Linux Networking

Press this button to configure the scenario. Pressing the button again will reset the scenario if you have made a mistake and want to recover back to the initial configuration.

What is the network device name which connects you to the linuxzoo network? This will have an IPv4 address which starts "10."... Do not type in /dev when you answer this (i.e. make the answer relative to /dev).

Main network device:

What is the broadcast address for this network connection?

Enter an ip :

What is the netmask in quad dotted format for this network connection?

Enter an ip 00.00.00.00:

What is the IP for the default route (i.e. the gateway) for your virtual machine?

IP number:

Device eth2 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.1.0 and the netmask is 255.255.255.0. Your IP should be the last valid host IP number allowed for that network.

Calculate the your IP/NETWORK configuration for eth2.

IP number 00.00.00.00/32 :

Configure eth2 as per the previous question. Confirm operations by pinging 192.168.1.23. Make sure the broadcast address is correct too.

Device eth3 is connected to a network for which your virtual machine is the gateway. The network ip is 192.168.3.48 and the netmask is 255.255.255.240. Your IP should be the last valid host IP number allowed for that network.

Calculate the your IP/NETWORK configuration for eth3.

IP number 00.00.00.00/32 :

Configure eth3 as per the previous question. Confirm operations by pinging 192.168.3.50. Make sure the broadcast address is correct too.

Using an "ip link" command, discover the mac address of eth3.

Mac aa:aa:aa:aa:aa:aa :

What is the mac address of 192.168.3.50? Hint: "/proc"...

Mac aa:aa:aa:aa:aa:aa :

If you were able to log onto 192.168.3.50, how would you have configured the default route?

ip route add default via dev eth0

How many programs are listening on ipv4 TCP sockets on your machine. Hint: the netstat command will help you here.

Number of TCP listeners:

What is the PID of the process which is listening on UDP port 111 (sunrpc). Hint: the netstat command will help you here.

PID of listener:

When you connected to linuxzoo.net via telnet or ssh, it was forwarded from 10.200.0.1 (the main linuxzoo server) to your machine's telnet or ssh server using a proxy. Find the port number on the 10.200.0.1 end of one of these proxy connections and enter it below. Hint: again try the netstat command very near the beginning of the output... It sometimes helps to use "-n", as this does not do DNS lookups.

10.200.0.1 proxy port:

In order for your virtual machine to reach the internet, it's packets travels through a number of virtual networks. The final network node is 10.200.0.1.

Using traceroute, find out how many hops it takes to reach 10.200.0.1. Note you must use ICMP ECHO in traceroute, rather than the default. Find the right flag in the manual.

Num of hops:

Use nmap to analyse the ports open on 10.200.0.1. As the nmap command can take quite a while to run, restrict your scan to the open tcp ports between port numbers 50 to 80 inclusive. List the open port numbers you find with spaces between them in the box below (e.g. if ports 50 and 60 are open, the answer is "50 60"). The numbers in your list must be sorted (smallest number first).

IMPORTANT. Linuxzoo security may shut you down if you produce too many packets too quickly! Use the following options for nmap or you may be kicked off the system. Even with these options the scan may take quite a few seconds.

nmap 10.200.0.1 -p 50-80 --max-retries 3

Open ports:

The tcpdump command allows us to capture all or some of the network traffic on a particular network device. In this question use the tcpdump command to capture the behaviour of a web page request emulated using lwp-request.

Capturing packets sucessfully can be tricky, especially since you have to use the same network to talk to your machine, and you dont want to capture that too... Therefore consider the following commands to perform the capturing. NOTE you only type in the characters IN BOLD.

$ tcpdump -vi eth0 port 80 > /tmp/log & 
[1] 3123
$ lwp-request http://linuxzoo.net
...blah...blah
...blah...blah
$ kill -1 %1
[1]+ Done ....
$

Where it says "eth0" you must replace that with your main network connection device, which you discovered right at the beginning of this tutorial.

Now, look at the contents of /tmp/log and enter in the box below the common IP flag which appears in most packets (The information can be found between the [..] brackets immediately after the text "flags". Ignore the information after the text "Flags" e.g. look for the one all in lowercase). Enter the two letters seen in the box below.

What is the common IP flag seen in the log: (case sensitive)

Each packet it split over multiple lines. A new packet starts on a fresh line, beginning with a timestamp. This should be folowed with IP and then the IP header information.

Assuming the packet is a TCP packet, the next link should include "Flags" (with a capital F) which are the TCP flags.

Find the packets involved with the TCP Fin flag. The first of those is the packet which first requested the stream be closed. What is the TCP sequence number of that packet?

Seq no: