Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Blind Folio 1
Networking Basics: How Do Networks Work?
Know thyself.
—Oracle at Delphi
Securing a network can be a tricky business, and there are many issues to consider. We must be aware of the vulnerabilities that exist and their corresponding threats and then estimate the probability of the threat acting upon the vulnerability. Measures are implemented to mitigate, avoid, or transfer risk. However, regardless of the effort to minimize risk, there is always the possibility of harm to our information, so we must develop plans for dealing with a possible compromise of our network. Yet before we can really protect our network from attackers, we must first know our network and, ideally, know it better than they do. Hence, we need to learn about what the network does and how it does it so we can develop an understanding of our network’s abilities and limitations. Only then can we truly see our network’s vulnerabilities and do what is necessary to guard them. We cannot secure our network if we do not know how it works.
Part I will demonstrate how devices communicate on a local area connection and cover IP addressing, routing, the three-way handshake, and some of the basic network applications. It will
PART I
01-ch01.indd 1 24/07/14 5:00 PM
2
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 /
Part I: Networking Basics: How Do Networks Work?
also introduce tools that will be used throughout the remainder of the book, such as ping, arp, nslookup, and Wireshark.
This part is divided into three chapters that will discuss the different aspects of the TCP/IP protocol stack. Chapter 1 will cover exercises relating to the network access and Internet layer, Chapter 2 will deal with the transport layer, and Chapter 3 will discuss the application layer. As you go through the labs in this part, you should be constantly asking yourself one question: How is this network vulnerable to attack, and how can it be exploited? It might seem strange to think about how something can be broken when you are learning about how it works, but this is a good opportunity for you to start thinking the way an attacker thinks.
This part will also prepare you for the labs that are to come in Part II.
01-ch01.indd 2 24/07/14 5:00 PM
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1 Blind Folio 3
Workstation Network Configuration and Connectivity
Labs
Lab 1.1w Windows Client Configuration
Lab 1.1l Linux Client Configuration
Lab 1.1 Analysis Questions
Lab 1.1 Key Terms Quiz
Lab 1.2w Name Resolution in Windows
Lab 1.2 Analysis Questions
Lab 1.2 Key Terms Quiz
Lab 1.3w Windows IPv6 Basics (netsh/ping6)
Lab 1.3 Analysis Questions
Lab 1.3 Key Terms Quiz
Chapter 1
01-ch01.indd 3 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity4
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
This chapter contains lab exercises designed to illustrate the various commands and methods used to establish workstation connectivity in a network based on Transmission Control Protocol/Internet Protocol (TCP/IP). The chapter covers the basics necessary to achieve and monitor connectivity in a networking environment, using both Windows PCs and Linux-based PCs. In this chapter, you will be introduced to some basic commands and tools that will enable you to manipulate and monitor the network settings on a workstation. This is necessary as a first step toward learning how to secure connections.
The chapter consists of basic lab exercises that are designed to provide a foundation in network connectivity and tools. In later chapters of this book, you will use the skills from these lab exercises to perform functions that are necessary to secure a network from attack and investigate current conditions. Built upon the premise that one learns to crawl before walking and to walk before running, this chapter represents the crawling stage. Although basic in nature, this chapter is important because it provides the skills needed to “walk” and “run” in later stages of development.
Depending on your lab setup and other factors, you won’t necessarily be performing all the lab exercises presented in this book. Therefore, to help you identify which lab exercises are relevant for you, each lab exercise number is appended with a letter: “w” labs are built using the Windows environment; “l” labs are built using the Linux environment; “m” labs are built using a combination of Windows and Linux; and “i” labs require an Internet connection.
Lab 1.1: Network Workstation Client Configuration For two computers to communicate in a TCP/IPv4 network (IPv6 is discussed later, in Lab 1.3), both computers must have a unique Internet Protocol (IP) address. An IP address has four octets. The IP address is divided into a network address and a host address. The subnet mask identifies which
01-ch01.indd 4 24/07/14 5:00 PM
Mohammed Khalid
Lab 1.1: Network Workstation Client Configuration 5
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
portion of the IP address is the network address and which portion is the host address. On a local area network (LAN), each computer must have the same network address and a different host address. To communicate outside the LAN, using different network IP addresses, a default gateway is required. To connect to a TCP/IP network, normally four items are configured: the IP address (this is both the network portion and the host portion), the subnet mask, the IP address for a Domain Name System (DNS) server, and the IP address for the gateway machine. To communicate within a LAN only, you need the IP address and subnet mask. To communicate with other networks, you need the default gateway. If you want to be able to connect to different sites and networks using their domain names, then you need to have the address of a DNS server as well.
When communicating between machines on different networks, packets are sent via the default gateway on the way into and out of the LAN. The routing is done using (Layer 3) IP addresses. If the computer is on the same network, then the IP address gets resolved to a (Layer 2) Media Access Control (MAC) address to communicate with the computer. MAC addresses are hard-coded onto the Ethernet card by the company that made the card.
The ability to retrieve and change your IP configuration is an important skill. In this lab, you will use the ipconfig command in Windows and the ifconfig command in Linux to view the configuration information. You will then use the Local Area Connection Properties window to change the IP address in Windows and use ifconfig to change the IP address in Linux.
Computers use both MAC and IP addresses to communicate with one another across networks. In this lab, two computers will “talk” to each other via ping messages. You will then modify the Address Resolution Protocol (ARP) table of one computer to demonstrate the relationship between the IP and MAC addresses for a machine.
The ping (Packet Internet Groper) program is a basic utility that is used for testing the connectivity between two computers. This message name was derived from the sound that sonar on a submarine makes and is used in a similar way. A “signal” or request is sent out to probe for the existence of the target along a fixed “distance.” The distance between two computers can be measured using time to live (TTL). The TTL is decremented by at least one for router it passes through, also known as a hand-off point (HOP). It may be decremented by more than one if the router holds on to it for more than one second, which is rarely the case. Ping operates using Internet Control Message Protocol (ICMP) to test for connectivity; so, in cases where ICMP is restricted, the ping utility may not be useful. Ping is usually implemented using ICMP echo messages, although other alternatives exist.
When you use the ping command in this lab, you will see that although you are using the IP address as the target of the ping, it is actually the MAC address that is used to communicate with that computer. IP addresses are used to transfer data from one network to another, whereas MAC addresses are used to send information from one device to another on the same network. It is ARP that resolves IP addresses to their associated MAC addresses. ARP is a Transmission Control Protocol/Internet Protocol (TCP/IP) tool that is used to modify the ARP cache. The ARP cache contains recently resolved MAC addresses of IP hosts on the network. The utility used to view and modify the ARP protocol is also called arp.
01-ch01.indd 5 24/07/14 5:00 PM
Mohammed Khalid
Mohammed Khalid
Mohammed Khalid
Chapter 1: Workstation Network Configuration and Connectivity6
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
As you progress through the labs, you will see how a computer obtains both MAC addresses and IP addresses in order to communicate. This is the question you should be considering: How does the computer know that the information it is getting is correct?
Learning Objectives After completing this lab, you will be able to
Retrieve IP address configuration information via the command line
List the switches that can be added to the ipconfig (Windows) or ifconfig (Linux) command to increase its functionality
Use the Windows graphical user interface (GUI) to configure a network card to use a given IP address
Determine your machine’s MAC address
Determine your machine’s assigned network resources, including its DNS address and gateway address
Use the ifconfig (Linux) command to configure a network card with a given IP address
Understand how to test network connectivity between two computers
List the options that can be added to the ping command to increase its functionality
Use the arp command to view and manage the ARP cache on a computer
10 MINUTES
Lab 1.1w: Windows Client Configuration
Materials and Setup You will need the following:
Windows 7
Windows 2008 Server
Lab Steps at a Glance
Start the Windows 2008 Server and Windows 7 PCs. Log on only to the Windows 7 machine.
View the network card configuration using the ipconfig command.
Change the IP address of the Windows 7 machine.
01-ch01.indd 6 24/07/14 5:00 PM
Lab 1.1w: Windows Client Configuration 7
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Verify the new IP address. Use the ipconfig command to verify that the IP address has changed.
Change the IP address of the Windows 7 machine back to the original address.
Ping the Windows 2008 Server machine from the Windows 7 PC.
View and modify the ARP table.
Log off from the Windows 7 PC.
Lab Steps
To log on to the Windows 7 PC, follow these steps:
1. At the Login screen, click the Admin icon.
2. In the password text box, type the password and press ENTER.
On the Windows 7 PC, you will view the network card configuration using ipconfig. This utility allows administrators to view and modify network card settings.
1. To open the command prompt, click Start; in the Search Programs And Files box, type and then press ENTER.
2. At the command prompt, type and press ENTER.
a. Observe the options available for ipconfig. You may have to scroll up to see all of the information.
b. Which options do you think would be most useful for an administrator?
c. Which option would you use to obtain an IP configuration from a Dynamic Host Configuration Protocol (DHCP) server?
3. Type and press ENTER, as shown in Figure 1-1.
a. What is your IP address?
b. What is your subnet mask?
4. Type and press ENTER.
a. Observe the new information.
b. What is the MAC address (physical address) of your computer?
c. What is your DNS server address?
5. Type and press ENTER.
01-ch01.indd 7 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity8
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
You will access the Local Area Connection Properties dialog box and change the host portion of the IP address.
1. Click Start | Control Panel | Network and Internet | Network and Sharing Center.
2. Click Change adapter settings.
3. Right-click Local Area Connection and select Properties.
4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
5. In the IP Address text box, you will see the IP address 192.168.100.101, as shown in Figure 1-2. Change the last octet (101) to .
6. Click OK.
7. In the Local Area Connection Properties window, click Close.
8. Click Close to close the Network Connections window.
1. To open the command prompt, click Start; in the Search Programs And Files box, type and then press ENTER.
2. Type and press ENTER.
3. Observe that your IP address has changed.
4. Type and press ENTER.
FIGURE 1-1 The ipconfig command
01-ch01.indd 8 24/07/14 5:00 PM
Lab 1.1w: Windows Client Configuration 9
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
1. Click Start | Control Panel | Network and Internet | Network and Sharing Center.
2. Click Change Adapter Settings.
3. Right-click Local Area Connection and select Properties.
4. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
5. In the IP Address text box, you will see the IP address 192.168.100.110. Change the last octet (110) to as shown in Figure 1-2.
6. Click OK.
7. In the Local Area Connection Properties window, click Close.
8. Click Close to close the Network Connections window.
1. On the Windows 7 PC, click Start; in the Search Programs And Files box, type and then press ENTER.
2. To view the ping help file, type at the command line and then press ENTER.
FIGURE 1-2 The Internet Protocol (TCP/IP) Properties window
01-ch01.indd 9 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity10
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
3. To ping the IP address of the Windows 2008 Server computer, type at the command line and press ENTER, as shown in Figure 1-3.
a. Observe the information displayed.
b. What is the time value observed for all four replies?
c. What is the TTL observed?
d. What does this number refer to?
e. How can you be sure that this response is actually coming from the correct computer?
At the Windows 7 machine, you are now going to view the ARP cache, using the arp utility.
1. Close the current Command Prompt window.
2. Select Start | All Programs | Accessories and then right-click Command Prompt.
3. Click Run as administrator.
4. In the User Account Control dialog box, click Yes.
5. At the command line, type and press ENTER.
a. Observe the options for this command.
b. Which command displays the current ARP entries?
FIGURE 1-3 The ping command in Windows
01-ch01.indd 10 24/07/14 5:00 PM
Lab 1.1w: Windows Client Configuration 11
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
✔ Tip
UP ARROW
6. At the command line, type and press ENTER.
7. Observe the entry. Notice that the MAC address for the Windows 2008 Server machine is listed.
8. At the command line, type and press ENTER. (The –d option deletes the ARP cache.)
9. Observe the entries. (Do not worry if no entries are listed; you are simply deleting what is in the ARP cache.)
10. At the command line, type and press ENTER, as shown in Figure 1-4.
11. Observe that the ARP cache now has no entries.
12. At the command line, type and press ENTER.
13. At the command line, type and press ENTER.
a. Observe any entry. Notice that the MAC address is once again listed.
b. How does using the ping utility cause the machine’s MAC address to be populated in the ARP cache? (This is explored in “Lab 2.1, Network Communication Analysis,” in Chapter 2.)
c. How can you be sure that this is actually the correct MAC address for the computer?
FIGURE 1-4 The arp command in Windows
01-ch01.indd 11 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity12
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
At the Windows 7 PC, follow these steps:
1. Choose Start | Shutdown arrow | Log off.
2. In the Log Off Windows dialog box, click Log Off.
10 MINUTES
Lab 1.1l: Linux Client Configuration
Materials and Setup You will need the following:
Kali
Metasploitable
Lab Steps at a Glance
Start the Kali and Metasploitable PCs. Log on only to the Kali PC.
View the network card configuration using ifconfig.
Use the cat command to view the file resolv.conf to determine the DNS address.
Use the netstat –nr command to determine the gateway router address.
Use the ifconfig command to change the network configuration for a machine.
View the ARP table.
Ping the Metasploitable machine by IP address and view the cache.
Modify the ARP cache and view the ARP cache again.
Log off from the Kali PC.
Lab Steps
To log on to the Kali PC, follow these steps:
1. At the login screen, click Other.
01-ch01.indd 12 24/07/14 5:00 PM
Lab 1.1l: Linux Client Configuration 13
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
2. In the Username text box, type and press ENTER.
3. In the Password text box, type and press ENTER.
1. Click the Terminal icon in the menu bar at the top.
2. At the command line, type and press ENTER. (The information may scroll off the screen. To see the text, hold the SHIFT key down and press PAGEUP.)
3. Observe the different options that can be used.
✔ Tip
–h
man man ENTER
Here is how you can utilize this command:
4. At the command line, type and press ENTER.
5. Use the UP ARROW and DOWN ARROW keys to scroll through the man page.
6. When you are done looking at the man page, press to exit.
✔ Tip
UP ARROW
7. At the command line, type and press ENTER.
a. Observe the information displayed.
b. How does Linux refer to the IP address? What is your IP address?
c. How does Linux refer to the subnet mask? What is your subnet mask?
01-ch01.indd 13 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity14
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
1. At the command line, type and press ENTER.
a. Observe the information displayed.
b. What is your DNS server address?
1. At the command line, type and press ENTER.
Observe the information displayed.
Note that a default gateway is not configured. One is not needed since all the machines for the lab exercises will communicate only on the 192.168.100.0 network. If traffic needs to go to a network other than 192.168.100.0, a default gateway is needed.
1. At the command line, type and press ENTER.
2. At the command line, type and press ENTER.
Did your IP address change?
3. At the command line, type and press ENTER.
4. At the command line, type and press ENTER.
Did your IP address change?
✔ Tip
Working at the Kali machine, you are now going to view the ARP table using the arp utility.
1. At the command line, type and press ENTER.
2. Observe the options for this command.
01-ch01.indd 14 24/07/14 5:00 PM
Lab 1.1l: Linux Client Configuration 15
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
3. At the command line, type and press ENTER.
a. What do the options a and n do?
b. Do you have any entries?
From the Kali PC, you are going to use the ping utility to communicate with the Metasploitable server machine.
1. At the command line, type and press ENTER.
a. Notice that the ping replies will continue until you stop them. Press CTRL-C to stop the replies, as shown in Figure 1-5.
b. Observe the information displayed.
c. What is icmp_req?
d. Notice the time the first reply took compared with the rest of the replies. Was there a significant difference? If so, why?
e. How can you be sure that this response is actually coming from the correct computer?
2. At the command line, type and press ENTER.
3. Observe the entry. Notice that the MAC address for the Metasploitable machine is listed.
1. At the command line, type and press ENTER.
2. Observe the entries. (If you do not see an entry, do not worry; we are simply deleting what is in the ARP cache.)
FIGURE 1-5 The ping command in Linux
01-ch01.indd 15 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity16
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
3. At the command line, type and press ENTER, as shown in Figure 1-6.
4. Observe that the ARP cache now has no MAC addresses.
5. At the command line, type and press ENTER. Press CTRL-C to stop the replies.
6. At the command line, type and press ENTER.
a. Observe the entry. Notice that the MAC address is once again listed.
b. How does pinging the machine cause its MAC address to be populated in the ARP cache? (This is explored in “Lab 2.1, Network Communication Analysis,” in the next chapter.)
c. How can you be sure that this is actually the correct MAC address for the computer?
1. In the upper-right corner, click root | Shutdown.
2. In the Shut down this system now? dialog box, click Shut Down.
➜ Note
Lab 1.1 Analysis Questions The following questions apply to the labs in this section:
1. You have been called in to troubleshoot a client’s computer, which is unable to connect to the local area network. What command would you use to check the configuration? What information would you look for?
FIGURE 1-6 The arp command in Linux
01-ch01.indd 16 24/07/14 5:00 PM
Lab 1.1l: Linux Client Configuration 17
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
2. You have been called in to troubleshoot a client’s computer, which is able to connect to the local area network but unable to connect to any other network. What command would you use to check the configuration? What information would you look for?
3. If you needed to obtain a user’s MAC address as well as the user’s network configuration information, what command and switch would you enter?
4. To use the Windows GUI utility to adjust IP settings, including DNS and gateway information, what steps would you take?
5. You have just pinged a remote computer. You would now like to retrieve the MAC address of the remote computer locally. How would you obtain the remote computer’s MAC address?
6. You are about to run some network traffic analysis tests. You need to clear your ARP cache. How would you go about performing this task (for Windows and Linux)?
7. What information does ping return to the user?
8. How does a computer ensure that the replies it gets from an ARP broadcast are correct?
Lab 1.1 Key Terms Quiz Use these key terms from the labs to complete the sentences that follow:
Address Resolution Protocol (ARP)
ARP cache
cat
Domain Name System (DNS)
01-ch01.indd 17 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity18
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Dynamic Host Configuration Protocol (DHCP)
gateway
host address
ifconfig
Internet Control Message Protocol (ICMP)
Internet Protocol (IP)
ipconfig
Media Access Control (MAC) address
network address
ping (Packet Internet Groper)
resolv.conf
subnet mask
time to live (TTL)
Transmission Control Protocol/Internet Protocol (TCP/IP)
1. The letters IP stand for ____________________.
2. The ____________________ is the physical address of your network interface card that was assigned by the company that made the card.
3. ipconfig /renew will renew an IP address obtained from the ____________________ server.
4. The four items needed to connect a machine to the Internet are the ____________________ address, the ____________________ address, the ____________________, and the ____________________ address.
5. The ____________________ is used to separate the host address and network address from an IP address.
6. ____________________ is the file that contains DNS server addresses in Linux.
7. The ____________________ command is used to display the contents of text files in Linux.
8. The command used in this lab to test network connectivity is ____________________.
Follow-Up Labs Now that you know how IP addresses resolve to MAC
addresses, find out how computer and domain names are resolved.
01-ch01.indd 18 24/07/14 5:00 PM
Lab 1.1l: Linux Client Configuration 19
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
IPv6 is the next generation of addressing and will be implemented in the not too distant future.
Nmap uses ARP in a ping sweep to discover devices on a network.
This attack exploits ARP.
Suggested Experiments 1. DHCP is designed to facilitate setting a client device’s IP settings from a host server that exists
to enable autoconfiguration of IP addresses. This is particularly useful in large networks and provides a mechanism that allows remote administration of settings such as IP address and DNS and gateway IP addresses. To experiment with DHCP, you need to set up a DHCP server and then add clients to the network, exploring how DHCP sets the parameters automatically.
2. Research stack fingerprinting. When you ping a device and get a reply, you know that a device is working on the network. Are there any clues in the ICMP replies that might reveal what kind of device is responding?
References
www.microsoft.com/resources/documentation/windows/xp/ all/proddocs/en-us/arp.mspx
www.faqs.org/rfcs/rfc826.html
www.faqs.org/rfcs/rfc2131.html
www.faqs.org/rfcs/rfc792.html
www.faqs.org/rfcs/rfc950.html
http://www.subnetting.net/Tutorial.aspx
Linux Programmer’s Manual, Section 8 (type the command
Linux Programmer’s Manual, Section 8 (type the command
www.microsoft.com/resources/documentation/windows/ xp/all/proddocs/en-us/ipconfig.mspx
Principles of Computer Security, Fourth Edition (McGraw-Hill Education, 2015), Chapter 9
01-ch01.indd 19 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity20
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Lab 1.2: Computer Name Resolution Remembering IP addresses can be cumbersome, especially when there are many machines on many networks. One way we sort out this complexity is with the use of the Domain Name System (DNS). When one computer connects to another computer using its domain name, the DNS translates the computer’s domain name into its appropriate IP address.
The DNS will first access a local file called the hosts file. The hosts file is a listing of corresponding IPv4 addresses and host names. By default, there is only one IP address—the localhost address; it is equivalent to the loopback address 127.0.0.1. The hosts file can always be modified to accommodate additional IP addresses.
If it has not found the IP address in the hosts file, the computer will need to query the DNS cache (on Windows machines) and then the DNS server for the IP address. The DNS cache is a local copy of recently used name–IP address pairs. If the name is not in the cache, then the request is directed to a DNS server. If the DNS server does not have the IP address in its database, it can “ask” another DNS server for the information. DNS servers are organized in a hierarchical structure, ultimately ending at servers maintained by the naming authorities. This is an efficient method of resolving IP addresses to names.
The fully qualified domain name (FQDN) is a dot-separated name that can be used to identify a host on a network. The FQDN consists of the host name along with its domain name and any other subdomain names, such as www.somename.com.
In this lab, you will modify the hosts file, test connectivity using the FQDN, and then explore the functionality of the nslookup command.
Learning Objectives After completing this lab, you will be able to
Understand how the loopback address can be used to test a network card
Modify the hosts file on a computer using a basic text editor
Check the DNS cache on a computer from the command line
From the command line, resolve an FQDN to an IP address, and vice versa
Understand how names are resolved into IP addresses in a Windows environment
01-ch01.indd 20 24/07/14 5:00 PM
Lab 1.2w: Name Resolution in Windows 21
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
15 MINUTES
Lab 1.2w: Name Resolution in Windows
Materials and Setup You will need the following:
Windows 7
Windows 2008 Server
Metasploitable (acting as a DNS server)
Lab Steps at a Glance
Start the Windows 7, Windows 2008 Server, and Metasploitable PCs. Log on only to the Windows 7 machine.
Ping the Windows 7 machine from the Windows 7 machine.
View and modify the hosts file.
Ping the Windows 2008 Server machine by the FQDN.
Use the nslookup command to view name-to–IP address information.
Log off from the Windows 7 PC.
Lab Steps
To log on to the Windows 7 PC, follow these steps:
1. Click Admin at the Login screen.
2. In the password text box, type and press ENTER.
Using the Windows 7 machine, you are going to ping the machine that you are working on, using both the loopback address (127.0.0.1) and the name “localhost.” This is often done to test whether the network interface card (NIC) and TCP/IP are working before moving on to other troubleshooting methods.
01-ch01.indd 21 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity22
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
1. To ping the machine using the loopback address, choose Start | Run, type in the Open field, and press ENTER.
2. At the command line, type and press ENTER.
3. Observe the information displayed.
4. To ping the Windows 7 computer using localhost, type at the command line and press ENTER.
a. Observe the information displayed.
b. How does the computer know that localhost defaults to 127.0.0.1?
You are now going to view and modify the hosts file. The hosts file is a text file that lists host (computer) names and their IP addresses on a network. On a small network, the hosts file can be used as an alternative to DNS.
To view and modify the hosts file, follow these steps:
1. Select Start | Programs | Accessories and right-click Notepad.
2. Click Run as administrator.
3. In the User Account Control dialog box, click Yes.
4. Click File | Open. Set the extension type to All Files. Then navigate to c:\windows\system32\ drivers\etc\ and select the hosts file.
a. Observe the information displayed.
b. What entries are already there?
c. Why are they commented out?
5. Add the following lines to the end of the hosts file (refer to Figure 1-7):
6. Choose File | Save. Be sure that Save as type is set to All Files.
7. Close Notepad.
To ping the new names, follow these steps:
1. At the command line, type and press ENTER.
What IP address comes up?
01-ch01.indd 22 24/07/14 5:00 PM
Lab 1.2w: Name Resolution in Windows 23
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
2. At the command line, type and press ENTER.
a. What IP address comes up?
b. Why do you think administrative rights are required to modify the hosts file?
c. Can you think of a way that this file could be exploited?
From the Windows 7 PC, you are going to use the ping utility to communicate with the Windows 2008 Server machine. You will look at the DNS cache and see how it changes during this process.
1. To ping the IP address of the Windows 2008 Server computer, type at the command line and press ENTER.
FIGURE 1-7 Modifying the hosts file with Notepad
01-ch01.indd 23 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity24
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
2. Observe the information displayed.
3. To check the contents of the DNS cache, type at the command line and press ENTER.
a. What listings do you see?
b. Is there one for win2k8serv.security.local?
4. To ping the Windows 2008 Server computer by name, type at the command line and press ENTER.
a. Observe the information displayed.
b. Did it show the IP address of the server?
5. To check the DNS cache again, type at the command line and press ENTER.
a. Is there an entry for 2k8serv.security.local this time?
b. Where did the DNS cache get it from?
You will use nslookup to view name resolution. The nslookup command allows you to either discover the IP address of a computer from its FQDN or use the IP address to determine the FQDN.
To list the options available for the nslookup command, follow these steps:
1. At the command line, type and press ENTER.
2. At the command prompt, type and press ENTER.
➜ Note
a. Observe the information displayed.
b. Which option displays the current server/host?
3. At the command line, type and press ENTER.
4. To check the IP address for the Windows 7 computer, type at the command line and press ENTER.
Is the IP address correct?
01-ch01.indd 24 24/07/14 5:00 PM
Lab 1.2w: Name Resolution in Windows 25
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
5. To check the IP address for the Windows 2008 Server computer, type at the command line and press ENTER, as shown in Figure 1-8.
a. Is the IP address correct?
b. Note that the name of the server is win2k8serv and not 2k8serv, which you put into the hosts file.
➜ Note
At the Windows 7 PC, follow this step:
Choose Start | Shut Down arrow | Log off.
➜ Note
FIGURE 1-8 The nslookup command
01-ch01.indd 25 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity26
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Lab 1.2 Analysis Questions 1. The following questions apply to the lab in this section:You are the administrator of a large
network. You would like to make a change that allows users to type one word into their web browsers to access a web site. For example, instead of typing , users could just type . Based on the lab you have just done, how is this accomplished for the example given?
2. What is the sequence in which domain names are resolved on a Windows machine?
3. Entering the command will provide you with what information about the IP address?
Lab 1.2 Key Terms Quiz Use these key terms from the lab to complete the sentences that follow:
127.0.0.1
DNS cache
Domain Name System (DNS)
fully qualified domain name (FQDN)
hosts file
IP addresses
localhost address
loopback address
nslookup
ping localhost
1. The command used in this lab to test and query DNS servers is called ____________________.
2. You can type ____________________ to test whether a network card and TCP/IP are working on the local machine.
01-ch01.indd 26 24/07/14 5:00 PM
Lab 1.3: IPv6 Basics 27
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
3. The letters FQDN stand for ____________________ ____________________ ____________________ ____________________.
4. Entering will provide you with all the ____________________ associated with that FQDN.
5. The ____________________ is a small space in memory that will maintain resolved names for a period of time.
6. What file maps computer names to IP addresses? ____________________
Follow-Up Labs Discover how to scan
a network for IP addresses and find open ports on each one discovered.
See how domain names are used in spoofing e-mails.
Suggested Experiment On your home computer, use nslookup to find the IP addresses for different sites that you normally go to, such as www.google.com or www.microsoft.com.
References
www.faqs.org/rfcs/rfc826.html
www.faqs. /rfcs/rfc792.html
www.faqs.org/rfcs/ rfc2151.html
Principles of Computer Security, Fourth Edition (McGraw-Hill Education, 2015), Chapter 9
Lab 1.3: IPv6 Basics The TCP/IP network that is commonly referred to as either TCP or IP seldom refers to the version of the protocol in use. Until recently, this was because everyone used the same version, version 4. One of the shortcomings of IPv4 is the size of the address space. This was recognized early, and a replacement protocol, IPv6, was developed in the late 1990s. Adoption of IPv6 has been slow because, until recently, there have been IPv4 addresses remaining in inventory for use. The impending end of the IPv4 address inventory has resulted in the move of enterprises into dual-stack operations, where both IPv4 and IPv6 are used.
01-ch01.indd 27 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity28
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
The IPv6 protocol is not backward compatible to IPv4. There are many aspects that are identical, yet some have changed to resolve issues discovered during the use of IPv4. A key aspect is the autoconfiguration features associated with the IPv6 standard. IPv6 is designed to extend the reach of the Internet Protocol by addressing issues discovered in the 30 years of IPv4. The IP address space is the most visible change, but issues such as simpler configuration of IP-enabled devices without using DHCP, deployment of security functionality, and quality of service were also designed into IPv6 as optional extensions (with limitations).
A significant change occurs in ICMPv6: ICMP messages are used to control issues associated with routing packet losses, so blocking ICMPv6 at the edge of the network would result in a system not getting delivery failure messages. ICMP is also used to convey Neighbor Discovery (ND) and Neighbor Solicitation (NS) messages to enable autoconfiguration of IP-enabled devices. ICMP becomes a complete part of the protocol set with version 6.
IPv6 supports a variety of address types, as listed in Table 1-1.
Link-local unicast addresses are analogous to the IPv4 address series 169.254.0.0/16. These addresses are automatically assigned to an interface and are used for the autoconfiguration of addresses and Neighbor Discovery. They are not to be routed. Multicast addresses are used to replace the broadcast function from IPv4. Multicast addresses can be defined in a range of scopes, from link to site to Internet. Global unicast addresses are used to send to a specific single IP address, multicast addresses are used to send to a group of IP addresses, and the anycast address, a new type in IPv6, is used to communicate with any member of a group of IPv6 addresses.
Unspecified 000...0 (128 bits) ::/128
Loopback 000...01 (128 bits) ::1/128
Link-local unicast 1111 1110 10 FE80::/10
Multicast 1111 1111 FF00::/8
Global unicast All other addresses
IPv4 mapped 000…01111111111111111 ::FFFF/96
Unique Local Unicast Address (ULA) 1111 110 FC00::/7
Assigned to RIR 001 2000::/3
TABLE 1-1 IPv6 Address Types
01-ch01.indd 28 24/07/14 5:00 PM
Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 29
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Learning Objectives After completing this lab, you will be able to
Understand the new IPv6 header
Understand different address configurations
Understand IPv6 addressing nomenclature
Identify differences between IPv6 and IPv4 traffic
40 MINUTES
Lab 1.3w: Windows IPv6 Basics (netsh/ping6)
Materials and Setup You will need the following:
Windows 7
Windows 2008 Server
Lab Steps at a Glance
Start the Windows 7 and Windows 2008 Server machines. Log on only to the Windows 7 machine.
Verify IPv6 settings.
Log on to the Windows 2008 Server machine.
Verify IPv6 settings.
Launch Wireshark on the Windows 7 PC.
Ping the Windows 2008 Server machine from the Windows 7 machine.
Change the IPv6 address of the Windows 7 machine.
Change the IPv6 address of the Windows 2008 machine.
View the IPv6 ping traffic in Wireshark.
Investigate communications between various IP addresses.
Reset all IPv6 configuration states.
Log off from both the Windows 7 and Windows 2008 Server machines.
01-ch01.indd 29 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity30
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Lab Steps
To log on to the Windows 7 PC, follow these steps:
1. Click Admin at the Login screen.
2. In the password text box, type and press ENTER.
1. Click Start; in the Search Programs And Files box, type and press ENTER.
2. Type and press ENTER. You should get a reply similar to what’s shown in Figure 1-9.
3. Record your IPv6 address for later use.
To log on to the Windows 2008 Server PC, follow these steps:
1. At the Login screen, press CTRL-ALT-DEL.
2. Enter the username and the password .
3. Click OK.
FIGURE 1-9 IPv6 settings
01-ch01.indd 30 24/07/14 5:00 PM
Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 31
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
1. Click Start; in the Search programs and files box, type and press ENTER.
2. Type and press ENTER.
3. Record your IPv6 address for later use.
➜ Note
On the Windows 7 machine, follow these steps:
1. Choose Start | All Programs | Wireshark.
2. Within Wireshark, choose Capture | Interfaces.
3. Click Start for the correct interface.
➜ Note
On the Windows 7 machine, in the command window, type [ ] and press ENTER.
The IPv6 address will look something like fe80::8cb8:89fc:bc3a:8ec9. You should get a reply similar to what’s shown in Figure 1-10.
1. On the Windows 7 machine, close the current Command Prompt window.
2. Select Start | Programs | Accessories and right-click Command Prompt.
3. Click Run as administrator.
4. In the User Account Control dialog box, click Yes.
01-ch01.indd 31 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity32
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
5. In the command window, type your interface name and press ENTER.
6. Verify address by typing and pressing ENTER.
7. Record the IPv6 addresses and types for later use.
➜ Note
1. Select Start | Programs | Accessories and right-click Command Prompt.
2. Click Run as administrator.
3. In the User Account Control dialog box, click Yes.
4. In the command window, type and press ENTER.
5. Verify the address by typing and pressing ENTER.
6. Record the IPv6 addresses and types for later use.
FIGURE 1-10 The ping -6 command
01-ch01.indd 32 24/07/14 5:00 PM
Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 33
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
On the Windows 7 PC, verify the IPv6 ping by viewing the Wireshark output. You should get a reply similar to what’s shown in Figure 1-12.
➜ Note
ipv6
FIGURE 1-11 Changing and showing the IPv6 address
01-ch01.indd 33 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity34
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
For this step, experiment using Wireshark and the ping6 command on Windows 7 and using Wireshark and the ping command on Windows 2008 Server. Investigate communicating between various IPv6 addresses.
What are the differences?
On both machines, in the Command Prompt window, type and press ENTER.
1. On the Windows 7 PC, choose Start | Shutdown arrow | Log Off.
2. On the Windows 2008 Server machine, choose Start | Log Off, click Log Off, and click OK.
Lab 1.3 Analysis Questions 1. The following questions apply to the lab in this section:What are the different types of IPv6
traffic captured in Wireshark?
2. Using Wireshark, describe the differences between IPv4 and IPv6 packets observed in this lab.
FIGURE 1-12 IPv6 traffic in Wireshark
01-ch01.indd 34 24/07/14 5:00 PM
Lab 1.3w: Windows IPv6 Basics (netsh/ping6) 35
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
Lab 1.3 Key Terms Quiz Use these key terms from the lab to complete the sentences that follow:
anycast address
global unicast addresses
ICMPv6
link-local unicast addresses
multicast addresses
Neighbor Discovery (ND)
Neighbor Solicitation (NS)
1. The protocol used for Neighbor Discovery (ND) is ____________________.
2. ARP is replaced in IPv6 by ____________________ transmitted using ____________________.
3. IPv6 addresses that begin with FE80 represent ____________________.
4. In IPv6, broadcast messages are accomplished using ____________________.
Suggested Experiments 1. Get the Kali and Metasploitable to ping each other with IPV6.
2. Get all four machines to ping each other with IPV6.
3. Get all machines to use only IPv6 and get HTTP and FTP services working.
References www.getipv6.info/index.php/Main_Page
www.faqs.org/rfcs/rfc2463.html
http:// download.microsoft.com/download/e/9/b/e9bd20d3-cc8d-4162-aa60-3aa3abc2b2e9/IPv6 .doc
www.faqs.org/rfcs/ rfc2460.html
www.openwall.com/ presentations/IPv6/
01-ch01.indd 35 24/07/14 5:00 PM
Chapter 1: Workstation Network Configuration and Connectivity36
Lab Manual / Principles of Computer Security Lab Manual, Fourth Edition / Nestler / 655-1 / Chapter 1
www.faqs.org/rfcs/ rfc4942.html
www.faqs.org/rfcs/rfc2461.html
01-ch01.indd 36 24/07/14 5:00 PM
h.bt0m37bilv6v
Applied Sciences
Architecture and Design
Biology
Business & Finance
Chemistry
Computer Science
Geography
Geology
Education
Engineering
English
Environmental science
Spanish
Government
History
Human Resource Management
Information Systems
Law
Literature
Mathematics
Nursing
Physics
Political Science
Psychology
Reading
Science
Social Science
Home
Blog
Archive
Contact
google+twitterfacebook
Copyright © 2019 HomeworkMarket.com