using netcat to interact with simple diagnostic application protocols

and Wireshark to see what happened


The instructor will indicate a server machine that runs all of the following. If you are working with provided VirtualBox virtual machines, do this exercise in the CLIENT and SERVER virtual machines that are produced when you run the scripts that set up the "sniffing" exercise. (I assume you have done that.)

application protocol transport protocol port number
echo udp 7
discard udp 9
chargen udp 19
echo tcp 7
discard tcp 9
chargen tcp 19

Note that udp and tcp keep separate sets of ports; udp port 7 and tcp port 7 for example are different from and  independent of one another.

The example screenshot below refers to the server machine as 66.159.240.70 but the one that's actually available may differ. Replace "66.159.240.70" with the actual IP address or domain name the instructor indicates.

The exercise to perform

Start both the CLIENT and SERVER machines. Log in to each as root. Their addresses assigned when you set up the "sniffing" experiment are
  CLIENT 192.168.1.2
  SERVER 192.168.1.1

You will capture network traffic on SERVER while, from CLIENT, you exercise each of SERVER's 3 udp diagnostic protocols.

First, run tcpdump or Wireshark on SERVER in order to capture a packet trace of  the activity to a file called "netcat-simple-udp.cap". If you use tcpdump a suitable command invocation might be:

  cd
  tcpdump  -s  10000  -i  enp0s3  -w  netcat-simple-udp.cap  udp and not  arp

( "-s 10000" assures non-truncated capture
  "eth0" is the name of the interface whose traffic you are capturing.
  If the name of your interface is different, substitute it for "eth0".
  The name of the interface in the "sniffing" exercise is enp0s3
   "-w" will cause tcpdump to put its output into file netcat-simple-udp.cap
  "udp and not arp" is a filter expression limiting the capture to what interests us )

Then, on CLIENT, run nc (netcat) against the server program that's running on the server machine's udp port 7. Interactively send it the word "hello", by typing "hello" at nc's (invisible) prompt then pressing enter. Next, terminate nc by pressing ctrl-C.

Then, do exactly the same thing twice more but changing the udp port number first to 9, then to 19, to also interact with those two other server programs also running on the server machine. Send them "hello" too. Your activity on CLIENT, and its screen, should look like the following screenshot.

[root@localhost ~]# nc -u 66.159.240.70 7
hello
hello
^C
[root@localhost ~]# nc -u 66.159.240.70 9
hello
^C
[root@localhost ~]# nc -u 66.159.240.70 19
hello
CDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-
DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-.
EFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./
FGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0
GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./01
HIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./012
IJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0123
JKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./01234
KLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./012345
LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0123456
MNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./01234567
NOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./012345678
OPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-./0123456789
PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}!"#$%&'()*+,-.
^C
[root@localhost ~]#
Now on server terminate the ongoing catpure being performed by tcpdump or wireshark. If tcpdump, ctrl-C keystroke terminates it.:

You now have netcat-simple-udp.cap file as a record of what happened. You could play it back in tcpdump or wireshark. If tcpdump:

tcpdump  -nntxXr  netcat-simple-udp.cap  |  less

You can scroll up and down. When finished, use the "q" keystroke to exit from the less program. You may also wish to view it in wireshark. But wireshark being graphical, you will first have to run a graphical desktop, in order to run wireshark. Possibly you could transfer the file to a different computer where wireshark is installed and do your viewing there. On SERVER I would suggest doing it by running the graphical desktop as student, not root. But if you run as student you will lack permission to view the file. Make the file student-accessible before exiting:

chown  student.student  netcat-simple-udp.cap
mv  netcat-simple-udp.cap  /home/student
exit

Now log in afresh as student. Once logged in, from the prompt run the graphical desktop:

startx

Then you will find an icon for wireshark under the "Activities" menu. Run it on netcat-simple-udp.cap. Ask yourself the following questions. There are 2 frames each for the echo and chargen protocols, but only one for the discard protocol. Why? And look at the frame sizes (lengths). Why is one of them very much larger than the others? Spend time in wireshark scrutinizing the frames, expanding and contracting their individual protocol components and recognizing or researching what you see. Find out what you don't understand, and understand as much of what's there that you can. Study it.

What to turn in

Please turn in a screenshot of your capture file as displayed in wireshark. Name your file diagnostic-protocols.jpg (or .png).