CSC 175 Assignment : Data Link Concepts and Experiments Due Monday 2/23 Exercises from text book, chapter 2: #1, 5, 6, 18, 39, 40, 43, and 47 - these exercises are to be completed individually, while the lab exercises are for your groups. The rest of the assignment requires you to configure your Linux system. Be sure you log on as root and coordinate with your team when you do this. Consult instructions on remote login from the "linux installation notes" link. NOTE: THIS ASSIGNMENT REQUIRES YOU TO ACQUIRE CERTAIN BASIC SKILLS THAT WILL BE NEEDED LATER: I WILL ASSUME THAT YOU HAVE THESE SKILLS. ********************************** PRE-LAB SETUP: Before starting this lab, login to your linux box as root and make sure that you're connected to the network. Do a "ping 10.1.0.98" and see if you get a response. Also, make sure you have the wireshark program installed. (if not, type (yum install wireshark wireshark-gnome). ********************************** Some basic commands you should familiarize yourself with: A. "ip link" (also "ifconfig -a"): gives info on each network interface, and their fixed MAC addresses. "ip addr" will also show their assigned IP address. B. arp (also "ip neigh"): controls the address resolution protocol cache. arp -n will display cache. type "man arp" to learn how to use arp. ip neigh is slightly newer and is preferred. C. "ip route" (also route -n): displays/changes the IP routing table D. ping sends an ICMP probe signal to a host to see if it's alive. Read "man ping". E. netstat -n Show socket activity information. YOU NEED TO ESPECIALLY STUDY arp AND ip link FOR THIS ASSIGNMENT. Look through the online "man" pages for each command. You should also become familiar with the purpose of the following files and directories: /etc/rc.d/rc.local : In this file you can write commands that will be automatically executed when the system boots. Usually firewall rules are inserted here. /etc/sysconfig/network-scripts/ifcfg-eth0: Contains the TCP/IP settings for interface eth0 (other interfaces are also in the network-scripts directory). You should not have to edit this file, but you may want to look at it to see current settings. /etc/resolv.conf : lists the dns nameservers your machine will use. make sure it says search secret.hoftra.edu hofstra.edu on the first line and lists 10.1.0.98 as the primary dns /proc/sys/net/ipv4/ : This is a directory containing a set of files, each of which contains a single 0 or 1 flag value. For example, the file /proc/sys/net/ipv4/ip_forward controls whether your system is allowed to forward IP packets - i.e., acts as a router. /etc/rc.d/init.d/ : This directory contains a set of services that you can shutdown/restart. For example, to restart network configs after changing the files in /etc/sysconfig/network-scripts/ - do /etc/rc.d/init.d/network restart (same as "service network restart") 1. Study the "man page" for the "arp" utility (type "man arp"). With arp you can change the MAC-IP address associations in the arp cache. Another command you can use for this purpose is "ip neigh". In particular, "ip neigh flush all" flushes the arp cache. Study the "iproute2" guide posted on the homepage. 2. Use "system-config-network" to change your ip address to 10.1.0.2. Type "ip addr" alone to show the current configuration. Restart your network services with "service network restart" to put this change into effect. What do you see? How did it figure out that there's another machine with the same ip on the network? Use wireshark to find out. 2b. For this part of the assignment, you are to work with a neighboring group. So you discovered that ARP is also used to check if there are multiple hosts with the same IP on a network (this is a common problem). Unfortunately this method is not foolproof, since after all we're still dealing with software settings. The following command will add 10.1.0.2 as an additional IP to your interface: ip addr add 10.1.0.2 dev eth0 type "ip addr" to verify that this address has indeed been added. After doing so, have someone ping 10.1.0.2 (you can do this yourself by remotely logging into the guest account on, say thincrust-10.1.0.3). BEFORE THE PING HOWEVER, HAVE THEM FLUSH THEIR ARP CACHE! (ip neigh flush all) Monitor all traffic with wireshark. You should see an arp broadcast request for the mac address of 10.1.0.2. Did your host respond to it? Did you get the pings (echo requrests)? From this experiment, is it possible to hijack packets by giving yourself unauthorized IPs? Use evidence FROM YOUR EXPERIMENT to argue why or why not. 3. Assign to your machine a different IP address using the system-config-network utility. The new IP MUST be in the range 192.168.1.1 to 192.168.1.15 For example, if you're 10.1.0.8, your new ip should be 192.168.1.8 Change the netmask to 255.255.255.0, the network to 192.168.1.0, and the default gateway to 192.168.1.3 Restart network services with the new settings with /etc/rc.d/init.d/network restart (or "service network restart") Can you get to the internet? How about other machines in Adams 019? NOTE: YOU SHOULD NOT ATTEMPT THIS PART REMOTELY! :-O To allow packets to reach starbase (the internet router), confuse your machine by using the ip neigh (or arp) utility to associate the MAC address of starbase (see above) with the new gateway ip. That is, trick your machine to send packets that are supposed to go to "192.168.1.3" to starbase. One more thing: edit /etc/resolv.conf to eliminate the reference to 10.1.0.98 as a nameserver. Record and report every command you used, but RESET your network configuration after completing this exercise. 4. Create the file /etc/ethers that contains the correct MAC address for each host in the "secret" network. The file should have the simple form 10.1.0.98 00:06:5B:FD:6E:47 10.1.0.1 ... 10.1.0.2 ... ... 10.1.0.12 ... You need to think of ways to find the MAC address of each "secret" host (there are seven + thincrust and deepdish). Then, insert the appropriate arp command that loads this information into the ARP cache upon boot in the file /etc/rc.d/rc.local. This will make our internal network more efficient by eliminating ARP broadcasts. It will also make it more difficult for someone to to spoof us by claiming to be someone else. REMEMBER: RESET YOUR IP CONFIG AFTER THE EXCERCISES YOU WILL LOSE POINTS IF YOUR HOST BECOMES UNREACHABLE AT THE END.