S2E5 - analysing packets

Nicholas Morrison <nick@nanocat.net>

Tags:

Connecting to the lab server

Connect to the lab server:

local$ ssh-keygen -R netlab.nanocat.net
local$ ssh lab@netlab.nanocat.net
Password: (see discord)

Connect to your router:

lab@netlab$ list-devices
lab@netlab$ connect DEVICE

Topology: Just some PCs

decide which PC you are (pc1 -> pc9)
find this PC’s network namespace (ip netns list or ip netns list | grep pcX)
run a tcpdump on your PC’s eth0 interface (because eth0 is connected to the Internet)
- ip netns exec NAMESPACE tcpdump -i eth0 -s 1500 -c 5000 -w YOUR_PERSONAL_FILENAME.pcap

In another terminal, while the tcpdump is running, do each of the following:

ping a site by name, that you have not pinged before
- eg. ping -c 10 www.idsoftware.com
traceroute to a site by name, with name lookups DISABLED
- eg. traceroute -w 1 -n nanocat.net
traceroute to a site by name, with name lookups ENABLED
- eg. traceroute -w 1 nanocat.net
fetch a file over http
- wget http://insecure.nanocat.net/files/snarf.txt
fetch a file over https
- wget https://nanocat.net/files/snarf.txt
fetch a file from an ftp server
- eg. wget ftp://ftp.uni-bayreuth.de/debian/README.CD-manufacture

Back at your tcpdump terminal:

ctrl-c the tcpdump, if it has not already exited (remember we set a limit of 5000 packets)
make sure the .pcap file is there using ls -l YOUR_PERSONAL_FILENAME.pcap (or ls -l *.pcap if you can’t remember)
from your laptop, copy the file using SCP (secure copy protocol): scp lab@netlab.nanocat.net:YOUR_PERSONAL_FILENAME.pcap .