Difference between revisions of "NAD710 Lab 3 Answers"
Milton.paiva (talk | contribs) |
|||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
'''Questions:''' | '''Questions:''' | ||
+ | |||
+ | '''Answer the following questions based on the packet file "lab3-pkts" you created for this lab.''' | ||
'''1- Write a tcpdump command to display all the packets your system sent to matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.''' | '''1- Write a tcpdump command to display all the packets your system sent to matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.''' | ||
− | [root@localhost ~]# tcpdump | + | [root@localhost ~]# tcpdump -nn -e -r /tmp/lab3-pkts dst host 142.204.140.90 |
Output: | Output: | ||
Line 16: | Line 18: | ||
'''2- Write a tcpdump command to display all the packets sent to your system from matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.''' | '''2- Write a tcpdump command to display all the packets sent to your system from matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.''' | ||
− | [root@localhost ~]# tcpdump - | + | [root@localhost ~]# tcpdump -nn -e -r /tmp/lab3-pkts src host 142.204.140.90 |
Output: | Output: | ||
Line 87: | Line 89: | ||
'''9- Describe the steps you could use to find out all MAC addresses captured in the packet file. Include all the MAC addresses found in your answer.''' | '''9- Describe the steps you could use to find out all MAC addresses captured in the packet file. Include all the MAC addresses found in your answer.''' | ||
− | + | tcpdump -n -e -r lab3-pkts > lab3-pkts.txt | |
+ | export MAC_RE="[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]" | ||
+ | grep -io $MAC_RE lab3-pkts.txt | sort | uniq | ||
+ | |||
+ | Found only two MAC addresses. | ||
+ | |||
+ | 00:0e:0c:4b:31:5c | ||
+ | 00:16:76:69:74:5c | ||
Line 99: | Line 108: | ||
[[Category:NAD]] | [[Category:NAD]] | ||
+ | |||
+ | '''11-Write a tcpdump command to capture all your traffic on port 80 and then open the website google.ca make a search about “arcade” and then verify your captured data.''' | ||
+ | |||
+ | tcpdump -i eth1 tcp port 80 |
Latest revision as of 19:42, 24 September 2008
Questions:
Answer the following questions based on the packet file "lab3-pkts" you created for this lab.
1- Write a tcpdump command to display all the packets your system sent to matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.
[root@localhost ~]# tcpdump -nn -e -r /tmp/lab3-pkts dst host 142.204.140.90
Output: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 17:57:55.444652 00:16:76:1b:40:d2 (oui Unknown) > 00:0e:0c:4b:31:5c (oui Unknown), ethertype IPv4 (0x0800), length 114: 142.204.141.177.55212 >142.204.140.90.ssh: P 1362020055:1362020103(48) ack 2398231338 win 161 <nop,nop,timestamp 15530872 12456689> 17:57:55.445693 00:16:76:1b:40:d2 (oui Unknown) > 00:0e:0c:4b:31:5c (oui Unknown), ethertype IPv4 (0x0800), length 66: 142.204.141.177.55212 > 142.204.140.90.ssh: . ack 49 win 161 <nop,nop,timestamp 15530873 12471613> (...additional output removed...)
2- Write a tcpdump command to display all the packets sent to your system from matrix. Do not do any name resolution for any fields in the packet but do display the physical addresses contained in the packets.
[root@localhost ~]# tcpdump -nn -e -r /tmp/lab3-pkts src host 142.204.140.90
Output: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 17:58:56.585343 00:0e:0c:4b:31:5c (oui Unknown) > 00:16:76:1b:40:d2 (oui Unknown), ethertype IPv4 (0x0800), length 66: 142.204.140.90.ssh > 142.204.141.177.55212: . ack 1362020247 win 83 <nop,nop,timestamp 12486897 15592012> (...additional output removed...)
3- Write a tcpdump command to display all the ARP packets captured in the packet file. Include the output in your answer.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts arp
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 20:31:39.142311 arp who-has 142.204.141.188 tell 142.204.141.129 20:31:39.142336 arp reply 142.204.141.188 is-at 00:16:76:1b:40:d2 (oui Unknown) 20:32:34.928721 arp who-has 142.204.141.188 tell 142.204.141.129 20:32:34.928737 arp reply 142.204.141.188 is-at 00:16:76:1b:40:d2 (oui Unknown)
4- Write a tcpdump command to display all the ICMP "echo-request" packets in the packet file. Include the output in your answer.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts icmp
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 20:31:34.141754 IP 142.204.141.188 > 142.204.140.90: ICMP echo request, id 46859, seq 1, length 64 20:31:34.142754 IP 142.204.140.90 > 142.204.141.188: ICMP echo reply, id 46859, seq 1, length 64 20:31:35.141701 IP 142.204.141.188 > 142.204.140.90: ICMP echo request, id 46859, seq 2, length 64 20:31:35.142683 IP 142.204.140.90 > 142.204.141.188: ICMP echo reply, id 46859, seq 2, length 64
5- Write a pipe line command, using tcpdump as part of the pipe line, to display the total number of packets belonging to the TELNET session between your system and matrix.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts tcp port 23 | wc -l
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 198
6- Do the same for the SSH session.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts tcp port 22 | wc -l
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 76
7- Write a pipe line command, using tcpdump as part of the pipe line, to display the total number of TCP packets in the packet file.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts tcp | wc -l
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 314
8- Do the same for UDP packets.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts udp | wc -l
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 30
9- Describe the steps you could use to find out all MAC addresses captured in the packet file. Include all the MAC addresses found in your answer.
tcpdump -n -e -r lab3-pkts > lab3-pkts.txt export MAC_RE="[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]" grep -io $MAC_RE lab3-pkts.txt | sort | uniq
Found only two MAC addresses.
00:0e:0c:4b:31:5c 00:16:76:69:74:5c
10- Describe the steps you could use to find out the total number of bytes your system received from matrix.
[root@localhost ~]# tcpdump -r /tmp/lab3-pkts src 142.204.140.90 | wc -c
Output: reading from file /tmp/lab3-pkts, link-type EN10MB (Ethernet) 14639
11-Write a tcpdump command to capture all your traffic on port 80 and then open the website google.ca make a search about “arcade” and then verify your captured data.
tcpdump -i eth1 tcp port 80