CS-E4160 - Laboratory Works in Networking and Security D, Lecture, 10.1.2024-12.4.2024
This course space end date is set to 12.04.2024 Search Courses: CS-E4160
A1 & B1: Setting up and Networking tools
Motivation
In this course, you will set up multiple systems ranging from email or web servers to a firewall or a VPN. In a production environment these systems would consist of multiple machines, or be set up on a cloud platform, but for this course, you will set up a virtual machine environment, where you can run these systems on your computer. Virtual machines are emulations of an entire computer, all the way to the hardware components, so they will give you a similar experience as if you were using real machines. The (non-GUI) interfaces you use in the lab environment are similar to the ones used commercially, as operating remote machines over an ssh connection is fast and convenient, especially when configuring and using multiple machines simultaneously.
Description of the exercise
In this exercise you will set up the virtual machine environment that you are going to use throughout the course and learn to use the basic networking tools which will help you to successfully complete the rest of the assignments. In addition, you will learn the basic format the rest of the assignments are written in. While this initial setup is labour intensive, it will also give you hands-on experience of OS installation, and setting up convenient access to servers, which you may need to do in the future.
The exercises list the Linux terminal commands required for completing the steps. The description of all Linux commands that you need to use is in its man pages. To use man, you type man on the command line, followed by a space and a Linux command. Parenthesized numbers after certain keywords refer to corresponding manual page sections, where you will find further information about the keyword. For example man(1) refers to section 1 of the manual pages, and you will find further information about the keyword with command "man 1 man".
Additional reading
The assignments will also contain an additional reading -section, which will have resources that are useful in completing some parts of the assignment. Having a quick glance at the topics here is a good idea, if you are feeling stuck at some point. If you are still stuck, reach out to the TAs.
- netcat(1) manual page
- RFC 2616 - Hypertext Transfer Protocol
Setting up the networks and virtual machines
Before getting to the assignments, you need to setup your virtual machine environment. For this, we will use VirtualBox as the hypervisor. On the assignments page there are instructions for the initial setup for your VirtualBox machines. This will take some time to complete, but it will be worth the effort, if you are somewhat unfamiliar with installing operating systems. If you feel you will not learn anything from it, you can skip to step 5 for the Vagrant instructions, and then loop back to Step 1.
Note that if you accidentally break something in your virtual machines, you can always destroy the virtual machine and boot a new, fresh virtual machine. Always make copies of your work! Make sure to read instructions carefully before beginning. There are some hints on how to accomplish the requirements at the end of some steps.
1. Connecting to virtual machines
To connect to the virtual machines, you will use a secure shell connection. On Linux, this can be done with the ssh(1) command. As it quickly becomes tedious to type your username and password every time you want to login, you will create an authentication key for connecting. This is commonly done for connecting to cloud environments, as well as authenticating users to git for example.
|
1.1 |
Create yourself a key-pair to be used with the virtual machines. See ssh-keygen(1) for help. |
1p |
Verify that you can ssh from lab1 to lab2 & lab3. Use ssh agent forwarding when connecting to lab2 and lab3 or copy the private key to lab1 to allow login to lab2 & lab3. Ensure that you can ping other instances over all of the three networks.
Hint: You might want to do step 2. Networking basics exercises first on a single virtual machine to get familiar with the networking before trying to connect to lab2 and lab3.
2. Networking basics
This step will familiarize you with common tools for studying and configuring the network connections of the machines.
|
2.1 |
Using ip(8), find all the active interfaces on your machine. |
1p |
|
2.2 |
Using ip(8) and arp(8), find the MAC address of the default router of your machine. |
1p |
|
2.3 |
From resolv.conf(5), find the default name servers and the internet domain of your machine. How is this file generated? |
1p |
|
2.4 |
Using dig(1), find the responsible name servers for the cs.hut.fi domain. |
1p |
|
2.5 |
Using dig(1), find the responsible mail exchange servers for cs.hut.fi domain. |
1p |
|
2.6 |
Using ping(8), send 5 packets to aalto.fi and find out the average latency. Try then pinging Auckland University of Technology, aut.ac.nz, and see if the latency is different. |
1p |
|
2.7 |
Using traceroute(1), find out how many hops away is amazon.com. Why does this address sometimes produce different results on different traceroute runs? Hint: If you get only *'s, see traceroute manual for different flags that might help. |
1p |
|
2.8 |
Using mtr(8) find out the minimum, maximum and average network latency between your machine and google.com Can the packet loss% be greater than 0 even if there is no loss in transport layer traffic? Why? |
1p |
3. Scanning networks for devices and ports
Next, scan the network to verify all the VMs are present, and scan them for open ports.
|
3.1 |
Using nmap(1), scan your local network, and show the list of all live and up hosts and open ports on VMs. |
1p |
4. Examining the request and response messages of clients and servers using netcat
Netcat is a versatile tool for sending and receiving TCP and UDP traffic directly from the command line. You can use it to listen to a port for connections, or connect to a port to send handcrafted messages.
|
4.1 |
Using netcat, nc(1), capture the version number of the ssh daemon running on your machine. |
1p |
|
4.2 |
Using netcat, nc(1), craft a valid HTTP/1.1 request for getting HTTP headers (not the html file itself) from the front page of www.aalto.fi. What request method did you use? Which headers did you need to send to the server? What was the status code for the request? Which headers did the server return? Explain the purpose of each header. |
2p |
|
4.3 |
Using netcat, nc(1), start a bogus web server listening on the loopback interface port 8080. Verify with netstat(8), that the server really is listening where it should be. Direct your browser lynx(1) to the bogus server and capture the User-Agent: header. |
2p |
|
4.4 |
With similar setup to 4.3, start up a bogus ssh server with nc and try to connect to it with ssh(1). Copy-paste the server version string you captured in 4.1 and see if you get a response from the client. What is the client trying to negotiate? |
2p |
Hint: What is meant by a bogus server here is an open port listening for incoming connections, and potentially sending a response.
5. Vagrant
During the course you will need various virtual machine setups for the assignments. Setting up the machines manually can take a long time. You can use Vagrant to speed up the process, and set up multiple virtual machines with a single shell command. Complete the Vagrant instructions available here.
|
5.1 |
Which providers does Vagrant support? What does command: <vagrant init> do? |
1p |
|
5.2 |
What is box in Vagrant? How do you add a box to the Vagrant environment? |
1p |
|
5.3 |
Show the provisioning part of your sample code and explain it |
1p |
|
5.4 |
Upload a file from your host to a VM. Share a folder on your host to a VM. |
1p |
|
5.5 |
Connect to the running boxes over ssh. |
1p |