support of these
protocols. Though these can be limited dependant on how the design is set-
up. Much thought of the scalability is needed as it does effect which tunnelling
protocols are to be most suited.
For example, the remote access users should ensure sufficient client software
which can support the protocols chosen. Including looking at department to
department VPN, the gateway VPN at both points have compatible or
common protocols.
PPTP
A Microsoft protocol PPTP is included in their operating systems, this is built
in and called PPTP client software. Availability of other PPTP clients for
Macintosh and Linux/UNIX operating systems are out there; making PPTP a
viable choice for the VPN.
It is not deemed as secure as other tunnelling protocols. It uses an encryption
method, a Microsoft point to point encryption (MPPE) but not certified based.
36
37. 699434/CMPRPATI
It is supported by ISA server wall also a Microsoft technology, the Cisco PIX
and inclusion of other models of WatchGuard.
L2TP
Microsoft and Cisco worked together to develop and combine PPTP and
Layer 2 Forwarding (L2F) protocols. It incorporated the IPSec as the
encryption. Thus providing a more secure and strong security with certification
based authentication and data uprightness and more importantly
confidentiality.
The L2TP would allow for the office to use a Microsoft operating system due
to it being built in. For example, it is on Windows 2000, XP and the server
2003. Software is all too easily attainable from the internet. Installation and
cost free program software can be installed on computers such as Windows
98, Me, and NT 4.0 due to compatibility.
If using Linux clients, software like OpenL2TP can be implemented.
Macintosh operating systems (Panther) also uses Check Point, Cisco PIX and
WatchGuard firewall or integrated VPN products with the Microsoft ISA
server, allowing for a simple office to office VPN to work.
IPSec
The IPSec could be added to the encryption for L2PT connection. It has a
tunnel model which can create a connection. An IPSec VPN is supported by
firewalls and integrated VPN appliances. Also it is the only tunnelling protocol
to be supported by the main known firewalls:
Microsoft's ISA Server
Check Point
Cisco PIX, Netscreen,
37
38. 699434/CMPRPATI
SonicWall, WatchGuard, Symantec
Scalability is more manageable by using this type for office to office VPN.
SSL
A third scalable VPN protocol is the SSL; if true it wouldn’t be a full VPN
solution to begin with. It is a clientless solution which incorporates a selected
web browser. The browser becomes the client and is a good answer if the
users need access to web enabled servers only.
Look at today’s world and technology there really is not computer or laptop
that does not use a web browser which supports SSL. Access can be
provided for one to many clients required. It ensures the use of an operating
system up to date such as Microsoft Windows 8 / 8.1, 7 or Vista. It is a very
cost effective solution and minimal installation of software for the client and
disruption to business.
Security
There are various security issues relating to Networks. The IPSec operation is
a very relevant and preventative security protocol for networking. IPSec is
connected to RFC 2401 and innovated for everyday use with VPN’s right
across the internet and for example schools, colleges and Universities.
The packet structure is made from an IP header/IPSec header/Encapsulating
security payload. The encryption facility is provided by IPSec with the 3DES
and authentication with MD5. There is also an internet Key Exchange (IKE)
and ISAKMP, this automatically allows distribution of Security (secret) Keys in
between the IPSec peer devices, these are the routers and concentrators.
Securing VPN
38
39. 699434/CMPRPATI
The VPN uses the internet to connect to a private network and it is assumed
that this is a secure connection permitting confidential data to be transmitted
over the public network. Sharing files, resources, data files and video without
thought because it is deemed that the network is connected on the same
network.
This is the best way for remote access and allows for the option for global
offices to be added and data to be shared and viewed privately. Connection of
the entire network using the VPN would be best to ensure connection is made
at both ends of the locations with the main router or gateway address. This
would mean there would be a requirement of VPN being built in for such a
function.
Solution does support remote access to users outside the office. This allows
for when staff use the WI-FI hotspot to gain access to the company network, if
required in meetings and information is needed. The employee would not
have to leave to go back to the office. Main point to remember the employee’s
device must support the same VPN solution to work correctly.
Active Directory
The active directory permits the management of network to be implemented
and maintained through a numbers of functions. It forms a relationship of trust
and long term this trust is managed. Modifications to the concept of the
network can be altered.
It also allows for configuration of site links and servers. The image below
illustrates various areas of the Active Directory which needs to be considered:
Active Directory-Based Activation (ADBA) (7):
39
40. 699434/CMPRPATI
The latest software which Microsoft windows has been introduced is Windows
8.1. It has its own Active Directory-Based Activation (ADBA) which is new to
the Windows Umbrella. Its functionality lets businesses activate workstations
through a connection to their own domain.
Other enterprises operate by off-site locations that can connect to company
applications. Gone are the days when such work based technologies would
require a retail key or Multiple Activation Key (MAK) or needing to manually
connecting to a network in order to activate and run software applications by
use of Key Management Services (KMS).
Using ADBA would make implementing the network and devices a lot simpler.
Activation can automatically be operated, if chosen devices are compatible
with the Windows operating system, and connect to the domain service.
Once users join the devices to the domain, ADBA for example will
automatically activate the Windows framework which is installed on a
computer. This is dependent on whether the computer or device has a generic
Volume licence key (GVLK) installed. Advantage no single device would be
required to act as the active object due to it being fully distributed through the
domain.
40
41. 699434/CMPRPATI
Example of the Active Directory Windows Server, 2012, Windows 8 & Office
2013 (4):
Cost of Network
Total cost breakdown for all hardware and software took time to research and
look for the best computability of existing equipment with the first site and
advancing to the rest of the network for best performance.
There are costs which will be one-off and this deal with the hardware and
installation of the software. However, updates to software could possibly incur
an annual fee for subscription which is down to Microsoft monopolising the
market with Windows 8.
Other areas to look at are host domain names and charges. Some are free
and only ask for you to keep it up to date and blog every 3 to 6 months.
Whereas, other sites ask for a small fee and look after the site for you with
minimal input from client to add data such as dates and adding events or
promotions to entice new customers.
Looking at possible VPN Hosting one alternative to using BT for this service
would be Free VPN Hosting. They offer the service with free with 5 GB secure
cloud solution which is a requirement of the solicitors (6).
41
42. 699434/CMPRPATI
They are a very trusted site and provider of the PPTP VPN service. All
partners would be able to login and know that their data, web access and
privacy rights were being upheld at no extra cost.
Summary
A network is best used enabling and sharing hardware devices, computer
data and information with ease of access. Using a remote access point on a
computer through a local area network or intranet is most effective and
naming it so users can find files and data is known as sharing resources or
network resources.
In more detail shared LAN are used by many different system resources for
example hard drives, scanners, printers and network cards. Sharing
resources does mean there are some restrictions which must be met: File
Transfer Protocol (FTP) and File sharing.
It is a must that security procedures are implemented and maintained to the
highest standard in order to keep the perimeters of the network safe including
all technologies on it. Mapping: Proper naming schemes must be created and
shared destination addresses. All shared operating systems, hardware, files
can then be determined and accessed where necessary.
Compatibility: Client server-side require the same operating systems or
applications to access the shared resources. Otherwise a message box will
appear advising of compatibility issues arising and requested for the correct
software/hardware to run file sharing – troubleshooting; communication delays
dependent also if the network is connected correctly.
Peak times are one issue where some users cannot get on to the internet due
to the server working overtime to fulfil the needs of a global network. Users
can pay more for their broadband as BT, Sky, Virgin and other business can
charge whatever price they choose to the expense of the user.
42
43. 699434/CMPRPATI
With advancements in technologies more and more devices are being added
to local and global networks and thanks to the cloud linking it to mobiles and
app stores such as play store for android. This has led to people’s opinions
and expectations changing quite considerably from the early days of computer
networks.
Managers who deal with IT want to be able to present and use applications
with various devices from PDA’s to tablets; enhancements of HD web
streaming to client downloads and using websites to make meetings across
public and private networks controlling the equipment themselves and with
ease of use.
Networks are ever changing and adjusting to cope with the demand of user
expectations. Through performance and access issues come into play when
relating to such expectations, user’s behaviours and how they are used either
work or gaming for example.
Local area network is being over taken by the wider area network as users
want and need to be able to communicate with the outside world. For example
users being holiday and wanting to call home via Skype or Facebook free call.
Business networks are also jumping on to cloud and connecting devices
which will also turn into a network at some point in the near future.
Completed Wireshark Labs
Lab Activity 1 – Getting Started
Learning about Wireshark through packet capturing, below is a screenshot of
the software in action. Displaying live packet data containing protocol
messages exchanged between the laptop and the gaia.cs.umass.edu server:
Figure 1: Wireshark window at HTTP GET Message from gaia.cs.umass.edu
URL.
43
44. 699434/CMPRPATI
Figure 1.Packet Capture
Using the filter to search “HTTP” permits the HTTP message to be shown
within the packet-listing. The HTTP GET message is highlighted showing the
Ethernet frame, IP datagram, Internet Protocol and Transmission Control
Protocol.
Figure 2: Listed protocols in live capture:
1. List 3 different protocols that appear in the protocol column in the unfiltered
packet listing window in step 7 above.
Answer - Three different protocols which appear in the protocol column are
TCP, UDP, and SSDP prior to filtering the packet-listing.
44
45. 699434/CMPRPATI
2. How long did it take from when the HTTP GET message was sent until the
HTTP OK reply was received? (By default, the value of the Time column in
the packet listing window is the amount of time, in seconds, since Wireshark
tracing began. To display the Time field in time-of-day format, select the
Wireshark View pull down menu,then select Time Display Format, then select
Time-of-day.)
Answer - Allotted time taken for the HTTP GET message to be sent was
106.380374000 until the HTTP OK reply was received at 106.49769000,
leaving a delay of 0.117316 seconds.
3. What is the Internet address of the gaia.cs.umass.edu (also known as
wwwnet.cs.umass.edu)?
What is the Internet address of your computer?
Answer- Looking at figure 2 of the screen shot, the IP address of the IP
address of gaia.cs.umass.edu is 192.168.0.3; the IP address of the laptop is
128.119.245.12.
4. Print the two HTTP messages (GET and OK) referred to in question 2
above. To do so, select Print from the Wireshark File command menu, and
select the “Selected Packet Only” and “Print as displayed” radial buttons, and
then click OK
Answer – Print out of HTTP GET and HTTP Reply message demonstrating
communication of sending and receiving protocol messages.
This is a print screen of how the print out of a HTTP GET message would look
like:
45
46. 699434/CMPRPATI
This is a print screen of how the print out of a HTTP Reply message would
look like:
Lab Activity 2.A – HTTP
An quick insight into HTTP/response interaction by using a downloaded HTML
file; which is small and contains no embedded objects. Figure 3: Screenshot
of Wireshark once http://gaia.cs.umass.edu/wireshark-labs/HTTP-file1.html
was retrieved in the browser.
46
47. 699434/CMPRPATI
Figure 3.HTTP
1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is
the server running?
Answer – The browser is running HTTP version 1.1. The server is operating
HTTP version 1.1.
2. What languages (if any) does your browser indicate that it can accept to the
server?
Answer – There is no indication of what languages are accepted to the
server. In figure 3 there is an Accept-Range: bytesrn with Content-Length:
128rn. The type of language the server would accept is en-us.en;q-0.5rn.
3. What is the IP address of your computer? Of the gaia.cs.umass.edu
server?
Answer - Looking at figure 3 of the screen shot, the IP address of the IP
address of the gaia.cs.umass.edu server is 192.168.0.3; the IP address of the
laptop is 128.119.245.12.
47
48. 699434/CMPRPATI
4. What is the status code returned from the server to your browser?
Answer – The status code returned from the server to the browser was
HTTP/1.1 200 OK (text/html).
5. When was the HTML file that you are retrieving last modified at the server?
Answer – The retrieved HTML file was Last-Modified on Thu, 27 Nov 2014
03:40:01 GMYrn at the server.
6. How many bytes of content are being returned to your browser?
Answer – Bytes of content being returned to the browser is Content-Length:
128rn.
7. By inspecting the raw data in the packet content window, do you see any
headers within the data that are not displayed in the packet-listing window? If
so, name one.
Answer– Looking at the raw data within the packet content window, there
are no headers within the data which are not shown in the packet-listing. The
reason for this is headers are located in the raw data.
Lab Activity 2.B - HTTP Authentication
Demonstrating the type of sequence when HTTP messages are exchanged;
Figure 4: Screenshot of Wireshark once
http://gaia.cs.umass.edu/wiresharklabs/protected pages /HTTP-
wiresharkfile5.html was retrieved in the browser.
48
49. 699434/CMPRPATI
Figure 4.HTTP Authentication
1. What is the server’s response (status code and phrase) in response to the
initial HTTP GET message from your browser?
Answer – The response from the server was Status Code 401, Phrase
Authorization Required (text/html) to the initial response of the HTTP GET
message from the browser.
2. When your browser’s sends the HTTP GET message for the second time,
what new
field is included in the HTTP GET message?
Answer – Figure 5: Authorisation field included in the HTTP GET message
as displayed below:
Figure 5: Authorization column.
Looking at Figure 5 a new field was added and highlighted as Authorisation.
(Basic d2ly ZXN0dwrl bnRzom5ldHdvcms=).
49
50. 699434/CMPRPATI
Lab Activity 3 – TCP
Figure 6 is a screenshot displaying filtered packets using a TCP protocol.
Figure 6: TCP
Lab Activity 4.a
1. What is the IP address and TCP port number used by the client computer
(source) that is transferring the file to gaia.cs.umass.edu? To answer this
question, it’s probably easiest to select an HTTP message and explore the
details of the TCP packet used to carry this HTTP message, using the “details
of the selected packet header window” (refer to Figure 2 in the “Getting
Started with Wireshark” Lab if you’re uncertain about the Wireshark windows.
Answer – The IP address is 192.168.1.102 and TCP port number is 1161
used by the client computer when transferring the file to gaia.cs.umass.edu.
50
51. 699434/CMPRPATI
2. What is the IP address of gaia.cs.umass.edu? On what port number is it
sending and receiving TCP segments for this connection?
Answer – The IP address of gaia.cs.umass.edu is 128.119.245.12 and port
number 80 is used for the connection which indicates a web server.
Lab Activity 4.b
1. What is the sequence number of the TCP SYN segment that is used to
initiate the TCP connection between the client computer and
gaia.cs.umass.edu? What is it in the segment that identifies the segment as a
SYN segment?
Answer – 0 is the sequence number of the TCP SYN segment to initiate the
TCP connection with the client computer and gaia.cs.umass.edu. The
segment can be set to 1 which will identify it as segment and can be located
in the flag section.
2. What is the sequence number of the SYNACK segment sent by
gaia.cs.umass.edu to the client computer in reply to the SYN? What is the
value of the Acknowledgement field in the SYNACK segment? How
didgaia.cs.umass.edu determine that value? What is it in the segment that
identifies the segment as a SYNACK segment?
Answer – The sequence number of the SYNACK segment sent by
gaia.cs.umass.edu to the client computer in reply is 0. The Acknowledgement
number: 1 is the value of the acknowledgement field and gaia.cs.umass.edu
determined using value by adding 1 to the sequence number of the previous
segment. The segment can be identified as a SYNACK Acknowledgement
and syn bits are both set.
51
52. 699434/CMPRPATI
3. What is the sequence number of the TCP segment containing the HTTP
POST command? Note that in order to find the POST command, you’ll need
to dig into the packet content field at the bottom of the Wireshark window,
looking for a segment with a “POST” within its DATA field.
Answer - The sequence number of the TCP segment containing the HTTP
POST command is 1.
Lab Activity 4 - IP
Figure 7 identifies ICMP Echo Requests or better known as PING which can
be traced to the client computer through intermediate routers.
Figure 7: ICMP Echo Request capture.
Activity 6.a - IP
1. Select the first ICMP Echo Request message sent in this trace, and expand
the Internet Protocol part
of the packet in the packet details window. What is the source IP address?
Answer – The source of the IP address is 192.168.1.102.
52
53. 699434/CMPRPATI
2. Within the IP packet header, what is the value in the upper layer protocol
field?
Answer - The value in the upper layer protocol is ICMP (1).
3. Has this IP datagram been fragmented? Explain how you determined
whether or not the datagram has been fragmented.
Answer – The IP datagram not been fragmented. This is determined by the
more fragments bit = 0, meaning the data was not fragmented.
Activity 6.b - Fragmentation
1. Has that message been fragmented across more than one IP datagram?
Answer - The packet has been fragmented across more than one IP
datagram:
Figure 8: ICMP Echo Request packet size = 2000, first fragment
53
54. 699434/CMPRPATI
The first ICMP Echo Request message which was sent to the computer after
the Packet Size was changed in Wireshark to 2000 is shown in Figure 8.
2. Print out the first fragment of the fragmented IP datagram. What information
in the IP header indicates that the datagram has been fragmented? What
information in the IP header indicates whether this is the first fragment versus
a latter fragment? How long is this IP datagram?
Answer – The IP header indicates that the datagram has been fragmented
by looking at the flags bit is set which has been fragmented. Understanding
the first and second fragment is to look at the fragment which is offset at 0;
the first fragment is 0. The IP datagram is 1500 in total length and includes
the header.
Figure 9: ICMP Echo Request packet size = 2000, second fragment
3. Print out the second fragment of the fragmented IP datagram. What
information in the IP header indicates that this is not the first datagram
Answer - The second fragment can be identified in Figure 9 by looking at
the IP header and the fragment offset has changed to 1480. There are more
fragments because the flag is not set.
54
55. 699434/CMPRPATI
Lab Activity 4 – Ethernet
Understanding the Ethernet protocol and addressing by capturing and
analysing Ethernet frames:
Figure 10: HTTP GET message sent from gaia.cs.umass.edu.
Packet 334 in Figure 10 contains the HTTP GET message. This was
implemented by entering the http://gaia.cs.umass.edu/wireshark-labs/HTTP-
ethereal-lab-file3.html into the browser.
55
56. 699434/CMPRPATI
Figure 11: IP4 enabled protocols disabled displaying information about below
the IP.
Activity 8.a – Ethernet
1. What is the 48-bit Ethernet address of your computer?
Answer – The 48-bit address of the computer is 00:18:de:e1:ab:ee.
2. What is the 48-bit destination address in the Ethernet frame? Is this the
Ethernet address of gaia.cs.umass.edu? (Hint: the answer is no). What device
has this as its Ethernet address?
Answer – The 48-bit destination address in the Ethernet frame is
20:0c:c8:9d:08:cb. The Ethernet address is not the gaia.cs.umass.edu. It is
the Netgear router which is the device of the address, this is the link used to
leave the subnet.
56
57. 699434/CMPRPATI
3. What is the value of the Ethernet source address? Is this the address of
your computer, or of
gaia.cs.umass.edu (Hint: the answer is no). What device has this as its
Ethernet address?
Answer – The Ethernet source address is 00:18:de:e1:ab:ee. This is the
address of the computer and not gaia.cs.umass.edu. The Netgear router has
this as the Ethernet address.
4. What is the destination address in the Ethernet frame? Is this the Ethernet
address of your computer?
Answer – 20:0c:c8:9d:08:cb is the destination address in the Ethernet
address. This address does not belong to the computer but to the Netgear
router.
5. Give the hexadecimal value for the two-byte Frame type field. What upper
layer protocol
does this correspond to?
Answer – 0x0800 is the hexadecimal value for the two-byte Frame type field
which corresponds to the IP upper layer.
Additional Lab Material
Activity Lab 3.a – DNS
1. Run nslookup to obtain the IP address of a Web server in Asia (eg. Kyoto
University in Japan). What is the IP address of that server?
57
58. 699434/CMPRPATI
Answer – Command prompt to operate nslookup to obtain the IP address of
Kyoto University; a web server in Asia.
Figure 12: nslookup in action with command prompt.
Figure 12 displays 192.168.0.1 as the IP address of the server in Asia.
2. Run nslookup to determine the authoritative DNS servers for The University
of Loannina in Greece.
Answer – Command prompt to operate nslookup to determine the DNS
servers in Europe.
Figure 13: nslookup determining authoritative DNS servers.
Figure 13 displays the nslookup for a European University in Ioannina
Greece.
58
59. 699434/CMPRPATI
3. Run nslookup so that one of the DNS servers obtained in Question 2 is
queried for the mail servers for Yahoo! Mail (mail.yahoo.com). What is its IP
address?
Answer – nslookup operated for the DNS servers obtained in Question 2 can
query the mail servers for Yahoo! Mail (mail.yahoo.com).
Figure 14: nslookup of DNS server querying task 2 with mail servers for
Yahoo mail.
Figure 14 was unable to complete the nslookup query due to not being to
find the Yahoo mail address. Attempts made after was also unable to carry
out the task due to the DNS server timing out. To answer this task another
nslookup was completed and returned the correct information.
A search for a Hong Kong University in china was functioned – the IP address
was 137.189.6.21 and server barnowl.itsc.cuhk.edu.hk.
59
60. 699434/CMPRPATI
Activity Lab 3.b – Tracing DNS
Figure 15: ipconfigall in action within command prompt:
1. Locate the DNS query and response messages. Are they sent over UDP or
TCP?
Answer – The DNS query and response messages are sent over UDP as
displayed in the screenshot Figure 16 below:
60
61. 699434/CMPRPATI
Figure 16: Tracing DNS in action.
2. What is the destination port for the DNS query message? What is the
source port of DNS response message?
Answer – The destination port is 53 for DNS query message. The source
port of the DNS response is 53.
3. To what IP address is the DNS query message sent? Use ipconfig to
determine the IP address of your local DNS server. Are these two IP
addresses the same?
Answer – IP address 192.168.0.1 is where the DNS query message is sent.
Using Figure 15: ipconfig-all to find the DNS IP address shows 192.168.0.1
is the same one because it is the local server.
4. Examine the DNS query message. What “Type” of DNS query is it? Does
the query message contain any “answers”?
Answer – The “Type” of DNS query is A Standard Query. It does not contain
answers within it.
61
62. 699434/CMPRPATI
5. Examine the DNS response message. How many “answers” are provided?
What do each of these answers contain?
Answer – Using Figure 17 below, the DNS server contains only one
answer which is the name of the host, class and IP address:
Figure 17: DNS Response
6. Consider the subsequent TCP SYN packet sent by your host. Does the
destination IP address of the SYN packet correspond to any of the IP
addresses provided in the DNS response message?
62
63. 699434/CMPRPATI
Answer – The destination IP address does correspond with other IP
addresses in the DNS response message. The IP address 4.31.198.44 is
provided by the DNS server for www.ietf.org, as shown in Figure 18.
Figure 18: IP address provided by the DNS server.
7. This web page contains images. Before retrieving each image, does your
host issue new DNS queries?
Answer – The DNS query does not require issuing new queries to retrieve
images. They are uploaded from www.ietf.org site as the host uses a cached
address which stores information.
Lab Activity 4 - UDP
Figure 19 displaying packets being captured by the host demonstrating the
sending and receiving of UDP packets.
Figure 19: UDP Capture.
1. Select one UDP packet from your trace. From this packet, determine how
many fields there are in the UDP header. Name these fields
63
64. 699434/CMPRPATI
Answer – Looking at Figure 19 and choosing packet 20; there are four fields
in the UDP header. These fields are the source port, destination port, length
and the checksum.
2. By consulting the displayed information in Wireshark’s packet content field
for this packet, determine the length (in bytes) of each of the UDP header
fields.
Answer – The packet content field will allow for each UDP header field to be
20 bytes long in length.
3. What is the protocol number for UDP? Give your answer in both
hexadecimal and decimal notation. To answer this question, you’ll need to
look into the Protocol field of the IP datagram containing this UDP segment.
Answer – Protocol number for UDP is 11. The hexadecimal number is
0x11hex and decimal notation is 17 in value.
4. Examine a pair of UDP packets in which your host sends the first UDP
packet and the second UDP packet is a reply to this first UDP packet. (Hint:
for a second packet to be sent in response to a first packet, the sender of the
first packet should be the destination of the second packet). Describe the
relationship between the port numbers in the two packets.
Answer – Using Figure 20 and 21 to compare demonstrates the source port
of the UDP sent by the host is the same as the destination port (26865 /
30035). This is reversed when the destination port of the UDP packet is the
same as the source port of the reply packet.
64
65. 699434/CMPRPATI
Figure 20: UDP sent by the host.
Figure 21: UDP reply to the host.
Activity Lab 7 – DHCP
Performance of several DHCP-related commands and captures the DHCP
messages exchanged as a result of executing these commands in Figure
22.
65
66. 699434/CMPRPATI
Figure 22: Command prompt in action using Ipconfig/release and renew.
Figure 23 demonstrates the first ipconfig renew command and shows
generation of four new DHCP packets; DHCP Discover packet, DCHP Offer
packet, DCHP Request packet and a DCHP Ack packet:
66
67. 699434/CMPRPATI
Figure 23: DHCP Packet number 36 with DHCP Discover packet expanded.
Activity 7.a
1. Are DHCP messages sent over UDP or TCP?
Answer – UDP stands for User Datagram Protocol and used for DHCP
messages not TCP.
2. Draw a timing datagram illustrating the sequence of the first four-packet
Discover/Offer/Request/ACK DHCP exchange between the client and server.
For each packet, indicated the source and destination port numbers.
Answer – Port numbers are the same as in the packet capture as the graph
analysis.
DCHP Discover: Source 0.0.0.0 to Destination 255.255.255.255
DCHP Request: Source 0.0.0.0 to Destination 255.255.255.255
DCHP Offer: Source 192.168.0.1 to Destination 192.168.0.3
DCHP Ack: Source 192.168.0.1 to Destination 192.168.0.3
67
68. 699434/CMPRPATI
Figure 24: Timing datagram to show the first four-packet
Discover/Offer/Request and Ack.
3. What is the link-layer (e.g., Ethernet) address of the host?
Answer – The link layer address of the host on the computer is
(00:18:de:e1:ab:ee) which uses the Ethernet.
4. What values in the DHCP discover message differentiate this message
from the DHCP request message?
Answer – Option 53: DHCP Message Type is where the values differentiate
the Discover message from the request message.
5. What is the IP address of the DHCP server?
Answer – The value of the Transaction ID is 0xe7646a7d. The second
Transaction ID is 0xe4eff25f. A transaction ID is used so that the DCHP
server can differentiate between client requests during the request process.
6. Explain the purpose of the lease time. How long is the lease time in your
experiment?
Answer – Lease time is the amount of time the DHCP server will assign an
IP address to a client. During the lease time, a DHCP server will not assign
the IP given to a client to another, unless the client releases it. The expiry
time can end and the IP address will be reused by the DHCP server and the
IP dedicated to another client. The lease time in Figure 23 is 1 day.
7. What is the purpose of the DHCP release message? Does the DHCP
server issue an acknowledgment of receipt of the client’s DHCP request?
What would happen if the client’s DHCP release message is lost?
68
69. 699434/CMPRPATI
Answer – The purpose of the DHCP Release message is to cancel the lease
of the IP address given by the DHCP server. No acknowledgement message
is sent to the client informing of the DHCP Release message. Loss of a DHCP
Release message from a client would leave the DHCP server to wait until the
release period was over for the specified IP address to be reusable for
another client.
References
1. Anon, (2014). [online] Available at: 2)
https://www.owasp.org/index.php/Main_Page [Accessed 19 Nov.
2014].
2. Anon, (2014). [online] Available at: 4) http://www.malcher.fr/activation-
basee-sur-active-directory/ [Accessed 3 Dec. 2014].
3. Bestvpnservice.com, (2014). Free VPN Android - Free VPN Android
App. [online] Available at: http://www.bestvpnservice.com/blog/android-
vpn-apps-list-of-free-vpn-apps-for-android/ [Accessed 3 Dec. 2014].
4. Freevpnhosting.com, (2014). Free VPN Hosting Service | We Host
Free VPN accounts for everyone. [online] Available at:
http://freevpnhosting.com/ [Accessed 5 Dec. 2014].
5. Packet Tracer. (2014). Cisco.
6. Technet.microsoft.com, (2014). VPN’s and Firewalls. [online] Available
at: http://technet.microsoft.com/en-us/library/cc958037.aspx [Accessed
2 Dec. 2014].
7. Warner, T. (2014). [online] Available at: http://4sysops.com/wp-
content/uploads/2012/04/Windows-Server-8-domain-Active- Directory-
Users-and-Computers-in-Windows-Server-8-Beta.png [Accessed 2
Dec. 2014].
8. Wireshark. (2014).
9. Your Agile IT Partner for your Office 365 Migration, Private & Public
Cloud Solutions and Fixed Price IT Support, (2014). Active Directory,
PKI, NAP, & 802.1x Consulting | Your Agile IT Partner for your Office
69
70. 699434/CMPRPATI
365 Migration, Private & Public Cloud Solutions and Fixed Price IT
Support. [online] Available at: http://www.agileit.com/enterprise/identity-
access-security/active-directory-pki-and-802-1x-consulting/ [Accessed
1 Dec. 2014].
70
