Virtual-Machine-Based Network Exercises for Introductory Computer Networking Courses

Similar documents
CCNA Exploration Network Fundamentals

Hands-On TCP/IP Networking

Networking By: Vince

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

CCRI Networking Technology I CSCO-1850 Spring 2014

ICND1 v2.0 Interconnecting Cisco Networking Devices Part 1 CCENT & Part of CCNA Rout/Switch

Interconnecting Cisco Networking Devices Part 1 ICND1

Lab - Configure a NIC to Use DHCP in Windows

Software Engineering 4C03 Answer Key

Networking 101 By: Stefan Jagroop

CCNA Boot Camp. Course Description

Configuring Commonly Used IP ACLs

Identify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE

UIP1869V User Interface Guide

CCNA-A Scope and Sequence (March 2007-Draft)

Course Outline. Networking Essentials, Fifth Edition Pearson ucertify. Networking Essentials, Fifth Edition Pearson ucertify

Interconnecting Cisco Network Devices Part 1 v2.0 (ICND 1)

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

SYLLABUS. Departmental Syllabus. Applied Networking I. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus

CCNA DISCOVERY V4.0 WORKING AT A SMALL-TO-MEDIUM BUSINESS OR ISP INSTRUCTOR REFERENCE GUIDE. Prepared by Cisco Learning Institute

Lab - Using Wireshark to Examine a UDP DNS Capture

Lab - Using Wireshark to Examine a UDP DNS Capture

Networking interview questions

IPv4 addressing, NAT. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.

CCENT Practice Certification Exam # 2 - CCNA Exploration: Accessing the WAN (Version 4.0)

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

CCNA MCQS with Answers Set-1

Lab PC Network TCP/IP Configuration

Lab - Using Wireshark to Examine TCP and UDP Captures

Network Access Layer Internet Layer Transport Layer Application Layer. Presentation. Transport. Physical

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

Networks Fall This exam consists of 10 problems on the following 13 pages.

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

SYSTEMS ADMINISTRATION USING CISCO (315)

Written examination in Computer Networks

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Lab 2: Creating Secure Architectures

EXAM - HP0-Y52. Applying HP FlexNetwork Fundamentals. Buy Full Product.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

20-CS Cyber Defense Overview Fall, Network Basics

Interconnecting Cisco Networking Devices Part1 ( ICND1) Exam.

Lab 5.6.2: Challenge RIP Configuration

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

TCP /IP Fundamentals Mr. Cantu

Course Outline. Networking Essentials, Fifth Edition Pearson ucertify Labs.

UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING

CCNA 1 Final Exam Answers UPDATE 2012 eg.1

CISCO SYSTEM ADMINISTRATION (41)

Scope and Sequence: CCNA Exploration v4.0

Computer Security II Lab Network Security

Cisco CCNA (ICND1, ICND2) Bootcamp

VoIP / RoIP for Technicians

Firewall Simulation COMP620

TCP/IP Protocol Suite and IP Addressing

CCNA. Course Catalog

MTA_98-366_Vindicator930

Introduction to the Cisco Broadband Operating System

CISCO EXAM QUESTIONS & ANSWERS

Chapter 7. Local Area Network Communications Protocols

Introduction. An introduction to the equipment and organization of the Internet Lab.

CCNA Exam File with Answers. Note: Underlines options are correct answers.

Unit 4: Firewalls (I)

Lab Subnetting Network Topologies (Instructor Version)

Introduction. Goal of This Book. Audience for This Book

The OSI model of network communications

Network Defenses KAMI VANIEA 1

Lab 7.1.9b Introduction to Fluke Protocol Inspector

Applied Networks & Security

The Administration Tab - Diagnostics

Why Firewalls? Firewall Characteristics

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

Introducing Cisco Data Center Networking Course DCICN v1.0; 4 Days, Instructor-led

COMPUTER NETWORKING LAB EXERCISES (TP) 4

1 Training Description H3C Certification Training Building Networks for Small- and Medium-Sized Businesses (v6.0)...

Cisco 2: Routing Technologies

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

CNBK Communications and Networks Lab Book: Purpose of Hardware and Protocols Associated with Networking Computer Systems

CCNA Semester 1 labs. Part 2 of 2 Labs for chapters 8 11

Mobile MOUSe ROUTING AND SWITCHING FUNDAMENTALS ONLINE COURSE OUTLINE

Introduction to TCP/IP

Networking and TCP/IP. John Kalbach November 8, 2004

1.3 Analyzing the performance of various configurations and protocols

CS155 Firewalls. Why Firewalls? Why Firewalls? Bugs, Bugs, Bugs

CompTIA Exam JK0-023 CompTIA Network+ certification Version: 5.0 [ Total Questions: 1112 ]

Computer Networks Security: intro. CS Computer Systems Security

Introduction p. 1 Self-Assessment p. 9 Networking Fundamentals p. 17 Introduction p. 18 Components and Terms p. 18 Topologies p. 18 LAN Technologies

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Cisco Interconnecting Cisco Networking Devices Part 1.

Interconnecting Networks with TCP/IP

Computer Security and Privacy

Pearson: Networking Essentials, 4/E (Course & Lab) Course Outline. Pearson: Networking Essentials, 4/E (Course & Lab) 18 Oct

COURSE O V E R V I E W

VLANS and Other Hardware

Lab Configuring Static NAT

Department Of Computer Science

Transcription:

Virtual-Machine-Based Network Exercises for Introductory Computer Networking Courses Robert Montante Bloomsburg University of Pennsylvania Encore Presentation CCSC-Northeastern April 7, 2017

Overview First course in computer networks, for Digital Forensics majors - little or no programming experience Also for a Computer Science networks course No dedicated networking lab or hardware Shared Linux lab, networked disk space

Lab Activity Goals - Networking Hands-on work with networking concepts - not the same as configuring a router Experience configuring network clients - Linux Ubuntu 16.04» some students prefer Fedora, Kali, - Windows 7 un-activated copy - no Mac OSX (it's not legal) Command-line router configuration - Open-source VyOS router software

Lab Activity Goals - Additional Exercises featuring network servers - FTP, web server Wireshark practice Exposure to Linux usage, virtual-machine usage - helpful for other courses as well

Hands-on with Networking Concepts: Examination of LAN protocols Progression of configurations - change IP assignments, routing Network services - DHCP - DNS Routing Examination of higher-layer protocols - Client-server architectures

Software Options VirtualBox - Free, students can install on their own computers for home use - Available in some classroom/labs on campus VMware - Workstation Pro isn't free GNS3 - needs (Cisco) router images, - needs virtual machines for "normal" hosts

Initial Lab Exercise Install Windows and Linux clients into Virtualbox - default settings allow NAT'd access to the Internet - Install Wireshark, LLTD, and scapy to Linux - Why not preconfigured appliances?» Practice using and configuring Virtualbox

Layer 2 - the Datalink Layer Use Win7 LLTD mapping to examine Link-Layer service - "Link Layer Topology Discovery" - Requires an MS-developed Ubuntu client for the LLTD protocol - Requires changing VMs' NIC connections to Virtualbox "internal network"

Layer-2 Exploration Scapy exercise - graded assignment - Students create Ethernet frames "by hand" - Python-based - Nice analytic output of frames Scapy graphical output (requires pyx, matplotlib modules)

Moving Up To Layer 3 Conversion to private LAN/subnet - Students reconfigure clients' NICs to connect only to private LAN - Can ping each other - Verify "No route to destination network" when pinging to the Internet» (or to the physical host) - Short lab Students assign IP addresses manually - Subnets are defined by the host ID's of their physical lab computers - (no DHCP server yet)

Add a Router to the LAN VyOS open-source router software - Clone of the Vyatta router product - Linux-based distro - Provides routing, firewall, DHCP, DNS services - Command-line configuration» akin to Cisco IOS, although not compatible Exercise installs VyOS with two NICs - one on private subnet - other is bridged to the campus network, but with private addresses that provide connection to other students' routers - RIPv2 finds the other routers Instructor provides border router that routes to the Internet

Almost-Final VM-LAN Topology Students manage their own LAN/subnet Routers use RIPv2 to interconnect subnets

Network Services VyOS routers support many functions: - DHCP» Students configure DHCP server with a subnet calculated as part of the exercise - DNS» VyOS router just forwards requests to the campus DNS server - (connected to the campus network through instructor's router) - optional Firewall» Desirable if the clients will be exposed to the Big Bad Internet

DHCP Server Initial student exercise: develop subnet mask and subnet ID, and range of client addresses Cover subnetting in class, prior to exercise Binary-oriented approach to determination of needed values - Worksheet steps students through process Review worksheet in class before moving on to DHCP-server configuration - Make sure they have the right answers

DNS Server and Firewall Simple DNS server, merely passes requests on to upstream DNS server - Optional: discuss DNS in more depth, add caching Firewall recommended if VMs are exposed to the Internet - Good practice to always install a firewall in any case - Supports and controls forwarding - Include rules to drop "foreign" source IP addresses - prevent any compromised machines from participating in spoofed DDoS attacks - Optional, can be omitted

Exercises with Applications In-class activities: Python on Linux includes a simple web server - Classic, basic server-client transaction Windows 7 includes an FTP server - Students configure FTP, transfer a file between Linux ftp client and Windows ftp server TCP ports and FTP - Graded VM-LAN assignment - Explore three-way handshake, sequence and acknowledgment values, plaintext logins - Examine use of data channel for file transfers

Final Activities - Routing Final configuration activity: Install a gateway ("border") router Configure network services: - RIP - DNS forwarding - NAT» Necessary because lab subnets are not routable

Scapy, Revisited Graded VM-LAN assignment, needs Internet a) Bare IP packet Demonstrates that IP doesn't do much "stand-alone" b) TCP SYN packet - 2/3 of a three-way handshake» Final ACK packet, RST packet, or FIN packet left off c) UDP datagram, in IP packet - Sent out to instructor's QOTD server, which responds with random quote» Only works behind campus firewall d) Ping-like traceroute loop; scapy traceroute

Final Network Configuration Highly redundant network, as long as students remember to start their routers along with their clients

Discussion Few Link-layer activities - More possibilities using scapy/python? Decent Internet (Network) layer activities - including network services Some activities as assignments - Completed outside of classroom, serve as "checkpoints" for completing lab exercises - Should be "out-of-band", not vital for subsequent lab exercises Not the only assignments - Other assignments use Wireshark on physical host or students' own computers, hands-on with Ethernet cabling

Discussion 2 Physical layer? not on virtual machines - Additional assignment to build an Ethernet cable - More of a "motor skills" exercise Could use some activity for Transport layer - Scapy to the rescue? Application-layer activities can be expanded For Digital Forensics / Security: - Emphasis on Wireshark, malicious network traffic - Scapy has many possibilities for hacking Exercises are in-class, so difficulties/problems roll over to the next exercise for completion - Instructor serves as lab assistant - Lab assistant? Lab section? (wishful thinking)

Future Work Email / SMTP exercise - Send emails between students' subnets Scapy / LLTD exercise - Good candidate for an out-of-class assignment Convert routers from RIP to OSPF Proxy servers Coding exercise for C.S. majors?

Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback