However, when a more in-depth analysis is required this displayed information is useful for examining the binary values and content of PDUs. This file can then be opened in Wireshark for analysis some time in the future without the need to re-capture the same data traffic again. The information displayed when a capture file is opened is the same as the original capture. When closing a data capture screen or exiting Wireshark you are prompted to save the captured PDUs. Clicking on Continue without Saving closes the file or exits Wireshark without saving the displayed captured data.
Task 1: Ping PDU Capture Step 1: After ensuring that the standard lab topology and configuration is correct, launch Wireshark on a computer in a lab pod. Set the Capture Options as described above in the overview and start the capture process. From the command line of the computer, ping the IP address of another network connected and powered on end device on in the lab topology.
In this case, ping the Eagle Server at using the command ping After receiving the successful replies to the ping in the command line window, stop the packet capture. Step 2: Examine the Packet List pane. The Packet List pane on Wireshark should now look something like this: Look at the packets listed above; we are interested in packet numbers 6, 7, 8, 9, 11, 12, 14 and Locate the equivalent packets on the packet list on your computer. From the Wireshark Packet List answer the following: What protocol is used by ping?
Spend some time scrolling through this information. At this stage of the course, you may not fully understand the information displayed but make a note of the information you do recognize. Locate the two different types of 'Source" and "Destination". Why are there two types? This shows the particular binary values that represent that information in the PDU.
At this stage of the course, it is not necessary to understand this information in detail. Step 4: Go to the File menu and select Close. Click on Continue without Saving when this message box appears. Assuming Wireshark is still running from the previous steps, start packet capture by clicking on the Start option on the Capture menu of Wireshark. At the command line on your computer running Wireshark, enter ftp This will start downloading the file from the ftp server.
User eagle-server. Consider using PASV. Locate and note those PDUs associated with the file download. Identify the three groups of PDUs associated with the file transfer. If you performed the step above, match the packets with the messages and prompts in the FTP command line window.
The first group is associated with the "connection" phase and logging into the server. List examples of messages exchanged in this phase.
List examples of messages exchanged during this process. What feature of TCP does this indicate? Select highlight a packet on the list associated with the first phase of the FTP process.
View the packet details in the Details pane. What are the protocols encapsulated in the frame? Examine the highlighted portion in the Packet Byte pane. What does this say about the security of this FTP login process? From any pane, locate the packet containing the file name. Highlight and examine, in the Details and Byte panes, some packets exchanged in the third phase of the file download. What features distinguish the content of these packets? Note: Capture Options do not have to be set if continuing from previous steps of this lab.
Launch a web browser on the computer that is running Wireshark. When the webpage has fully downloaded, stop the Wireshark packet capture. This shows the HTML data carried by the packet. When finished close the Wireshark file and continue without saving Task 4: Reflection Consider the encapsulation information pertaining to captured network data Wireshark can provide. It is important that you can recognize and link both the protocols represented and the protocol layer and encapsulation types of the models with the information provided by Wireshark.
Task 5: Challenge Discuss how you could use a protocol analyzer such as Wireshark to: 1 Troubleshoot the failure of a webpage to download successfully to a browser on a computer. The data can be stored on the end device where it was created, or it can be transferred for storage on another device.
In this activity, you will use a microphone and Microsoft Sound Recorder to capture an audio stream. Scenario This activity is to be performed on a computer that has a microphone and Microsoft Sound Recorder or Internet access so that an audio file can be downloaded.
The Sound Recorder interface is shown in Figure 1. To begin recording, click the Record button on the Sound Recorder interface. Speak into the microphone, or create sounds that can be picked up by the microphone. As the audio is recorded, the waveform of the sound should appear on the Sound Recorder interface, as shown in Figure 2.
Recording in Progress 3. Click the Stop button when you are finished. Step 3: Check the audio file that was recorded. Press the Play button to listen to the recording. The recording that you have made should be played back, as shown in Figure 3. Figure 3. Playback If you are unable to hear the recording, check the configuration of the microphone, speakers, and volume settings, and attempt to create the recording again. Save the audio file to the desktop and proceed to Task 2.
Step 4: Save the audio file. Save the audio file that you have created to the desktop. Name the file myaudio. After the file is saved, close the Sound Recorder application. Right-click the audio file that you saved to the desktop and click Properties from the popup menu. What is the file size in kilobytes? What is the length of the audio file in seconds? For example, you may want to copy the audio file that you created to another computer or a portable audio device.
If the audio file that you saved to the desktop were to be transferred at a rate of megabits per second Mbps , how long would it take for the file transfer to be completed? All Ethernet frames contain other information, such as source and destination addresses, that is necessary for the delivery of the frame.
If so, delete the file from the desktop. Web browsers are used by consumers to access business web sites.
However, web browsers are only half of the communication channel. The other half of the communication channel is web server support. Web server support is a valuable skill for network administrators. A web browser will be used to connect to the server, and Wireshark will be used to capture the communication. Analysis of the capture will help you understand how the HTTP protocol operates. The lab should be configured as shown in the Topology Diagram and logical address table.
If it is not, ask the instructor for assistance before proceeding. Step 1: Download the software from Eagle Server. The Apache web server application is available for download from Eagle Server. See Figure 1. Right-click the file and save the software on the pod host computer. Open the folder where the software was saved, and double-click the Apache file to begin installation.
Choose default values and consent to the licensing agreement. The next installation step requires customized configuration of the web server, shown in Figure 2. Accept the recommended port and service status. Click Next. Accept the default typical installation, and click Next. What is the default installation folder?
Accept the default installation folder, click Next, and then Install. When the installation has finished, close the screen. This will permit connections to the web server. Step 3: Verify the web server. The netstat command will display protocol statistics and connection information for this lab computer.
Type cmd, and then click OK. Using the command netstat —a, verify that the web server is operating properly on the pod host computer.
The Apache web server monitor icon should be visible on the lower right side of the screen, close to the time. Open a web browser, and connect to the URL of your computer. A web page similar to Figure 4 will be displayed if the web server is working properly. Web Server Default Page The Test the web server on several different IP addresses from the Step 1: Access the httpd.
A system administrator may find the need to verify or modify the default configuration file. See Figure 5. Figure 5. Numerous configuration parameters allow the Apache web server to be fully customizable. Scroll down the configuration file, and verify the following settings: Value Meaning Listen Listen 80 To accept connections from only this host, change the line to Listen ServerAdmin ccna2 example. ServerName Step 3: Modify the web server default page.
Figure 4 shows the default web page from file index. Although this page is sufficient for testing, something more personal should be displayed. The file index. Right-click the file, and choose Open With.
From the pull-down list, choose notepad. Save the file, and refresh the web browser. The new default page should be displayed. As changes to index. Wireshark will not capture packets sent from or to the The interface will not display. Start Wireshark, and set the capture interface to the interface bound to the Open a web browser, and connect to another computer with an active web server.
Why does index. Deliberately enter a web page that is not on the web server, as shown in Figure 6. Note that an error message is displayed in the web browser. File index. Instead, the server sent a error. Figure 7. Highlight the capture line with the error, and move into the second middle Wireshark window. Expand the line-based text-data record. What are the contents? Verify with the netstat command that the new web server TCP port is Task 5: Reflection Web servers are an important component of e-commerce.
Depending on the organization, the network or web administrator has the responsibility of maintaining the corporate web server. This lab demonstrated how to install and configure the Apache web server, test for proper operation, and identify several key configuration parameters.
The student modified the default web page index. The web server responded with an HTTP 1. Task 6: Clean Up During this lab the Apache web server was installed on the pod host computer. It should be uninstalled. Click Apache Web Server, and then click Remove. Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.
Most Internet service providers ISPs provide step-by-step instructions for using e-mail services; consequently, the typical user may be unaware of the complexities of e-mail or the protocols used.
SMTP is used to send e-mail messages from the external e-mail client to the e-mail server, deliver e-mail to local accounts, and relay e-mail between SMTP servers. Earlier versions of both protocols should not be used. E-mail is subject to multiple computer security vulnerabilities. Spam attacks flood networks with useless, unsolicited e-mail, consuming bandwidth and network resources.
E-mail servers have had numerous vulnerabilities, which left the computer open to compromise. Scenario In this lab, you will configure and use an e-mail client application to connect to eagle-server network services.
You will monitor the communication with Wireshark and analyze the captured packets. An e-mail client such as Outlook Express or Mozilla Thunderbird will be used to connect to the eagle- server network service. Eagle-server has SMTP mail services preconfigured, with user accounts capable of sending and receiving external e-mail messages. Step 1: Download and install Mozilla Thunderbird.
If Thunderbird is not installed on the pod host computer, it can be downloaded from eagle- server. FTP Download for Wireshark 1. Double click the Thunderbird filename, and then select Save to save the file to the host pod computer. Note: Depending on the connection speed of the link between the two routers and the number of students downloading the file, this download may be slow.
When the file has downloaded, double-click the filename, accept the software license, and install Thunderbird with the default settings. When installation is complete, start Thunderbird. Step 2: Configure Thunderbird to receive and send e-mail messages. When Thunderbird starts, e-mail account settings must be configured. As prompted, fill in the Account information as follows: Field Value Account Name The account name is based on the pod and host computer.
There are a total of 22 accounts configured on Eagle Server, labeled ccna[ If this pod host is on Pod1, Host A, then the account name is ccna1. If the pod host is on Pod 3, Host B, then the account name is ccna6. And so on. Your Name Use the same name as above. When Thunderbird starts, you may be prompted for a password for your email account.
Then from the Outgoing server screen, select Edit. See figure 2. See Figure 4. In the left pane of the Account Settings screen, click Server Settings. A screen similar to the one shown in Figure 5 will displayed. Step 1: Send an e-mail. Ask another student in the class for his or her e-mail name. Using this name, each of you should compose and send an e-mail message to each other.
When the emails have been sent, check your email. In order to check your email, you must be logged in. If you have not previously logged in, enter cisco as the password. Please note that this is the default password which is embedded within the Eagle server.
Step 2: Start Wireshark captures. When you are certain that the e-mail operation is working properly for both sending and receiving, start a Wireshark capture. Wireshark will display captures based on packet type. Using the e-mail client, again send and receive e-mail to a classmate.
This time, however, the e- mail transactions will be captured. After sending and receiving one e-mail message, stop the Wireshark capture. SMTP Capture 3. In Figure 6, this is line number 7. There are many different types of SMTP servers.
Malicious attackers can gain valuable knowledge simply by learning the SMTP server type and version. The e-mail server must respond to the command. Look up the SMTP server name and version for known weaknesses or compromises. Are there any newer versions available? E- mail can also experience configuration issues.
Is the problem with the e-mail client or e-mail server? QUIT Closing connection. Good bye. Connection to host lost.
Scroll to and click Thunderbird, and then click Remove. Passing optional parameters with the command will change output information. Task 1: Explain common netstat command parameters and outputs. Open a terminal window by clicking on Start Run.
Type cmd, and press OK. Display addresses and port numbers in numerical form. Redisplay statistics every five seconds. Redisplay all connections and listening ports every 30 seconds. Display only open connections. This is a tricky problem. During the life of a TCP connection, the connection passes through a series of states.
This is the normal state for the data transfer phase of the connection. This is a normal condition, and will normally last between 30 - seconds. The connection should transition quickly through this state. Remote The address of the remote device that has a connection with this computer. Step 1: Use netstat to view existing connections.
Addresses and protocols that can be translated into names are displayed. The —n option forces netstat to display output in raw format. Compare outputs, noting how well-known port numbers are changed to names. If there are fewer than three connections that translate, note that in your table.
A new network engineer suspects that his host computer has been compromised by an outside attack against ports and How would you respond? In this task, several simultaneous connections will be made with Eagle Server. The venerable telnet command will be used to access Eagle Server network services, thus providing several protocols to examine with netstat.
Open an additional four terminal windows. Arrange the windows so that all are visible. Several network services on Eagle Server will respond to a telnet connection.
In the first telnet terminal window, telnet to Eagle Server on port In the second terminal window, telnet on port In the third terminal window, telnet on port In the fourth terminal window, telnet on port Output should look similar to the following.
If typing is slow, a connection may close before all connections have been made. Eventually, connections should terminate from inactivity. The netstat utility displays incoming and outgoing network connections TCP and UDP , host computer routing table information, and interface statistics. Task 4: Challenge. Close Established sessions abruptly close the terminal window , and issue the netstat —an command.
Task 5: Cleanup. Both protocols support upper-layer protocol communication. The ability to understand the parts of the TCP and UDP headers and operation are a critical skill for network engineers. Windows command line utilities ftp and tftp will be used to connect to Eagle Server and download files. Step 1: Capture a FTP session. When finished, the session capture will be analyzed.
Open a command line window by clicking on Start Run, type cmd, then press OK. Command line window. A window similar to Figure 1 should open. Start a Wireshark capture on the interface that has IP address FTP capture. Switch to the Wireshark capture windows. The top window contains summary information for each captured record. Student capture should be similar to the capture shown in Figure 2. Before delving into TCP packet details, an explanation of the summary information is needed. TCP is routinely used during a session to control datagram delivery, verify datagram arrival, and manage window size.
At the conclusion of the data transfer, the TCP session is closed. Wireshark capture of a TCP datagram. In Wireshark, detailed TCP information is available in the middle window. Highlight the first TCP datagram from the host computer, and move the mouse pointer to the middle window. It may be necessary to adjust the middle window and expand the TCP record by clicking on the protocol expand box.
The expanded TCP datagram should look similar to Figure 3. TCP packet fields. Refer to Figure 4, a TCP datagram diagram. The value is normally a random value above Instead, a new TCP connection is started in half-open fashion. With sufficient TCP sessions in the half-open state, the receiving computer may exhaust resources and crash.
A crash could involve a loss of networking services, or corrupt the operating system. In either case the attacker has won, networking service has been stopped on the receiver. This is one example of a denial-of-service DoS attack. TCP session management. The FTP client and server communicate between each other, unaware and uncaring that TCP has control and management over the session. This sequence is shown in Figure 5, and is visible in the Wireshark capture.
Orderly TCP session termination. This sequence is shown in Figure 6, and visible in the Wireshark capture. Without an orderly termination, such as when the connection is broken, the TCP sessions will wait a certain period of time until closing. The default timeout value varies, but is normally 5 minutes. Following the procedure in Task 1 above, open a command line window. For example, there is no authentication. Also, there are only two commands, get, to retrieve a file, and put, to send a file.
In binary image mode the file is moved literally, byte by byte. Use this mode when transferring binary files.
GET Transfers the file destination on the remote host to the file source on the local host. PUT Transfers the file source on the local host to the file destination on the remote host. Table 1.
No authentication is supported. Summary capture of a UDP session. Student capture should be similar to the capture shown in Figure 7. Wireshark capture of a UDP datagram. In Wireshark, detailed UDP information is available in the middle window.
Highlight the first UDP datagram from the host computer, and move the mouse pointer to the middle window. It may be necessary to adjust the middle window and expand the UDP record by clicking on the protocol expand box.
The expanded UDP datagram should look similar to Figure 8. Figure 9. UDP format. Refer to Figure 9, a UDP datagram diagram. Header information is sparse, compared to the TCP datagram. There are similarities, however. The checksum value is a hexadecimal base 16 value, denoted by the preceding 0x code: Source IP Address: Task 5: Reflection.
TCP manages communication much differently from UDP, but reliability and guaranteed delivery requires additional control over the communication channel. UDP has less overhead and control, and the upper-layer protocol must provide some type of acknowledgement control. Both protocols, however, transport data between clients and servers using Application Layer protocols and are appropriate for the upper-layer protocol each supports. Task 6: Challenge. This includes any user ids, passwords, or clear text file contents.
Analyzing the upper-layer FTP session will quickly identify the user id, password, and configuration file passwords. Upper-layer TFTP data examination is a bit more complicated, but the data field can be examined and configuration user id and password information extracted.
Task 7: Cleanup During this lab several files were transferred to the host computer, and should be removed. However, different applications have different requirements for their data, and therefore different Transport protocols have been developed to meet these requirements. Application layer protocols define the communication between network services, such as a web server and client, and an FTP server and client. Clients initiate communication to the appropriate server, and the server responds to the client.
For each network service there is a different server listening on a different port for client connections. There may be several servers on the same end device. A user may open several client applications to the same server, yet each client communicates exclusively with a session established between the client and server.
Also examined are popular client requests and corresponding server responses. Scenario In this lab, you will use client applications to connect to eagle-server network services.
A web browser such as Internet Explorer or Firefox will be used to connect to the eagle-server network service. Eagle-server has several network services preconfigured, such as HTTP, waiting to respond to client requests. This exercise will demonstrate that although clients may differ the underlying communication to the server remains the same. FTP Download for Wireshark If Wireshark is not installed on the pod host computer, it can be downloaded from eagle- server.
Right-click the wireshark filename, then save the file to the host pod computer. When the file has downloaded, double-click the filename and install Wireshark with the default settings.
Step 2: Start Wireshark and configure the Capture Interface. When the opening screen appears, set the correct Capture Interface. The interface with the IP address of the pod host computer is the correct interface.
Thereafter, the interface is used as the default and does not need to be changed. Wireshark should begin to log data. Stop Wireshark for the moment. Wireshark will be used in upcoming tasks. HTTP version 1. This part of the lab will demonstrate how sessions between multiple web clients and the web server are kept separate.
Step 1: Start Wireshark captures. Packet Tracer has two file formats it can create:. When you create your own networks in Packet Tracer, or modify existing files from your instructor or your peers, you will often use the. When you launched this activity from the curriculum, these instructions appeared. They are the result of the. At the bottom of these instructions are two buttons: Check Results which gives you feedback on how much of the activity you have completed and Reset Activity which starts the activity over, if you want to clear your work or gain more practice.
Task 1: Explore the PT Interface. Step 1: Examine the Logical Workplace. When Packet Tracer starts it presents a logical view of the network in real-time mode. The main part of the PT interface is the Logical Workplace. This is the large area where devices are placed and connected. Step 2: Symbols Navigation. The lower left portion of the PT interface, below the yellow bar, is the portion of the interface that you use to select and place devices into the logical workplace.
The first box in the lower left contains symbols that represent groups of devices. As you move the mouse pointer over these symbols the name of the group appears in the text box in the center. When you click on one of these symbols the specific devices in the group appear in the box to the right. As you point to the specific devices, a description of the device appears in the text box below the specific devices.
Click on each of the groups and study the various devices that are available and their symbols. Click on the connections group symbol. The specific connection symbols provide different cable types that can be used to connect devices.
The first specific type, the gold lightning bolt, will automatically select the connection type based on the interfaces available on the devices. When you click on this symbol the pointer resembles a cable connector. To connect two devices click the auto connection symbol, click the first device, and then click the second device. Step 2: Examine device configuration with a mouse over. Move your mouse over the devices found in the logical workplace. As you move the mouse pointer over these symbols the device configurations appears in a text box.
Step 3: Examine device configuration. Left mouse click on each device type found in the logical workplace to view the device configuration. New modules can also be added using this tab. These tabs are Physical and Config. These tabs are Physical, Config, and Desktop.
A terminal emulator, the command prompt and a simulated web browser can also be accessed using the Desktop tab. Step 1: Overview of the devices. The standard lab setup will consist of two routers, one switch, one server, and two PCs. Each of these devices will be pre-configured with such information as device names, IP addresses, gateways, and connections. In this activity you will continue learning how to build and analyze this standard lab topology.
If you have not done so already, you are encouraged to examine the Help files available from the Help Pull-down menu at the top of the Packet Tracer GUI.
Resources include an "My First PT Lab" to help you learn the basic operation of Packet Tracer, tutorials to guide you through various tasks, and information on the strengths and limitations of using Packet Tracer to model networks.
Task 1: Complete the Topology. Add a PC to the workspace. Configure it the following parameters: IP Address Note that this packet will appear in the event list as something that was "detected" or "sniffed" on the network, and in the lower right as a user created PDU that can be manipulated for testing purposes. Switch to simulation mode. Click on the packet envelope, or on the colored square in the Info column of the Event List, to examine the packet at each step in its journey.
Each of these devices are pre-configured. Try creating different combinations of test packets and analyzing their journey through the network. At the end of each chapter, you will build increasingly larger parts of this topology in Packet Tracer. Task 1: "Repair" and Test the Topology. Add a PC with a display name of 1B to the topology. Configure it with the following settings: IP Address Turn on web services on the server by enabling HTTP. Verify your work using feedback from the Check Results button and the Assessment Items tab.
The first time you issue this one-shot ping message, it will show as Failed--this is because of the ARP process which will be explained later. This time it will be successful. In Packet Tracer, the term "scenario" means a specific configuration of one or more test packets. You can create different test packet scenarios by using the New button--for example Scenario 0 might have one test packet from PC 1B to Eagle Server; Scenario 1 might have test packets between PC 1A and the routers; and so on.
You can remove all test packets in a particular scenario by using the Delete button. For example, if you use the Delete button for Scenario 0 the test packet you just created between PC 1B and Eagle Server will be removed--please do this prior to the next task. Switch from Realtime to Simulation mode. Open a web browser from the desktop of PC 1B. Type in eagle-server. While the processing of the packets by the switch and the routers may not make sense to you yet, you should be able to see how DNS and HTTP work together.
Reflection Can you now explain the process that occurs when you type a URL into a browser and a web page returns? What types of client-server interactions are involved?
Background Throughout the course you will be using a standard lab setup created from actual PCs, servers, routers, and switches to learn networking concepts. At the end of each chapter, you will build increasingly larger parts of this topology in Packet Tracer, and analyze increasingly more complex protocol interactions.
Task 1: Repair and Test the Topology. The server has been replaced. It must be powered on. Then configure it with the following settings: IP Address PC 1A has lost its IP address information. April 18, at PM. Thanks very useful file. Thanks for your sharing. April 17, at PM. November 23, at AM. Really Thank you man!
September 7, at AM. Its nice. Edited by Admin February 16, at PM. Not bad Ciro Gustavo Mele. View More. Follow Following Unfollow. Number of Views 3. More locations.
0コメント