Cnlab 1
Cnlab 1
Experiment: 10
AIM:
Wireshark
i. Packet Capture Using Wire shark
ii. Starting Wire shark
iii. Viewing Captured Traffic
iv. Analysis and Statistics & Filters
Description:
Wireshark is an open-source network protocol analyzer developed by
Gerald Combs in 1998, supported by a community of network
professionals and developers. It's widely regarded as safe and is utilized
by various organizations for troubleshooting and educational purposes,
offering deep insights into networking. While Wireshark's capabilities
raise questions about legality, it is ethical and legal to use it on networks
where you have explicit permission to analyze traffic, ensuring respect
for privacy and security norms.
i) Packet Capturing Using
Wireshark How to download
Wireshark:
To download Wireshark for Windows, follow these simplified steps:
1. Visit the official Wireshark website at https://www.wireshark.org/.
and navigate to the Download page.
2. Select the version appropriate for your Windows operating system (32-bit or 64-bit).
Ensure you choose the version that matches your system architecture.
3. Download the installer for the current release, which might have updated from 3.0.3 to
a newer version since this writing.
4. Run the downloaded installer and follow the on-screen instructions to complete the
installation.
Select the Network Interface for Capture: When you start WireShark, the first screen lists
the available network interfaces on your computer. Choose the one corresponding to the
network you want to monitor. This could be your Ethernet connection, Wi-Fi, or any other
network interface. If you're unsure which one to select, look for the interface with the highest
amount of traffic.
Start the Capture: Click on the network interface to start capturing packets. You can also
click on the gear icon next to an interface to configure capture options before starting.
You can select one or more of the network interfaces using “shift left-click”. Once you have
the network interface selected, you can start the capture, and there are several ways to do that.
Click the first button on the toolbar, titled “Start Capturing Packets.”
You can select the menu item Capture -> Start Or you could use the keystroke Control – E.
During the capture, Wireshark will show you the packets that it captures in real-time.
Once you have captured all the packets you need, you use the same buttons or menu options to
stop the capture.
ii) Starting WireShark
Open WireShark by clicking on its icon or typing wireshark in your command line or
terminal.
The main window will show a list of network interfaces. Double-click on one to start
capturing packets on that interface.
To stop the capture, click on the red square button at the top left corner of the window.
Follow Streams: For TCP/UDP streams, you can right-click a packet and select
"Follow" -> "TCP Stream" (or UDP) to see the entire conversation between the two
endpoints.
window.
Statistics: The "Statistics" menu offers various options for analyzing the captured data,
such as endpoint lists, protocol hierarchy, and flow graphs.
Exporting Data: You can export packets or data streams for further analysis. Right-
click on a packet or stream and select the appropriate export option
Experiment 11
AIM:
How to run Nmap scan
Procedure:
How to Run an Nmap Scan
Introduction to Nmap Nmap is a powerful network scanning tool that identifies devices on a
network and their operating systems and services. It's used for securing large and small
networks, especially with the rise of IoT devices.
What Nmap Does Nmap provides real-time information on networks, detailing every active
IP, offering insights on the network structure, and helping in securing websites by identifying
vulnerabilities.
How to Use Nmap Nmap is command-line oriented, suitable for users familiar with CLI. It
consolidates various network monitoring tools into one application.
Installing Nmap
To install Nmap on Windows, follow these steps:
Step 1: Download the official Nmap installer for Windows from the Nmap website
(https://nmap.org/download.html).
Step 2: Locate the downloaded file, typically named nmap-<version>-setup.exe, where
<version> is the version number of Nmap.
Step 3: Double-click the installer file to start the installation process.
Step 4: If prompted, approve the security warning to allow the installer to run.
Step 5: Follow the on-screen instructions provided by the setup wizard. This may include
accepting the license agreement, choosing installation options, and selecting an installation
directory.
Step 6: Complete the installation. The installer may optionally install WinPcap or Npcap
(required for packet capture capabilities) if it is not already installed on your system. It's
recommended to allow this installation.
Step 7: Once the installation is complete, you can launch Nmap from the Start menu or by
using the command line.
Nmap Tutorial and Examples
Ping Scan: Identify active hosts without sending packets to the hosts (nmap -sp
192.100.1.1/24).
Host Scan: Sends ARP requests to gather more detailed information about hosts (nmap
-sp <target IP range>).
Using Nmap in Kali Linux: Kali includes a comprehensive Nmap suite with additional
tools for advanced scanning and analysis.
Nmap Commands
Ping Scanning: nmap -sp <IP range>
Port Scanning: Various commands for TCP and UDP scans, such as nmap -sS for a
TCP SYN scan.
Host Scanning: Detailed scan on specific hosts or IP ranges (nmap -sp <target IP
range>).
OS Scanning: Identifies operating systems of hosts (nmap -O <target IP>).
Scan Popular Ports: Scans the most commonly targeted ports (nmap --top-ports 20
192.168.1.106).
Output to File: Saves scan results to a file (-oN output.txt or -oX output.xml).
Disable DNS Name Resolution: Speeds up scans by skipping DNS resolution (nmap
-sp -n 192.100.1.1/24).
Experiment 12
AIM:
Operating System Detection using Nmap
Procedure:
Operating System Detection with Nmap
How It Works
TCP/IP Stack Fingerprinting: Nmap examines the intricacies of responses to TCP
and UDP packets it sends to the target host. This involves analyzing various aspects
like TCP Initial Sequence Number (ISN) sampling, support and ordering of TCP
options, and the initial window size.
Database Comparison: The responses are compared with Nmap's nmap-os-db
database, which contains over 2,600 OS fingerprints. These fingerprints detail the
operating system's characteristics, including vendor, underlying OS, and device type.
Many fingerprints are associated with a Common Platform Enumeration (CPE)
identifier.
Contribution: If Nmap cannot identify the OS but the conditions are right (at least one
open and one closed port found), it provides a URL for users to submit a new
fingerprint. This helps enhance the accuracy of Nmap for everyone.
Additional Features Enabled by OS Detection
You don't need to declare variables in Tcl: a variable is created automatically the first time it
is set. Tcl variables don't have types: any variable can hold any value. To use the value of a
variable in a command, use variable substitution as in the following example:
expr $x*3
When a $ appears in a command, Tcl treats the letters and digits following it as a variable name,
and substitutes the value of the variable in place of the name. In this example, the actual
argument received by the expr command will be 32*3 (assuming that variable x was set as in
the previous example). You can use variable substitution in any word of any command, or even
multiple times within a word:
set cmd
expr set x 11
$cmd $x*$x
Command substitution You can also use the result of one command in an argument to another
command. This is called command substitution:
set a 44
set b [expr $a*4]
When a [ appears in a command, Tcl treats everything between it and the matching ] as a nested
Tcl command. Tcl evaluates the nested command and substitutes its result into the enclosing
command in place of the bracketed text. In the example above the second argument of the
second set command will be 176.
Quotes and braces Double-quotes allow you to specify words that contain spaces. For example,
consider the following script:
set x 24
set y 18
set z "$x + $y is [expr $x + $y]"
After these three commands are evaluated variable z will have the value 24 + 18 is 42.
Everything between the quotes is passed to the set command as a single word. Note that
(a) command and variable substitutions are performed on the text between the quotes, and
(b) the quotes themselves are not passed to the command. If the quotes were not present, the
set command would have received 6 arguments, which would have caused an error.
Curly braces provide another way of grouping information into words. They are different from
quotes in that no substitutions are performed on the text between the curly braces:
set z {$x + $y is [expr $x + $y]}
This command sets variable z to the value "$x + $y is [expr $x + $y]".
Control structures
Tcl provides a complete set of control structures including commands for conditional
execution, looping, and procedures. Tcl control structures are just commands that take Tcl
scripts as arguments. The example below creates a Tcl procedure called power, which raises a
base to an integer power:
proc power {base p} {
set result 1
while {$p > 0} {
set result [expr $result * $base]
set p [expr $p - 1]
}
return $result
}
This script consists of a single command, proc. The proc command takes three arguments: the
name of a procedure, a list of argument names, and the body of the procedure, which is a Tcl
script. Note that everything between the curly brace at the end of the first line and the curly
brace on the last line is passed verbatim to proc as a single argument. The proc command
creates a new Tcl command named power that takes two arguments. You can then invoke
power with commands like the following:
power 2 6
power 1.15 5
When power is invoked, the procedure body is evaluated. While the body is executing it can
access its arguments as variables: base will hold the first argument and p will hold the second.
The body of the power procedure contains three Tcl commands: set, while, and return. The
while command does most of the work of the procedure. It takes two arguments, an expression
($p > 0) and a body, which is another Tcl script. The while command evaluates its expression
argument using rules similar to those of the C programming language and if the result is true
(nonzero) then it evaluates the body as a Tcl script. It repeats this process over and over until
eventually the expression evaluates to false (zero). In this case the body of the while command
multiplied the result value by base and then decrements p. When p reaches zero the result
contains the desired power of base. The return command causes the procedure to exit with the
value of variable result as the procedure's result.
Where do commands come from?
As you have seen, all of the interesting features in Tcl are represented by commands.
Statements are commands, expressions are evaluated by executing commands, control
structures are commands, and procedures are commands.
Tcl commands are created in three ways. One group of commands is provided by the Tcl
interpreter itself. These commands are called builtin commands. They include all of the
commands you have seen so far and many more (see below). The builtin commands are present
in all Tcl applications.
The second group of commands is created using the Tcl extension mechanism. Tcl provides
APIs that allow you to create a new command by writing a command procedure in C or C++
that implements the command. You then register the command procedure with the Tcl
interpreter by telling Tcl the name of the command that the procedure implements. In the future,
whenever that particular name is used for a Tcl command, Tcl will call your command
procedure to execute the command. The builtin commands are also implemented using this
same extension mechanism; their command procedures are simply part of the Tcl library.
When Tcl is used inside an application, the application incorporates its key features into Tcl
using the extension mechanism. Thus the set of available Tcl commands varies from
application to application. There are also numerous extension packages that can be
incorporated into any Tcl application. One of the best known extensions is Tk, which provides
powerful facilities for building graphical user interfaces. Other extensions provide object-
oriented programming, database access, more graphical capabilities, and a variety of other
features. One of Tcl's greatest advantages for building integration applications is the ease with
which it can be extended to incorporate new features or communicate with other resources.
The third group of commands consists of procedures created with the proc command, such as
the power command created above. Typically, extensions are used for lower-level functions
where C programming is convenient, and procedures are used for higher-level functions where
it is easier to write in Tcl.
Wired TCL Script Components
Create the event scheduler
Open new files & turn on the tracing
Create the nodes
Setup the links
Configure the traffic type (e.g., TCP, UDP, etc)
Set the time of traffic generation (e.g., CBR, FTP)
Terminate the simulation
NS Simulator Preliminaries.
Initialization and termination aspects of the ns simulator.
Definition of network nodes, links, queues and topology.
Definition of agents and of applications.
The nam visualization tool.
Tracing and random variables.
Features of NS2
NS2 can be employed in most unix systems and windows. Most of the NS2 code is in C++. It
uses TCL as its scripting language, Otcl adds object orientation to TCL.NS(version 2) is an
object oriented, discrete event driven network simulator that is freely distributed and open
source.
Traffic Models: CBR, VBR, Web etc
Protocols: TCP, UDP, HTTP, Routing algorithms,MAC etc
Error Models: Uniform, bursty etc
Misc: Radio propagation, Mobility models , Energy Models
Topology Generation tools
Visualization tools (NAM), Tracing Structure of NS
NS is an object oriented discrete event simulator
– Simulator maintains list of events and executes one event after another
– Single thread of control: no locking or race conditions
Back end is C++ event scheduler
– Protocols mostly
– Fast to run, more control • Front end is OTCL
Creating scenarios, extensions to C++ protocols fast to write and change
Platforms
It can be employed in most unix systems(FreeBSD, Linux, Solaris) and Windows.
Source code
Most of NS2 code is in C++
Scripting language
It uses TCL as its scripting language OTcl adds object orientation to TCL.
Protocols implemented in NS2
Transport layer(Traffic Agent) – TCP, UDP
Network layer(Routing agent)
Interface queue – FIFO queue, Drop Tail queue, Priority queue
Logic link contol layer – IEEE 802.2, AR
How to use NS2
simulation server is executing, the user will see the time knot at the bottom of the screen move.
The time knot reflects the current virtual time (progress) of the simulation case.
Step 9: To start the playback, the user can left-click the start icon( |>) of the time bar located
at the bottom. The animation player will then start playing the recorded packet animation.
Step 10: Change the bandwidth say, 9 Mbps, and run the simulation and compare the two
results.
Step 11: To view the results, go to the filename. results folder.
Note: To get the syntax of any command, double click on the host icon. Host dialog boxes
appear and then choose App. Usage.
The screenshot below explain the topology.
Note: The no: of drop packets are obtained only when the traffic is more in the network. For
checking the no of packets dropped press ctrl+C
The screenshot of the topology is shown below:
v)
Here is the Step-by-step guide on setting up and running a basic simulation in NS2 to compare
data rate and throughput for different network configurations.
Step 1: Install NS2
First, ensure that NS2 is installed on your computer. You can typically install NS2 using
package managers or compile it from source.
Step 2: Create a Tcl Script
NS2 simulations are controlled through Tcl (Tool Command Language) scripts. Here’s a basic
example to get you started:
1. Define your network topology: This involves setting up nodes, links, etc.
2. Setup traffic pattern: Define how data flows in the network (e.g., TCP, UDP).
3. Run the simulation: Define the simulation parameters and run it.
4. Output results: Gather results such as throughput.
Step 3: Run the Simulation
Run the simulation from the terminal:
Command: ns simple_network.tcl
Step 4: Analyze the Output
The simulation will output a trace file (simple_network.tr). You will need to analyze this file
to calculate throughput and other statistics.
Analyzing the trace file:
You can write a separate script or use existing tools to parse the .tr trace file to calculate
throughput.
Throughput is typically measured in bits per second (bps) and can be calculated as the
total number of bits received divided by the total simulation time.
Additional Steps
Modify the topology and parameters: You can experiment with different topologies,
link bandwidths, and delays to see how they affect throughput.
Use different protocols: Besides TCP, try using UDP and compare how it impacts the
network performance.
vi) Simulate an Ethernet LAN using N nodes and set multiple traffic nodes and
plot congestion window for different source/destination.
STEPS:
Step 1: Connect one set of hosts with a hub and another set of hosts also through a hub and
connect these two hubs through a switch. This forms an Ethernet LAN.
Step 2: Setup multiple traffic connections between the hosts on one hub and hosts on another
hub using the following command:
stcp [-p port] [-l writesize] hostIPaddr rtcp [-p port] [-l readsize]
Step 3: Setup the collision log at the destination hosts in the MAC layer as described in the
earlier experiments.
Step 4: To plot the congestion window go to Menu->Tools->Plot Graph->File->open-
>filename.results->filename.coll.log
Step 5: View the results in the filename.results.
The screenshot of the topology is shown below:
vii) Simulate simple ESS and with transmitting nodes in wireless LAN by
simulation and determine the performance with respect to transmission of packets.
STEPS:
Step 1: Connect a host and two WLAN access points to a router.
Step 2: Setup multiple mobile nodes around the two WLAN access points and set the path for
each mobile node.
Step 3: Setup a ttcp connection between the mobile nodes and host using the following
command:
Mobile Host 1
ttcp –t –u –s –p 3000 IPAddrOf Receiver
Mobile Host 1
ttcp –t –u –s –p 4000 IPAddrOf Receiver
Host(Receiver)
ttcp –r –u –s –p 3000 ttcp –r –u –s –p 4000
Step 4: Setup the input throughput log at the destination host.
Step 5: To set the transmission range go to Menu->Settings->WLAN mobile node- >Show
transmission range.
Step 5: View the results in the filename. results.
Screenshot: