NAD710 Lab 2
Contents
NAD710 - Introduction to Networks - Using Linux
Reference Material
Objectives
- Use the ifconfig and/or ip command(s) to display/assign IP paramenters to a network device
- Use the ifconfig command to disable/enable ARP on a network interface
- Use the arp command to display the system ARP cache
- Use the arp command to add manual entries to the system ARP cache
- Use the tcpdump command to capture and display network packets
Background Information
On a TCP/IP Ethernet network, every application data packet contains 3 pairs of numbers: source and destination physical addresses (or MAC addresses ), source and destination IP addresses, and source and destination ports. The first two pairs of numbers are the main focuse of this lab.
Software Requirements
Linux Distributions:
- Fedora Core 8/9
RPM Packages:
- ethtool
- iproute
- net-tools
- tcpdump
Hardware requirements
Two Linux Machines on a Ethernet LAN
Lab with the proper hardware and software: T2107 in TEL building.
Please check the following if you are doing this lab in T2107
DHCP Client Issue
If you boot to FC8, by default, the system contacts the DHCP server in the Lab and config its ethernet adpator with the assigned TCP/IP parameters. The DHCP client running on FC8 will renew its TCP/IP lease from the server every few minutes. Since we want to change the IP address of the network interface, we must first stop the DHCP client on the machine.
Stopping DHCP Client
- First, use the su command to get super-user privileges. Use your login password when prompted:
[joker@localhost ~]$ su - Password: [root@host-a ~]#
- The name of the DHCP Client on FC8 is called "dhclient". Use the following to find out the process ID of the running dhclient on the system:
[root@host-a ~]# ps -ef | grep dhclient |grep -v grep root 2030 1 0 15:23 ? 00:00:00 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient-eth2.leases -pf /var/run/dhclient-eth2.pid eth2
- If the command produces nothing, DHCP client is not running on your system. The number in red (I highlighted it here, the actual output shows no color) is the process number of the DHCP client process. You can use the following "kill" command to try to terminate it:
[root@host-a ~]# kill -15 2030
- Type the following command again to see whether the DHCP client is still running or not:
[root@host-a ~]# ps -ef | grep dhclient |grep -v grep
- If the dhclient still shows up, try the following:
[root@host-a ~]# kill -9 2030
Procedure
You need two Linux systems connected to a LAN. Make sure that each system has only ONE network interface card. Label one system as Host-A and the other system as Host-B.
- Boot up both system to Fedora Core 8 (or FC9 if you are doing this lab in some other places).
- Login to Host-A and Host-B under a regular user account. Don't login as "root".
- On Host-A, open up two terminal windows, set the title on one terminal windows to "T" and the other to "C". "T" for tcpdump window and "C" for command window.
- Do the same on Host-B as on Host-A.
- Switch to user "root" on all four terminal windows.
- Use the command "ifconfig -a" to find out the name (ethxx), IP address, broadcast address, netmask and the MAC address of the network device on Host-A and Host-B. Keep this information for later use.
- Use the command "ip addr" on Host-A and Host-B and keep the output for later use.
- Use the "ping" command to check the network connection between Host-A and Host-B. Ask for help if Host-A can not talk to Host-B.
[root@host-b ~]# ping -c 2 [IP address of Host-A]
Changing IP address on network interface using the ifconfig command
- Commands in the following steps may contain the variable x. If you are doing this lab using your own LAN, you can pick any value between 1 and 254 for x. If you are working in the LUX lab, make sure you are not using the same x value as any other students in the Lab.
- On terminal window "C" on Host-A, set the IP address for the network device to 172.16.x.1, netmask to 255.255.255.0, and set the broadcast address to the appropriate value. For example:
ifconfig ethxx 172.16.x.1 netmask 255.255.255.0 broadcast 172.16.x.255
- On terminal window "C" on Host-B, set the IP address for the network device to 172.16.x.2, netmask to 255.255.255.0, and set the broadcast address to the appropriate value. For example:
ifconfig ethxx 172.16.x.2 netmask 255.255.255.0 broadcast 172.16.x.255
- Use the "ifconfig" or "ip addr" on Host-A and Host-B to verify the newly assigned addresses. Make changes if necessary. Ask for help if you have any troubles.
- Use the "ping" command to verify the network connection between Host-A and Host-B for the new addresses. Go on to the next step only after a positive result.
List MAC addresses stored in the ARP cache
- On terminal window "C" on Host-A, enter the following commands and keep the outputs for later use:
arp -n ifconfig ethxx down arp -n ifconfig ethxx up arp -n
- Do the same on Host-B.
Capturing network packets
- On terminal window "T" on Host-A, enter the following command and keep the output for later use:
tcpdump -n arp host 172.16.x.1
- On terminal window "T" on Host-B, enter the following command and keep the output for later use:
tcpdump -n arp host 172.16.x.2
- On terminal window "C" on Host-A, enter the following "ping" command and watch the outputs on terminal "T" on Host-A and Host-B.
[root@host-a ~]# ping -c 4 [ip of host-b]
- Do the same on Host-B.
[root@host-b ~]# ping -c 4 [ip of host-a]
- On terminal window "C" on Host-A, enter the command "arp -n", record the MAC address of Host-B and label it as MAC-B.
- On terminal window "C" on Host-B, enter the command "arp -n", record the MAC address of Host-A and label it as MAC-A.
Turn off ARP on network interface
- On terminal window "C" on Host-B only, enter the following commands and compare the outputs of the first and last "ifconfig" command and spot the difference(s).
ifconfig ethxx ifconfig ethxx down ifconfig ethxx -arp ifconfig ethxx up ifconfig ethxx
- On terminal window "T" on Host-B, terminate the "tcpdump" and retype the last tcpdump command.
- On terminal window "C" on Host-A, send two ping packets to Host-B and watch the outputs to Host-A and Host-B's terminal window "T"s. Record your observation for later use.
Adding IP to MAC address mapping entries to Host-A and Host-B manually
- On terminal window "C" on Host-A only, enter the following commands and record the output for later reference:
arp -s 172.16.x.2 XX:XX:XX:XX:XX:XX (replace the Xs with Host-B's MAC address) arp -n
- On terminal window "C" on Host-A, send two ping packets to Host-B and record your observation.
- On terminal window "C" on Host-B, enter the following commands and record the output:
arp -s 172.16.x.1 XX:XX:XX:XX:XX:XX (replace the Xs with Host-A's MAC address) arp -n
- On terminal window "C" on Host-A, send two ping packets to Host-B and record your observation.
Enable ARP on network interface
- On terminal window "C" on Host-B, enter the following commands and record your observation:
ifconfig ethxx down ifconfig ethxx arp ifconfig ethxx up arp -n
- Make sure that the tcpdump command is still running on terminal window "T" on Host-B.
- Send two ping packets from Host-B to Host-A, wait for 30 seconds and send another two ping packets to Host-A. Compares the two sets of packets captured and record your observation.
Exercise
When Host-A pings Host-B the very first time, Host-A sends an ethernet broadcast to find out which network device owns the target IP address. The network device that has a matching IP address will response with its MAC address. Once the MAC address was found, Host-A will keep the MAC address and the corresponding IP address in its system ARP cache table for a short period (a few minutes) of time and then the information will be discarded. Use Host-A and Host-B to determine the life time of an ARP reply entry on your Linux system correct to the nearest minute.
Questions
Based on your observation of the outputs from the commands issued during the lab, prepare the answers for the following questions:
- What is the effect of the first "ifconfig ethxx down" command on the system's ARP cache?
- What command disable ARP on a network interface?
- How do you enable ARP on a network interface if it has been disabled?
- What is the consequence of disabling ARP on a network interface?
- How do you manually add an entry to the ARP cache?
- What would be the possible advantage of disabling ARP on a network interface?
- Describe the procedure you used in determining the life time of an ARP cache entry on a Linux system.
Completing this Lab
Post your answers for this lab to NAD710 Lab 2 Answers
You will be graded according to your contribution. If you have nothing to add to the answer page, please make some comments of the lab and the answers and email them to your professor.