Tools of the trade
Ping!
This is a project to get you familiarized with the tools we will make use of this semester.
A word of caution: It is not cool to monitor or collect packets of other people's conversations. The exercises in this course are designed so that this will not be possible. We will be working on various private and virtual networks that isolate our conversations.
However, the networking tools we use can be used to read packets for your own projects outside of this class. In those situations, you might be in a situation to access communications other than your own. Please take care that in such a situation your actions are appropriate.
Steps ...
Open up terminal windows, and sudo
For this project you will familiarize yourself with sudo and tcpdump. Tcpdump is a command line program that will direct copies of everything the interface hears to the terminal to be read and analyzed. Besides a good learning tool, it is an essential tool to find errors when things don't work. It can answer the question "what packets are getting to my computer?".
In order to run tcpdump, the user must have heightened privilege. The information found on a network can be private, so it isn't a good idea to let any user listen to these packets. However, it is easy enough to bet this privilege, you simply have to own your own computer and you become root. For the purposes of becoming root just for a single command, add "sudo" to before the command, such as "sudo ls". This will change the user to root, run the command as it follows the sudo verb, and then when do revert back to a normal user.
Modern unix machines prefer that administrators use sudo, rather than becoming root completely, as it can eliminate a lot of mistakes and misfortune.
No any user can sudo, and some users might be able to sudo some commands and not others. Sudo is a complete system configured by the file /etc/sudoers, that allows specific privileges to specific users. The administrator is given a wildcard in /etc/sudoers to do anything, but other users might have more limited potential. In order to make sure sudo is not abused, an evil interloper takes advantage of your computer while you have stepped away, you will be periodically asked for your password to confirm that the entity typing the sudo command is in fact genuine.
These exercises will ask for at least two terminals to be opened. In one a sudo will be run tcpdump to catch and display network traffice, in the other various commands will be made that cause network traffic.
Ping localhost
The magic tcpdump command to run is
sudo tcpdump -i eth0 -XX icmp
and in another window: ping localhost.
The -i tells the computer which interface to trace, and -XX asks that the packet be displayed (more or less raw). The following "icmp" is a filter that asks tcpdump to catch and display only traffic with the icmp protocol.
Please capture the output while pinging and dissect. Write up your results in a plain ASCII file called "ping-trace.txt" and leave in the proj1 directory.
Dig www.cs.miami.edu
The magic tcpdump command to run is
sudo tcpdump -i eth0 -XX port 53
and in another window: dig www.cs.miami.edu
The filter on tcpdump this time says only trace traffic bound for or coming from port 53. Since port 53 is the well-known port number for the DNS system, this will make almost certain that the only packets captured are those that involved DNS requests or replies.
Please capture the output of a successful dig and dissect. Write up your results in a plain ASCII file called "dig-trace.txt" and leave in the proj1 directory.
Author: Burton Rosenberg
Created: February 7, 2014
Last Update: February 7, 2014