Description
Learn and Understand Network Tools
-
Wireshark
-
-
Perform and analyze Ping PDU capture
-
-
-
Examine HTTP packet capture
-
-
-
Analyze HTTP packet capture using filter
-
-
Tcpdump
-
-
Capture packets
-
-
Ping
-
-
Test the connectivity between 2 systems
-
-
Traceroute
-
-
Perform traceroute checks
-
-
Nmap
-
-
Explore an entire network
-
IMPORTANT INSTRUCTIONS:
-
This manual is written for Ubuntu Linux OS only. You can also execute these experiments on VirtualBox or VMWare platform.
-
For few tasks, you may need to create 2 VMs for experimental setup.
-
Perform sudo apt-get update before installing any tool or utility.
-
Install any tool or utility using the command sudo apt-get install name_of_the_tool
-
Take screenshots wherever necessary and upload it to Edmodo as a single PDF file. (Refer general guidelines for submission requirements).
-
To define an IP address for your machine (e.g., Section – ‘a’ & Serial number is 1, then your IP address should be 10.0.1.1. Section – ‘h’ & & Serial number is 23, then your IP address should be 10.0.8.23) – applicable only for relevant tasks (which doesn’t requires internet connectivity to execute the tasks).
Task 1: Linux Interface Configuration (ifconfig / IP command)
Step 1: To display status of all active network interfaces.
ifconfig (or) ip addr show
Analyze and fill the following table:
ip address table:
On Packet List Pane, select the first echo packet on the list. On Packet Details Pane, click on each of the four “+” to expand the information. Analyze the frames with the first echo request and echo reply and complete the table below.
-
-
-
Details
First Echo Request
First Echo Reply
-
-
Frame Number
Source IP address
Destination IP address
ICMP Type Value
ICMP Code Value
Source Ethernet Address
Destination Ethernet Address
Internet Protocol Version
Time To Live (TTL) Value
Task 3: HTTP PDU Capture
Using Wireshark’s Filter feature
Step 1: Launch Wireshark and select ‘any’ interface. On the Filter toolbar, type-in ‘http’ and press enter
Step 2: Open Firefox browser, and browse www.flipkart.com
Observations to be made
Step 3: Analyze the first (interaction of host to the web server) and second frame (response of server to the client). By analyzing the filtered frames, complete the table below:
-
-
-
Details
First Echo Request
First Echo Reply
-
-
Frame Number
Source Port
Destination Port
Source IP address
Destination IP address
Source Ethernet Address
Destination Ethernet Address
Step 4: Analyze the HTTP request and response and complete the table below.
-
HTTP Request
HTTP Response
Get
Server
Host
Content-Type
User-Agent
Date
Accept-Language
Location
Accept-Encoding
Content-Length
Connection
Connection
Using Wireshark’s Follow TCP Stream
Step 1: Make sure the filter is blank. Right-click any packet inside the Packet List Pane, then select ‘Follow TCP Stream’. For demo purpose, a packet containing the HTTP GET request “GET / HTTP / 1.1” can be selected.
Step 2: Upon following a TCP stream, screenshot the whole window.
Task 4: Capturing packets with tcpdump
Step 1: Use the command tcpdump -D to see which interfaces are available for capture. sudo tcpdump -D
Step 2: Capture all packets in any interface by running this command:
sudo tcpdump -i any
Note: Perform some pinging operation while giving above command. Also type www.google.com in browser.
Observation
Step 3: Understand the output format.
Step 4: To filter packets based on protocol, specifying the protocol in the command line. For example, capture ICMP packets only by using this command:
sudo tcpdump -i any -c5 icmp
Step 5: Check the packet content. For example, inspect the HTTP content of a web request like this:
sudo tcpdump -i any -c10 -nn -A port 80
Step 6: To save packets to a file instead of displaying them on screen, use the option -w:
sudo tcpdump -i any -c10 -nn -w webserver.pcap port 80
Task 5: Perform Traceroute checks
Step 1: Run the traceroute using the following command.
sudo traceroute www.google.com
Step 2: Analyze destination address of google.com and no. of hops
Step 3: To speed up the process, you can disable the mapping of IP addresses with hostnames by using the -n option
sudo traceroute -n www.google.com
Step 4: The -I option is necessary so that the traceroute uses ICMP.
sudo traceroute -I www.google.com
Step 5: By default, traceroute uses icmp (ping) packets. If you’d rather test a TCP connection to gather data more relevant to web server, you can use the -T flag.
sudo traceroute -T www.google.com
Task 6: Explore an entire network for information (Nmap)
Step 1: You can scan a host using its host name or IP address, for instance.
nmap www.pes.edu
Step 2: Alternatively, use an IP address to scan.
nmap 163.53.78.128
Step 3: Scan multiple IP address or subnet (IPv4)
nmap 192.168.1.1 192.168.1.2 192.168.1.3
Questions on above observations:
-
Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server?
-
When was the HTML file that you are retrieving last modified at the server?
-
How to tell ping to exit after a specified number of ECHO_REQUEST packets?
-
How will you identify remote host apps and OS?