DOC PREVIEW
GT ECE 4110 - Lab 4 - Network Traffic Analyzers and Other Tools

This preview shows page 1-2-3-4 out of 13 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 13 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

ECE4110 Fall Semester, 2010Lab 4 - Network Traffic Analyzers and Other ToolsAssigned: Oct 8, 2010 Due: Oct 22, 2010Group Number:Member Names:Lab Goals1. Understand network analysis and scanning tools: ping, ethereal, and nmap tools2. Understand network vulnerabilities in FTP, and TELNET3. Understand MAC address, IP address, and TCP spoofing techniques1 Ping vs. EtherealDo a ping from your machine to 57.35.6.245. Use ethereal to collect approximately 5 to 10 pingpacketsQ1.1 What is the total length of each IP packet?Q1.2 What type of protocol do you see inside the protocol field of each packet?Q1.3 List two additional types of messages, which also use the same protocol as ping. (Don’task TA for the answer)Q1.4 How much data is inside each of these protocol packets?1Q1.5 How long does it take for the echo reply to come back according to ethereal?Q1.6 How long does it take for the echo reply to come back according to the statistics yousee on your Linux machine? (Note you can see these statistics on the screen after you use a<Ctrl-C> to stop the ping process)Q1.7 Are ethereal and ping the same in terms of accuracy? Explain.2 Network Vulnerabilities1. Use ethereal to watch an ftp session from your machine to gatechftp, which has ipaddress 57.35.6.245. From your PC typeftp 57.35.6.245 and use linux class as the user, linux class as the password.Then, typequit to terminate the session.Q2.1 Can you see your password in the tcp data on the analyzer?2. Now repeat the process but use ssh.Typessh -l linuxclass 57.35.6.245 (note: it is a lower case ’L’ not the number 1)(you might get a prompt asking if you want to continue or not. Type yes here). Enterlinuxclass (as the password). Then, typeexit to terminate the session.Q2.2 Can you see your password using secure shell login?This is the advantage of ssh and why soon you will no longer be able to use ftp in mostcompanies. Optional: For more info on ssh take a look at: http://www.ssh.com/tech/whitepapers/SSH_Secure\_Shell.pdf.23. Now repeat the process using telnet From you PC typetelnet 57.35.6.245 and use linuxclass as the user, and linux class as the password.Then, typeexit to terminate the connection.Q2.3 Do you see the individual characters of your password in the TCP packets? (Hint:Expand the field labeled ’Telnet’ in the lower window and look at successive packets sentfrom your machine to gatechftp).3 Network ScanningType man nmap and read the man page.Type nmap -h and look at the result.Q3.1 Explain what nmap would do if you were to type nmap -v 57.35.6.245 and ranthe default scan. Hint look at nmap -h output.Q3.2 What ports are open on 57.35.6.245? Hint run nmap -v 57.35.6.245In a second window start ethereal (maybe not in promiscuous mode so you do not see your neigh-bors traffic) and start packet collection. Type nmap -v 57.35.6.245¿ again. Stop etherealpacket collection and look at the output of ethereal.Q3.3 Explain in general what you see in terms of what types of packets is your machinesending to 57.35.6.245.Type nmap -v 127.0.0.1.Q3.4 What ports are open on your own machine?3Type nmap -O 57.35.6.245 (That is a capital O not a zero).Q3.5 Is nmap up to date enough/capable enough to know what operating system we arerunning on gatechftp?Q3.6 Can nmap determine exactly which kernel version is being run on gatechftp? An-swer yes or no. (As an afterthought try this on your own machine nmap -O 127.0.0.1)Type nmap -sT 57.35.6.245 This is another type of scan.Q3.7 What ports does this scan find open? Why are they different or why are they the same asbefore (i.e., default scanning of root privileges)? Explain.There is a machine on the same subnet as gatechftp running a web server.Use nmap sT 57.35.6.245-254 to find out the IP of that machine.Q3.8 What port indicates that there is a web server running?Open the web browser, the icon next to the Redhat, and type the IP you just found in the addressbar.Q3.9 What web server did you find?Aside: The nmap frontend (invoked in a terminal by typing nmapfe) is a graphical interface thatwe did not use in the lab but it works the same way in general.4 MAC Address SpoofingThe MAC address for a network interface is assigned by the hardware manufacturer at the timeof manufacture. Addresses are therefore completely independent of the network to which theyare attached, and addresses can be spoofed with relative ease. This spoofing has the potential to4undermine common security measures. OIT, for example, uses MAC addresses on ResNet and onLAWN to tie network traffic to particular students. (Students tell OIT their MAC address whenthey register on ResNet or log into LAWN). By forging another students MAC address, OIT couldbe led to believe that your malicious activity was actually that of another student. As anotherexample, many wireless routers only allow access from a white list of MAC addresses so that onlycertain computers can access the wireless network.You may want to use ethereal and initiate some network traffic to observe the new MAC addressbeing used.Exercise: Linux MAC CloningInspect the current MAC and IP address:1. Type the command ifconfig eth0.2. Record your results (either as a screen shot OR as a text file, you will need to turn it in).3. Type the command ifconfig eth0 down or use the Linux command ifdown eth0.4. Type the command ifconfig eth0 hw ether 00:30:65:24:21:30 (or an Eth-ernet address you create).5. Type the command ifconfig eth0 up6. Type ifconfig eth0 again and record your results (either as a screen shot OR as a textfile, you will need to turn it in).7. Now revert back to the old MAC address by re–doing steps 3–5, but using the MAC addressfrom step 2 in step 4. Type ifconfig eth0 to ensure that you did this correctly. (Youdo not need a screenshot).Q4.1 What would happen if two hosts on the same network had the same MAC address?Explain.Q4.2 Although it is relatively simple to forge a MAC address, it is very difficult to determinethe MAC address of a host on a subnet to which you do not already have access. Why is thistrue?55 IP Address SpoofingFor this section you will need to setup vmware and create two virtual machines. Look at the Ap-pendix for instructions on how to do this. Once you have set up vmware and the virtual machines,continue on this section.For here on in, host machine refers to your base Red Hat installation with IP 57.35.6.x. VM1 isthe first WS4 virtual machine, with IP 57.35.6.x+1, and VM2 is the copy WS4 machine, with IP57.35.6.x+2.From VM1,


View Full Document

GT ECE 4110 - Lab 4 - Network Traffic Analyzers and Other Tools

Documents in this Course
PUSH Flag

PUSH Flag

17 pages

Ethernet

Ethernet

33 pages

Load more
Download Lab 4 - Network Traffic Analyzers and Other Tools
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lab 4 - Network Traffic Analyzers and Other Tools and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lab 4 - Network Traffic Analyzers and Other Tools 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?