Name: Answer Key (without packet captures) Date: 4/21/13 Lab 1 - Single-Segment Network (Sections 2.1-2.

8 in Mastering Networks) (85 pts) In this lab you will learn how to configure a network interface for IP networking, how to access IP statistics and setting with the netstat command, how ARP works, and how hackers snoop passwords from the network. In other words, you will become acquainted with IP configuration issues on a single Ethernet segment. To complete this lab you must perform the following steps: Connect three of the Linux VMs to a virtual ethernet switch. Develop an addressing plan for for the topology, boot the VMs and use the Linux ifconfig command to configure the IP addresses and determine the MAC addresses for eth0 on all three PCs. Use the ping command to confirm that all hosts can reach each other, and use wireshark to capture some of the ping traffic. Include the address plan and MAC addresses (e.g. using the table below) along with the output from the ping command and wireshark data showing connectivity in your lab report (10 pts).
IP Address PC1 PC2 PC3 MAC Address

10.0.0.1/24 10.0.0.2/24 10.0.0.3/24

00:00:00:00:00:01 00:00:00:00:00:02 00:00:00:00:00:03

Experimenting with duplicate addresses: Choose an IP address range large enough for two hosts (i.e. at least a /30). Pick two addresses from this subnet. Using the ifconfig command configure one host with one of the addresses, and the other two hosts with the remaining address (i.e. these two hosts are configured with the same address). Include the address assignments in your lab report (5 pts).

PC1 - 10.0.0.1/24, 00:00:00:00:00:01 PC2 - 10.0.0.2/24, 00:00:00:00:00:02 PC3 - 10.0.0.2/24, 00:00:00:00:00:03 Using the arp command, clear the ARP cache on all three machines.

Telnet from the host assigned the unique address to the IP address shared by the other two hosts, and run the hostname command to determine which host youve logged into. Capture the output of the hostname command, and the packets exchanged as a result of the telnet command (including the ARP packets). Include the following in your lab report: An explanation of why the telnet session connected to the host it did, why the session continues to work once it is established, and what event could result in the connection failing after it was established, supported by evidence from the hostname output and packet capture (20 pts).

Telnet connected to the host that it did because that host was the first to respond to PC1s arp request. That host was then added to PC1s arp table, the other host was rejected as there was already an entry for the associated IP. This arp entry value is not permanent, by default the arp entry will live for 2 minutes if no further updates are made. If no update is made to refresh the arp table, then the value will become stale and be removed from the table. Then on user input in the telnet session, a new arp request will be sent, and a new connection made. Criss-Crossed Netmasks: there are three possible relationships between the IP address and prefix of a source and destination on a subnet: (1) the destination address is not in the sources prefix, (2) the source and destination addresses are in each others prefix, and (3) the the destination is in the sources prefix but not vice-versa. Configure the three hosts with addresses such that a pair of hosts exists with each of these relationships. Run ping tests between hosts with each of the three relationships. Capture the output of the ping command, and the packets exchanged as a result of the test. Include the following in your lab report: The topology and address assignment you used (10 pts). PC1: 10.0.0.101/24, 00:00:00:00:00:01 PC2: 10.0.2.202/24, 00:00:00:00:00:02 PC3: 10.0.0.103/16, 00:00:00:00:00:03 The commands you use for each test (including which host you ran it on), and an explanation for the results of each test, supported by evidence from the ping output and packet capture (25 pts).

PC1 can communicate with PC3. From PC1 to PC2 we get network unreachable (no route from 10.0.2.0/24 from PC1.

Associating names for IP addresses: select a pair of hosts from the previous exercise where the ping test was successful. Using gedit (or your Linux editor of choice) edit the /etc/hosts file on one of the pair of hosts to allow you to use a hostname of your choice (rather than its IP address) to ping the other host. Include a copy of the /etc/hosts file, the ping command and its output, and packet capture data to show you were successful (15 pts). localhost PC2

127.0.0.1 10.0.0.2

Restore the /etc/hosts file to its original state. Corrections, comments and suggestions for improving this lab greatly appreciated!