Scribd
Upload
93 views8 pages

Ns Lab 1 - Deepanshu Sharma

This document discusses using tcpdump and Wireshark to analyze network traffic, understand the Address Resolution Protocol (ARP), and use the ifconfig and arp commands. It provides instructions on: 1. Using tcpdump filters to sniff specific packets and write them to a file. 2. Analyzing saved packet captures using Wireshark. 3. Understanding how ARP works to translate IP addresses to MAC addresses through passive monitoring and cooperation between hosts. 4. Observing ARP packet formats and operation within and between subnets, using ping to initiate communication. 5. Using ifconfig and arp commands to view and modify interface and ARP settings, such as MAC addresses, and observe the impacts

Uploaded by

Deepanshu Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
93 views8 pages

Ns Lab 1 - Deepanshu Sharma

This document discusses using tcpdump and Wireshark to analyze network traffic, understand the Address Resolution Protocol (ARP), and use the ifconfig and arp commands. It provides instructions on: 1. Using tcpdump filters to sniff specific packets and write them to a file. 2. Analyzing saved packet captures using Wireshark. 3. Understanding how ARP works to translate IP addresses to MAC addresses through passive monitoring and cooperation between hosts. 4. Observing ARP packet formats and operation within and between subnets, using ping to initiate communication. 5. Using ifconfig and arp commands to view and modify interface and ARP settings, such as MAC addresses, and observe the impacts

Uploaded by

Deepanshu Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

CS-564 Network Security Laboratory

Deepanshu Sharma

Part 1: how to sniff only the desired packets and write in a file using tcpdump filters.

Tcpdump

It is a data-network packet analyzer computer program which allows the user to display


TCP/IP and other packets being transmitted or received over a network to which the computer is
attached

tcpdump –help

Capture only n packets

tcpdump -i eth0 –v

tcpdump -I eth0 -v host google.com

Capture and write to file

Capture packets with IP address using tcpdump -n


Receive packets flows on a particular port using tcpdump port

Capture packets with proper readable timestamp using tcpdump -tttt

 source and destination

Part 2 :how to use Wireshark tool to analyze saved dump files.

TCPDUMP

tcpdump-h

tcpdump -D

tcpdump-i eth0 -nn -A -vvv -w packet-capture.pcap

wireshark packet-capture.pcap&
Part 3: to understand the ARP protocol in practice throughpassive monitoring and some
cooperative work.

Most of the computer programs/applications use logical address (IP address) to


send/receive messages, however the actual communication happens over the physical
address (MAC address) i.e. from layer 2 of OSI model. So, our mission is to get the
destination MAC address which helps in communicating with other devices. This is where
ARP comes into the picture, its functionality is to translate IP address to physical address. 
ARP finds the hardware address, also known as Media Access Control (MAC) address, of a
host from its known IP address. 

In ARP, only two messages are defined – ARP request and ARP reply.
Part 4: Observe the format and types of ARP packets, operation of ARP for hosts residing in same
subnet and not in same subnet (requiring a router/proxy/gateway). Initiate communication within
and outside the networks using ping. Capture the ARP packets using tcpdump and analyze.

Part 5: need to use the commands ‘ifconfig’ and ‘arp’ in Linux forthis assignment. With these
commands, try to modify MAC addresses andobserve the impact on bindings. Understand the
various options in these twocommands and execute them appropriately.

a. Ifconfig
 -a :This option is used to display all the interfaces available

Syntax:ifconfig -a
 up :This option is used to activate the driver for the given interface.

Syntax:ifconfig interface up

 add addr: used to add an IPV6 address to an interface


Syntax:ifconfig interface add addr

 [-]arp : This option is used to enable/disable the use of ARP protocol on an interface.

Syntax:ifconfig interface [-]arp

 –help: Display help related to ifconfig command.

Syntax:ifconfig–help

b. Arp
 -v
Tell the user what is going on by being verbose.
 -H type
When setting or reading the ARP cache, this optional parameter tells arp
which class of entries it should check for.
 -a [hostname]
Shows the entries of the specified hosts.
 -d hostname
Remove any entry for the specified host.
 -s hostname hw_addr
Manually create an ARP address mapping entry(static entry) for host
hostname with hardware address set to hw_addr class
Part 6: Design experiments to observethe ARP cache contents and effect of various options with the
help of yourpartner’s machine.

You might also like