topic # Topic Reading Homework Slides
1

2/22

tcpdump/wireshark

read - textbook chapter 1, and chapter 3 sections 3.1-3.4 (stopping at p 102); 3.7-3.8; 3.10-03.11.

tool - do your own research on netcat (nc). Start here:
 http://sectools.org/tool/netcat/
 http://en.wikipedia.org/wiki/Netcat

slides about netcat and why it's related to the "cat" command with a "net" dimension

visit
 - Wireshark home page
 - Wireshark wiki

print - TCP/IP and tcpdump Pocket Reference Guides from SANS Institute. I suggest you print them out 2-sided, fold into 4 panels, and carry them with your materials for this class.

 - IPv4 version
 - IPv6 version

tcpdump

 

 

2

3/1

Stevens' sock test/diagnostic program

in-class exercise(s):
  wireshark - parts 4,5,7,8

read - about Stevens' sock program:
  documentation
 updated source code 

nc (netcat) is akin to sock

visit - Wireshark sample captures 

visit - the linux documentation project There, view the list of (about 400) HOWTO docs and note those that relate to networking and protocols.

wireshark
2

3/8

netcat

diagnostic protocols: echo, discard, chargen

in-class exercise(s):
  install "sock"
 
exercise diagnostic protocols with netcat

 

read - this write-up about a practical application of netcat

view - netcat pocket reference guide

view - the documentation for sock

download - the Windows version of netcat (if you want to use it under Windows). It's in a file called nc11nt.zip, found on the file distribution server indicated by your instructor. (Be aware it may alarm virus checking programs.)

identify - a project topic or candidate topics. Be prepared to briefly (2 min.) tell the class verbally what technology you've chosen, and describe what (little) you may know about it for starters (i.e., what's it for, what's it do, why your interest?)

analyze in Wireshark this packet capture file of mine, which is the result of performing the class exercise at the link (left) titled "exercise diagnostic protocols with netcat". On one frame belonging to each of the exercise's 3 exchanges (echo, discard, and chargen), right click in Wireshark and "Follow UDP Stream" to see what was exchanged at the pure high level, stripped of all the underlying headers.

netcat
4

3/15

echo vs ping

arp
proxy-arp

in-class exercise(s):
  ppp data-link protocol

read in full - the rfc for arp. It's short enough to be digestible but long enough to provide a level of substance beyond what the rfc's for the simple protocols echo, discard, and chargen. It is revealing of the thought process when a technology is in gestation (1982 in this case). Note the references to "DOD [department of defense] internet." That's one and the same as "our" internet but at the time that network was a department of defense project.
read - the chapter 4 discussion of arp in the textbook.

write - a plan about your project topic, to turn in at next week's class. It should be a written, elablorated version (1-3 pages?) of your verbal presentation last week. It should include your idea of what steps you may follow, what you want to end up with, what equipment you think it will take (and whether you have it), and what in the end you will write up as a short paper and/or demo/present to class. It does not trap you. If once you get started you see a reason to go in a different direction that's fine. It's purpose is to make you get started.

view - the capture file obtained during establishment of a point-to-point protocol link

ARP address resolution

proxy ARP

5

3/22

proxy-arp

point-to-point protocol

in-class exercise(s):
  proxy-arp

Proxy-arp:
read - “man arp” under –s, and “man 7 arp”
read - “Guide to IP Layer Network Administration with Linux,” Section 9.3 Breaking a network in two with proxy ARP
read - “Linux Advanced Routing and Traffic Control HOWTO,” Section 16.3 Pseudo-bridges with Proxy-ARP

point-to-point:
read - textbook treatment of point-to-point protocol, section 3.6
note - the PPP HOWTO. Don't read it. I call it to your attention because it is a substantial source on the subject for you to be aware of.

do - this proxy-arp homework
Prepare your answers in this form and submit them by this file transfer method, depositing your answer file in your "assignments" subdirectory on the remote server. Please name your file "proxyarp.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility, as is the case (lower) of the filename. (Wrongly named or placed, your file will get overlooked by the grading script.)

read - materials about SNMP posted on the main page in preparation for Vincent Leveque's presentation about it next on 3/29

view - 3 protocols of increasing complexity

ppp protocol
6

3/29/14

snmp protocol

in-class exercise(s):
  ppp data-link protocol
 
"arp" and "arping"

read - textbook chapter 8 about ICMP
 pp 353-357 & sec. 8.3.2.4 about tftp
 generating ICMP "port unreachable"

read - rfc 792 defining ICMP
 the introductory couple pages
 the detail only of the message types
  0 - echo reply
  3 - destination unreachable
  8 - echo request
 11- time exceeded

read - rfc 1350 defining tftp, sections 1-4 and 6

- ping
7

4/5

point-to-point protocol

traceroute - udp to "dead" port stategy

tftp - trivial file transfer protocol

read - textbook chapter 12, TCP prelimiaries. General issues TCP must resolve, and general solutions.

read - textbook chapter 17 TCP
read - textbook chapter 18 connection negotiation, sections 1-3,6-7

-

traceroute

tftp

8

4/12

icmp

udp

tcp -
 3-way handshake connection negotiation

services - role of port numbers
port behavior
in-class exercise:
  port behavior

read - textbook chapter 8 Traceroute  sections 8.1-8.4
read
- textbook chapter 19 TCP interactive dataflow, sections 1-3,5-6
read - textbook chapter 20 TCP bulk dataflow, sections 1-7,9
listen - tcp getting connected
from 56min mark to 1hr29min

listen - attacking tcp
from 41min to 1hr21min

listen - tcp refinements
from 36min to 1hr11min

read - rfc 2001, about such refinements. Read the sections about slow start and congestion recovery.

udp protocol

tcp protocol

9

4/26

 

in-class exercise:
  tftp

 

- - tcp protocol
10

5/3

tcp - seq/ack numbering
in-class
 tcp interactive dataflow tracking
- do - turn in the printout from  tcp dataflow tracking. You did the capture in class, now you have the specimen trace file. Derive from it what assignment asks for, fill in the table, turn it in. -
11

5/10

bridging - - bridging
12

5/17

tcp - flow/congestion control
in-class exercise:
 tcp bulk dataflow tracking
TCP reading from textbook

ch 12 - Preliminaries
 all

ch 13 -Connection Management
 595-598
 13.2.3 initial seq number
 601-602
 13.3 TCP Options, MSS 605-607

ch 14 - Timeout/Retransmission
 647-652
 14.4 Timer based retrans 664-667

ch 15 - Flow Ctrl, Window Mgmt
 691-696
 700-704

ch 16 -Congestion Control
 727-738

view - simulation of slow start

listen - AIMD lecture
"additive increase, multiplicative decrease" describing slow start and congestion avoidance

tcp traffic control
13

5/24

series of socket-type demos

tcp - coding, concurrent server

udp - coding (diagram)

sctp - stream control transmission protocol

in-class exercise:
 client-server socket types

 

- - -
14

5/31

IPv6

TLS

- - ssl/tls
15

6/7

packet injection

in-class
 packet injection with hping

ip-in-ip

in-class
 construct ip-in-ip tunnel

read - rfc's 1853 & 2003 defining ip-over-ip tunneling

of interest - packet wizardry using scapy and python

visit - hping home page packet injection - hping

IP-over-IP tunneling