Lab 4

Configuring DNS client settings for Linux and Windows Stations
Watching DNS in action
Watching NAT in action

In this lab you will be using WS1, WS2 and Monitor/Nat Router stations.

Virtual machines and networks

For this and the following to labs we will be using virtual machines and networks running on two servers called cgs4285-a.cs.fiu.edu and cgs4285-b.cs.fiu.edu. There will be 18 groups of 2 students each, and each group will use a different virtual machine set for their virtual machines.

Each server has 5 virtual machines. In each lab you will be using 3 of the 5 virtual machines. The "cgs4285-mon" (or monitor/router) virtual machine will be used in all labs. The cgs4285-lab2-lab4-linux and the cgs4285-lab2-lab4-windows will be used for lab 4.

The virtual machines are connected via virtual switches. The windows system is on network 1 and the linux machine is on network 2. The monitor/router machine is connected to both net1 and net2, as well as connected to the outside world.

Here is a combined physical and logical diagram for the networks.
Network diagram in JPG format
Network diagram in PDF format

From a client workstations (such as workstations in the JCCL or ECS141) you use the tightvnc program to connect. The connection is to cgs4285-a.cs.fiu.edu:GX or cgs4285-b.cs.fiu.edu:59GX where G is the group number on the machine (-a or -b) and X is a virtual machine number (1-5).

X=
1 - monitor - used in all labs
2 - lab2-lab4-windows - used in lab2 and lab4
3 - lab2-lab4-linux - used in lab2 and lab4

Example: if your group is on cgs4285-a.cs.fiu.edu and is group 1 and you want to start up the 3 virtual machines for lab 4 you would use tightvnc to connect to remote host cgs4285-a.cs.fiu.edu:11 to connect to the monitor machine. You would use cgs4285-a.cs.fiu.edu:5912 to connect to the windows machine and cgs4285-a.cs.fiu.edu:13 to connect to the linux machine. The instructor will give you the password.

Lab 4 procedures

Each group of machines are equipped with a NAT router (M) which has a External IP address and a Private IP address.

The private address of the NAT router (MON) will be 10.100.1.254/24 on net 1 and 10.100.2.254/24 on net 2.

The public address will be an IP address on the network 64.64.64.0/24

The NAT box will translate between net1 (10.100.1.0/24) and net2 (10.100.2.0/24) and the external Internet. WS2 is a Linux machine with address 10.100.2.5/24 and WS1 is a Windows machine with address 10.100.1.5/24. The default route for both workstations should be 10.100.X.254.

Step 1: Verify that WS1 and WS2 have the correct IP addresses and default route (see lab 3 for the correct procedure).

Step 2: Configure DNS servers for WS1 and WS2.

Step 2.1: Configure WS2 to use 131.94.131.85 as a DNS resolver:

To do so on the Linux workstation (WS2), you need to modify the contents of the file /etc/resolv.conf. Since we want to use 131.94.131.85 as the DNS server, we will enter the following command:

	echo "nameserver 131.94.131.85" > /etc/resolv.conf

Step 2.2: Configure WS1 to use 131.94.131.85 as a DNS resolver:

Go to the TCP/IP properties and add 131.94.131.85 as the DNS server (see Lab 3).

Step 3: Start 'tcpdump' processes on M (the NAT router/monitor station) to catch packets on both the public and all private networks.

Step 3.1: Use the ifconfig command on Monitor/Router to find the external IP address given to eth0 interface and make note of it.

Step 3.2: As root on Monitor:

	tcpdump -i eth0 -n -s 0 -w /tmp/public.pcap host PUBLICIPADDRESS &
	tcpdump -i eth1 -n -s 0 -w /tmp/private-net1.pcap &
	tcpdump -i eth2 -n -s 0 -w /tmp/private-net2.pcap &

NOTE: these are three separate commands, one on each line. Don't forget the ampersands at the end of each line, which brings you back to the shell after each 'tcpdump' session is initiated. Hit the retuen key after each command to return to the standard shell prompt.

Replace PUBLICIPADDRESS with the public ip address of the monitor box (from step 3.1 above)

Step 4.1: On WS1 use the 'nc' program to connect to port 7 on cgs4285.cs.fiu.edu. Open a CMD shell. We will use a source port of 2000:

        nc -p 2000 cgs4285.cs.fiu.edu 7

Send random data by typing three or four lines. Each line you send should be echoed back to you.

Step 4.2: On WS2 use the 'nc' program to connect to port 7 on cgs4285.cs.fiu.edu. We will again use a source port of 2000:

        nc -p 2000 cgs4285.cs.fiu.edu 7

Again, send random data by typing three or four lines, then hit 'ctrl-c' on both WS1 and WS2 to stop the nc processes.

Step 5: Back on the NAT router/monitor box (M), type...

	kill %1 %2 %3

...to stop the 'tcpdump' processes.

Copy off the three 'pcap' files to your JCCL linux account on ocelot. You will use wireshark to analyze these offline. On M:

	scp /tmp/public.pcap USERNAME@ocelot.aul.fiu.edu:  	
	scp /tmp/private-net1.pcap USERNAME@ocelot.aul.fiu.edu:  	
	scp /tmp/private-net2.pcap USERNAME@ocelot.aul.fiu.edu:

(!! DON'T FORGET the colon at the end of the scp lines !!)

When reviewing the public pcap file you might want to use the filter "ip.addr == 131.94.133.12 or ip.addr == 131.94.131.85" to only see the packets we are interested in. 131.94.133.12 is the ip address of cgs4285.cs.fiu.edu and 131.94.131.85 is the resolving name server. This same filter can help with the private-net1.pcap and private-net2.pcap files also.

Questions to answer in the Lab Report using wireshark to analyze data from the public and private 'pcap' files:

Question One: What was the IP protocol type / source address / source port / destination address / destination port of the first packet of the TCP connection from WS1 as it arrived on the private interface (eth1) of the NAT gateway?
You will find this in the private-net1.pcap file. Remember that the characteristics are protocol TCP source port 2000, destination port 7, source IP is IP of WS1, destination IP is ip of cgs4285.cs.fiu.edu (131.94.133.12).

Question Two: What was the IP protocol type / source address / source port / destination address / destination port of the first packet of the TCP connection from WS1 as it left on the public interface of the NAT gateway?
You will find this in the public.pcap file. Remember the NAT box will translate the source IP (and maybe the source port), but the destination IP and destination port will be the same.

Question 3: What was the IP protocol type / source address / source port / destination address / destination port of the first packet of the TCP connection from WS2 as it arrived on the private interface of the NAT gateway?
You will find this in the private-net2.pcap file. Remember that the characteristics are protocol TCP source port 2000, destination port 7, source IP is IP of WS2, destination IP is ip of cgs4285.cs.fiu.edu (131.94.133.12).

Question 4: What was the IP protocol type / source address / source port / destination address / destination port of the first packet of the TCP connection from WS2 as it left on the public interface of the NAT gateway?
You will find this in the public.pcap file. Remember the NAT box will translate the source IP (and maybe the source port), but the destination IP and destination port will be the same.

Question 5: How did the NAT gateway know to deliver the appropriate TCP data to the appropriate host's private network? What components did it translate and how did it use this translation information to ensure that return packets were delivered to the correct hosts on the private network?

Include in your report an example of a UDP DNS query on the private side and on the public side. Additionally, include one example of the TCP session initiated (IE TCP SYN flag set) from WS2 (the linux station), again on the private and public sides. This means a total of four wireshark fully expanded outputs (see lab2 for details how to output wireshark framesi fully expanded).