INT303: Networking Fundamentals – Lab 4

Lab 4: Simulating Network Routing and VLAN Configuration in Linux

Objective:
In this lab, students will simulate network routing and VLAN configuration using Linux-based
tools. They will use the OWASP Broken Web Application VM's IP address to test connectivity and
routing principles.

Learning Outcomes:
By the end of this lab, students will:
• Understand how to set up routing and VLANs on Linux.
• Be able to simulate network device behavior using Linux tools.
• Gain hands-on experience in network troubleshooting.
• Learn how to configure iptables, ip route, and network namespaces to manage
traffic.

Materials Needed:
• Linux machine or VM (e.g., Ubuntu, Kali).
• OWASP Broken Web Application VM (reachable on the network).
• IP address of the OWASP Broken Web Application VM (e.g., 192.168.X.X).
• Terminal access.

Lab Exercises:

Exercise 1: Setting Up Static Routing in Linux

1. Task: Set up static routes in Linux to simulate routing behavior. Ensure the Linux machine
can route traffic to the OWASP Broken Web Application VM.
• Steps:
1. Use ip route to add a static route to reach the OWASP Broken Web
Application VM.
2. Ensure that your machine routes traffic correctly through the simulated
network.
• Commands:
1. sudo ip route add <destination_network> via
<gateway_IP> dev <interface>
 Example: sudo ip route add 192.168.4.0/24 via
192.168.1.1 dev eth0
2. ip route show – Verify your routing table.
• Verification Command:
1. ping <OWASP_IP> – Ensure that the Linux machine can reach the
OWASP Broken Web Application VM.
2. Question:
• How does static routing work on a Linux system?
• What challenges could arise when setting up routes manually?

Exercise 2: VLAN Configuration Using Network Namespaces

3. Task: Create virtual LANs (VLANs) using Linux network namespaces to segment traffic.
Assign the OWASP Broken Web Application VM to a separate namespace and test
connectivity between namespaces.
• Steps:
1.
Create two network namespaces to simulate VLANs.
2.
Assign virtual network interfaces to each namespace.
3.
Route traffic between the namespaces.
4.
Test communication between namespaces and the OWASP Broken Web
Application VM.
• Commands:
1. sudo ip netns add vlan1 – Create a network namespace for VLAN
1.
2. sudo ip netns add vlan2 – Create a network namespace for VLAN
2.
3. sudo ip link add veth1 type veth peer name veth2 –
Create virtual network interfaces.
4. sudo ip link set veth1 netns vlan1 – Assign veth1 to
vlan1.
5. sudo ip link set veth2 netns vlan2 – Assign veth2 to
vlan2.
6. sudo ip netns exec vlan1 ip link set lo up – Enable
loopback interface in the namespace.
7. sudo ip netns exec vlan1 ip addr add 192.168.10.1/24
dev veth1 – Assign IP.
8. sudo ip netns exec vlan1 ping <OWASP_IP> – Test
communication.
4. Question:
• How do network namespaces simulate VLANs in Linux?
• What are the benefits of using namespaces in network isolation?
Exercise 3: IP Address Assignment and Subnetting in Linux
5. Task: Subnet your network and assign IP addresses to each namespace and the OWASP
VM. Ensure the correct routing between subnets using static routes.
• Steps:
1. Subnet the given network (e.g., 192.168.0.0/24).
2. Assign IP addresses to network namespaces and devices.
3. Configure static routes to enable communication between the subnets.
• Commands:
1. ip addr add <subnet_IP> dev <interface> – Assign IP
addresses.
2. ip route add <subnet> – Add static routes.
6. Question:
• How does subnetting work in Linux environments?
• What challenges arise when configuring subnets manually?

Exercise 4: Testing Connectivity Using Ping and Traceroute

7. Task: Use ping and traceroute to test connectivity between the Linux machine,
network namespaces, and the OWASP Broken Web Application VM. Analyze the routing
path.
• Commands:
• ping <OWASP_IP> – Check connectivity.
• traceroute <OWASP_IP> – Trace the packet path.
8. Question:
• What can traceroute reveal about network issues?
• How does packet routing affect network performance?

Exercise 5: Configuring iptables for Routing and Firewall Rules

9. Task: Use iptables to simulate a router by controlling the flow of traffic between
different networks and the OWASP VM. Block certain traffic while allowing other traffic.
• Steps:
1. Enable IP forwarding on the Linux machine.
2. Set up iptables rules to allow or block specific traffic between
namespaces and the OWASP VM.
3. Test the firewall by pinging the OWASP VM and other devices.
• Commands:
 1. echo 1 > /proc/sys/net/ipv4/ip_forward – Enable IP
forwarding.
2. sudo iptables -A FORWARD -s 192.168.10.0/24 -d
192.168.20.0/24 -j ACCEPT – Allow forwarding.
3. sudo iptables -A FORWARD -s 192.168.10.0/24 -d
<OWASP_IP> -j DROP – Block traffic to OWASP VM.
10.Question:
• How can iptables be used to simulate routing and firewall functionality?
• What are common mistakes when configuring iptables rules?

Exercise 6: Monitoring Traffic Using tcpdump

11.Task: Use tcpdump to monitor traffic between your Linux namespaces and the OWASP
VM. Capture and analyze packets to understand traffic flow.
• Commands:
• sudo tcpdump -i <interface> – Capture traffic on a specific interface.
• sudo tcpdump -i veth1 – Monitor traffic on the virtual network interface.
• sudo tcpdump -i eth0 src <OWASP_IP> – Monitor traffic to/from
OWASP VM.
12.Question:
• How can tcpdump be used to diagnose network issues?
• What types of traffic do you observe during the simulation?

Submission Requirements:
• Submit a report including:
• Screenshots of the static routing, namespace creation, and iptables
configurations.
• A brief explanation of each step and the results from ping, traceroute, and
tcpdump commands.
• Troubleshooting steps for any encountered issues.

Reflection:
This lab demonstrates how Linux-based tools can effectively simulate routing and VLAN behavior.
Students gain critical insights into routing, network segmentation, and traffic control without
needing physical network hardware.
Exercise 1: Setting Up Static Routing in Linux
What is Static Routing?
• Routing is the process of directing network traffic from one device to another. Static routing
is when a network administrator manually configures the paths (routes) that data should take
across the network.
• By setting up static routes, you are telling the Linux machine where to send traffic destined
for specific networks. For example, if a machine wants to reach an IP address that is outside
its local network, static routing tells it where to send the data so it can reach the destination.

What You Do:

• You use the command ip route add to add a route for a specific network. This includes:
• Destination network: The network you want to reach.
• Gateway: The next hop or router that will forward the traffic.
• Interface: The network interface (like eth0) through which the data should be sent.
• Example: If you want to send traffic to the 192.168.4.0/24 network, you add a route
using the ip route add command.

Verification:
• Use ip route show to see the routing table and confirm that your route is added.
• Ping: You then ping the OWASP VM to check if your traffic can successfully reach the
destination.

Challenges:
• If you incorrectly set the destination network or gateway, the data will not reach its
destination.
• If you forget to add a route to a new network, the system might not know how to reach it.

Exercise 2: VLAN Configuration Using Network Namespaces

What are VLANs and Network Namespaces?
• A VLAN (Virtual Local Area Network) allows you to segment a physical network into
multiple logical networks. Each VLAN behaves like a separate network, even though they
share the same physical infrastructure.
• Network namespaces in Linux allow you to create virtual, isolated network environments.
Each namespace has its own network interfaces, routing tables, and IP addresses, as if it
were a separate computer.

What You Do:

1. Create Network Namespaces: You create two namespaces (vlan1 and vlan2) to
simulate two isolated VLANs.
2. Create Virtual Interfaces: You then create virtual Ethernet interfaces (e.g., veth1 and
veth2) and assign them to the namespaces, effectively connecting the VLANs to the
physical network.
 3. Assign IP Addresses: You assign IP addresses to these virtual interfaces to allow them to
communicate.
4. Test Communication: You test if the namespaces can communicate with each other and the
OWASP VM.

Benefits of Using Network Namespaces (Simulating VLANs):

• Isolation: Each namespace is isolated from others, so traffic in one namespace doesn’t affect
others.
• Security: Network namespaces can limit the spread of network issues or attacks by keeping
traffic separate.
• Flexibility: You can simulate different network environments on a single physical machine
without additional hardware.

Exercise 3: IP Address Assignment and Subnetting in Linux

What is Subnetting?
• Subnetting is the process of dividing a larger network into smaller, more manageable
networks (subnets). For example, if you have a network 192.168.0.0/24, subnetting
allows you to break it down into smaller sub-networks like 192.168.0.0/25,
192.168.0.128/25, etc. This helps in efficiently managing IP addresses and improving
network performance.
• IP Assignment: Each device on a network needs a unique IP address. You assign IP
addresses to each namespace and the OWASP VM so they can communicate on the network.

What You Do:

1. Subnetting: You take a larger network (e.g., 192.168.0.0/24) and divide it into smaller
subnets, making the network more organized and efficient.
2. Assign IP Addresses: You assign specific IP addresses to each network namespace and
device.
3. Routing Between Subnets: After subnetting, you need to configure static routes to allow
communication between the different subnets. This is because devices in different subnets
need to know how to reach each other.

Challenges:
• Subnetting can be confusing if you're not familiar with how the bits in the subnet mask
work.
• If you misconfigure IP addresses or routes, devices might not be able to communicate across
subnets.
Exercise 4: Testing Connectivity Using Ping and Traceroute
What is Ping?
• ping is a simple command used to check if a device on the network is reachable. It sends a
small packet of data and waits for a response. If the response comes back, the destination is
reachable.

What is Traceroute?
• traceroute is a tool that shows you the path that data takes from your machine to the
destination. It reveals each "hop" (router or network device) the data goes through to reach
its destination, helping you understand where delays or failures may occur.

What You Do:

• You use ping to check if the OWASP VM is reachable from your Linux system.
• You use traceroute to see the path your data takes to reach the OWASP VM and to identify
any network issues (like delays or bottlenecks).

Why It's Useful:

• Ping confirms if the destination is reachable.
• Traceroute helps diagnose where the data is being delayed or blocked, and it shows the
hops along the way, which is useful for network troubleshooting.

Exercise 5: Configuring iptables for Routing and Firewall Rules

What is iptables?
• iptables is a tool in Linux used to configure the firewall. It acts as a traffic controller,
allowing you to filter, block, or forward network traffic based on various rules.

What You Do:

1. Enable IP Forwarding: You need to enable IP forwarding, which allows your Linux system
to route traffic between different networks, like a router.
2. Create iptables Rules: You create firewall rules to control what traffic is allowed or
blocked. For example:
• Allow traffic from one network to another (ACCEPT rule).
• Block traffic to the OWASP VM (DROP rule).
3. Test: You test if the firewall rules are working by pinging the OWASP VM and checking if
certain traffic is blocked.

Common Mistakes:
• Misconfigured rules might block essential traffic, causing communication failures.
• Overly broad or vague rules can accidentally open up security vulnerabilities by allowing
unwanted traffic.
Exercise 6: Monitoring Traffic Using tcpdump
What is tcpdump?
• tcpdump is a command-line tool that allows you to capture and analyze network traffic. It
lets you "see" what's happening on the network by showing you packets of data that are
being sent and received.

What You Do:

1. You run tcpdump on the network interface to capture packets. This helps you observe the
flow of traffic between your Linux namespaces and the OWASP VM.
2. You can filter the captured traffic by specific sources (like the OWASP IP), so you only see
the relevant traffic.

Why It’s Useful:

• tcpdump helps diagnose network issues by showing the data that’s being transmitted.
• It also helps you understand the structure of packets, which is crucial for identifying
malicious or unexpected behavior on the network.

Summary of What You Learn:

• Static Routing teaches you how to manually direct network traffic.
• VLANs/Network Namespaces help you simulate isolated networks on the same machine.
• Subnetting breaks up large networks into smaller subnets for easier management.
• Ping and Traceroute help test connectivity and diagnose network issues.
• Iptables teaches you to control the flow of traffic, acting like a firewall and router.
• Tcpdump helps you monitor and understand network traffic in real-time.
These exercises together give you hands-on experience with important networking concepts that
help you manage and troubleshoot networks effectively.

---

### **Exercise 1: Setting Up Static Routing in Linux**

#### **Objective:** Set up static routing on a Linux machine to simulate routing behavior
and ensure the machine can reach the OWASP Broken Web Application VM.

---
#### **Steps:**

1. **Add a Static Route:**

- Command:
```bash
sudo ip route add 192.168.4.0/24 via 192.168.1.1 dev eth0
```
- **What it means:**
- `sudo`: Run as superuser (administrator).
- `ip route add`: Add a new route to the routing table.
- `192.168.4.0/24`: The destination network you want to reach (in this case, the OWASP
VM).
- `via 192.168.1.1`: The gateway (router) that will route the traffic to the destination
network.
- `dev eth0`: The network interface (e.g., `eth0` is usually the primary network interface).

2. **Verify the Routing Table:**

- Command:
```bash
ip route show
```
- **What it means:** This command shows the current routing table, which tells the system
how to route packets to different networks. You should see your newly added route here.

3. **Ping the OWASP VM:**

- Command:
```bash
ping <OWASP_IP>
```
- **What it means:** This sends a "ping" request to the OWASP VM's IP address to check
if the Linux machine can communicate with it. If the ping is successful, it means the static
route works correctly.
---

#### **Challenges:**
- Misconfigured routes or gateways can cause the Linux machine to fail to reach the
destination network.
- If there are multiple paths to the destination, it could cause routing issues.

---

### **Exercise 2: VLAN Configuration Using Network Namespaces**

#### **Objective:** Create network namespaces to simulate VLANs (Virtual Local Area
Networks), assign the OWASP VM to a separate namespace, and test connectivity.

---

#### **Steps:**

1. **Create Network Namespaces:**

- Command:
```bash
sudo ip netns add vlan1
sudo ip netns add vlan2
```
- **What it means:**
- `ip netns add`: Create a new network namespace.
- `vlan1`, `vlan2`: Names for the two namespaces. These namespaces simulate separate
VLANs (virtual networks).

2. **Create Virtual Network Interfaces:**

- Command:
```bash
sudo ip link add veth1 type veth peer name veth2
 ```
- **What it means:**
- `ip link add`: Create a new network interface.
- `veth1` and `veth2`: These are the virtual interfaces that will connect the two namespaces
(`vlan1` and `vlan2`).
- `type veth peer`: This creates a pair of virtual Ethernet interfaces that can communicate
with each other.

3. **Assign Virtual Interfaces to Namespaces:**

- Command:
```bash
sudo ip link set veth1 netns vlan1
sudo ip link set veth2 netns vlan2
```
- **What it means:**
- `ip link set`: Move the virtual interfaces (`veth1`, `veth2`) into their respective
namespaces (`vlan1`, `vlan2`).

4. **Enable Loopback Interface in Each Namespace:**

- Command:
```bash
sudo ip netns exec vlan1 ip link set lo up
sudo ip netns exec vlan2 ip link set lo up
```
- **What it means:**
- `ip netns exec`: Execute a command inside the specified network namespace.
- `ip link set lo up`: Enable the loopback interface (`lo`) inside each namespace, allowing
internal communication within the namespace.

5. **Assign IP Addresses to the Virtual Interfaces:**

- Command:
```bash
sudo ip netns exec vlan1 ip addr add 192.168.10.1/24 dev veth1
 sudo ip netns exec vlan2 ip addr add 192.168.20.1/24 dev veth2
```
- **What it means:**
- `ip addr add`: Assign an IP address to the interface inside each namespace.
- `192.168.10.1/24`, `192.168.20.1/24`: These are IP addresses for the interfaces in `vlan1`
and `vlan2`.

6. **Test Connectivity (Ping) between the Namespaces:**

- Command:
```bash
sudo ip netns exec vlan1 ping 192.168.20.1
```
- **What it means:** Test if `vlan1` can reach the IP address of `vlan2` (`192.168.20.1`).

7. **Test Communication with OWASP VM:**

- Command:
```bash
sudo ip netns exec vlan1 ping <OWASP_IP>
```
- **What it means:** Test if the `vlan1` namespace can communicate with the OWASP VM.

---

#### **Benefits of Using Network Namespaces:**

- VLANs and namespaces isolate network traffic, improving security and organization.
- They allow you to simulate complex network topologies without requiring additional
physical hardware.

---

### **Exercise 3: IP Address Assignment and Subnetting in Linux**

#### **Objective:** Subnet a network and assign IP addresses to each namespace and the
OWASP VM. Set up static routes for inter-subnet communication.

---

#### **Steps:**

1. **Subnet the Network:**

- Example: Split `192.168.0.0/24` into two subnets:
- `192.168.0.0/25` (Network 1)
- `192.168.0.128/25` (Network 2)

- **What it means:** Subnetting divides a large network into smaller chunks, helping
manage IP addresses more efficiently.

2. **Assign IP Addresses to Devices and Namespaces:**

- Command (Example):
```bash
sudo ip netns exec vlan1 ip addr add 192.168.0.1/25 dev veth1
sudo ip netns exec vlan2 ip addr add 192.168.0.130/25 dev veth2
sudo ip addr add 192.168.0.200/24 dev eth0
```
- **What it means:** Assign IP addresses to devices and namespaces. Each interface needs
an IP address within the correct subnet.

3. **Add Static Routes:**

- Command:
```bash
sudo ip route add 192.168.0.128/25 via 192.168.0.1 dev eth0
sudo ip route add 192.168.0.0/25 via 192.168.0.130 dev eth0
```
- **What it means:** You configure static routes to allow traffic between subnets. For
instance, data destined for `192.168.0.128/25` will be sent via `192.168.0.1`.
---

#### **Challenges with Subnetting:**

- Misassigning an IP address outside the subnet range will prevent communication.
- Static routes must be carefully configured to ensure the proper traffic flow between subnets.

---

### **Exercise 4: Testing Connectivity Using Ping and Traceroute**

#### **Objective:** Test connectivity between the Linux machine, namespaces, and the
OWASP VM using `ping` and `traceroute`.

---

#### **Steps:**

1. **Ping the OWASP VM:**

- Command:
```bash
ping <OWASP_IP>
```
- **What it means:** Send a request to the OWASP VM and see if it responds. If you get a
reply, the connection is working.

2. **Run Traceroute:**
- Command:
```bash
traceroute <OWASP_IP>
```
- **What it means:** This will show you the path that packets take from your machine to
the OWASP VM, including each router or network device the data passes through.
---

#### **Why Traceroute is Useful:**

- It helps identify where network issues occur (e.g., slow hops or unreachable routers).
- It provides insights into the route data takes across the network.

---

### **Exercise 5: Configuring iptables for Routing and Firewall Rules**

#### **Objective:** Use `iptables` to simulate routing and control the flow of traffic between
networks.

---

#### **Steps:**

1. **Enable IP Forwarding:**
- Command:
```bash
echo 1 > /proc/sys/net/ipv4/ip_forward
```
- **What it means:** This enables IP forwarding, allowing the Linux machine to route
traffic between networks.

2. **Set iptables Rules:**

- Command to allow traffic between `vlan1` and `vlan2`:
```bash
sudo iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.20.0/24 -j ACCEPT
```
- Command to block traffic to the OWASP VM:
 ```bash
sudo iptables -A FORWARD -s 192.168.10.0/24 -d <OWASP_IP> -j DROP
```
- **What it

means:**
- The first rule allows traffic from `vlan1` (`192.168.10.0/24`) to `vlan2` (`192.168.20.0/24`).
- The second rule blocks traffic from `vlan1` to the OWASP VM's IP.

3. **Test iptables Rules:**

- Command:
```bash
sudo ip netns exec vlan1 ping <OWASP_IP>
```
- **What it means:** Test if the firewall rules are working. The ping should fail if the rule to
block traffic to the OWASP VM is effective.

---

#### **Benefits of iptables:**

- You can secure your network by controlling which traffic is allowed or blocked.
- Helps prevent unauthorized access or attacks.

---

### **Exercise 6: Monitoring Traffic Using tcpdump**

#### **Objective:** Use `tcpdump` to capture and analyze network traffic.

---

#### **Steps:**
1. **Capture Traffic:**
- Command:
```bash
sudo tcpdump -i eth0
```
- **What it means:** This command captures all traffic on interface `eth0` and displays it.
You can use filters to narrow down the captured traffic (e.g., for a specific IP address or port).

2. **Analyze Captured Traffic:**

- Observe the packets as they are captured to ensure the network communication is
functioning correctly.

---

#### **Why tcpdump is Useful:**

- It helps diagnose network issues by showing the actual data packets being transmitted.
- It can reveal if there are any unexpected or malicious packets in your network.

---

### **Summary:**
- Each step introduces key concepts of networking in Linux, from routing to VLANs,
subnetting, and security using firewalls. By following these exercises, you will gain practical
experience with real-world networking scenarios.