Connecting to the lab server
Connect to the lab server:
local$ ssh-keygen -R netlab.nanocat.net local$ ssh [email protected] Password: (see discord)
Connect to your router:
lab@netlab$ list-devices lab@netlab$ connect DEVICE
- ping the lab web server from a lab pc
- fetch a web page using curl from the lab web server
- capture those things and analyse with tcpdump
- capture packets, and open them in wireshark locally
Everything is already configured with default values!
Ping the web server
Connect to a lab PC:
connect clab-www-pcX <- choose a number
Check your lab PC’s IP address:
ip -c address
Start a ping:
Watch your ping
In a different terminal window:
ip netns exec clab-www-pcX tcpdump
By default, tcpdump uses
eth0 as its interface, and will print output
for every packet that it sees.
Stop and start the ping in the other terminal with
up-arrow to recall the last command.
Filter with tcpdump
You will probably be seeing lots of traffic aside from your ping. Filter
everything else by only showing
icmp packets (Internet Control Message Protocol)
ip netns exec clab-www-pcX tcpdump icmp
Try some other filters:
# capture only ARP packets ip netns exec clab-www-pcX tcpdump arp # capture only LLDP packets (ethertype 0x88cc) ip netns exec clab-www-pcX tcpdump ether proto 0x88cc # capture only STP (Spanning Tree Protocol) packets ip netns exec clab-www-pcX tcpdump stp
Capture a whole web page
curl to fetch a web page from the server.
Start a tcpdump on port 80:
ip netns exec clab-www-pcX tcpdump port 80
From your lab PC:
See the contents of the packets
Start a tcpdump with ASCII interpretation:
ip netns exec clab-www-pc2 tcpdump -nn -s0 -A tcp port 80
Run a curl from your lab PC:
Capture some packets to disk
Capture 50 packets:
cd <- make sure you are in your home directory ip netns exec clab-www-pcX tcpdump -c 50 -w CLEVER_FILENAME.pcap
Generate some pings, or a curl, from your lab PC.
Copy them to your local computer. Locally,
scp [email protected]:CLEVER_FILENAME.pcap .
Open this file locally in Wireshark.