using netcat to interact with simple diagnostic application protocols

and Wireshark to see what happened


The instructor will indicate a server machine that runs some or all of the following.

application protocol transport protocol port number
echo udp 7
discard udp 9
chargen udp 19
echo tcp 7
discard tcp 9
chargen tcp 19

Note that udp and tcp keep separate sets of ports; udp port 7 and tcp port 7 for example are different from and  independent of one another.

The example screenshot below refers to the server machine as 66.159.240.70 but the one that's actually available may differ. Replace "66.159.240.70" with the actual IP address or domain name the instructor indicates.

The exercise to perform

First, run tcpdump or Wireshark in order to capture a packet trace of  the following activities to a file called "netcat-simple-udp.cap". If you use tcpdump a suitable command invocation might be

  tcpdump  -s  10000  -i  eth0  -w  netcat-simple-udp.cap  not  arp

( -s 10000 assures non-truncated capture, not arp keeps a probable distraction out).

Then, run nc (netcat) against the server program that's running on the server machine's udp port 7. Interactively send it the word "hello", by typing "hello" at nc's (invisible) prompt then pressing enter. Next, terminate nc by pressing ctrl-C.

Then, do exactly the same thing twice more but changing the udp port number first to 9, then to 19, to also interact with those two other server programs also running on the server machine. Send them "hello" too. Your screen should look like the following screenshot.

[root@localhost ~]# nc -u 66.159.240.70 7
hello
hello
^C
[root@localhost ~]# nc -u 66.159.240.70 9
hello
^C
[root@localhost ~]# nc -u 66.159.240.70 19
hello
CDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-
DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-.
EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./
FGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0
GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./01
HIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./012
IJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0123
JKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./01234
KLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./012345
LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0123456
MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./01234567
NOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./012345678
OPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0123456789
PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-.
^C
[root@localhost ~]#
Now terminate the ongoing catpure being performed by tcpdump or Wireshark.


Keep the netcat-simple-udp.cap file for examination and analysis in Wireshark.