20130919_Tai_Lab1_2
of 14
Transcript of 20130919_Tai_Lab1_2
-
8/14/2019 20130919_Tai_Lab1_2
1/14
INTERNATIONAL UNIVERSITYSchool of Computer Science and Engineering
LAB 1: Introduction to VMWare and Wireshark
Course Network Security Lecturer Pham VanHau,PhD
!ate 09/19/2013 !uration 135 minutes
Student I! "IT"#$#%& Student name !O N'U TAI
The purpose of this La( is to introduce the )or*ing en+ironment, tool used tocarr- out the LA.s of the Net)or* and S-stem Securit- /NSS0 course1 2e use+irtual machines and )ireshar* for all the la(s, getting familiar )ith them ismust1
1. Part1: VMWareInstruction on VMWare, VMWarenetUse the +irtual machine /(ased on U(untu0 to create the follo)ing simplenet)or*
You need to
configure the I3 addresses for the +irtual machines
configure the net)or* /use V"Net$0
ma*e sure that machine % can ping machine 4
2. Part 2: Wireshark1. Route recording with command !ing"a# !ing command3ing uses the IC"3 protocol5s mandator- EC'O RE6UEST datagram toelicit an IC"3 EC'O RES3ONSE from a host or gate)a-1 EC'O RE6UESTdatagrams /77pings550 ha+e an I3 and IC"3 header, follo)ed (- a 77structtime+al55 and then an ar(itrar- num(er of 77pad55 (-tes used to fill outthe pac*et1
On machine %,
turn on )ireshar*
ping machine 4
O(ser+e the traffic, tr- to ans)er the follo)ing 8uestions
Machine 1192.168.1.2
GW 192.168.1.1 Netmask255.255.255.0
Machine 2192.168.1.3
GW 192.168.1.1Netmask 255.255.255.0
VMNet 5
-
8/14/2019 20130919_Tai_Lab1_2
2/14
6%0 )hat are the +alues of t-pe and code in EC'O RE6UEST and EC'O
RE3LY pac*et
Answer $1:
EC'O RE6UEST T-pe9:, Code9#
EC'O RE3LY T-pe9#, Code9#
640 2hat are the meaning of identifier and se8uence num(er in the
IC"3 pac*ets
Answer $2:
; Each echo re8uest and corresponding echo repl- ha+e the same
Identifier +alue and the same Se8uence Num(er +alue1 The +alues areused to match the echo re8uest to the right echo repl-1
; T-picall-, the Identifier is *ept the same and the Se8uence Num(er is
incremented1 This ensures that as a pair, successi+e echo re8uests )ill
ha+e different Identifier
-
8/14/2019 20130919_Tai_Lab1_2
3/14
%# Ping with &R o!tion
on machine %, ping machine 4 )ith the =R option1
6>0 2hat is the ne) information in the re8uest and repl- pac*ets that
-ou o(ser+e?Answer $':
The new information in the request and reply packets is portion
of record route option in IP header.
Code is a %=(-te field specif-ing the t-pe of I3 option1 @or the RR option
its +alue is 1 Len is the total num(er of (-tes of the RR option, )hich in
this case is >B1 /Although its possi(le to specif- an RR option )ith less
than the maDimum sie, ping al)a-s pro+ides a >B=(-te option field, to
record up to nine I3 addresses1 Fi+en the limited room in the I3 header
for options, it doesnt ma*e sense to specif- a sie less than the
maDimum10
3tr is called the pointer field1 It is a %=(ased indeD into the >B=(-te option
of )here to store the neDt I3 address1 Its minimum +alue is G, )hich is
the pointer to the first I3 address1 As each I3 address is recorded into the
list, the +alue of ptr (ecomes :, %4, %&, up to >&1 After the ninth address
is recorded ptr (ecomes G#, indicating the list is full1
-
8/14/2019 20130919_Tai_Lab1_2
4/14
Request Packets without R option
Request Packets with R option
Reply Packets withoutR option
-
8/14/2019 20130919_Tai_Lab1_2
5/14
Reply Packets with R option
6G0 )hat is the =R option used for?
-
8/14/2019 20130919_Tai_Lab1_2
6/14
Answer $(:
The ping program gi+es us an opportunit- to loo* at the I3 record route
/RR0 option1 "ost +ersions of ping pro+ide the =R option that ena(les the
record route feature1 It causes ping to set the I3 RR option in the
outgoing I3 datagram /)hich contains the IC"3 echo re8uest message01This causes e+er- router that handles the datagram to add its I3 address
to a list in the options field1 2hen the datagram reaches the final
destination, the list of I3 addresses should (e copied into the outgoing
IC"3 echo repl-, and all the routers on the return path also add their I3
addresses to the list1 2hen ping recei+es the echo repl- it prints the list
of I3 addresses1
6$0 Charge file tme)&!R!.dm!, dra) the net)or* diagram (et)een thesource and the destination host1
Answer $*:
Reply Packets with R option
-
8/14/2019 20130919_Tai_Lab1_2
7/14
Request Packets with R option
6&0 2hat is maDimum length in terms of num(er of hops that Hping
=Rcan record?
-
8/14/2019 20130919_Tai_Lab1_2
8/14
Answer $):
"aDimum length in terms of num(er of hops that Hping =Rcan record is
B1
60 Sho) ho) to use the option/s0 =f =s of ping command
Answer $+
ping -f
Example:
+ pin an ip a!!"ess #hich is n$t exist
+ pin %& 192.168.1.3 'a(aila)le a!!"ess*
+ pin %& mail.c$m
ping s [packetsize]
-
8/14/2019 20130919_Tai_Lab1_2
9/14
Example: pin %s 00 192.168.1.3
2. tud- o the traceroute too/
'ere the (eginning of the description of the man UNIJ on the
traceroute command
The Internet is a large and compleD aggregation of net)or* hard)are
connected together (- gate)a-s1 Trac*ing the route of one5s pac*ets
follo) /or finding the miscreant gate)a- that5s discarding -our pac*ets0
can (e difficult1 Traceroute utilies the I3 protocol 7time to li+e5 field and
attempts to elicit an IC"3TI"E EJCEE!E! response from each gate)a- along the path to some
host1
Charge the follo)ing file
tme)&tcr.dm!.g0
6:0 2hat is the +alue of TTL of the first pac*et sent (-
%BG14$G1%&>1%:4?
Answer $
The +alue of TTL of the first pac*et sent (- %BG14$G1%&>1%:4 is %1
-
8/14/2019 20130919_Tai_Lab1_2
10/14
6B0 2hich host sends the Htime=to=li+e eDceeded pac*et? @or )hat
reason?
Answer $
'ost )ith ip %BG14$G1%&>14$G sends the Htime=to=li+e eDceeded pac*et
(ecause ,,- (ale is 1.
6%#0 List all the +alues of TTL of U!3 pac*ets sent (- %BG14$G1%&>1%:41
EDplain )hat -ou get
Answer $13
All the +alues of TTL of U!3 pac*ets sent (- %BG14$G1%&>1%:4 are %, 4, >,
G, $, &, , and :1
Explain Traceroute sends an I3 datagram )ith a TTL of % to the
destination host1 The first router to handle the datagram decrements the
TTL, discards the datagram, and sends (ac* the IC"3 time eDceeded1
This identifies the first router in the path1 Traceroute then sends a
datagram )ith a TTL of 4, and )e find the I3 address of the second
router1 This continues until the datagram reaches the destination host1
The purpose of the TTL field is to pre+ent datagrams from ending up in
infinite loops, )hich can occur during routing transients1
6%%0List all the destination port num(ers of U!3 pac*ets sent (-
-
8/14/2019 20130919_Tai_Lab1_2
11/14
%BG14$G1%&>1%:41 EDplain )hat -ou get
Answer $11
All the destination port num(ers of U!3 pac*ets sent (-
%BG14$G1%&>1%:4 are from >>G>$ to >>G$:1
Explain Traceroute sends U!3 datagrams to the destination host, (ut itchooses the destination U!3 port num(er to (e an unli*el- +alue /larger
than >#,###0, ma*ing it impro(a(le that an application at the destination
is using that port1 This causes the destination hosts U!3 module to
generate an IC"3 Kport unreacha(leK error )hen the datagram arri+es1
All Traceroute needs to do is differentiate (et)een the recei+ed IC"3
messagestime eDceeded +ersus port unreacha(leto *no) )hen its
done1
6%40 'o) does the command traceroute finish?
Answer $12
The command traceroute finishes )hen the TTL is incremented to a
+alue large enough for the datagramto reach the destination host or
until the maDimum TTL is reached or the destniation host replies )ith an
IC"3 Echo Repl-1
6%>0 Open 2ireshar* and charge the follo)ing files tme4=tel1dmp, tme>=
pop1dmp, tmeG=ftp1dmp, tme4=rlo1dmp, and tme4=ssh1dmp1g1 an!)rite
out the user name and pass)ord if possi(le1
Answer $1'
M tme2&te/.dm! username= tteesstt--rreess / password =
lmdUpmc
http://www.inetdaemon.com/tutorials/basic_concepts/communication/packet.shtmlhttp://www.inetdaemon.com/tutorials/basic_concepts/communication/packet.shtml -
8/14/2019 20130919_Tai_Lab1_2
12/14
/ tme'&!o!.dm!UER !oiteres"##$ / P% lmdUpmc
M tme(&t!.dm!UER test-res / P% lmdUpmc
-
8/14/2019 20130919_Tai_Lab1_2
13/14
4 tme2&r/o.dm! User 9 fourmauD < 3ass 9 lmdUpmc
M tme2&ssh.dm!: no see username 5 !assword %ecause the data
is encr-!ted.
-
8/14/2019 20130919_Tai_Lab1_2
14/14
6%G0 2ireshar* pro+ide the filter to eDtract traffic1 2rite the appropriate
filter to find the user name and pass)ord of protocols in 6%>1
