Lab 1 Introduction to Ethereal CMPE 150 Fall 2005 1 Introduction In this lab you will be introduced to the computers in the classroom as well as the basic functionality of Ethereal a network traffic analyzer You can also run Ethereal on your home computer It is open source software available under the GNU General Public License and can be downloaded for Linux Mac or Windows from http www ethereal com If there are any terms in this lab that you don t understand please ask the instructor or look them up Now is the best time to learn them 2 Lab Computers All of the computers in the lab run Ubuntu Linux 4 10 They each have equivalent software and are each connected to a pod of routers in the back of the room For the first few labs we will not be using these routers but you should look at the mapping of computers to routers on the whiteboard at the back of the room 2 1 Logging In To log in to one of the computers enter Username cisco Password cisco You are now at the desktop At the top left of the screen is the Applications menu Just to the right are four icons with commonly used applications for the classroom These are from left to right Firefox a terminal window Ethereal and OpenOffice 2 2 Determine Your IP Address It will be useful to know your computer s IP address to determine which packets are destined for your computer To find your current IP address open a terminal window and enter the command ifconfig cisco netlab 6 ifconfig Each of the sections in the output will correspond to a network interface on your computer The primary interface there is also a wireless card on the lab computers is eth0 This is the interface connected to the routers at the back of the room You will find your IP address in the eth0 section 1 next to inet addr Since the lab runs DHCP it is possible that this address will change over the quarter but not likely 3 Ethereal Ethereal is a program with which you can capture packets flowing across the local network Due to the topology of Ethernet you can capture packets destined to any computer in your local network Generally your network card would throw out any packets that are not destined for your computer but Ethereal allows you to see these packets You can see for example any http packets that are destined for your neighbor s computer Ethereal s documentation is online at http ethereal com docs You may want to take a look at the introduction of the User s Guide 3 1 Starting Ethereal Click on the Ethereal icon to run the program and enter cisco as the password 3 2 Starting the Ethereal Capture Choose Capture Start Make sure that eth0 is the interface selected Click OK At this point Ethereal begins capturing packets including unicasts directed for the MAC address of your Ethernet NIC broadcasts for all devices multicasts and unknown unicasts unicasts flooded by the switch when the Destination MAC address is not in its MAC Address Table 2 If you want to capture specific types of packets such as HTTP FTP or ICMP perform those operations now For example you could open up Firefox and navigate to a web site You could also open up a terminal window with the icon at the top of the desktop and ping something cisco netlab 6 ping google com 3 3 Stopping the Ethereal Capture The capture window lists the number of packets received for a number of protocols Which ones do you recognize Click the Stop button to end the capture 3 4 Looking at an Ethernet Frame The amount of information captured can be overwhelming We will see later how to filter the traffic so we see only the information we want The amount of frames captured can also be limited by capturing only those packets destined for your computer To do this you would uncheck the promiscuous mode checkbox when starting the capture Select a specific Ethernet frame For this example we will look at an HTTP frame 3 Inside the Ethernet frame is the data which is usually another protocol with its own data This encapsulation process most likely started with an application header HTTP etc with the original data Below is an example To view this information for both the Ethernet frame and the encapsulated upper layer protocols click on the right arrow next to that protocol The right arrow will turn into a down arrow and display the particular information It is shown is both hexadecimal and ASCII Take some time to browse around the data You re not expected to understand everything contained in these packets yet but you should understand the general concept of encapsulation and protocol layering Ask the lab instructor to explain these concepts if you don t understand 3 5 Lab Writeup To save the Ethernet frames to a text file choose File Export as Plain Text file You should hand in a printed copy of this output if there are many pages of output you don t need to include them all just the first few In the future there will be additional questions to answer but the purpose of this lab is just to get familiar with Ethereal Please log out after you are finished with the lab 4
View Full Document
Unlocking...