Basic Networking Tools Study Week #1

10 Questions

What command can be used to scan a host using its host name?

nmap www.pes.edu

Which command is used to scan multiple IP addresses or subnets in IPv4?

nmap 192.168.1.1 192.168.1.2 192.168.1.3

How can ping be instructed to exit after a specified number of ECHO_REQUEST packets?

By using the -c flag followed by the packet count

What is the purpose of using 'traceroute -T www.google.com' command?

To display the path packets take from source to destination

What does the command 'nmap 163.53.78.128' imply?

Scanning for open ports on a specific IP

What version of HTTP is typically used when retrieving HTML files from a server?

HTTP version 1.0

How can one identify remote host apps and OS?

By conducting a full port scan with Nmap

Which command should be used to retrieve the last modified date of an HTML file from the server?

"curl --head www.google.com"

"nmap" is commonly used for ________.

Locating network vulnerabilities

"sudo" is a command used for ________.

Running commands with administrative privileges

Study Notes

Week #1: Basic Networking Tools

Wireshark, Tcpdump, Ping, Traceroute, and Nmap are essential networking tools to understand.
The lab manual is written for Ubuntu Linux OS only, and experiments can be executed on VirtualBox or VMWare platforms.

Linux Interface Configuration (ifconfig/IP command)

ifconfig or ip addr show displays the status of all active network interfaces.
Assign an IP address to an interface using sudo ifconfig interface_name 10.0.your_section.your_sno netmask 255.255.255.0 or sudo ip addr add 10.0.your_section.your_sno /24 dev interface_name.
Activate/deactivate a network interface using sudo ifconfig interface_name down and sudo ifconfig interface_name up.
Show the current neighbor table in the kernel using ip neigh.

Ping PDU (Packet Data Units or Packets) Capture

Assign an IP address to the system (Host) using sudo ifconfig interface_name 10.0.your_section.your_sno netmask 255.255.255.0.
Launch Wireshark and select the 'any' interface.
Analyze the TTL, protocol used by ping, and time in the terminal.
Analyze the frames with the first echo request and echo reply in Wireshark.

HTTP PDU Capture Using Wireshark's Filter feature

Launch Wireshark and select the 'any' interface.
Filter HTTP packets using http in the filter toolbar.
Analyze the first and second frames (interaction of host to the web server and response of server to the client).
Analyze the HTTP request and response using Wireshark's Follow TCP Stream.

Capturing packets with Tcpdump

Use tcpdump -D to see available interfaces for capture.
Capture all packets in any interface using sudo tcpdump -i any.
Perform some pinging operation while capturing packets.
Filter packets based on protocol using sudo tcpdump -i any -c5 icmp.
Save packets to a file using sudo tcpdump -i any -c10 -nn -w webserver.pcap port 80.

Perform Traceroute checks

Run the traceroute using sudo traceroute www.google.com.
Analyze the destination address of google.com and the number of hops.
Use the -n option to disable the mapping of IP addresses with hostnames.
Use the -I option to use ICMP packets.
Use the -T flag to test a TCP connection.

Explore an entire network for information (Nmap)

Scan a host using its hostname or IP address using nmap www.pes.edu or nmap 163.53.78.128.
Scan multiple IP addresses or subnets using nmap 192.168.1.1 192.168.1.2 192.168.1.3.

Submission Guidelines

Take screenshots of results after execution of every command in every task.
Write the task and 2-3 lines of observation followed by screenshots.
Submissions will be through Google Forms.