If you can see this check that

next section prev section up prev page next page

Network Configuration


Linux Networking

User:
Password:
In this tutorial you will encounter a number of Linux commands that you may not have seen before, use the man command on your system to find out more about any Linux command that you are unsure of.

Question 1: Setup Scenario

Press this button to configure the scenario. Pressing the button again will reset the scenario if you have made a mistake and want to recover back to the initial configuration.

Tests - not attempted
Setup Scenario UNTESTED

Question 2: Main Network

What is the network device name which connects you to the linuxzoo network? This will have an IPv4 address which starts "10."... Do not type in /dev when you answer this (i.e. make the answer relative to /dev).

Main network device:

Tests - not attempted
Main Device UNTESTED

What is the broadcast address for this network connection?

Enter an ip :

Tests - not attempted
Broadcast Address UNTESTED

What is the netmask in quad dotted format for this network connection?

Enter an ip 00.00.00.00:

Tests - not attempted
Netmask UNTESTED

What is the IP for the default route (i.e. the gateway) for your virtual machine?

IP number:

Tests - not attempted
Metric UNTESTED

Device eth2 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.1.0 and the netmask is 255.255.255.0. Your IP should be the last valid host IP number allowed for that network.

Calculate the your IP/NETWORK configuration for eth2.

IP number 00.00.00.00/32 :

Tests - not attempted
IP correct UNTESTED

Configure eth2 as per the previous question. Confirm operations by pinging 192.168.1.23. Make sure the broadcast address is correct too.

Tests - not attempted
eth2 ip correct UNTESTED
eth2 broadcast correct UNTESTED

Device eth3 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.3.48 and the netmask is 255.255.255.240. Your IP should be the last valid host IP number allowed for that network.

Calculate the your IP/NETWORK configuration for eth3.

IP number 00.00.00.00/32 :

Tests - not attempted
IP correct UNTESTED

Configure eth3 as per the previous question. Confirm operations by pinging 192.168.3.50. Make sure the broadcast address is correct too.

Tests - not attempted
eth3 ip correct UNTESTED
eth3 broadcast correct UNTESTED

Using an "ip link" command, discover the mac address of eth3.

Mac aa:aa:aa:aa:aa:aa :

Tests - not attempted
eth3 mac UNTESTED

What is the mac address of 192.168.3.50? Hint: "/proc"...

Mac aa:aa:aa:aa:aa:aa :

Tests - not attempted
eth3 peer mac UNTESTED
eth3 peer is known UNTESTED

If you were able to log onto 192.168.3.50, how would you have configured the default route?

ip route add default via dev eth0

Tests - not attempted
eth3 peer gw UNTESTED

Question 3: Listening services and connections

How many programs are listening on ipv4 TCP sockets on your machine. Hint: the netstat command will help you here.

Number of TCP listeners:

Tests - not attempted
TCP Listeners UNTESTED

What is the PID of the process which is listening on UDP port 111 (sunrpc). Hint: the netstat command will help you here.

PID of listener:

Tests - not attempted
PID of Listener UNTESTED

When you connected to linuxzoo.net via telnet or ssh, it was forwarded from 10.200.0.1 (the main linuxzoo server) to your machine's telnet or ssh server using a proxy. Find the port number on the 10.200.0.1 end of one of these proxy connections and enter it below. Hint: again try the netstat command very near the beginning of the output... It sometimes helps to use "-n", as this does not do DNS lookups.

10.200.0.1 proxy port:

Tests - not attempted
Check Proxy Port UNTESTED

Question 4: Traceroute: hop count

In order for your virtual machine to reach the internet, it's packets travels through a number of virtual networks. The final network node is 10.200.0.1.

Using traceroute, find out how many hops it takes to reach 10.200.0.1. Note you must use ICMP ECHO in traceroute, rather than the default. Find the right flag in the manual.

Num of hops:

Tests - not attempted
Count the hops UNTESTED

Question 5: nmap: Open ports

Use nmap to analyse the ports open on 10.200.0.1. As the nmap command can take quite a while to run, restrict your scan to the open tcp ports between port numbers 50 to 80 inclusive. List the open port numbers you find with spaces between them in the box below (e.g. if ports 50 and 60 are open, the answer is "50 60"). The numbers in your list must be sorted (smallest number first).

IMPORTANT. Linuxzoo security may shut you down if you produce too many packets too quickly! Use the following options for nmap or you may be kicked off the system. Even with these options the scan may take quite a few seconds.

nmap 10.200.0.1 -p 50-80 --max-retries 3

Open ports:

Tests - not attempted
Identify of open ports on 10.200.0.1 UNTESTED

Question 6: tcpdump and web requests

The tcpdump command allows us to capture all or some of the network traffic on a particular network device. In this question use the tcpdump command to capture the behaviour of a web page request emulated using lwp-request.

Capturing packets sucessfully can be tricky, especially since you have to use the same network to talk to your machine, and you dont want to capture that too... Therefore consider the following commands to perform the capturing. NOTE you only type in the characters IN BOLD.

$ tcpdump -vi eth0 port 80 > /tmp/log & 
[1] 3123
$ lwp-request http://linuxzoo.net
...blah...blah
...blah...blah
$ kill -1 %1
[1]+ Done ....
$

Where it says "eth0" you must replace that with your main network connection device, which you discovered right at the beginning of this tutorial.

Now, look at the contents of /tmp/log and enter in the box below the common IP flag which appears in most packets (The information can be found between the [..] brackets immediately after the text "flags". Ignore the information after the text "Flags" e.g. look for the one all in lowercase). Enter the two letters seen in the box below.

What is the common IP flag seen in the log: (case sensitive)

Tests - not attempted
Check the TCP/IP flag UNTESTED

Each packet it split over multiple lines. A new packet starts on a fresh line, beginning with a timestamp. This should be folowed with IP and then the IP header information.

Assuming the packet is a TCP packet, the next link should include "Flags" (with a capital F) which are the TCP flags.

Find the packets involved with the TCP Fin flag. The first of those is the packet which first requested the stream be closed. What is the TCP sequence number of that packet?

Seq no:

Tests - not attempted
Sequence no of Fin start UNTESTED


Linux tutorials: intro1 intro2 wildcard permission pipe vi essential admin net fwall DNS diag Apache1 Apache2
Caine 6.0: Essentials | Basic | Search | SysIntro | 5a | 5b | 5c | 6 | 7a | 7b | 8a | 8b | WebBrowserA | WebBrowserB | Registry | Browser
Digital Investigation: Editing | Email | Logs | Strength
Kali: 1a | 1b | 1c | 2 | 3 | 4a | 4b | 5 | 6 | 7a | 8a | 8b | 9 | 10 |
Useful: Quiz | Forums | Privacy Policy | Terms and Conditions
Site Links:XMLZoo ActiveSQL ProgZoo SQLZoo

Copyright @ 2004-2017 Gordon Russell. All rights reserved.