School of Computing and Information Systems
COMP30023: Computer Systems
Practical Week 12
Copyright By PowCoder代写 加微信 powcoder
1 Introduction
In this workshop, we will be learning about utility tools for the networking layer on Linux.
2 ip and route
First, lets look at how to obtain our host IP address, without relying on external 3rd party services.
1. On your VM, run
Find your VMs IP address, and netmask. Express this as “/n”. Confirm that the broadcast address is the
IP address for your subnet that has all 1s for the host component. Together, write a list of the subnets
that everyone in your breakout room belongs to. Does your host have any other IP addresses? How many?
How many does each interface?
2. On your VM, type the command $ ip neigh to find reachable networking peers. Discuss what do the
entries XX:XX:XX:XX:XX:XX represent?
3. The ip utility tool is quite comprehensive and more or less gives you every piece of information related
to the network layer. To learn more, run
4. On your VM, type the command $ route -n to find your IPv4 routing table. Observe the use of the
address 0.0.0.0 to mean default in two contexts. That is the rule that will be used for all packets not
matching any other rule. Is your gateway an internal or external address? Is your default gateway on the
same subnet as you? Is it possible to have a default gateway that is not on your local subnet?
For the curious: Why is there an entry for the address range 169.254.0.0/16?
(Hint: http://packetlife.net/blog/2008/sep/24/169-254-0-0-addresses-explained,
https://datatracker.ietf.org/doc/html/rfc3927)
The ping tool is commonly used to test reachability of a host on a network.
Using the command line on your local device for this task:
1. Perform a ping request to the server cis.unimelb.edu.au (on your local device).
Command: $ ping cis.unimelb.edu.au (Terminate using Ctrl+C)
2. Now perform a ping request to the server ping.online.net (on your local device).
Compare the round trip times with those seen above.
Use iplocation.net to determine the country the server ping.online.net is located in.
3. A common method to determine whether you have Internet connectivity is to ping a highly reliable server
on the Internet. Some examples of such servers are 4.2.2.2, 1.1.1.1 and 8.8.8.8.
Try pinging these servers. Use the command $ whois 4.2.2.2 to see who owns that IP address.
What kind of servers do you think these IP addresses relate to?
https://www.tummy.com/articles/famous-dns-server/ is a nice article which talks about the history
of the famous IP address 4.2.2.2.
http://packetlife.net/blog/2008/sep/24/169-254-0-0-addresses-explained
https://datatracker.ietf.org/doc/html/rfc3927
https://www.tummy.com/articles/famous-dns-server/
4 traceroute
The traceroute command finds the path that packets follow when heading to a destination. It does this by
starting with a time-to-live (TTL) value of 1. After one hop, this packet is discarded, and the router that
discards it sends an Internet Control Messaging Protocol (ICMP) packet back saying that it has expired. The
source address of this packet is taken as the first hop of the path to the destination. This is repeated with a
TTL of 2, and then 3, and so on until the destination is reached, or the TTL reaches 30. Install it with the
$ sudo apt install traceroute
Then run it with
$ traceroute cis.unimelb.edu.au
The last few lines may say * * *. That means that either the router at which TTL=0 doesnt reply with an ICMP
message, or that one of the routers along the path drops the ICMP messages, or the initial traceroute probes.
If you have time, traceroute to several locations in the unimelb.edu.au domain, such as eng.unimelb.edu.au.
From these, try to work out the local connectivity.
Looking Glass servers provide web-based access to the routers of Internet Service Providers. A list of looking
glass servers is available at traceroute.org.
Use the looking glass servers of Telstra (https://www.telstra.net/cgi-bin/trace) and iiNet (http://
looking-glass.iinet.net.au/lg.cgi) to send traceroute requests to the same server (e.g. ping.online.net)
from different cities.
Observe the common links in the traceroutes. Does the oceanic link look the same?
5 Network Scanning
Now that we have kind of know how to explore, troubleshoot our personal host. Lets learn how to investigate,
troubleshoot external hosts from our host. The go-to tool is nmap . Install this by running
$ sudo apt install nmap .
WARNING: YOU MUST USE YOUR ASSIGNED VM FOR THIS subsection.
1. Let’s start with the basics, to do a basic default port scan on a target host (i.e. 172.26.129.143). Run:
$ nmap 172.26.129.143
2. If nmap does not give you any hints as to what ports are open, it may be because that the target host
blocks ping probes. To get around that, you can run:
$ nmap -Pn IP
Try this command again with the host and check if there is an open SMTP port.
If a SMTP port is open, use telnet to send a HELO comp30023 message and see if you receive a positive
response (i.e. 250). If you received a 250, you have successfully interacted with a STMP server.
Press Ctrl-] and type quit (or Ctrl-D) to exit.
3. Now, lets go on a treasure hunt and find a funny service that one of our tutors have prepared.
nmap also allows you to scan port ranges. Run:
$ nmap -Pn -p8000-10000 172.26.129.143
Start the treasure hunt from the first port in the range 8000-10000 (which is hosting a HTTP server):
$ curl 172.26.129.143:
and follow the trail to find the treasure.
4. nmap is a very useful tool as a developer, you can use this to troubleshoot most, if not all network
applications to figure out what problems exist from a networking perspective. If firewalls are blocking
your service, or just to do sanity checks to check if a service is running and accessible from an external
host. Read more about nmap in man nmap . A word of caution, using nmap on public networks, from
your home IP address is a federal cybercrime offence punishable by law and most certainly violates the
traceroute.org
https://www.telstra.net/cgi-bin/trace
http://looking-glass.iinet.net.au/lg.cgi
http://looking-glass.iinet.net.au/lg.cgi
Terms of Service of your ISP. You should also not run nmap scans originating from the university servers
to external networks without permission.
6 Bonus: TLS and Wireshark
1. Open the file https-trace.pcapng given on the LMS using Wireshark.
2. Why does there seem to be more than one Client Hello message?
3. How many Cipher Suite options does the client send the server? Which cipher suite does the server pick?
4. View the certificate details from the frames that carry the actual certificates. Which website was visited
while recording this Wireshark trace? Which organisation issued the certificate? What are the validity
(notBefore and notAfter) dates and times?
7 Bonus: Capturing TLS Traffic Using Wireshark
1. Close all applications that may be connecting to the Internet in the background.
2. Go to Capture -> Options in Wireshark.
3. Click on the interface that you are using to connect to the Internet.
4. Specify tcp port https as the capture filter. Disable promiscuous mode.
5. Start the capture.
6. Browse to a website that uses HTTPS.
7. Stop the capture (click red square button).
8. Find the IP address of the website by using nslookup
9. Apply a display filter by typing in ip.addr ==
Wireshark window
10. Answer the questions in Section 6 for the trace you just captured.
Introduction
ip and route
traceroute
Network Scanning
Bonus: TLS and Wireshark
Bonus: Capturing TLS Traffic Using Wireshark
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com