*** = write down and submit answers to these questions/problems. I recommend you use a google doc to record your answers.
This lab has you
wireshark
.
mradmin
, password bluestone
Accessories -> Terminal Emulator
. Terminal Emulator
and then drag it onto the desktop or launchbar, so you can more easily run it in the future.) ip addr
ip addr
to your document that you are going to submit for this lab. Then, in that document, write notes explaining as much as you can about what you see there. You will probably have to use google to learn more about what you are looking at. I recommend you google for "ip addr output".
.Start Menu --> Control Panel --> View network status and tasks --> Local area connection --> Properties --> Internet Protocol Version 4 --> Properties
.Obtain an IP address automatically
.Obtain DNS server address automatically
.OK/Apply
buttons to get out of all the dialog boxes.cmd.exe
.ipconfig /release
, then ipconfig /renew
.ping
program generates between your computer and the computer you are pinging. (The program ping
sends out an ICMP Echo Request
to a given IP address.) Note that allowing users to capture network activity is a security risk; only the superuser is permitted to do so.
On the Linux box: To capture network traffic, we will use a tool called a network analyzer or packet sniffer named wireshark. To see if wireshark is installed or not, try to start the network analyzer by typing in the Terminal window
sudo wireshark
(sudo
is a command that takes another command. It runs the 2nd command as if it were being run by the "superuser"/"root".)
If wireshark is not installed, try this:
sudo apt-get install wireshark
Answer Y and watch it install. Remember this apt-get install command -- you'll use it again.
(apt-get
is a command that goes out to the network to a repository and finds programs/libraries to install on a computer.)
sudo wireshark &
(Two little dialog boxes will pop up warning you of various errors and/or that this is dangerous. Click "Don't show this message again." and close the windows.)
When wireshark is up and running, arrange your screen so that you can see the wireshark window and another terminal window at the same time.
From the Capture -> Options menu of the wireshark window, set the configuration so that the following options are enabled:
Click Start.
Watch a few packets go past. Wait until you see a packet go by of a type you recognize (ARP, or ICMP, or DNS, or something else we've talked about in class). Stop the capture, and click on the packet you want to inspect in depth. Arrange the window so that you can see all 3 panels in wireshark -- including the binary dump of a packet at the bottom.
Click on a few fields at various layers of the packet -- IEEE 802.3 Ethernet layer, Logical-Link Control layer, etc. Notice how the other panels update to show you where the information is encoded in the packet. Answer these questions:
6. Capture ping packets
Start a new live capture (you don't need to store the previous capture.) One the Windoze machine, in a cmd window, run ping against the interface on the Linux box. E.g., ping 192.168.33.221
. You should see some activity in the wireshark window. Stop capturing packets by pushing the Stop button. Looking at the display, make sure you can locate all the ping packets that were just generated. Note: the ping
command sends ICMP
packets.
This time, you'll monitor the network traffic associated with ping, by filtering out all other packets. In wireshark, do these steps:
Start capturing packets again (this will clear the wireshark window). Now ping the IP address as above. (Use the up-arrow key to find the ping command in the window (every time you run a command, it is recorded in a history file. So you can rerun previous commands by using up-arrow to find them.)
You should see only the ping packets being shown.
Next, click the Clear button, to clear the filter.
8. A challenge
Clear all your filters in wireshark. Start a capture.
Go to your web browser and load the www.calvin.edu page. Stop your capture.
10. Clean up
Remove wireshark from your flash drive installation by doing this:
sudo apt-get purge wireshark
Unplug the white ethernet cables and plug in the orange ones. Remove the USB flash drive and reboot the machine.
Turn in the answers to the questions marked *** by submitting the file via Moodle.
20 points total:
5 points: All questions are answered
5 points: Depth of information from ifconfig investigation
10 points: Correct answers for wireshark tasks.