Open main menu

CDOT Wiki β

Changes

SRT210 Lab 5

1,774 bytes added, 23:23, 5 March 2019
DHCP Clients
* Check the logs (/var/log/messages) on your DHCP server. You should see the expected four steps of the communication (discover, offer, request, and ack).
* Notice also that the communication is made of broadcast messages targeted using the MAC address of the DHCP server and DHCP client, since for an obvious reason they cannot communicate using IP addresses.
 
= PART 3: PACKET CAPTURE =
 
We'll do some packet capturing to better help you understand routing and how it applies to security topics. To do this we'll use the tcpdump command to capture traffic, and Wireshark to view it.
 
== Wireshark ==
 
* Wireshark can do many things, we'll just use it as a GUI to display the traffic we captured. Since we only have one machine with a graphical interface (c7host) - install it in there. The package is called wireshark-gnome.
* You can run it now, but we won't use it until we have something to display, in the next section.
 
== DHCP traffic ==
 
* You should already have a DHCP server and client on the asg1 network. Install tcpdump on the server, and run it like this:<source>
tcpdump -i eth0
</source>
* The tool will print a bit of information about the traffic that it sees (not all the details, but enough for now).
* Leave this window visible and switch to the alice VM. Bring its network interface down and back up. Since it's configured to be a DHCP client - this will result in a DHCP request.
* Back in the DHCP server window you should have noticed some extra output when you did the step above. You can kill it now with Ctrl+c and look at that output. You should notice at least a couple of BOOTP/DHCP lines related to what you just did.
* Now rerun tcpdump, but this time save the traffic in a Wireshark-compatible format:<source>
tcpdump -i eth0 -w dhcpserver.pcap
</source>
* Bring your interface down and back up in the alice VM, and kill tcpdump.
* The dhcpserver.pcap file will not be human-readable, it's intended to be viewed with Wireshark. So copy the file to c7host using the scp command.
* Open dhcpserver.pcap in Wireshark, and browse through the DHCP packets, looking specifically for MAC and IP addresses.
= Lab completion =