Differences
This shows you the differences between two versions of the page.
|
ep:labs:04:contents:tasks:ex2 [2021/10/05 12:58] radu.mantu [02. [??p] Network Exploration] |
ep:labs:04:contents:tasks:ex2 [2023/10/29 20:47] (current) radu.mantu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== 02. [??p] Network Exploration ==== | + | ==== 02. [30p] Network Exploration ==== |
| - | === [??p] Task A - ARP vs ICMP === | + | === [10p] Task A - ARP vs ICMP === |
| The [[https://datatracker.ietf.org/doc/html/rfc826|Address Resolution Protocol (ARP)]] resolves layer 2 addresses (MAC) from layer 3 addresses (e.g.: IP). Normally, all hosts are compelled to reply to ARP requests, but this can be fiddled with using tools such as **arptables**. You can show the currently known neighbors using **iproute2**. | The [[https://datatracker.ietf.org/doc/html/rfc826|Address Resolution Protocol (ARP)]] resolves layer 2 addresses (MAC) from layer 3 addresses (e.g.: IP). Normally, all hosts are compelled to reply to ARP requests, but this can be fiddled with using tools such as **arptables**. You can show the currently known neighbors using **iproute2**. | ||
| Line 79: | Line 79: | ||
| </solution> | </solution> | ||
| - | === [??p] Task B - nmap vs traceroute === | + | === [20p] Task B - nmap vs traceroute === |
| **nmap** is a network exploration tool and a port scanner. Today, we will look only at a specific functionality that it shares with the **traceroute** utility. | **nmap** is a network exploration tool and a port scanner. Today, we will look only at a specific functionality that it shares with the **traceroute** utility. | ||
| Line 106: | Line 106: | ||
| * uses ICMP because we didn't perform a port scan first | * uses ICMP because we didn't perform a port scan first | ||
| </solution> | </solution> | ||
| + | |||
| + | <note tip> | ||
| + | Troubleshooting: | ||
| + | * **permission denied** : make sure that **nmap** is not installed as a **snap**; you have two choices: | ||
| + | * reinstall **nmap** with apt : ''sudo snap remove nmap && sudo apt install nmap'' | ||
| + | * grant **nmap** permissions : ''snap connect nmap:network-control'' | ||
| + | </note> | ||
| If we do allow for a port scan by removing ''-sn'' (default is a TCP-based scan; use ''-sU'' for a UDP scan), this will take place //before// the actual traceroute. What changes does this bring? | If we do allow for a port scan by removing ''-sn'' (default is a TCP-based scan; use ''-sU'' for a UDP scan), this will take place //before// the actual traceroute. What changes does this bring? | ||
| Line 113: | Line 120: | ||
| </solution> | </solution> | ||
| + | == Optional Task (... no, really) == | ||
| + | |||
| + | When doing the TCP scan with **nmap**, you may have noticed a weird field in the TCP header: **Options**. | ||
| + | Generate some TCP traffic with **curl** and look at the SYN packet in **wireshark**. What options do you see there? | ||
| + | |||
| + | [[https://www.firewall.cx/networking-topics/protocols/tcp/138-tcp-options.html|Here]] is a quick break down of the more common TCP options and how they are used to overcome protocol limitations and improve throughput. Take a quick look if you want, then move on. We'll dive deeper into protocol options in the next task. | ||
