Lab 3

Configuring IP addresses for Linux and Windows
Watching ARP
Watching packets travel between networks
Seeing ICMP responses

Virtual machines and networks

For this and the following to labs we will be using virtual machines and networks running on two servers called cgs4285-a.cs.fiu.edu and cgs4285-b.cs.fiu.edu. There will be 18 groups of 2 students each, and each group will use a different virtual machine set for their virtual machines.

Each server has 5 virtual machines. In each lab you will be using 3 of the 5 virtual machines. The "cgs4285-mon" (or monitor/router) virtual machine will be used in all labs. The cgs4285-lab2-lab4-linux and the cgs4285-lab2-lab4-windows will be used for lab 2 and lab 4. The cgs4285-lab3-linux and cgs4285-lab3-windows will be used in lab 3.

The virtual machines are connected via virtual switches. The windows system is on network 1 and the linux machine is on network 2. The monitor/router machine is connected to both net1 and net2, as well as connected to the outside world.

Here is a combined physical and logical diagram for the networks.
Network diagram in JPG format
Network diagram in PDF format

From a client workstations (such as workstations in the JCCL or ECS141) you use the tightvnc program to connect. The connection is to cgs4285-a.cs.fiu.edu:GX or cgs4285-b.cs.fiu.edu:GX where G is the group number on the machine (-a or -b) and X is a virtual machine number (1-5).

X=
1 - monitor - used in all labs
2 - lab2-lab4-windows - used in lab2 and lab4
3 - lab2-lab4-linux - used in lab2 and lab4
4 - lab3-windows - used in lab3
5 - lab3-linux - used in lab3

Example if your group is on cgs4285-a.cs.fiu.edu and is group 1 and you want to start up the 3 virtual machines for lab 2 you would use tightvnc to connect to remote host cgs4285-a.cs.fiu.edu:5911 to connect to the monitor machine. You would user cgs4285-a.cs.fiu.edu:5912 to connect to the windows machine and cgs4285-a.cs.fiu.edu:5913 to connect to the linux machine. The instructor will give you the password.

For lab 3 you will connect to cgs4285-X port 59Y1 for router/monitor
For lab 3 you will connect to cgs4285-X port 59Y4 for windows workstation
For lab 3 you will connect to cgs4285-X port 59Y5 for wnuxindows workstation

X is a or b.
Y is group number.

Lab 3 procedures

Each of the virtual systems have two networks 10.100.1.0/24 and 10.100.2.0/24. Net 10.100.1.0/24 has a Windows workstation (WS1), and net 10.100.2.0/24 has an linux/knoppix end workstation (WS2). Both networks are monitored by the MON monitor station. The MON monitor station will work as a router between the two systems as well.

First you will need to configure the IP parameters for the workstations on each network. (NOT the monitor/router, just end workstations: WS1 and WS2)


WS1 (Windows) has ip address/netmask of 10.100.1.5/24, and default route 10.100.1.254
WS2 (Linux) has ip address/netmask of 10.100.2.5/24, and default route 10.100.2.254

The important parameters are:

Address
Netmask
Directed broadcast (compute from address and netmask)
Default gateway/route (which will be host 254 on the respective networks)

On MON (Monitor/router)

Remove the default route on the mon box and add a special route so you can copy off your data.

	route del -net default 
	route add -net 131.94.0.0/16 gw 64.64.64.1

On WS2 (Linux end station)

Use the 'ifconfig' command from a window with a root shell

	ifconfig eth0 IPADDRESS netmask NETMASK broadcast BROADCAST up

Then use the 'route' command to add the default gateway:

	route add -net default gw DEFAULTROUTE

Replace IPADDRESS, NETMASK, BROADCAST and DEFAULT with the appropriate ip address, netmask, broadcast address and default gateway/route.

On WS1 (Windows end station)

Right click the network icon in the lower right hand side. Then click "Open Network and Sharing Center" Then click "Change Adaptor settings" (on left side). Then right click the Ethernet and choose "Properties" from the menu.

Make sure only the "Internet Protocol Version 4" is checked and highlight it. Again hit 'Properties'. Set it to "Use this IP address" and enter the IP address, netmask and default gateway as specified above.

If a question about being discoverable pops up, just click the desktop (do not answer the question) and it will go away.

After configuring our stations with the proper LAN settings, the first step is to setup the 'tcpdump' capturing processes on the monitor station to catch packets on both networks. As root on monitor


	tcpdump -i eth1 -n -s 0 -w /tmp/net1.pcap &

	tcpdump -i eth2 -n -s 0 -w /tmp/net2.pcap &

NOTE: these are two separate commands, one on each line. Don't forget the ampersands at the end of each line, which brings you back to the shell after each 'tcpdump' session is initiated.

From 10.100.2.5 (WS2) you will do 4 pings:

	ping -c 4 10.100.1.5   (a host that exists on other net)	(ping1)
	ping -c 4 10.100.2.250 (non-existent host on same net)		(ping2)
	ping -c 4 10.100.1.250 (non-existent host on other net)		(ping3)
	ping -c 4 10.100.3.250 (non-existent host on unknown net)	(ping4)

You will want to wait about 30 seconds between each ping to be sure you can easily identify each ping in the captured data.

After performing all the ping commands, you need to stop the 'tcpdump' processes. From the monitor station ('M'), execute this command:

        kill %1 %2

Copy off the two 'pcap' files to your JCCL linux account on ocelot.cs.fiu.edu. You will use wireshark to analyze these offline. On the Monitor Station mon, copy the 'pcap' files onto your JCCL account:

	scp /tmp/net1.pcap USERNAME@ocelot.aul.fiu.edu:  	
	
	scp /tmp/net2.pcap USERNAME@ocelot.aul.fiu.edu:

(!! DON'T FORGET the colon at the end of the scp lines !!)

Use wireshark to analyze data from the packet captures on net 10.100.1.0/24 (net1.pcap) and 10.100.2.0/24 (net2.pcap). Be sure to answer the following questions in your lab report:

Q0 - What virtual system did you use cgs4285-a or cgs4284-b? What was your group number?
Q1 - During ping1 what was the Ethernet destination for the ICMP echo request on network 10.100.2.0/24? What was the IP address of this Ethernet interface? Was the IP address of the interface with that Ethernet address the same as the IP destination address in the IP datagram itself?
Q2 - During ping2 WS2 sent out some packets on net2. What were these packets and what was the destination Ethernet address?
Q3 - What did the router (mon) do during ping3 on net1 (10.100.1.0/24)? What kind of packets (if any) did it send to net1, and what kind of packets (if any) did it send to net2 (10.100.2.0/24)? Be specific when describing the packets. Source and destination Ethernet and IP addresses should be included, as well as type of packet and function.
Q4 - What did the router (mon) do during ping4 on net 10.100.2.0/24? What kind of packets (if any) did it send to net2, and what kind of packets (if any) did it send to net1 (10.100.1.0/24)? Be specific when describing the packets. Source and destination Ethernet and IP addresses should be included, as well as type of packet and function.
Q5 - Explain in detail why the router acted differently on ping 3 and ping 4.

Include examples of *one* ICMP host unreachable message and *one* ICMP net unreachable message with your Lab Report, as seen on net2.pcap. (ASCII full expanded export)