241_Lab3_Instructions_2205_Netlab

.docx

School

Rochester Institute of Technology *

*We aren’t endorsed by this school

Course

241

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by JusticeEagleMaster178

NSSA 241 Lab 3 –ARP and ICMP - Netlab Before starting each activity, review the report questions to ensure that all observations and data necessary to complete your report are recorded. Two students will work on one bench which has three PCs. Two benches comprise a pod of six PCs which are numbered 1-6. Overview In this lab you will construct a basic one switch topology. You will explore how ARP works by examining the ARP message exchange and the process of updating ARP tables on the end nodes/hosts of the topology. You will also examine the behavior and use of the ICMP Echo Request/Echo Reply Query messages and the error messages received when they fail. Objectives for this lab are:  Learning to setup and use Wireshark filtering  Examining the Address Resolution Protocol  Examining Internet Control Message Protocol Activity 0 – Setup  Before beginning any lab, reboot Windows 10 on all PCs to reset the PCs back to the NetLab default configuration.  Open a console session for one switch on the rack (E, F, or G). Do this before powering up the rack if you wish to observe the switch start up process. See Appendix 1 if you need a refresher on the instructions.  Power on the switch by powering up the rack. NOTE: as your switch boots up, there are two possibilities: (1) the switch may be set to factory defaults or (2) it may have previously been configured You will need to determine which state it is in to move ahead accordingly. Pay careful attention to this every week so that you are starting with a clean slate and not using a switch with unknown configurations. (1) If the switch is not configured (set at factory defaults), you will see the following prompt. Answer ‘no’: === SYSTEM CONFIGURATION DIALOG === Would you like to enter the initial configuration dialog? [yes]: <no> Press RETURN (ENTER) to get started! If you are seeing this autoconfiguration prompt, move past this gray instruction box, but keep in mind that you may need to erase your switch in the upcoming weeks using the write erase procedure in the Appendix. (2) If the switch has been previously configured, you will see the following prompt: Switch> 2205 – SPH/SPM Page 1

NSSA 241 Lab 3 –ARP and ICMP - Netlab If you are seeing the prompt indicating that your switch has already been configured, you MUST erase the device and reset it to the factory defaults. See Appendix 2 for the directions on how to erase the switch.  Once your device is set to the factory defaults (write erased), answer NO to the question regarding the initial configuration dialogue. We will never use the autoconfiguration in this class because it is very limited. Once you answer NO, the switch should immediately exit the autoconfiguration and you will see the following prompt: Switch> If you accidentally start the automatic setup you can break out of the setup using <ctrl> c. If asked in the autoconfiguration dialog, you should never set a password (do not enable secret) on these devices. Activity 1 – Construct a Basic Single Switched Network 1. Manually configure the IP address and mask on each bench PC using the IP address of 192.168.100.PM and a netmask of 255.255.255.0 . Do not configure anything else. 2. Unplug the PC end of the three short blue cables at the bench rack to isolate your bench PCs from the rest of the lab network. 3. Construct the topology in the diagram below using the Cisco switch labeled E, F, or G on the bench rack. You can connect to any ports on the switch. 4. Use ping to test that you have full connectivity between all your devices. Remember to physically examine the switch for connectivity indicators via the lights on the ports. Capture the pings with Wireshark for use in the next activity. PC 1/4 pings  PC 2/5 PC 2/5 pings  PC 1/4 2205 – SPH/SPM Page 2

NSSA 241 Lab 3 –ARP and ICMP - Netlab PC 3/6 pings  PC 2/5 Record each PCs IP and MAC address for future use when examining tables and capturing packets. Remember, MAC addresses can be found using the command: ipconfig /all IP Address MAC Address PC1/4 PC2/5 PC3/6 Activity 1 Questions: none Activity 2 – Understanding Wireshark Capture Window Using Display Filters When you open an existing trace or begin a capture session you will be in the main Wireshark window. There are nine distinct sections in the main Wireshark window: (1) Title (2) Menu (text) (3) Main Toolbar (icons) (4) Filter Toolbar (5) Wireless Toolbar (6) Packet List Pane (7) Packet Details Pane (8) Packet Bytes Pane (9) Status Bar By default all frames seen by Wireshark enabled NICs are captured. This can be overwhelming when trying to diagnose network issues or analyze traffic. To make it easier to locate the packets that will be useful you can: 1. sort your capture output 2. display only the packets you want to see using a display filter 3. limit the traffic captured using a capture filter Today we will practice and use the first two techniques. Sorting Capture Output Reference the picture of the Wireshark capture window above. Each column in the Packet List Pane has a header. Once you stop the capture you can organize the packets in the Packet Pane List by 2205 – SPH/SPM Page 3

NSSA 241 Lab 3 –ARP and ICMP - Netlab clicking on the header of the column type you want to sort the packets by. Clicking the same header multiple times will toggle the sort between ascending and descending order. Let’s try sorting. Using any ping capture from Activity 1 sort the packets as follows:  If the capture is running, stop it using the Stop button on the task bar or from the capture menu.  Click on the Protocol header  Click on the Source header  Click on the Destination header Implementing a Display Filter Display filters enable you to focus on specific packets based on a criteria you define. You can filter on traffic you want to see (inclusion filtering) or filter undesired traffic out of view (exclusion filtering). However, when you apply a display filter to your capture, the entire capture remains intact. While there are different ways to create and apply display filters we will focus on two simple display filters that can be used throughout this lab. Using any ping capture from Activity 1 do the following:  If the capture is running, stop it using the Stop button on the task bar or from the capture menu.  First Filter: In the blank area labeled ‘Filter’ above the Packet List Pane input ‘arp’ without the quotes and hit enter. Look at the status bar. What numbers are displayed in the Packets: and Displayed: fields? Look through what is displayed. What do you see and what don’t you see?  To remove the filter click on the ‘X’ at the end of the filter field.  Second filter: In the blank area labeled ‘Filter’ above the Packet List Pane input ‘icmp’ without the quotes and hit enter. Look at the status bar. What numbers are displayed in the Packets: and Displayed: fields? Look through what is displayed. What do you see and what don’t you see?  Remove the filter. _________________________________________________________________________________________________________________ Activity 2 Questions – Understanding Wireshark Capture Window Using Display Filter 1. ( 5 points) Describe how each column selection sorted the packets and give an example of how each one would be helpful in monitoring a network and/or debugging network problems. 2. (5 Points) Explain the significance of the numbers displayed in the Packets: and Displayed: fields. 3. (5 points) Describe the usefulness of the display filter in examining network traffic. _____________________________________________________________________________________________________________________ __ Activity 3 – Exploring ARP and ICMP Echo Request/Echo Reply Entries in an ARP table will “time out” if addresses are not referenced within a certain time period. For Windows, it is a random time between 15 – 45 seconds. But it is difficult to measure the times because table entries can be refreshed in a variety of ways as a result of activities on the network. Figure 1 shows the output of a Windows 10 command line request for the PC’s ARP Table. 2205 – SPH/SPM Page 4

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version