Build an internet
In this in-class lab exercise you will work with a group. There will be 3 other
groups. Each group will build a local network. Then the 4 networks will be
combined into a single internet. See the "Lab
exercise: build an internet" slides, which blueprint the plan. These
step-by-step instructions accompany them.
For building its localnet, your group will be issued a kit consisting of:
1 switch or hub, with power supply
3 laptops
2 USB NICs
4 cables
Your localnet will consist of the 3 laptops. Do as indicated below.
Construct 1 localnet for your group
Set the laptops along the row where students sit, at the eastern/aisle end.
cable all 3 laptops into the switch
choose an internal network (netaddr & netmask)
choose 3 of its host addresses and apply them to your 3 hosts
make sure your 3 hosts can ping each other
Construct 2 localnets between groups
identify the other 2 localnets that are lateral, not diagonal, to you
(for example, if you are the Northwest localnet, Southeast is diagonal to you so your
2 lateral localnets are Southwest and Northeast)
add one of the USB NICs to the laptop at the end of your row (preparing it to
serve as router/gateway for your local net)
determine and record the new USB interface's name (write it down)
add the other USB NIC to your laptop
determine and record its name (write it down)
cable your laptop's 2 USB NICs directly (no hub/switch) to the laptops of your 2 lateral localnets
confer separately with the students from those 2 localnets
with each:
mutually choose an external network (netaddr & netmask)
choose 2 of its host addresses
apply them to your 2 router laptops
make sure the 2 router laptops can ping one another
Make route table settings, for lateral integration
On your router laptop
add 2 network routes, one to each of the lateral localnets
(gatewayed through the lateral routers)
On the other two, non-router laptops in your LAN
add default routes, on each, to your router laptop
make sure your 2 non-router laptops can ping both of your lateral networks'
router laptop
make sure your 2 non-router laptops can ping all 4 non-router laptops that belong to your lateral
networks
Make route table settings, for diagonal integration
confer with students from your diagonal localnet
determine what their local network is (netaddr & netmask)
On your router laptop
add a network route to the diagonal localnet
On your non-router laptops
do nothing
make sure your router laptop can ping both your diagonal networks' non-router
laptops
make sure your 2 non-router laptops can ping both your diagonal networks'
non-router laptops
At this point you are finished. The two sections below could be performed now. But they will be performed in a remote setting (DETER) as an upcoming exercise.
Sniff traffic on outside of laptop before and after adding IP
masquerading (network address translation)
on your router laptop run tcpdump on one external interface while executing a 1-time
ping from one of your non-routers through that interface (i.e., to either the
router or a non-router in the other group)
note the source address of the ping request and destination address of the ping
reply (one and the same address)
repeat, on your router laptop's other external interface
apply masquerading on both interfaces, using the command for it shown in the slides
now again, on your router laptop run tcpdump on one external interface while
executing a 1-time ping from one of your non-routers through that interface
note the source address of the ping request and destination address of the ping
reply (one and the same address)
repeat, on your router laptop's other external interface
Block (firewall) traffic, on outside of laptop, from leaving
apply firewalling on one of your router laptop's external interfaces, using the
command for it shown in the slides
run tcpdump on that firewalled interface while executing a 1-time ping from one
of your non-router laptops through that interface
run tcpdump on the router laptop's other unfirewalled external interface while
executing a 1-time ping from one of your non-router laptops through that interface
undo the firewalling
run tcpdump on that formerly firewalled interface while executing a 1-time ping
from one of your non-router laptops through that interface
When finished
shutdown laptops
disconnect equipment
recompose and return your kit