University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David

d Ulam, and Joseph Kabara

IS 1066 Internet construction.

DHCP and NAT Lab.
Last edited 10.01.2005

Students name: Group Members:

____________________________________ ____________________________________ ____________________________________ ____________________________________ ____________________________________

Date of the Experiment:

________________________

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

Part I: Objective
To analyze how DHCP and NAT work in a network.

Part II: Equipment List

2 Client PCs 2 Network Sniffers 1 Control Station 2 Hubs 1 Switch 9 Network Cables 1 Linksys 4 Port Router/Switch

Part III: Introduction and Background

DHCP (dynamic host configuration protocol) - A protocol that provides a means to dynamically allocate IP addresses to computers on a local area network. A system configures a DHCP server with a range of IP addresses. Client computer request an IP address, subnet mask, default gateway, etc from the DHCP server. The request and grant process uses a lease concept with a controllable time period. This means that each IP given expires after a specified amount of time if the client is inactive. DHCP operations fall into four basic phases. These phases are IP lease request, IP lease offer, IP lease selection, and IP lease acknowledgement (ACK/NACK). Advantages of DHCP: Ease of client configuration The client does not need to store or update any settings. They are automatically retrieved from the DHCP server and updated as necessary. Ease moving locations (roaming) Since all the information is stored on the DHCP server, the client can easily move between different networks without any manual configuration necessary. Record keeping (security, collisions, inventory) The DHCP server can be configured to keep logs of potential issues, such as hacking attempts (port scanning). It also automatically resolves IP issues by keeping track of which clients have IPs assigned. Conservation of numbers (dynamic, hoarding) The DHCP server allows for dynamic allocation of a fixed IP range. It can also hoard (save) a specified range that may be used for manual IP
DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

configuration for servers and other appliances that require static information (printers/plotters). Ease of getting an IP address DHCP automatically assigns a free IP from its pool (range) of available IPs. Record keeping is automatic and requires no user interaction. Ease of changing/renumbering subnets Since the client automatically receives updates to the network via DHCP, network infrastructure changes are quick and painless. Disadvantages of DHCP: If DHCP server has problems, clients will have problems In the event that the DHCP server goes down, those clients who do not have the required information cached will not be able to connect to the network. NAT (Network Address Translator) - A hardware device used to extend the Internet addresses already in use. NAT has been suggested as an alternative to adopting IPv6. It allows duplicate IP addresses to be used within a corporation and unique addresses outside. While NAT is often used with Private IPs, it is not restricted to them. Developed by Cisco, Network Address Translation is used by a device that sits between an internal network and the rest of the world. NAT has many forms and can work in several ways:

Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.

In static NAT, the computer with the IP address of 192.168.32.10 will always translate to 213.18.123.110. Special thanks to Cisco for its support in creating this article.

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses.

In dynamic NAT, the computer with the IP address 192.168.32.10 will translate to the first available address in the range from 213.18.123.100 to 213.18.123.150.

Advantages of NAT: Use of a single registered IP address for an entire network Lowers ISP support burden Transparent to end systems in some cases Delays need for IPv4 replacement Mask the true internal IP addresses of the internal network Disadvantages of NAT: Breaks end-to-end model Enables end-to-end address conflicts Increases local support burden and complexity Certain applications do not work properly in conjunction Increases the probability of misaddressing Glossary of Terms: LAN local area network WAN wide area network LED light-emitting diode CAT5 Category 5 unshielded twisted pair cable DHCP dynamic host configuration protocol MAC media access control NIC Network Interface Card

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

Part IV: Lab Procedures

Overview: The DCHP lab is setup in a symmetrical layout, so as to make it easy to visualize. The figure below shows the network:

The 2 client computers connect to hubs so the network traffic is visible to both the snifserv 1 and snifserv2. The sniffer servers (snifserv1 and snifserv2) are connected to the hub with a NIC (Ethernet) interface. Recall switches switch frames between ports where as hubs are more similar to the original Ethernet standard and every frame is visible on every port. The NICs of the sniffers are placed into promiscuous mode and capture every frame on the network segment which they are attached to. Each sniffer has a second NIC operating in normal mode. This NIC is configured with an IP address so that the sniffer may be accessed remotely and connect to the network segment that corresponds to the monitoring network. The sniffer monitor computer is also attached to this segment. A Linksys BEFSR41 connects segments 1 and 2 and provides DHCP/NAT services. Traffic flowing between segments 1 and 2 flows through this box.

SnifView Setup
1. Log in with your user account into the machine called hawk. Your user account is is1066 and the password is packets 2. Start up SnifView: Start Menu > Programs > Distributed Sniffer Pro > SnifView User name should be: is1066 No password is required 3. Note that 2 servers are listed may be more, be sure to list them.
DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

4. Double-click each server and you should see the dashboard window On Snifserv1, i. Click the red reset button in the upper left corner ii. Press the black play button in the top left corner of the screen iii. The Expert window should pop up. The sniffer will now be capturing traffic on the network iv. Repeat steps i, ii, & iii for Snifserv2 v. Organize the windows the best you can so that you can switch easily between them. Note: Continue with the next steps without turning off packet capturing in the sniffers. You might also want some of your group members to stay near the client machines while others stay near the sniffer monitor computer in order to execute several of the following steps more easily. Client Setup 1. Log into client 1. The user account is is1066, the password is packets 2. Click Start > Run a. Type cmd and press enter b. In the DOS prompt type ipconfig and press enter. c. You should see an IP assigned by the DHCP server. Write down this IP address. d. Repeat the above steps with on Client 2 Procedure: 1. On each client, from the command prompt, type ping 192.168.1.x where x is the other machines IP address found in its ipconfig in the previous steps. Do it first from client1 and then from client2 2. On the Sniffer Monitor computer (hawk) press the stop and display button (in the main window below the capture menu) for each sniffer. (SNIFSERV1 & SNIFSERV2) 3. Select the Host Table tab (in the lower part of the window) and note the number of clients listed 4. Select the Matrix tab and note the layout 5. Select the Decode tab a. Find the ping requests (ICMP:Echo, ICMP:Echo reply) b. Find the ARP requests and note their contents c. Record the IP MAC address mappings for each client listed ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

6. Press the black play button again on each of the sniffers. Both sniffers are now capturing packets 7. From client1, select Start > Run... type telnet <IP of client2 here> and press <ENTER> 8. Enter the username: is1066 password: packets If the system asks for a domain: just press <ENTER> 9. Type dir and press <ENTER> 10. Find the TELNET packets listed on Sniffer Monitor. You will find a lot of negotiation between telnet client and telnet server about the terminal session capabilities. They need to reach basic agreement on the session. 11. At about 15th TELNET packet. You should observe the data you sent for login into the server (is1066) . 12. Try to locate the is1066 text characters and the password youre entered. 13. Record below a few lines of information about the packets you have observed for telnet: _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ _______________________________________________________________________ 14. When you are finished. Close all windows. Dont save any changes if required to. Tell the Sniffer Monitor to put the sniffers in unattended mode if asked to. Finally, logout from all computers.

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

Part V: Questions:
1. What is the maximum number of clients/processes that can be supported by a NAT box?

2. What are the IP, subnet mask, and default gateway of client 1 and client 2?

3. Use the Matrix tab to draw a sketch of the traffic map and label the points in proper English. (ex. Client1, Client2, Router, Broadcast) (Hint: Linksys used to be called Synoptics, the router were using is a Linksys)

4. Is the traffic map logical or physical? Explain why.

5. What does each of the other DHCP options set on the client PC?

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

Appendix A: Setup procedures for the GSA

Please refer to this illustration throughout the entire setup process!

Network Setup: 1. Router should be set to DHCP range from 192.168.1.100 to 192.168.1.199 with lease time set to 0 (zero) or 1 day (basically, factory defaults). 2. Both Clients should be connected to their own separate Hub (Switches will not work) and Both Hubs should be connected to the router via an uplink port. 3. The monitor port of both SnifServ1 and SnifServ2 should be connected to any port on the hub as illustrated above. Sniffer Monitor Setup: 1. This machine is required to be Windows 98 or LOWER. It can not be 2000/XP, as the software is outdated. 2. The monitor should have Distributed Sniffer Pro installed, and each of the 2 SnifServ machines can be added from the first window. 3. There is no login necessary for Sniffer Pro software, and it will work without a login. 4. The Sniffer Monitor can also be connected to any port in Segment 3 Switch. SnifServ1 and 2 Setup: 1. The network card, which is labeled on the back of the SnifServ1 and 2 as the transport port, should be connected to any port in Segment 3 Switch. 2. The 2 Network Associates Sniffers are required to be logged in after a reboot, as the service will not start otherwise. The username for both is Administrator and the password is student or acs for both Sniffers. 3. In the event that SnifServ1 or SnifServ2 lose their software, then consider using Ethereal, as the original software is not available.

DHCP and NAT Lab

University of Pittsburgh: School of Information Sciences Graduate Program in Telecommunications and Networking Copyright 2004 Reid Kornman, David Ulam, and Joseph Kabara

Client 1 Setup: 1. This machine is typically called hawk in the lab. 2. It should be configured to use DHCP and commonly is 192.168.1.101 3. This workstation is used as the client for the telnet portion of the lab. Client 2 Setup: 1. This machine is typically called LCD in the lab. 2. It should also be configured to use DHCP and is commonly 192.168.1.100 3. This workstation is required to have the TELNET service started from the Administrative Tools > Services via the Control Panel.

DHCP and NAT Lab

10