Network+ LAB Name_______________________ Lab 1a: MS Win 2000/2003/2008 Server Installation This Win Server lab exercise shows students how to install a Win server host. Students (in pairs) install the Server NOS (from a CD) onto a removable hard disk. The learning outcomes include: (1) prepare Win Server installation (2) partition the removable hard disk for (3) configure the network (4) set up the Administrator password (5) add a user account (6) configure password authentication (7) Install various software packages. (8) After successful installation, students must reboot the machine to verify that the host is up and running as expected. Lab 1b: Linux Installation This Linux lab exercise shows students how to install a Linux host. Students (in pairs) install the Linux 8 (from a CD) onto a removable hard disk (see section 4 for more about removable hard (disk). The learning outcomes include: (1) prepare Linux installation boot disk; (2) partition the removable hard disk for Linux installation; (3) configure the network; (4) set up the root password; (5) add a user account; (6) configure password authentication (7) Install various software packages. (8) After successful installation, students must reboot the machine to verify that the host is up and running as expected. Note: All Equipment and Software can be check out through LAB Instructor. Lab 2a: ping Please read completely before you begin! This lab should extend your knowledge of connectivity testing and bandwidth measurement. Review Ping is a basic and ubiquitous utility for checking connectivity. It derives its name from the sound sonar makes. It is also the basis for a number of variants and advanced tools and is available in a number of forms. Its basic operation is quite simple. It sends an ICMP echo request packet to a remote host. If properly configured, the remote host will send back an ICMP echo reply packet. Reception of the reply indicates basic connectivity between the source host and the destination. Consequently, ping is often the first tool that a network administrator or savvy user will turn to when confronted with a network problem. ping and ping-like tools can be used to estimate the transmission rate of a connection. To understand how this works, we need to be very clear on what the terms we are using mean. Whenever a packet is sent across a network, there are three timing-components (or delays) that determine how long it takes for the packet to arrive—the propagation delay, the transmission delay, and the queuing delay. For a link along the path, the propagation delay depends on the length of the link and the propagation speed (usually expressed as a percentage of the speed of light). This is unaffected by packet size. The transmission delay is the product of the speed at which the bits can be placed on the media (the transmission rate usually measured in bits per second) and the number of bits that must be transmitted. While technically inaccurate, the transmission rate is often described as the bandwidth of a connection. The final delay is the queuing delay—the amount of time a packet spends in routers waiting to be transmitted. This depends on the number and size of the other packets in the queue before it as well as the transmission rate of the interface. The total propagation time in simply the sum of these three delays for each link along the path. Since only the transmission delay depends on size of the packet, it is possible to vary the packet size and use the difference in delays to estimate the amount of time to estimate the transmission rate of an interface. A privileged user can specify the packet size used by ping with the -s option. Unfortunately, ping has been implicated in a number of security threats in recent years. For example, in the ping-of-death attack, an ill-formed ping packet may cause an older system to crash. (Actually any ill-formed packet would cause this problem. It is just easier to create the problem with ping packets.) ping has been used for denial-of-service attacks such as the Smurf Attacks where a host is flooded with ping packets. ping has also been used to probe systems. While the real problem in each of these cases has been misconfigured systems or firewalls, some system administrators have naively configured their systems not to respond to ping. As a result, they and their users have lost a valuable tool. Lab For each of the following steps describe your results, give the syntax of the command you used, and, where appropriate, the output produced. Include screen captures as needed in your output. Be sure to label your results carefully and organize your results in the order of steps as given here and to answer each question in your report. Ping google.com Ping google.com –t (Use control and C to stop) TTL Lab 2b: traceroute Please read completely before you begin! This lab should extend your knowledge of connectivity testing and the operation of some TCP/IP basics. Review traceroute is a utility that will discover the devices on a path from one machine to another. It does this through a clever use of the time-to-live (TTL) field in an IP packet’s header. The TTL field is used to limit the lifetime of a packet. As a packet passes through a router, the field is decremented. When it reaches zero, a router should discard the packet and send a “time exceeded” error message back to the packet’s source. Of course, this error message will have the router’s address as its source address. traceroute works by sending a series of packets with TTL fields of 1, 2, 3, etc. to the destination. Thus each router along the path will send back an error message saying it discarded a packet. traceroute is able to build a list of all the routers on a path to a remote machine by collecting the source addresses from these error messages. traceroute uses an unlikely port number for the destination port so that when the packet finally arrives at its destination, the destination will typically send back an ICMP “port unreachable” error message. Receipt of this message alerts traceroute that it has reached the end of the path. Actually, traceroute sends packets in sets of threes, each with a different port number, just in case one of the randomly selected ports is actually being used. Lab For each of the following steps describe your results, give the syntax of the command you used, and, where appropriate, the output produced. Include screen captures as needed in your output. Be sure to label your results carefully and organize your results in the order of steps as given here and to answer each question in your report. Looking glasses are web sites that allow you to run simple network analysis programs like ping and traceroute from their sites. The site http://www.traceroute.org/ maintains a list of such sites. Visit one of these sites and do a traceroute. Lab 2c: ARP Please read completely before you begin! In this lab we will look at the relationship between Ethernet and TCP/IP. This lab should extend your knowledge of both the Address Resolution Protocol and Ethernet. Review All TCP/IP implementations are built on top of and rely on a data-link protocol such as Ethernet or token ring. While TCP/IP is responsible for end-to-end communications, the data link level manages the point-to-point communications. That is, all IP networks operate by sending packets to the next computer using a data-link protocol. Whenever IP forwards a packet, it must be to a machine on a directly connected subnet. Since routers are connected to multiple subnets, the packet can make its way across a network one subnet at a time. Since the network layer knows only the IP address of the next hop, this IP address must be mapped into the data-link address or MAC address. This is the role of ARP. Each Ethernet device uses a 48-bit address. Like IP, each Ethernet address should be globally unique. (There is one major exception to this. Some devices will use the same Ethernet address on every interface in that device. As you can imagine, this may create nasty problems for other devices and should be discouraged.) Each address can be divided into two parts, a 24-bit Organization Unique Identifier (OUI) and a 24-bit assigned address. Each Ethernet manufacturer applies for and is assigned a different OUI by the IEEE. It uses these as the first 24 bits of the address of every interface it manufactures. The manufacturer is free to assign the remaining bits of the address as it sees fit, provided all devices it manufactures have unique addresses. You can look up an OUI at the site http://standards.ieee.org/regauth/oui/index.shtml. For example, the Ethernet address of the machine this document is being written on is 00-06-5B-CA-D4-25 in HEX. The OUI is 00-06-5B. This OUI is assigned to Dell. Sometimes, interpreting the results returned by this site can be a little tricky since when one company acquires another, they also acquire the OUI. Thus, the system may return the original company name rather than the name of the new parent company. You should also keep in mind that a number of Ethernet addresses are reserved for special purposes. For example, the address FF-FF-FF-FF-FF-FF is a broadcast address. Obviously, you won’t get anywhere searching the OUI FF-FF-FF. ARP is a somewhat overloaded term. ARP (uppercase) is the protocol while arp (lowercase) is the program that implements the protocol. arp constructs an arp table (or arp cache) that contains the IP to Ethernet address mappings. That is, the arp program, using the ARP protocol, maintains the arp table, a table of IP to MAC address mappings. There will be one entry in the table for each directly connected device that your computer currently knows how to contact. There won’t be any entries for devices on remote subnets since you can’t use Ethernet to connect directly to those devices. Rather, you may see an entry corresponding to the device that is the next hop on the path. There are two ways that an address may be added to an arp table. It may be added statically, either directly by a user or by a script (typically at startup). Static addresses usually remain in the table until the machine reboots or they are explicitly removed. The ARP protocol also provides a mechanism to dynamically discover the address mappings for devices. If the address mapping is unknown, an ARP request packet containing the IP address of the desired destination will be sent to every device on the subnet, i.e., an ARP request is sent as an Ethernet broadcast packet. Each device on the subnet should be listening for these packets. Each will examine the packet. If the desired destination’s IP address is a listening device’s IP address, that device will respond to the ARP request with an ARP reply. There is usually a timeout for dynamically discovered addresses. If not used, these mappings will usually disappear from the arp table within a few minutes. Lab Arp Arp -a Lab 2d: Name Resolution (nslookup) Please read completely before you begin! A key element in a computer network is a mechanism to map between the numeric addresses used by computers and the more descriptive names used by people. This laboratory investigates the mechanism TCP/IP networks use. Other network protocols provide similar mechanisms. Review When a user enters a computer name such as www.whitehouse.gov, the name is converted into an IP address (12.129.72.168 in this case), which is what is actually used by the communications protocol. With IP networks, several different mechanisms may be used. The simplest mechanism is host tables. Host tables are nothing more than tables giving IP addresses and the names that correspond to the IP address, one entry per line. On most Unix systems, the host table is the file /etc/hosts. Microsoft Windows also uses host files but their locations vary depending on the software version. Most systems will check the host file before attempting to use other mechanisms. But while the host file is a simple and efficient mechanism, it doesn’t scale since every system you want to communicate with must be entered into the table. So, apart from small isolated static networks, a more scalable mechanism is needed to extend this mechanism. DNS (domain name services) is the most commonly used mechanism. DNS uses a hierarchical system of name servers reflected in the structure of host names. Consider the name www.whitehouse.gov. If your system does not know the IP address of this site already, it will contact the server for the gov domain. This site knows the address of the name server for the domain whitehouse.gov. This server will know the address of the web server, www.whitehouse.gov. When the whitehouse.gov domain was created, the creators registered the domain name and the IP address of its name server was entered into the DNS server for the gov domain. The administrators for the whitehouse.gov domain are responsible for supplying the server for their domain. In turn, they may create additional subdomains under their domain. Setting up a DNS server requires installing the appropriate software on a sever and entering the DNS information for the domain. The most commonly used software in the Unix world is bind. There are several tools that can be used to query domain name servers. The most common is nslookup. This is available on Windows as well as Unix systems. nslookup can be used as both an interactive or command-line tool. If you enter nslookup without an argument, you will enter interactive mode. You can type a “?” for a brief list of commands options. Unfortunately, most system administrators now view the information returned by tools like nslookup as a security leak and limit what is available through nslookup queries. A number of other similar tools exist, most notably dig. There are alternatives to DNS. NIS and NIS+ is used on many systems, particularly systems from SUN Microsystems. DDNS is an extension to DNS that does dynamic address mapping. You might use DDNS if you are using a DHCP server to lease IP addresses. With traditional DNS, the name server would not know which machines has which address since the addresses would be changing. DDNS works with the DHCP server to solve this problem. One last word about DNS—DNS breaks at times. The usual way to test DNS is to ping the same site by name and by IP number. If the later works and the former doesn’t, you probably have a DNS problem. Of course, if you know every IP address you’ll ever need, you can always bypass name resolution. Lab Examine the host table on your computer. Explain the structure of the table. Immediately after pinging a site requiring name resolution, ping the site a second time. Do you see the same name resolution packets? Why or why not? Lab 2e: File Transfer Protocol Please read completely before you begin! This lab introduces the FTP protocol and command set. Review The File Transfer Protocol or FTP (RFC 959) is used to move files from one machine to another. Like email protocols, the protocol provides a simple command set that is used by FTP software. But in several ways, FTP can be more complex. Here are a few FTP commands Command USER user’s name PASS password SYST Description Log into host Supply user’s password Get a description of the remote system STAT Find out the status of the connection HELP List commands or get information about a specific command QUIT End the session Here is a slightly edited sample session using several FTP commands. This session was created by using TELNET to connect to the destination server at port 21. 220 nobody.nowhere.org FTP server (Version 6.00LS) ready. user joe 331 Password required for joe. pass hushhush 230 User joe logged in. syst 215 UNIX Type: L8 Version: BSD-199506 stat 211- nobody.nowhere.org FTP server status: Version 6.00LS Connected to joe (10.0.36.71) Logged in as joe TYPE: ASCII, FORM: Nonprint; STRUcture: File; transfer MODE: Stream No data connection This example shows an FTP login to nohow.nowhere.org. At first glance, this looks a lot like the email sessions. But if you try some of the other commands such as LIST, you’ll discover that most don’t work. The reason is that FTP opens separate connections to transfer information, something that a TELNET client can’t cope with. This means that we are going to have to turn to other tools to see how FTP works, specifically packet capture. (Still, using TELNET can be helpful. For example, it can be used to confirm that the FTP server is operational or to investigate which modes it will support.) Lab FTP Microsoft.com For more information on a specific command, type HELP command-name ASSOC Displays or modifies file extension associations. AT Schedules commands and programs to run on a computer. ATTRIB Displays or changes file attributes. BREAK Sets or clears extended CTRL+C checking. CACLS Displays or modifies access control lists (ACLs) of files. CALL Calls one batch program from another. CD Displays the name of or changes the current directory. CHCP Displays or sets the active code page number. CHDIR Displays the name of or changes the current directory. CHKDSK Checks a disk and displays a status report. CHKNTFS Displays or modifies the checking of disk at boot time. CLS Clears the screen. CMD Starts a new instance of the Windows command interpreter. COLOR Sets the default console foreground and background colors. COMP Compares the contents of two files or sets of files. COMPACT Displays or alters the compression of files on NTFS partitions. CONVERT Converts FAT volumes to NTFS. You cannot convert the current drive. COPY Copies one or more files to another location. DATE Displays or sets the date. DEL Deletes one or more files. DIR Displays a list of files and subdirectories in a directory. DISKCOMP Compares the contents of two floppy disks. DISKCOPY Copies the contents of one floppy disk to another. DOSKEY Edits command lines, recalls Windows commands, and creates macros. ECHO Displays messages, or turns command echoing on or off. ENDLOCAL Ends localization of environment changes in a batch file. ERASE Deletes one or more files. EXIT Quits the CMD.EXE program (command interpreter). FC Compares two files or sets of files, and displays the differences between them. FIND Searches for a text string in a file or files. FINDSTR Searches for strings in files. FOR Runs a specified command for each file in a set of files. FORMAT Formats a disk for use with Windows. FTYPE Displays or modifies file types used in file extension associations. GOTO Directs the Windows command interpreter to a labeled line in a batch program. GRAFTABL Enables Windows to display an extended character set in graphics mode. HELP Provides Help information for Windows commands. IF Performs conditional processing in batch programs. LABEL Creates, changes, or deletes the volume label of a disk. MD Creates a directory. MKDIR Creates a directory. MODE Configures a system device. MORE Displays output one screen at a time. MOVE Moves one or more files from one directory to another directory. PATH Displays or sets a search path for executable files. PAUSE Suspends processing of a batch file and displays a message. POPD Restores the previous value of the current directory saved by PUSHD. PRINT Prints a text file. PROMPT Changes the Windows command prompt. PUSHD Saves the current directory then changes it. RD Removes a directory. RECOVER Recovers readable information from a bad or defective disk. REM Records comments (remarks) in batch files or CONFIG.SYS. REN Renames a file or files. RENAME Renames a file or files. REPLACE Replaces files. RMDIR Removes a directory. SET Displays, sets, or removes Windows environment variables. SETLOCAL Begins localization of environment changes in a batch file. SHIFT Shifts the position of replaceable parameters in batch files. SORT Sorts input. START Starts a separate window to run a specified program or command. SUBST Associates a path with a drive letter. TIME Displays or sets the system time. TITLE Sets the window title for a CMD.EXE session. TREE Graphically displays the directory structure of a drive or path. TYPE Displays the contents of a text file. VER Displays the Windows version. VERIFY Tells Windows whether to verify that your files are written correctly to a disk. VOL Displays a disk volume label and serial number. XCOPY Copies files and directory trees.