Cisco 1 - Network Specialist Program
Transcription
Cisco 1 - Network Specialist Program
IT: Network: Cisco 1 Name: Lab 3 Lab Time: Cisco 1 – Lab 3 Data-Link Layer and Ethernet In this lab, you will have the opportunity to work with both the Wireshark and the Packet Tracer products to examine packets in an Ethernet network as they move across a local network. Wireshark will be used to capture “live” packets, and Packet Tracer will be used to simulate two simple LAN environments to compare the operation of Ethernet HUBs and Switches. This lab is worth 10 points. Packet Tracer Overview Packet Tracer is a network simulation software package made available by Cisco to students in the Cisco Academy. Using the software, you can construct a virtual network and/or internetwork consisting of end-nodes (servers & workstations), hubs, switches, and routers as well as appropriate LAN and WAN interconnections. The virtual network can then be “run” to see how the different devices behave under different types of traffic. While this is not free software, it is available to you as a student at NWTC. Task 1: Simulate a Virtual Network with an Ethernet Hub 1. Download the Lab03-Hub Packet Tracer data file from the blackboard web site a. Open a web browser and navigate to https://blackboard.nwtc.edu/ and login as your user. Click on the link for your Cisco1 class. b. Under Course Materials, click the link for Lectures & Labs, then the link for this week’s lab (Week 3). Under the item for REQUIRED FILES, right click on C1Lab03-Hub.pkt and save it to disk. Save it to the desktop. 2. Double click on the C1Lab03-Hub.pkt file on the desktop. This should start Cisco Packet Tracer and open the file. If necessary, maximize this window. You will see a screen similar to the following: Figure 1: Hub Topology Page 1 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 This scenario consists of a LAN with a server and two workstations connected by an Ethernet Hub. 3. We will now create a simple test message inside of Packet Tracer. Click on the icon that looks like a closed envelope (the “open envelope” creates a complex message which is more than we want right now) 4. Now click first on PC0 (in the main packet tracer pane) then click on Server1. This action specified the source and destination of our test packet. If you watched really close, you might have seen the green dots (representing activity lights) on the connections between the devices flash as the packet moved from place to place. Just like the real world; but not overly useful in learning. 5. Delete the simulated packet from the queue by clicking on the delete button under the Scenario pane: 6. In the Packet Tracer window, change from Real-time mode to Simulation mode. a. In the lower-right corner you will see the following: This shows that the current mode is “Real-time” – traffic flows without any pause or slowing. b. Click the “stop watch” icon behind the Real-time icon: You are now in Simulation mode – traffic will flow but each packet will be sent individually and in slow motion. This will allow us to watch the traffic on the LAN. Page 2 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 7. In simulation mode, we can control the “types” of traffic we see in Packet Tracer. For this lab, we only want to see ping packets (test messages to check connectivity). a. In the Edit Filter dialog box, click Show All/None. All the protocols should disappear. b. Click Edit Filters. Under the IPv4 tab, enable the ICMP protocol by putting a check mark in its box. c. Click anywhere outside of the Edit Filter dialog to make this dialog disappear. Your Event List Filter should look like that shown in Error! Reference source not found.: Figure 2: ICMP filter set 8. We will again create a simple test message inside of Packet Tracer. Click on the icon that looks like a closed envelope (the “open envelope” creates a complex message which is more than we want right now). 9. Now click first on PC0 (in the main packet tracer pane) then click on Server1. This action specified the source and destination of our test packet. An icon of an envelope will appear next to PC0; it is “ready” to send. 10. In the main Packet Tracer window, click the button for “Capture / Forward”. You should need to click this one time only, but if you don’t see the packet move, click it once more. Which devices did the current packet move from and to? From: To: 11. Click the “Capture / Forward” button a second time. Where did the packet move from and to? From: To: You should have seen the packet move first from PC0 to the Hub and then from the Hub to both Server1 and PC1. 12. Click on the packet that has arrived at PC1 as shown in Figure 3. Details about that packet will be shown. Page 3 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 Figure 3: View packet received at PC1 In the packet details, click “Layer 2” under the “In-Layers” to see what happens at the Data-link layer (layer-2) on PC1. If we realize that the MAC address is the Layer-2 address, what does PC1 do with this packet when it is received and why? Page 4 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 13. Repeat step 12 for the packet received by Server1. Look at what happens as the packet comes into Layer 2, moves up to layer 3, and then is sent out of layer 3 and through layer 2. Figure 4: Details of Packet at Server 1 Follow the actions taken by Server1 at the various in-coming and out-going layers for this packet. What does it do and why (try to use your own words to describe what happens)? Layer 2 under In Layers: Layer 3 under In Layers: Layer 3 under Out Layers: Layer 2 under Out Layers: 14. Play the rest of the simulation by clicking on the “Auto Capture/Play” button. Notice what the Hub does every time it receives a packet. Page 5 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 15. In this part of the simulation, the LAN is utilizing a Hub. Suppose we had 96 stations attached to the Hub. What potential problems might you see happening in such a network? 16. Close Packet Tracer but don’t save your changes. Task 2: Simulate a Virtual Network with an Ethernet Switch 1. Download the Lab03-Hub Packet Tracer data file from the blackboard web site a. Open a web browser and navigate to https://blackboard.nwtc.edu/ and login as your user. Click on the link for your Cisco1 class. b. Under Course Materials, click the link for Lectures & Labs, then the link for this week’s lab (Week 3). Under the item for REQUIRED FILES, right click on C1Lab03-Switch.pkt and save it to disk. Save it to the desktop. 2. Double click on the C1Lab03-Switch.pkt file on the desktop. This should start Cisco Packet Tracer and open the file. If necessary, maximize the program window. You will see a screen similar to the following: Figure 5: Switch Topology Here we have a LAN with a server and two workstations connected by an Ethernet Switch. 3. Use the techniques you learned in the previous task send one test message from PC2 to PC3 in Real-time mode. This allows us to see if things work and to sort of “wake the devices up”. When it is complete, go ahead and delete the packet from the simulation. 4. Now use what you learned in the previous task to put Packet Tracer into simulation mode. Page 6 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 5. To minimize what types of packets show up in our simulation, we will again create a filter. Use what you learned previously in this lab to configure Packet Tracer to show only ICMP packets (refer back if you need to). 6. Use what you learned in the previous task to create a simple test message inside of Packet Tracer from PC2 to Server2. (Refer back to earlier in the lab if you can’t remember how to do this.) 7. Repeatedly use the “Capture / Forward” button and watch the packets as they move. You should watch the packets as they move both from and back to PC2. 8. Briefly describe the path taken by a ping (ICMP) packet between PC2 and Server2 and back – that is, what devices does the packet go through. Be sure to include how much PC3 is involved in this communication. What did this happen this way? 9. What effect would using a switch instead of a hub have in an environment with a large number of workstations? Task 3: Cleanup Packet Tracer Files 1. Close Packet Tracer a. When asked if you want to save your work, click No. 2. Delete the C1Lab03-Hub.pkt and the C1Lab03-Switch.pkt files from the desktop. This will give a clean configuration for the next student using the machine. Page 7 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 Wireshark Overview Wireshark is a protocol analyzer. This type of program has the ability to take packets off the network wire and “decode” the packets showing individual fields in the headers as well as the data being sent. There are many other analysis features of Wireshark, but the decoding of the packets is what we are most interested in working with. Figure 6: Wireshark Window At the top of the Wireshark window, you see the Packet List Pane – this shows the list of packets that have been captured. This also displays a very brief description of the source and destination addresses, the protocol contained in the packet, and some amount of information about the contents of that packet. With a packet selected in the Packet List Pane, the contents of the packet will be displayed in the Packet Details Pane. This will show you the individual headers inside the packet including a Frame description, the Ethernet II (Data-Link) header, and any other headers (IP, TCP, etc) contained inside the Ethernet II packet. By default, each header is “closed” so that only the name of the header is shown. Click the ‘+’ next to the header to expand it and show the fields of the header. Task 4: Use Wireshark to Capture and Analyze Ethernet II Frames. In the following task, Wireshark will be used to capture and analyze packets captured on the station host computer. Step 1: Configure Wireshark for packet captures. If necessary, start Wireshark by clicking the Wireshark shortcut on the Start men. Prepare Wireshark for captures. Click Capture > Interfaces and find the Ethernet interface. Put a check mark in the box next to that interface (it will also be the interface with Packets). Click the Start button. This will begin the packet capture; leave the capture running while you generate some traffic to analyze. Step 2: Start a ping to Google and capture the traffic. a) Open a Windows terminal window. Click Start > Run, type cmd, and click OK. Page 8 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 b) Ping www.google.com, by typing ping www.google.com as shown below. Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\>ping www.google.com Pinging www.l.google.com [209.85.225.106] with 32 bytes of data: Reply from 209.85.225.106: bytes=32 time=75ms TTL=55 Reply from 209.85.225.106: bytes=32 time=76ms TTL=55 Reply from 209.85.225.106: bytes=32 time=73ms TTL=55 Reply from 209.85.225.106: bytes=32 time=75ms TTL=55 Ping statistics for 209.85.225.106: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 73ms, Maximum = 76ms, Average = 74ms c) When the command has finished execution, stop your Wireshark capture (Click Capture > Stop) and close the terminal window. Step 3: Analyze the Wireshark capture. The first thing you may notice is that a lot of extra packets were captured by Wireshark; you will likely have many more packets in the Packet List Pane than those generated by your pings. You will need to scroll up and down through the List Pane to find the packets generated by your request. To simplify things, we can filter the packets displayed so that only those matching a specific condition are shown. Ping packets are part of a protocol called Internet Control Message Protocol or ICMP. We will create a display filter that shows only ICMP packets. At the top of the Wireshark screen you should see a blank Filter field. Click in the blank and type icmp in the space (it is case sensitive; don’t type ICMP). Now click Apply. Figure 7: Wireshark with icmp filter Your packets will likely be different than that shown above. However, notice that there may still be some ICMP packets not related to your ping request displayed. However, the total number of packets is greatly reduced. Select one of the packets marked as “Echo (ping) request” in the Info column of the Packet List pane. Page 9 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 Figure 8: Ethernet header expanded in Packet Details Pane In Figure 8 you can see the fields inside the Ethernet II header including the Destination, the Source, and the Type. You can also see the information that is included in each of those fields. The format for an Ethernet II frame is shown in Figure 9. Figure 9: Ethernet Frame Structure The ping requests came from your machine and eventually went to Google’s server. Use one of your captured Echo (Ping) Request packets to answer the following questions about the Layer-2 (Ethernet II) header: What is your computer’s Ethernet address (not the IP address – watch which header you are looking at)? What is the Ethernet address that that packet is being sent to? Page 10 of 11 as of 2/9/2015 IT: Network: Cisco 1 Lab 3 Do you think the destination Ethernet address corresponds to one of Google’s servers or our local router (used to move packets from our local network to external networks)? Justify your answer. (Hint: Remember that the Data-link layer (Ethernet) only performs local delivery.) Summary In this lab, the Ethernet protocol was examined as an example of a Data-Link or Layer-2 protocol. A preamble field contains seven bytes of alternating 0101 sequences, and one byte that signals the beginning of the frame, 01010110. Destination and source Ethernet addresses each contain 48 bits represented as 12 hex digits. The first six hex digits represent the manufacturer of the NIC, and the last six hex digits contain the NIC serial number. A 4-byte frame type field contains a value that indicates the protocol in the data field. For IPv4, the value is 0x0800. The data field is variable and contains the encapsulated upper layer protocol. At the end of a frame, a 4-byte FCS value is used to verify that there were no errors during transmission. A machine transmitting an Ethernet packet will send that packet to some central device – most likely a switch might some older networks might still use a hub. Hubs repeat received packets to ALL other connected machines; switches examine the destination Ethernet address and repeat the packet out of only the port that destination machine is connected to. Packet Tracer is a Cisco product that allows us to simulate a network environment, slowing down the packets so we can study the movement and processing of individual packets on the network. Wireshark is protocol analyzer that will let us capture, decode, and observe live packets on the network received by our workstation. Page 11 of 11 as of 2/9/2015