Guide 1 - RT 24-25 - v2
Guide 1 - RT 24-25 - v2
INFORMÁTICA
REDES DE TELECOMUNICAÇÕES
LAB GUIDE
Objectives
Verify the network configuration of a PC
Name translation to IP addresses and vice-versa
Connectivity tests
Discovery of the path between two network machines
Geo-location and discovery of the entity and responsible for the network machines
Physical Interfaces and Ethernet Addresses
IPv4 protocol (addressing, forwarding, fragmentation and reassembly)
IPv4 Address Resolution Protocol
ICMP (ping, arp and traceroute commands)
Familiarization with Wireshark protocol analyzer
Familiarization with equipment configuration
Ethernet technology (Switching)
Introduction to IP Routing
IP Sub-netting
Duration
4 weeks
1. Networking Basics
To accomplish the goals of this section, you will need to use a command (windows) or
terminal (linux) window as shown below.
Name IP Address(es)
www.ua.pt
www.sapo.pt
www.publico.pt
www.google.com
www.google.pt
nslookup [{address_to_find}]
2. Using the command nslookup determine the name associated to the following IP
addresses:
IP Address Name
193.136.173.58
193.137.55.13
1.5. Discovery of the entity and responsible for the network machines
Using the service whois, through the web page https://who.is/ (or https://ping.eu/ns-whois/),
determine (if possible), for each of the trace routes in 4.1: the entity responsible by the
antepenultimate machine of each path and the location of that entity
IP address Responsible entity Location of the entity
1. Build and configure the network above with the equipment in the lab (you can use your
own PC). Run the command ping –t (pings without stopping) for the router. (All
configurations’ examples are in the “Commands Guide”):
a) D-LINK Switch: # config ipif System ipaddress 192.1.1.21/24
b) Cisco:
Router> enable
Router# configure terminal // conf t
Router(config)# interface FastEthernet0/0 // Enter interface
configuration mode
Router(config-if)# ip address 192.168.1.1 255.255.255.0 // Assign
IPv4 address
Router(config-if)# no shutdown // Enable the interface
Router(config-if)# exit // ^Z
c) PC (windows):
On the search bar type and open “view network connections” (ver
ligações de rede)
Identify the Ethernet network adapter, right click it, open properties,
choose IPv4 and click on properties:
2. Run Wireshark in the PC and start a capture of all packets. Run the Statistics ➔
Endpoints tool and verify that the PC captures packets from/to another equipment.
3. Run the Statistics ➔ Conversations tool to visualise the communications among the
different pairs of hosts.
5. Analyse the saved capture. What do you conclude on the ICMP packet periodicity?
Observe how the Sequence Number field of ICMP packets is used for round-trip-time
(RTT) estimation done by the ping command.
➢ PC Ethernet address:
➢ Router Ethernet address:
➢ Hexadecimal code (Type field of Ethernet header) that identifies an IP datagram:
➢ Hexadecimal code (Protocol field of IP header) that identifies an ICMP packet:
➢ Hexadecimal code (Type field of ICMP header) that identifies the two ICMP packet types
(Echo Request and Echo Reply):
7. On a command window of your PC, first execute the command arp –d to delete all ARP
table entries of your PC. Then, run the ping command to the Router. Finally, run the
command arp –a to display the ARP table of your PC. Check that the IP address of the
Router has an associated Ethernet address.
arp command
arp -d inet_addr [if_addr]
arp -a [inet_addr] [-N if_addr]
8. Start a new capture with Wireshark. Repeat experiment 4 and, then, stop the capture.
Analysing the captured packets, explain how ARP protocol is used by the PC to discover
the Ethernet address of the Router before exchanging the ICMP packets. Register the
following information of the captured ARP packets:
9. On your PC, run the command ping to the Router. Then, estimate how long it takes the
Router entry to disappear from the ARP table (if you need, use the Windows Clock
applications). Remember from the theoretical classes the reasons for the fact that these
ARP table entries are not permanent.
2.1. Padding
In order to work properly, Ethernet requires a minimum size data field of 46 bytes. If the
protocol running on top of Ethernet delivers a chunk of less than 46 bytes, Ethernet adds
dummy bytes to guarantee its minimum size (this process is named padding). On a DOS
window of your PC, execute the command arp –d to delete all ARP table entries of your
PC. Start a new capture with Wireshark. Then, execute the command ping –l 5 to the
Router and stop the capture. Observe the padding process on the captured ARP and ICMP
packets.
NOTE: Wireshark does not show the padding bytes in packets generated on its host;
therefore, the padding process can be observed only in the packets received by the PC.
2.2. Fragmentation
IP protocol includes a fragmentation and reassembly mechanism in order to transmit IP
packets whose size is larger than the MTU (Maximum Transmission Unit) of the network
(Ethernet MTU = 1500 bytes).
Start a new capture with Wireshark. Execute on your PC the following commands to the
Router:
Windows:
ping Router -l 2000
ping Router -l 3100
Linux:
ping Router -s 2000
ping Router -s 3100
Repeat the ping commands from the Router do the PC using 2000 and 3100 bytes of data:
ping PC size 2028
ping PC size 3128
Analyse the captured packets and explain the fragmentation process. In particular, explain:
• why each packet is fragmented in either 2 or 3 fragments;
• the content of the IP header fields that enable the recovery of the complete packet
at the destination;
• the packet size of each fragment.
1. Consider the same network as before. Test the connectivity between all equipment using
the ping command.
2. Execute again the ping command between PC and Router. Access the management
console of the Switch using the Web Browser. Analyse the MAC Address Table of the
Switch and register its contents (MAC address and Ethernet address are equivalent
terms). Observe that the Switch has learned on each port the MAC addresses of the
equipment connected to the same port.
➔ Confirm on the PC and on the Router that their MAC address are the ones learned by
the Switch.
3. Each entry of the MAC Address Table has a lifetime value that is set to zero whenever
the Switch receives an incoming packet on the same input port with the same origin MAC
address. During time, if an entry lifetime reaches the Aging Time value, the entry is
eliminated (the Aging Time value can be configured on the Switch).
➔ Using the Web Browser access, check the default Aging Time value of the Switch.
4. Using the Web Browser access, configure an Aging Time value of 10 seconds. Then, wait
for about 20 seconds and check if the PC MAC address entry has disappeared from the
MAC Address Table.
➔ Observe that, apparently, this entry does not disappear.
NOTE: The Router MAC address does not disappear from the MAC Address Table due to
the fact that routers send periodically (from 10 to 10 sec.) a LOOPBACK packet to check
for physical connectivity; these packets are continuously validating the Router MAC
address on the Switch.
5. Close the Web Browser and connect to the management console of the Switch through
its console (using the serial interface). Examine again the MAC Address Table. Check
that, in this experiment, the PC MAC address disappears from the table.
➔ Justify the different behaviour observed in these two experiments (4 and 5).
The aim of the 2 next experiments is to verify the Switch basic flooding and forwarding
processes.
2. With WireShark, start a capture with a display filter for ICMP packets. Execute once
again the ping command from the router to the Server.
➔ Register the captured packets.
Note that the ping command has generated the exchange of 5 ICMP Echo Request and 5
ICMP Echo Reply packets between the Router and the Server. Nevertheless, the capture
run on the PC has only one ICMP Echo Request packet.
➔ Explain these observations based on the Switch flooding and forwarding processes
“PC 1” (Windows, Linux or MAC) needs to have at least Wireshark installed and should
have firewall disabled during the exercise. The network interface connected to the switch
must be configured as shown.
“PC 2“ must have GNS3 installed and, using GNS3 the following network must be created
(use the “cloud” from GNS to allow GNS to use the Ethernet adapter of your PC 2 to
connect to the external switch): (ALWAYS USE CISCO 7200 on GNS)
Once everything is configured and connected, your network should be two IP networks,
interconnected by a Router, with the class C IP addresses specified in the figure below.
Note: If you run this experiment in GNS-3, your PC is a VPC and your switch is replaced
by another VPC. Please see the relevant Guide for GNS-3 installation and configuration.
3. Configure the appropriate Default Gateway at the VPC. Start a new capture with a display
filter for ICMP packets and execute the ping command from the VPC to the PC..
➔Register and justify both the ping command result and the captured packets.
4. Configure the appropriate Default Gateway at your PC. Start a new capture with a display
filter for ICMP packets and execute the ping command from the PC to the VPC..
➔ Register and justify the ping command result.
➔ Register also the following addresses of the ICMP Echo Request and Echo Reply
packets and identify to which equipment interfaces each one of them belong.
5. Remember from the theoretical classes that Routers forward IP packets based on the IP
addresses of their IP headers (routers do not change the packet IP addresses).
Nevertheless, routers are clients of each Ethernet segment. Therefore, the MAC addresses
of the Ethernet header are specified with the MAC addresses of the communicating hosts
on each Ethernet segment.
Having in mind this behaviour, and without making any capture, predict what were the
following addresses of the ICMP packets exchanged between the Router and the VPC on
the previous experiment (if needed, check the addresses on the equipment):
7. Start a new capture with a display filter for ICMP and ARP packets and execute the ping
command from the VPC to the IP address 192.20.20.10 (an inexistent IP address of your
network).
➔ Register the captured packets and explain the obtained results.
8. Start a capture with wireshark. Execute the ping command from the VPC to the IP address
194.100.1.1.
➔ Register the captured packets.
➔ Justify the observed packets taking in mind that the Router has no entry for this IP
address.
➔ What do you conclude about the difference between the Switch forwarding process
(previous switching experiment) and the Router forwarding processes when the
destination address is not known?
9. Connect a real router to the first one, as shown in the next figure and reconfigure the
interface of the router in GNS3, according to the figure.
10. Register the routing table of R1 and compare it with the one of the experiment with only
1 router. Observe that the routing table is the same, which means that the Router must be
configured with something else (a routing protocol) to be able to reach the new IP
network.
11. Start a capture with wireshark. Execute the ping command from the PC to the IP address
192.30.30.150 (an inexistent address of an existing network).
➔ Register and justify the captured packets.
➔ Predict what has happened in this experiment in the other side of R1 (in the network
192.30.30.0) taking into consideration the results of experiment 8.
12. Start a capture with a display filter for ICMP packets. Execute the ping command from
the PC to the IP address 192.20.20.1 (an existing address of a network that is not known
yet by your Router).
➔ Register and justify the captured packets.
➔ Predict what has happened in this experiment in the other side of your Router (in the
network 192.30.30.0) taking into consideration the results of experiment 11.
In order to configure the static route, use the following commands (these IP addresses refer
to the Group no. x):
14. Start a capture with a display filter for ICMP packets. Then, run on your PC the following
ping commands:
ping –i 1 192.20.20.11
ping –i 2 192.20.20.11
ping –i 3 192.20.20.11
GNS-3:
ping 192.20.20.11 -T 1
ping 192.20.20.11 -T 2
ping 192.20.20.11 -T 3
➔ Based on the analysis of the captured packets for each case, explain the behaviour
of the routers with the different TTL (Time-To-Live) values sent by the PC.
15. At your PC, start a capture with a display filter for ICMP packets and execute the
command tracert –d 192.20.20.11 (GNS-3: trace 192.20.20.11). Based on the analysis of
the captured packets, explain how tracert command works. In particular:
(i) identify how the PC identifies each router in the path;
(ii) observe that the PC sends three ICMP Echo Request packets for each growing
value of TTL in order to obtain a better estimation of the round trip time;
(iii) determine how the PC stops the process.
16. ➔ Verify and justify the differences obtained when executing in your PC the command
tracert –d for the IP addresses 192.20.20.11 and 192.20.20.1.