Team 6

Nick Anderson
Jonathan Peggs
Oscar Ochoa
Juan Duarte

Team Programming Assignment #4

(Subnet Addressing in Mininet)

1. Draw and submit the network design in pdf format with all interfaces labeled with
interface names (e.g., s1-eth1) and interface IP addresses.
2. Python Scripts running without errors.
3. All interfaces being pinged via Mininet

4. A list of lines that were changed and why

legacy_network.py
1. In ‘legacy_network’ in lines 36 and 37 we added the switches before adding the host
establishing network structure and connectivity before adding the end devices. Will not
run if you added the hosts first then the switches.
2. The following lines 38-43 we changed the IP addresses from ‘0.0.0.0’ to our desired IP
addresses
3. For lines 46-49 ‘adding hosts’ we changed the IP addresses and added the default
gateway for packets to be sent through the network. Any packets not destined to the
directly connected network will be sent to their respective default gateway.
4. For lines 58-65 we are adding the links between the nodes. The ‘intfName’ parameters
specify the interface names. ‘param1’ and ‘param2’ specify the parameters for the
interfaces. In lines 58-61 we set ‘192.168.1.1/30’ for r3 and ‘192.168.1.2/30’ for r4. This
configures the IP addresses of the links as part of the 192.168.1.0/30 subnet. In lines
62-65 we link r4 and r5. We set ‘192.168.200.1/30’ for r4 and ‘192.168.200.2/30’ for r5
as a part of the 192.168.200.0/30 subnet.
5. For lines 78-83 we are adding the routing entries to the network to specify how traffic
should be routed between different IP address ranges and through their respective
interfaces. We are ensuring traffic is being sent correctly to the right IP addresses.
6. Lines 85-90 displays the routing tables/
7. Line 93 calls our script for generating our certificates and keys.
8. Line 96 opens up a xterm window for h2 and runs ‘web_server_team6.py’ script
9. Line 98 opens up a xterm window for h4 and runs ‘PA3_Server_Team6.py’ script
10. Line 100 makes sure the server has time to establish a connection
11. Line 104 makes sure client_x has time to establish a connection before client_y
12. Line 102 opens up a xterm window for h1 and runs ‘PA3_Client_Team6.py’
13. Line 106 opens up and xterm window for h3 and runs ‘PA3_Client_Team6.py’

gen_certs_team6.py
1. Line 12 we are changing to the /etc/ssl/demoCA directory where we will be storing the
certificates and keys
2. Lines 15 -16 remove the keys if they are present or not.
3. Lines 19-20 remove the certificates if they are present or not.
4. Lines 23-24 remove the csrs if they are present or not
5. Lines 30-31 are generating our keys
6. Lines 33-34 ask user to input the CNs for the servers
7. Lines 37-38 generate the certificates
8. Lines 41-42 authenticate the certificates
9. Lines 45-46 move the chat server key and certificate to their respective directories
10. Lines 48-49 move the web server key and certificate to their respective directories
11. 52-78 opens the /etc/hosts directory and checks to see if the chat and web host entries
exist in the directory. If they are not found it adds them to the file ensuring that the host
IP-address mappings are present.

web_server_team6.py
1. Line 4 assigns the port to 4443.
2. Line 5 saves the domain name for the web server
3. Line 6-7 are the paths for the certificate and key for the webserver
4. Specifies that the SSL context will be used for TLS server-side
5. Line 11 loads the certificate with the correct key
6. Sets up the HTTP server that uses SSL/TLS encryption for secure communication by
wrapping the socket with a SSL/TLS layer using the ssl context.
 PA3_Client_Team6.py
1. Lines 30-32 create an SLL context which we use to wrap the socket for a secure
connection.

PA3_Server_Team6.py
1. Lines 102-104 we create an SSL context and load our certificate with the correct key.
2. Line 122 wraps the socket with the SSL context for a secure connection.

5. Answers to these questions:

1. What were any interesting findings and lessons learned?
Proper IP addressing and defining subnets is crucial in order for our network to
be able to communicate. We found it was interesting to learn how to run
commands from within a python script. Being able to do this is awesome because
the script will allow commands to be automated.
2. Why didn’t the original program forward packets between hosts?
The way the switches and hosts were configured, we had to initiate the switches
first then add the hosts.
The hosts didn’t know what router to send the packets to. Attached the corrected
static IP addresses of the routers.
3. Is the line ‘r3.cmd(‘sysctl -w net.ipv4.ip_forward=1’) required?
Sysctl is used to modify kernel parameters at runtime, so this specific command
is used to enable IP forwarding allowing our router to route network traffic
between different network interfaces. This is necessary as r3 is forwarding
packets to a different network containing h3,h4
4. Intentionally break your working program, eg.: change a subnet length, IP address, or
default route for a host. Explain why your change caused the network to break
Changing the subnet length of r3 from ‘10.0.1.3/24’ to ‘10.0.1.3/16’ will cause our
network to break.
The hosts in the subnet will no longer have valid IP addresses. They will need to
change their IP address in the ‘10.0.1.3/16’ range.
There would also be a routing table mismatch since their entries would still
include subnet ‘10.0.1.3/24’. The router will no longer be able to forward packets
between the 2 subnets since the router does not have the correct entry for the
new subnet range ‘10.0.1.3/16’.
6. Screen capture of a successful chat session between the two chat clients

TLS Chat Session

Screen capture of a Wireshark trace of the communication between a chat client and the
chat server.
You must select the Server Hello packet, and in the packet details, expand the TLS
Record Layer Server Key Exchange after expanding the Transport Layer Security.
7. Screen capture of the successful wget (or curl) of the web server index file.
8. Screenshot of both decrypted server (web and chat) certificates.
Chatserver certificate
Webserver Certificate