L A B  1

Purpose:

• Learn to set up a LAN with 3 hosts and a hub
• Use Linux OS
• Sniff packets while the others (computers on the LAN) are running Ping

2/14/2001 (12pm to 3pm) Lab Notes:

• Bill, Mike and I accompanied a tutor to the lab today where we fund out that the lab's computers were so screwed up that they wouldn t work. The computers were fitted with new network cards and we finish our lab.
  1. Computers were configured and set up on hub upon reboot so there was no need for any configuring. One tip that I did learn was the command Service Network Restart (instead of rebooting)
  2. Started the computers pinging each other.
  3. Typed tcpdump -i eth0 - p.
  4. Here is the output:

15:01:23.767614 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:23.767789 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:23.904881 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:23.905042 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:24.767602 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:24.767765 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:24.904858 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:24.904973 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:25.767603 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:25.767759 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:25.904869 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:25.904969 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:26.767628 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:26.767775 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:26.904873 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:26.904967 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:27.767618 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:27.767778 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:27.897525 P arp who-has 192.168.0.2 tell 192.168.0.1
15:01:27.897636 P arp reply 192.168.0.2 is-at 0:c0:4f:a8:fe:22 (0:c0:4f:a8:fe:1e)
15:01:27.904922 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:27.905020 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:27.905048 P 192.168.0.2.1025 > 192.168.0.1.domain: 50037+ PTR? 3.0.168.192.in-addr.arpa. (42)
15:01:27.905332 P 192.168.0.1 > 192.168.0.2: icmp: 192.168.0.1 udp port domain unreachable [tos 0xc0] 
15:01:27.905576 P 192.168.0.2.1025 > 192.168.0.1.domain: 50037+ PTR? 3.0.168.192.in-addr.arpa. (42)
15:01:27.905740 P 192.168.0.1 > 192.168.0.2: icmp: 192.168.0.1 udp port domain unreachable [tos 0xc0] 
15:01:27.905993 P 192.168.0.2.1025 > 192.168.0.1.domain: 50037+ PTR? 3.0.168.192.in-addr.arpa. (42)
15:01:27.906156 P 192.168.0.1 > 192.168.0.2: icmp: 192.168.0.1 udp port domain unreachable [tos 0xc0] 
15:01:27.907429 P 192.168.0.2.1025 > 192.168.0.1.domain: 50038+ PTR? 3.0.168.192.in-addr.arpa. (42)
15:01:27.907611 P 192.168.0.1 > 192.168.0.2: icmp: 192.168.0.1 udp port domain unreachable [tos 0xc0] 
15:01:27.907893 P 192.168.0.2.1025 > 192.168.0.1.domain: 50038+ PTR? 3.0.168.192.in-addr.arpa. (42)
15:01:27.908056 P 192.168.0.1 > 192.168.0.2: icmp: 192.168.0.1 udp port domain unreachable [tos 0xc0] 
15:01:27.908315 P 192.168.0.2.1025 > 192.168.0.1.domain: 50038+ PTR? 3.0.168.192.in-addr.arpa. (42)
15:01:28.767646 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:28.767846 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:28.904912 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:28.905016 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:29.767633 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:29.767814 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:29.904916 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:29.905017 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:30.767651 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:30.767814 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:30.904923 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:30.905036 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:31.767650 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:31.767865 B arp who-has 192.168.3.1 tell 192.168.0.1
15:01:31.768000 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:31.904938 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:31.905122 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:32.767570 B arp who-has 192.168.3.1 tell 192.168.0.1
15:01:32.767701 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:32.767861 P 192.168.0.2 > 192.168.0.1: icmp: echo reply
15:01:32.904941 < 192.168.0.2 > 192.168.0.3: icmp: echo request
15:01:32.905039 > 192.168.0.3 > 192.168.0.2: icmp: echo reply
15:01:33.767593 B arp who-has 192.168.3.1 tell 192.168.0.1
15:01:33.767727 P 192.168.0.1 > 192.168.0.2: icmp: echo request
15:01:33.767890 P 192.168.0.2 > 192.168.0.1: icmp: echo reply

^ T O P  ^

2/12/2001 (12pm to 5pm) Lab Notes:

• After hours and hours on the net I taught myself this much and have been successful in getting the three computers to ping one another. Here is how I did it:
  1. connect ethernet cables from three computers to the hub.
  2. on computer 1 type ifconfig eth0 192.168.0.0 netmask up
  3. on computer 2 type ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up
  4. on computer 3 type ifconfig eth0 192.168.0.2 netmask 255.255.255.0 up
     1. Network class c netmask is 255.255.255.0 and the address's range from
        192.168.0.0 to 192.68.255.255
     2. eth0 is your installed ethernet card ( can be eth0 or eth1 etc.)
     3. 'up' to turn on the interface or 'down' to shut it down
  5. (I did this but may not be necessary) edit /etc/sysconfig/network to have the
     line NETWORKING=yes
  6. (I also did this but may not be necessary) Start the server
     /etc/rc.d/init.r/name start "I don't know I cant read my notes"
  7. If there is a localhost loop back thingy going make sure it has the appropriate address.
  8. ping should work
  9. tcpdump is supposed to sniff the network but this is where I hit the wall and
     quit after 3 hours of pulling my hair out.