INTERNATIONAL UNIVERSITY School of Computer Science and Engineering LAB 1: Introduction to VMWare and Wireshark Course !

ate Network Security Lecturer Pham Van Hau,PhD

!uratio 135 minutes n

Student name TRAN N&UYEN 'UYN( TRA"

Student I! "IT"#$#%#

The purpose of this La) is to introduce the *or+ing en,ironment- tool used to carr. out the LA/s of the Net*or+ and S.stem Securit. 0NSS1 course2 3e use ,irtual machines and *ireshar+ for all the la)s- getting familiar *ith them is a must2 1. Part1: VMWare Instruction on VMWare, VMWarenet Use the ,irtual machine 0)ased on U)untu1 to create the follo*ing simple net*or+

Machine 1 192.168.1.2 GW 192.168.1.1 Netmask 255.255.255.0

VMNet 5

Machine 2 192.168.1.3 GW 192.168.1.1 Netmask 255.255.255.0

You need to configure the I4 addresses for the ,irtual machines configure the net*or+ 0use V"Net$1 ma+e sure that machine 5 can ping machine % 2. Part 2: Wireshark 1. Route recording with command !ing" a# !ing command 4ing uses the IC"4 protocol6s mandator. EC(O RE'UEST datagram to elicit an IC"4 EC(O RES4ONSE from a host or gate*a.2 EC(O RE'UEST datagrams 077pings661 ha,e an I4 and IC"4 header- follo*ed ). a 77struct time,al66 and then an ar)itrar. num)er of 77pad66 ).tes used to fill out the pac+et2 On machine 5-

 turn on *ireshar+ ping machine % O)ser,e the traffic- tr. to ans*er the follo*ing 8uestions

$1# what are the %a&ues o' t(!e and code in )*+, R)$-)./ and )*+, R)PL0 !acket
Answer 3hen machine 5 059%25:;252%1 ping machine % 059%25:;252<12 "achine 5 create a EC(O RE'UEST pac+et and send to machine %- then machine % feed)ac+ a EC(O RE4LY to machine 52 )*+, R)$-)./ : T.pe is ;- code is #

)*+, R)PL0 : T.pe is #- code is #

$2# What are the meaning o' identi'ier and se1uence num2er in the I*MP !ackets
Answer Identifier and Se8uence Num)er is used to help match the EC(O RE'UEST *ith EC(O RE4LY

IMCP Header

2# Ping with 3R o!tion on machine 5- ping machine % *ith the =R option2

$4# What is the new in'ormation in the re1uest and re!&( !ackets that (ou o2ser%e5
Answer The ne* information in the re8uest and repl. pac+ets is record route option in I4 header New Information in ECHO REQUEST

New Information in ECHO

EP!"

$6# what is the 3R o!tion used 'or5

Answer 4ing uses the >R option to record the path of routers that the EC(O RE'UEST?RE4LY message used

$7# *harge 'i&e tme83!R!.dm!, draw the network diagram 2etween the source and the destination host.
Answer :

Opening tme:=pRp2dmp ). 3ireshar+- I get informations of net*or+

The net*or+ diagram )et*een the source and the destination host from these informations

$8# What is ma9imum &ength in terms o' num2er o' ho!s that !ing 3R" can record5

Answer : "a@imum length in terms of num)er of hps that Aping >RB can record is 9

'C1 Sho* ho* to use the option0s1 =f =s of ping command I t.pe Aman pingBin U)untu to sho* manual

!his is res"#t that I tested $ %ith address& 192.168.2.100' it d(es n(t re)#* +nd address& 192.168.1.3' it ha,e re)#*

With -s' I tested and "sed %ireshark t( sh(%

2. .tud( o' the traceroute too& (ere the )eginning of the description of the man UNID on the traceroute command

The Internet is a large and comple@ aggregation of net*or+ hard*are connected together ). gate*a.s2 Trac+ing the route of one6s pac+ets follo* 0or finding the miscreant gate*a. that6s discarding .our pac+ets1 can )e difficult2 Traceroute utiliEes the I4 protocol 7time to li,e6 field and attempts to elicit an IC"4 TI"E EDCEE!E! response from each gate*a. along the path to some host2 Charge the follo*ing file tme83tcr.dm!.g: ';1 3hat is the ,alue of TTL of the first pac+et sent ).

59F2%$F25:<25;%G '91 3hich host sends the Atime=to=li,e e@ceededB pac+etG Hor *hat reasonG '5#1 List all the ,alues of TTL of U!4 pac+ets sent ). 59F2%$F25:<25;%2 E@plain *hat .ou get '551List all the destination port num)ers of U!4 pac+ets sent ). 59F2%$F25:<25;%2 E@plain *hat .ou get '5%1 (o* does the command traceroute finishG '5<1 Open 3ireshar+ and charge the follo*ing files tme%=tel2dmp- tme<= pop2dmp- tmeF=ftp2dmp- tme%=rlo2dmp- and tme%=ssh2dmp2gE2 and *rite out the user name and pass*ord if possi)le2 '5F1 3ireshar+ pro,ide the filter to e@tract traffic2 3rite the appropriate filter to find the user name and pass*ord of protocols in '5<2