Differences
This shows you the differences between two versions of the page.
|
ep:labs:04:contents:tasks:ex2 [2021/10/03 21:35] radu.mantu [02. [??p] Network Exploration] |
ep:labs:04:contents:tasks:ex2 [2025/02/11 23:36] (current) cezar.craciunoiu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== 02. [??p] Network Exploration ==== | + | ==== 02. [20p] Swap space ==== |
| - | === [??p] Task A - ARP vs ICMP === | + | <note warning> |
| + | Before starting this task, call the assistant to show him your progress. If you manage to freeze your PC, it might prove tricky to do so afterwards. | ||
| + | </note> | ||
| - | The [[https://datatracker.ietf.org/doc/html/rfc826|Address Resolution Protocol (ARP)]] resolves layer 2 addresses (MAC) from layer 3 addresses (e.g.: IP). Normally, all hosts are compelled to reply to ARP requests, but this can be fiddled with using tools such as [[https://linux.die.net/man/8/arptables|arptables]]. For now, try using **arp-scan** to scan your //local// network. Use **wireshark** to monitor the ARP traffic and get a sense of what's going on. | + | === [10p] Task A - Swap File === |
| - | <solution -hidden> | + | First, let us check what swap devices we have enabled. Check the //NAME// and //SIZE// columns of the following command: |
| - | <code bash> | + | <code> |
| - | $ sudo arp-scan --interface eth0 --localnet | + | $ swapon --show |
| </code> | </code> | ||
| - | </solution> | + | No output means that there are no swap devices available. |
| - | The [[https://datatracker.ietf.org/doc/html/rfc792|Internet Control Message Protocol (ICMP)]] is an ancillary protocol meant mainly to report errors between hosts. Sometimes it can also be used to perform measurements (**ping**) or to inform network participants of better routes ([[https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/213841-understanding-icmp-redirect-messages.html|Redirect Messages]]). There are many ICMP functionalities, most of which are now deprecated. Note that some network equipment may not be capable of understanding new and officially recognized protocols, while other may not even recognize experimental ICMP codepoints (i.e.: [[https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml|type=253,254]]) and simply drop the packet. Because ICMP can be used to stage attacks in a network, some operating systems (e.g.: Windows >7) went so far as to disable Echo Replies by default. Use the following script to scan your local network and identify hosts discoverable via ARP but no ICMP. | + | If you ever installed a Linux distro, you may remember creating a separate //swap partition//. This, however, is only one method of creating swap space. The other is by adding a //swap file//. Run the following commands: |
| + | <code> | ||
| + | $ sudo swapoff -a | ||
| + | $ sudo dd if=/dev/zero of=/swapfile bs=1024 count=$((4 * 1024 * 1024)) | ||
| + | $ sudo chmod 600 /swapfile | ||
| + | $ sudo mkswap /swapfile | ||
| + | $ sudo swapon /swapfile | ||
| - | <spoiler> | + | $ swapon --show |
| - | Hint: click on the file name to download the snippet below. | + | </code> |
| - | <file bash localnet-ping.sh> | + | Just to clarify what we did: |
| - | #!/bin/bash | + | * disabled all swap devices |
| + | * created a 4Gb zero-initialized file | ||
| + | * set the permission to the file so only //root// can edit it | ||
| + | * created a swap area from the file using **mkswap** (works on devices too) | ||
| + | * activated the swap area | ||
| - | # localnet-ping.sh - performs differential ARP / ICMP scan | + | The new swap area is temporary and will not survive a reboot. To make it permanent, we need to register it in [[https://en.wikipedia.org/wiki/Fstab|/etc/fstab]] by adding a line such as this: |
| - | # $1 : [required] interface name | + | |
| - | if [ "$#" -ne 1 ]; then | + | <code> |
| - | echo "Usage: ./localnet-ping.sh <interface>" | + | /swapfile swap swap defaults 0 0 |
| - | exit 1 | + | </code> |
| - | fi | + | |
| - | # generate list of IPs and hostnames in local network for given interface | + | === [10p] Task B - Does it work? === |
| - | localnet_hosts=$(sudo arp-scan \ | + | |
| - | --interface=$1 `# scanned network` \ | + | |
| - | --localnet `# only local network` \ | + | |
| - | | head -n -3 `# hide footer lines` \ | + | |
| - | | tail -n +3 `# hide header lines` \ | + | |
| - | | awk '{$2=""; print $0}' `# hide MAC address` \ | + | |
| - | ) | + | |
| - | # process generated list, one item at a time | + | In one terminal run **vmstat** and look at the //swpd// and //free// columns. |
| - | while read -r it; do | + | <code> |
| - | # separate IP from hostname | + | $ vmstat -w 1 |
| - | current_ip=$(awk '{print $1}' <<< $it) | + | </code> |
| - | current_host=$(awk '{$1=""; print $0}' <<< $it) | + | |
| - | printf '\033[1;33m%15s %-30s \033[0;33m==> \033[0m' $current_ip "$current_host" | + | In another terminal, open a python shell and allocate a bit more memory than the available RAM. Identify the moment when the newly created swap space is being used. |
| - | # ping current host | + | One thing you might notice is that the value in **vmstat**'s //free// column is lower than before. This does not mean that you have less available RAM after creating the swap file. Remember using the **dd** command to create a 4GB file? A big chunk of RAM was used to buffer the data that was written to disk. If //free// drops to unacceptable levels, the kernel will make sure to reclaim some of this buffer/cache memory. To get a clear view of how much available memory you actually have, try running the following command: |
| - | ping -c 1 `# only one ping` \ | + | |
| - | -W 1 `# 1s timeout` \ | + | |
| - | $current_ip `# target host` \ | + | |
| - | 1>/dev/null 2>&1 | + | |
| - | # evaluate ping success | + | <code bash> |
| - | if [ $? -eq 0 ]; then | + | $ free -h |
| - | printf '\033[1;32mok\n\033[0m' | + | </code> |
| - | else | + | |
| - | printf '\033[1;31mfail\n\033[0m' | + | |
| - | fi | + | |
| - | done <<< "$localnet_hosts" | + | |
| - | </file> | + | |
| - | </spoiler> | + | |
| - | === [??p] Task B - nmap === | + | Observe that once you close the python shell and the memory is freed, //swpd// still displays a non-zero value. Why? There simply isn't a reason to clear the data from the swap area. If you really want to clean up the used swap space, try the following: |
| + | <code> | ||
| + | $ vmstat | ||
| + | $ sudo swapoff -a && sudo swapon -a | ||
| + | $ vmstat | ||
| + | </code> | ||
| + | |||
| + | <solution -hidden> | ||
| + | Output here: | ||
| + | |||
| + | {{ :ep:labs:ep2017_l2_ex05.png?550 |}} | ||
| + | |||
| + | Free memory goes down, swap usage goes up. | ||
| + | </solution> | ||
| - | TODO | + | Create two swap files. Set their priorities to 10 and 20, respectively. \\ |
| + | Include the commands (copy+paste) or a screenshot of the terminal. \\ | ||
| + | Also add 2 advantages and disadvantages when using a //swap file// comparing with a //swap partition//. | ||
