Laboratory work № 1

Diagnostic tools for the TCP/IP protocol suite

1. Preparation for laboratory work.

1.1. Read basic theoretical information from the protocols: IP, TCP, UDP, ICMP, ARP, their
purpose and headers.
1.2. Read manual and examples of using diagnostic tools.
1.2.1. ping
1.2.2. traceroute
1.2.3. nslookup
1.2.4. dig
1.2.5. netstat
1.3. See examples of using telnet and nc to work with text protocols.
1.4. See help and examples of using the tcpdump utility to intercept network traffic.

2. Tasks for laboratory work.

Create a virtual lab the diagram of which is shown in Figure 1.

VM1 VM2 Internet

VNIC1 VNIC2 VNet1 VNIC2 VNIC1

Virtual Switch

VNIC VNIC VNIC

Physical NIC
NAT1 Host-only NAT2

VirtalBox Host

Figure 1.

2.1. Install the VirtualBox virtualization software by downloading the distribution from
https://www.virtualbox.org/wiki/Downloads.
 2.1.1. Create a virtual network VNet1 ("Host-only Network") and disable the built-in DHCP
service.
2.1.2. Configure the virtual network interface of the host system according to the option.
2.1.3. If necessary, add a rule to the firewall of the host system, which allows any traffic from the
created virtual network.

2.2. Create a VM1 virtual machine with Debian operating system.

2.2.1. Install the Debian operating system by downloading the iso image from
https://www.debian.org/download.
2.2.2. If necessary, install the tcpdump and net-tools packages.
2.2.3. Add a second VNIC2 network adapter to the virtual machine, set the “Host-only Adapter”
connection type and connect it to the VNet1 virtual network.
2.2.4. Configure VNIC2 according to the option (static IP address must be set).

2.3. Create a VM2 virtual machine with Debian operating system.

2.3.1. Create a clone of the VM1 virtual machine.
2.3.2. Configure the second VNIC2 network interface according to the option (a static IP address
must be set).

2.4. On the VM2 virtual machine, perform the following steps.

2.4.1. Set an additional IP address on the VNIC2 interface according to the option.

2.5. On the VM1 virtual machine, perform the following steps.

2.5.1. Set an additional IP address on the VNIC2 interface according to the option.
2.5.2. Change the MTU value on the VNIC2 interface according to the option (Table 2).
2.5.3. Using the ping tool, check the availability of the host system and the VM2 virtual machine.
The number of packets must be equal to the option number, and the packet size must be twice the MTU
value.
2.5.4. Set the MTU value on the VNIC2 interface to 1500.
2.5.5. Print an ARP table.
2.5.6. Add the MAC address to the ARP table for the IP address of the host system according to
the option (Table 2).
2.5.7. Check the availability of the host system.
2.5.8. Delete the record created in 2.5.6 from the ARP table.
2.5.9. Check the availability of the host system.
2.5.10. Print the routing table.
2.5.11. Check the availability of the additional VNIC2 IP address of the VM2 virtual machine.
2.5.12. Add an entry to the routing table to the network to which the VNIC2 virtual machine
VM2 additional IP address belongs.
2.5.13. Check the availability of the additional VNIC2 IP address of the VM2 virtual machine.
2.5.14. Determine the IP address of the host comsys.kpi.ua.
2.5.15. Use the traceroute tool (ICMP protocol) to identify intermediate routers on the path to
host 8.8.8.8.
5.2.16 Use the netstat utility to display statistics of TCP, UDP, ICMP, IP protocols.
 5.2.17 According to the option (Table 3) configure the filter for the tcpdump utility to display the
required traffic on the screen. To test the filter, you must use the traffic generation tools for the
appropriate protocols.

3. Task options.

X - option number from 1 to 15.

Table 1.
Virtual network IP address 192.168.(100+X).0/24
Host system IP address 192.168.(100+X).1/24
Primary VNIC2 IP address of VM1 virtual machine 192.168.(100+X).10/24
Additional VNIC2 IP address of VM1 virtual machine 172.17.(100+X).10/24
Primary VNIC2 IP address of VM2 virtual machine 192.168.(100+X).20/24
Additional VNIC2 IP address of VM2 virtual machine 172.17.(200+X).20/24

Table 2.
Option MAC address MTU
1 00:11:22:33:44:55 1000
2 00:11:00:11:00:11 900
3 00:11:22:11:22:11 850
4 00:55:44:33:22:11 1100
5 00:11:11:11:22:22 750
6 00:66:77:88:99:AA 650
7 00:AA:99:88:77:66 1050
8 00:55:00:55:00:55 1200
9 00:99:11:99:11:99 950
10 00:33:44:55:66:77 800
11 00:88:77:66:55:44 1150
12 00:12:34:56:78:9A 600
13 00:A9:87:65:43:21 1250
14 00:01:10:01:10:01 700
15 00:01:23:44:32:10 950
 Table 3.

Option Incoming traffic Outgoing traffic

1 ICMP, TCP from 21 port from VNet1 UDP on port 53

2 Broadcast traffic, UDP from port 53 TCP to port 22 to VM2
3 ARP, UDP, from host VM2 ICMP, TCP to network VNet1
4 TCP from VNet1, ICMP echo reply ARP, UDP
5 TCP syn, UDP from VNet1 ICMP to network VNet1
6 TCP from port 22 from host VM2, ICMP TCP to port 22, TCP to port 80
7 UDP, from host VM2 ARP, ICMP to host VM2
8 TCP from port 80, ICMP from host VM2 TCP, UDP to host VM2
9 ICMP, TCP from port 25 from VNet1 ARP, ICMP to host VM2
10 ARP, UDP, from host VM2 ICMP to network VNet1
11 TCP, UDP from VNet1 ICMP, TCP to network VNet1
12 UDP, from host VM2 TCP to port 21, to host VM2
13 TCP from port 21 from host VM2, ICMP UDP to port 53
14 TCP from VNet1, ICMP echo reply ARP, UDP
15 Broadcast traffic, UDP from port 53 TCP to port 21, TCP to port 22

4. Questions.

4.1. How can to determine the port number used by the network service?
4.2. What does promiscuous network interface mode mean?
4.3. How does the traceroute utility determine the path of a packet?
4.4. What are the functions of the ping tool?
4.5. TCP/IP protocol suite levels and their functions.
4.6. For what purpose can the tcpdump utility be used?

5. References.

RFC768 https://tools.ietf.org/html/rfc768
RFC791 https://tools.ietf.org/html/rfc791
RFC792 https://tools.ietf.org/html/rfc792
RFC793 https://tools.ietf.org/html/rfc793
RFC826 https://tools.ietf.org/html/rfc826