Professional Documents
Culture Documents
________________________
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
Part I: Objective
To analyze how DHCP and NAT work in a network.
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
configuration for servers and other appliances that require static information (printers/plotters). Ease of getting an IP address DHCP automatically assigns a free IP from its pool (range) of available IPs. Record keeping is automatic and requires no user interaction. Ease of changing/renumbering subnets Since the client automatically receives updates to the network via DHCP, network infrastructure changes are quick and painless. Disadvantages of DHCP: If DHCP server has problems, clients will have problems In the event that the DHCP server goes down, those clients who do not have the required information cached will not be able to connect to the network. NAT (Network Address Translator) - A hardware device used to extend the Internet addresses already in use. NAT has been suggested as an alternative to adopting IPv6. It allows duplicate IP addresses to be used within a corporation and unique addresses outside. While NAT is often used with Private IPs, it is not restricted to them. Developed by Cisco, Network Address Translation is used by a device that sits between an internal network and the rest of the world. NAT has many forms and can work in several ways:
Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.
In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110. Special thanks to Cisco for its support in creating this article.
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses.
In dynamic NAT, the computer with the IP address 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150.
Advantages of NAT: Use of a single registered IP address for an entire network Lowers ISP support burden Transparent to end systems in some cases Delays need for IPv4 replacement Mask the true internal IP addresses of the internal network Disadvantages of NAT: Breaks end-to-end model Enables end-to-end address conflicts Increases local support burden and complexity Certain applications do not work properly in conjunction Increases the probability of misaddressing Glossary of Terms: LAN local area network WAN wide area network LED light-emitting diode CAT5 Category 5 unshielded twisted pair cable DHCP dynamic host configuration protocol MAC media access control NIC Network Interface Card
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
The 2 client computers connect to hubs so the network traffic is visible to both the snifserv 1 and snifserv2. The sniffer servers (snifserv1 and snifserv2) are connected to the hub with a NIC (Ethernet) interface. Recall switches switch frames between ports where as hubs are more similar to the original Ethernet standard and every frame is visible on every port. The NICs of the sniffers are placed into promiscuous mode and capture every frame on the network segment which they are attached to. Each sniffer has a second NIC operating in normal mode. This NIC is configured with an IP address so that the sniffer may be accessed remotely and connect to the network segment that corresponds to the monitoring network. The sniffer monitor computer is also attached to this segment. A Linksys BEFSR41 connects segments 1 and 2 and provides DHCP/NAT services. Traffic flowing between segments 1 and 2 flows through this box.
SnifView Setup
1. Log in with your user account into the machine called hawk. Your user account is is1066 and the password is packets 2. Start up SnifView: Start Menu > Programs > Distributed Sniffer Pro > SnifView User name should be: is1066 No password is required 3. Note that 2 servers are listed may be more, be sure to list them.
DHCP and NAT Lab
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
4. Double-click each server and you should see the dashboard window On Snifserv1, i. Click the red reset button in the upper left corner ii. Press the black play button in the top left corner of the screen iii. The Expert window should pop up. The sniffer will now be capturing traffic on the network iv. Repeat steps i, ii, & iii for Snifserv2 v. Organize the windows the best you can so that you can switch easily between them. Note: Continue with the next steps without turning off packet capturing in the sniffers. You might also want some of your group members to stay near the client machines while others stay near the sniffer monitor computer in order to execute several of the following steps more easily. Client Setup 1. Log into client 1. The user account is is1066, the password is packets 2. Click Start > Run a. Type cmd and press enter b. In the DOS prompt type ipconfig and press enter. c. You should see an IP assigned by the DHCP server. Write down this IP address. d. Repeat the above steps with on Client 2 Procedure: 1. On each client, from the command prompt, type ping 192.168.1.x where x is the other machines IP address found in its ipconfig in the previous steps. Do it first from client1 and then from client2 2. On the Sniffer Monitor computer (hawk) press the stop and display button (in the main window below the capture menu) for each sniffer. (SNIFSERV1 & SNIFSERV2) 3. Select the Host Table tab (in the lower part of the window) and note the number of clients listed 4. Select the Matrix tab and note the layout 5. Select the Decode tab a. Find the ping requests (ICMP:Echo, ICMP:Echo reply) b. Find the ARP requests and note their contents c. Record the IP MAC address mappings for each client listed ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
6. Press the black play button again on each of the sniffers. Both sniffers are now capturing packets 7. From client1, select Start > Run... type telnet <IP of client2 here> and press <ENTER> 8. Enter the username: is1066 password: packets If the system asks for a domain: just press <ENTER> 9. Type dir and press <ENTER> 10. Find the TELNET packets listed on Sniffer Monitor. You will find a lot of negotiation between telnet client and telnet server about the terminal session capabilities. They need to reach basic agreement on the session. 11. At about 15th TELNET packet. You should observe the data you sent for login into the server (is1066) . 12. Try to locate the is1066 text characters and the password youre entered. 13. Record below a few lines of information about the packets you have observed for telnet: _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 14. When you are finished. Close all windows. Dont save any changes if required to. Tell the Sniffer Monitor to put the sniffers in unattended mode if asked to. Finally, logout from all computers.
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
Part V: Questions:
1. What is the maximum number of clients/processes that can be supported by a NAT box?
2. What are the IP, subnet mask, and default gateway of client 1 and client 2?
3. Use the Matrix tab to draw a sketch of the traffic map and label the points in proper English. (ex. Client1, Client2, Router, Broadcast) (Hint: Linksys used to be called Synoptics, the router were using is a Linksys)
5. What does each of the other DHCP options set on the client PC?
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
Network Setup: 1. Router should be set to DHCP range from 192.168.1.100 to 192.168.1.199 with lease time set to 0 (zero) or 1 day (basically, factory defaults). 2. Both Clients should be connected to their own separate Hub (Switches will not work) and Both Hubs should be connected to the router via an uplink port. 3. The monitor port of both SnifServ1 and SnifServ2 should be connected to any port on the hub as illustrated above. Sniffer Monitor Setup: 1. This machine is required to be Windows 98 or LOWER. It can not be 2000/XP, as the software is outdated. 2. The monitor should have Distributed Sniffer Pro installed, and each of the 2 SnifServ machines can be added from the first window. 3. There is no login necessary for Sniffer Pro software, and it will work without a login. 4. The Sniffer Monitor can also be connected to any port in Segment 3 Switch. SnifServ1 and 2 Setup: 1. The network card, which is labeled on the back of the SnifServ1 and 2 as the transport port, should be connected to any port in Segment 3 Switch. 2. The 2 Network Associates Sniffers are required to be logged in after a reboot, as the service will not start otherwise. The username for both is Administrator and the password is student or acs for both Sniffers. 3. In the event that SnifServ1 or SnifServ2 lose their software, then consider using Ethereal, as the original software is not available.
University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara
Client 1 Setup: 1. This machine is typically called hawk in the lab. 2. It should be configured to use DHCP and commonly is 192.168.1.101 3. This workstation is used as the client for the telnet portion of the lab. Client 2 Setup: 1. This machine is typically called LCD in the lab. 2. It should also be configured to use DHCP and is commonly 192.168.1.100 3. This workstation is required to have the TELNET service started from the Administrative Tools > Services via the Control Panel.
10