241_Lab3_Instructions_2205_Netlab

docx

School

Rochester Institute of Technology *

*We aren’t endorsed by this school

Course

241

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by JusticeEagleMaster178

NSSA 241 Lab 3 –ARP and ICMP - Netlab Before starting each activity, review the report questions to ensure that all observations and data necessary to complete your report are recorded. Two students will work on one bench which has three PCs. Two benches comprise a pod of six PCs which are numbered 1-6. Overview In this lab you will construct a basic one switch topology. You will explore how ARP works by examining the ARP message exchange and the process of updating ARP tables on the end nodes/hosts of the topology. You will also examine the behavior and use of the ICMP Echo Request/Echo Reply Query messages and the error messages received when they fail. Objectives for this lab are:  Learning to setup and use Wireshark filtering  Examining the Address Resolution Protocol  Examining Internet Control Message Protocol Activity 0 – Setup  Before beginning any lab, reboot Windows 10 on all PCs to reset the PCs back to the NetLab default configuration.  Open a console session for one switch on the rack (E, F, or G). Do this before powering up the rack if you wish to observe the switch start up process. See Appendix 1 if you need a refresher on the instructions.  Power on the switch by powering up the rack. NOTE: as your switch boots up, there are two possibilities: (1) the switch may be set to factory defaults or (2) it may have previously been configured You will need to determine which state it is in to move ahead accordingly. Pay careful attention to this every week so that you are starting with a clean slate and not using a switch with unknown configurations. (1) If the switch is not configured (set at factory defaults), you will see the following prompt. Answer ‘no’: === SYSTEM CONFIGURATION DIALOG === Would you like to enter the initial configuration dialog? [yes]: <no> Press RETURN (ENTER) to get started! If you are seeing this autoconfiguration prompt, move past this gray instruction box, but keep in mind that you may need to erase your switch in the upcoming weeks using the write erase procedure in the Appendix. (2) If the switch has been previously configured, you will see the following prompt: Switch> 2205 – SPH/SPM Page 1

NSSA 241 Lab 3 –ARP and ICMP - Netlab If you are seeing the prompt indicating that your switch has already been configured, you MUST erase the device and reset it to the factory defaults. See Appendix 2 for the directions on how to erase the switch.  Once your device is set to the factory defaults (write erased), answer NO to the question regarding the initial configuration dialogue. We will never use the autoconfiguration in this class because it is very limited. Once you answer NO, the switch should immediately exit the autoconfiguration and you will see the following prompt: Switch> If you accidentally start the automatic setup you can break out of the setup using <ctrl> c. If asked in the autoconfiguration dialog, you should never set a password (do not enable secret) on these devices. Activity 1 – Construct a Basic Single Switched Network 1. Manually configure the IP address and mask on each bench PC using the IP address of 192.168.100.PM and a netmask of 255.255.255.0 . Do not configure anything else. 2. Unplug the PC end of the three short blue cables at the bench rack to isolate your bench PCs from the rest of the lab network. 3. Construct the topology in the diagram below using the Cisco switch labeled E, F, or G on the bench rack. You can connect to any ports on the switch. 4. Use ping to test that you have full connectivity between all your devices. Remember to physically examine the switch for connectivity indicators via the lights on the ports. Capture the pings with Wireshark for use in the next activity. PC 1/4 pings  PC 2/5 PC 2/5 pings  PC 1/4 2205 – SPH/SPM Page 2

NSSA 241 Lab 3 –ARP and ICMP - Netlab PC 3/6 pings  PC 2/5 Record each PCs IP and MAC address for future use when examining tables and capturing packets. Remember, MAC addresses can be found using the command: ipconfig /all IP Address MAC Address PC1/4 PC2/5 PC3/6 Activity 1 Questions: none Activity 2 – Understanding Wireshark Capture Window Using Display Filters When you open an existing trace or begin a capture session you will be in the main Wireshark window. There are nine distinct sections in the main Wireshark window: (1) Title (2) Menu (text) (3) Main Toolbar (icons) (4) Filter Toolbar (5) Wireless Toolbar (6) Packet List Pane (7) Packet Details Pane (8) Packet Bytes Pane (9) Status Bar By default all frames seen by Wireshark enabled NICs are captured. This can be overwhelming when trying to diagnose network issues or analyze traffic. To make it easier to locate the packets that will be useful you can: 1. sort your capture output 2. display only the packets you want to see using a display filter 3. limit the traffic captured using a capture filter Today we will practice and use the first two techniques. Sorting Capture Output Reference the picture of the Wireshark capture window above. Each column in the Packet List Pane has a header. Once you stop the capture you can organize the packets in the Packet Pane List by 2205 – SPH/SPM Page 3

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

NSSA 241 Lab 3 –ARP and ICMP - Netlab clicking on the header of the column type you want to sort the packets by. Clicking the same header multiple times will toggle the sort between ascending and descending order. Let’s try sorting. Using any ping capture from Activity 1 sort the packets as follows:  If the capture is running, stop it using the Stop button on the task bar or from the capture menu.  Click on the Protocol header  Click on the Source header  Click on the Destination header Implementing a Display Filter Display filters enable you to focus on specific packets based on a criteria you define. You can filter on traffic you want to see (inclusion filtering) or filter undesired traffic out of view (exclusion filtering). However, when you apply a display filter to your capture, the entire capture remains intact. While there are different ways to create and apply display filters we will focus on two simple display filters that can be used throughout this lab. Using any ping capture from Activity 1 do the following:  If the capture is running, stop it using the Stop button on the task bar or from the capture menu.  First Filter: In the blank area labeled ‘Filter’ above the Packet List Pane input ‘arp’ without the quotes and hit enter. Look at the status bar. What numbers are displayed in the Packets: and Displayed: fields? Look through what is displayed. What do you see and what don’t you see?  To remove the filter click on the ‘X’ at the end of the filter field.  Second filter: In the blank area labeled ‘Filter’ above the Packet List Pane input ‘icmp’ without the quotes and hit enter. Look at the status bar. What numbers are displayed in the Packets: and Displayed: fields? Look through what is displayed. What do you see and what don’t you see?  Remove the filter. _________________________________________________________________________________________________________________ Activity 2 Questions – Understanding Wireshark Capture Window Using Display Filter 1. ( 5 points) Describe how each column selection sorted the packets and give an example of how each one would be helpful in monitoring a network and/or debugging network problems. 2. (5 Points) Explain the significance of the numbers displayed in the Packets: and Displayed: fields. 3. (5 points) Describe the usefulness of the display filter in examining network traffic. _____________________________________________________________________________________________________________________ __ Activity 3 – Exploring ARP and ICMP Echo Request/Echo Reply Entries in an ARP table will “time out” if addresses are not referenced within a certain time period. For Windows, it is a random time between 15 – 45 seconds. But it is difficult to measure the times because table entries can be refreshed in a variety of ways as a result of activities on the network. Figure 1 shows the output of a Windows 10 command line request for the PC’s ARP Table. 2205 – SPH/SPM Page 4

NSSA 241 Lab 3 –ARP and ICMP - Netlab Figure 1 – Windows ARP Table 1. Examine the ARP tables on the Windows PCs by using the command arp –a . Consider if the entries appear correct based on the pings that you have already completed. Take screen shots of each one; you will need them to answer the lab questions. Use MS-DOS HELP ( arp /help ) to find other arp command options. 2. Wait one or two minutes then check the arp tables again to see if the dynamic entries are gone. Sometimes the arp table gets repopulated before you can look at it. If you find that the dynamic entries are not timing out unplug the PC from the network and wait until the dynamic entries are gone to proceed with the experiment. Reconnect the PCs to the switch. 3. Start a Wireshark capture on each PC. 4. Perform the following ping tests using one ping as directed below and capture the complete ping exchange on each PC. After each ping:  Check and save a screen capture of the arp table on each PC using arp –a . (you will use this to answer the lab questions.)  Check which if any arp table was updated by the ping.  If an arp table was updated note which device’s information is recorded in the arp table as a result of each ping. 5. To send only one ping use the following command: ping -n 1 <IP_ADDRESS> PC 1/4  PC 3/6 PC 1/4  PC 2/5 PC 3/6  PC 2/5 _____________________________________________________________________________________________________________________ Activity 3 Questions– Exploring ARP and ICMP Echo Request/Echo Reply 4. (6 points) Explain the difference between the ARP tables on each PC. 5. (4 points) Describe the arp command options other than –a and how each is used. 6. (9 points)After each ping which devices see the arp requests and/or the arp replies? Which PC’s ARP table was updated? What device’s information is recorded in each arp table as a result of this one ping? Ping source and destination Which PCs see the ARP Request/Reply Which PCs ARP tables were updated Which device was recorded in the Arp table PC 1/4  PC 3/6 2205 – SPH/SPM Page 5

NSSA 241 Lab 3 –ARP and ICMP - Netlab PC 1/4  PC 2/5 PC 3/6  PC 2/5 7. (18 points)Explain the traffic flow between PCs that results from each ping. Were you able to see everyone’s ping traffic at each station? If not, what traffic was not visible, at each station? Why was it not visible? Ping source and destination Wireshark observing from Is ping visible (yes/no) Explain why the ping is visible or not PC 1/4  PC 3/6 PC 1/4 PC 1/4  PC 3/6 PC 2/5 PC 1/4  PC 3/6 PC 3/6 PC 1/4  PC 2/5 PC 1/4 PC 1/4  PC 2/5 PC 2/5 PC 1/4  PC 2/5 PC 3/6 PC 3/6  PC 2/5 PC 1/4 PC 3/6  PC 2/5 PC 2/5 PC 3/6  PC 2/5 PC 3/6 8. (8 points)Diagram two Ethernet frames: one encapsulating the Echo Request and one encapsulating the Echo Reply.  Include all fields, field sizes, and field contents for the Ethernet frame header,  Include all fields, field sizes, and field contents for the IP packet header  Include all fields, field sizes, and field contents for the ICMP header  If there is any data beyond the ICMP header simply put in the word “data”.  Explain the function of each field in the Ethernet, IP, and ICMP headers.  Use the following image as a model to create your own image and fill in the data for each field. 2205 – SPH/SPM Page 6

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

NSSA 241 Lab 3 –ARP and ICMP - Netlab 9. (4 points) What is in the payload (data portion) of an icmp echo packets? 10. (4 points) Does the switch have an arp table? If so, provide it. If not, explain why not. _____________________________________________________________________________________________________________________ Activity 4 - Pinging a non-existent device on your network 1. Check the arp tables on all three PCs and make sure they are all fully populated before running this experiment. 2. While running Wireshark on all three PCs, ping an address that is allocated to the subnet in use but does not actually have a machine associated with it from PC1/4. Do it again from PC2/5. For example, use the IP address: 192.168.100.199 . Because there is no machine with this IP address actually up and running on the network, the ping will fail. It is important to understand where it fails. Examine the resulting ICMP messages in your command window and in the Wireshark capture to help in addressing this question. _____________________________________________________________________________________________________________________ Activity 4 Questions: Pinging a non-existent device on your network 11. (4 points)A single arp request should result from the attempted ping. Diagram the arp request message filling in all of the fields with the data from your test (IP addresses, MAC addresses, etc.). Be sure to label each field appropriately. 12. (4 points)Explain why only this single arp request was generated. 13. (4points)Why doesn’t the source node issue an icmp echo request for the destination address? Be thorough in your explanation. 14. (4 points)Are any of the ARP tables modified as a result of these pings? Explain why or why not. _____________________________________________________________________________________________________________________ Activity 5 – Exploring Traceroute 1. Reconnect one of the PCs to the DHCP server via the rack ports (short blue cables). Modify its TCP/IP properties to be automatically configured via DHCP. 2. Check to be sure it has reacquired a 10.140.100.0 IP address using the ipconfig /all command. 3. Start a Wireshark capture. Save the captures and screen shots of the tests below to answer the lab questions. 4. Use the Traceroute utility (tracert <destination>) in the DOS command window to determine the network path to each of the following and save a screen capture of each test:  The RIT DNS Server 129.21.3.17  Use an off-campus site such as www.google.com . _____________________________________________________________________________________________________________________ Activity 5 Questions: Exploring Traceroute 15. (6 points)Using the DOS screen shots and the Wireshark captures explain how ICMP is used to determine the path to the destinations in each test. Explain step-by-step what this 2205 – SPH/SPM Page 7

NSSA 241 Lab 3 –ARP and ICMP - Netlab utility is doing. Be sure to address both the IP addresses and millisecond parameters that are being reported to the screen and in the Wireshark messages. The RIT DNS Server www.google.com 16. (6 points)Diagram an Ethernet frame that encapsulates the ICMP packet used in the Traceroute utility. Include all fields, field sizes, and the content of the fields for both Ethernet and ICMP. If there is any data beyond ICMP header simply put in the word “data”. Explain the function of each field in the headers. 17. (4 points) How might traceroute be used by a network administrator? _____________________________________________________________________________________________________________________ 2205 – SPH/SPM Page 8

NSSA 241 Lab 3 –ARP and ICMP - Netlab Appendix 1 – Cisco Console Connection To setup a console connection:  Locate the green PC console ports on the bench rack (one per PC) – this port is wired to the console port on the back of the PC. Look at the connection to trace the wiring.  Locate the green console port on the bench rack for the Cisco switch, labeled with the equipment letter. This port is wired to the console port on the back of the switch.  Use a straight-though Ethernet cable to connect the green PC console port in the bench rack to the green Cisco switch console port. 1. Open and configure a terminal emulator program to configure the switch: a. Search for Putty on your Windows PC and start it b. Configure the Putty terminal session: Session: Serial (change from SSH)  Connection: Serial  Serial Line: COM 1  9600 Baud  8 bits of data  1 stop bit  No parity  No flow control c. Open the connection. 2205 – SPH/SPM Page 9

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

NSSA 241 Lab 3 –ARP and ICMP - Netlab Appendix 2 – Switch Write Erase Procedure 1. Use the following procedure to erase the switch:  Wait for the device to present a Switch> prompt  Issue the enable command. The device will present a Switch# prompt  Issue the write erase command at the prompt (this erases the non-volatile memory, NVRAM)  Enter delete flash:vlan.dat (this deletes any VLAN configurations)  If you are prompted to confirm these choices, type “y” and enter.  Issue the reload command at the prompt  If prompted to save the configuration, select “ no ”.  When asked to confirm the reload, select “ yes ”.  After the reload, the system prompts with “enter the initial configuration dialog”, select “ no ”.  When asked to “terminate the autoinstall,” select “yes”.  When the message, “Press RETURN to get started!” displays hit return. At this point the switch should be set to its default configuration settings. Appendix 3 – List of Cisco IOS commands enable configure terminal shutdown / no shutdown show interfaces (to display information on all interfaces) show interfaces f 0/2 (to display a specific Interface) show spanning-tree show mac address-table show run show monitor debug spanning-tree events switchport access ctrl z ctrl c exit ? tab interface f 0/1 2205 – SPH/SPM Page 10

241_Lab3_Instructions_2205_Netlab

Related Documents