Differences
This shows you the differences between two versions of the page.
|
ep:labs:061:contents:tasks:ex2 [2025/04/08 13:30] radu.mantu [02. [20p] Conditional plotting] |
ep:labs:061:contents:tasks:ex2 [2025/04/08 13:33] (current) cezar.craciunoiu [02. [20p] Network Exploration] |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| === [5p] Task A - ARP vs ICMP === | === [5p] Task A - ARP vs ICMP === | ||
| + | |||
| + | <spoiler> | ||
| The [[https://datatracker.ietf.org/doc/html/rfc826|Address Resolution Protocol (ARP)]] resolves layer 2 addresses (MAC) from layer 3 addresses (e.g.: IP). Normally, all hosts are compelled to reply to ARP requests, but this can be fiddled with using tools such as **arptables**. You can show the currently known neighbors using **iproute2**. | The [[https://datatracker.ietf.org/doc/html/rfc826|Address Resolution Protocol (ARP)]] resolves layer 2 addresses (MAC) from layer 3 addresses (e.g.: IP). Normally, all hosts are compelled to reply to ARP requests, but this can be fiddled with using tools such as **arptables**. You can show the currently known neighbors using **iproute2**. | ||
| Line 19: | Line 21: | ||
| The [[https://datatracker.ietf.org/doc/html/rfc792|Internet Control Message Protocol (ICMP)]] is an ancillary protocol meant mainly to report errors between hosts. Sometimes it can also be used to perform measurements (**ping**) or to inform network participants of better routes ([[https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/213841-understanding-icmp-redirect-messages.html|Redirect Messages]]). There are many ICMP functionalities, most of which are now deprecated. Note that some network equipment may not be capable of understanding new and officially recognized protocols, while other may not even recognize experimental ICMP codepoints (i.e.: [[https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml|type=253,254]]) and simply drop the packet. Because ICMP can be used to stage attacks in a network, some operating systems (e.g.: Windows ≥7) went so far as to disable Echo Replies by default. | The [[https://datatracker.ietf.org/doc/html/rfc792|Internet Control Message Protocol (ICMP)]] is an ancillary protocol meant mainly to report errors between hosts. Sometimes it can also be used to perform measurements (**ping**) or to inform network participants of better routes ([[https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/213841-understanding-icmp-redirect-messages.html|Redirect Messages]]). There are many ICMP functionalities, most of which are now deprecated. Note that some network equipment may not be capable of understanding new and officially recognized protocols, while other may not even recognize experimental ICMP codepoints (i.e.: [[https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml|type=253,254]]) and simply drop the packet. Because ICMP can be used to stage attacks in a network, some operating systems (e.g.: Windows ≥7) went so far as to disable Echo Replies by default. | ||
| + | |||
| + | </spoiler> | ||
| == The Task(s) == | == The Task(s) == | ||
| Line 80: | Line 84: | ||
| === [15p] Task B - nmap vs traceroute === | === [15p] Task B - nmap vs traceroute === | ||
| + | |||
| + | <spoiler> | ||
| **nmap** is a network exploration tool and a port scanner. Today, we will look only at a specific functionality that it shares with the **traceroute** utility. | **nmap** is a network exploration tool and a port scanner. Today, we will look only at a specific functionality that it shares with the **traceroute** utility. | ||
| Route discovery is simple in principle: IPv4 packets have a **Time to Live (TTL)** field that is decremented by 1 with each hop, thus ensuring a limited packet lifespan (imagine routing loops without TTL). Even if the TTL is 0, the layer 3 network equipment //must// process the received packet (the destination host can accept a packet with TTL=0). Routers //may// check the TTL field only if they are to forward the packet. If the TTL is already 0, the packet is dropped and a //ICMP Time-To-Live Exceeded// message is issued to the source IP. By sending packets with incrementally larger TTL values, it is possible to obtain the IP of each router on the path (at least in theory). | Route discovery is simple in principle: IPv4 packets have a **Time to Live (TTL)** field that is decremented by 1 with each hop, thus ensuring a limited packet lifespan (imagine routing loops without TTL). Even if the TTL is 0, the layer 3 network equipment //must// process the received packet (the destination host can accept a packet with TTL=0). Routers //may// check the TTL field only if they are to forward the packet. If the TTL is already 0, the packet is dropped and a //ICMP Time-To-Live Exceeded// message is issued to the source IP. By sending packets with incrementally larger TTL values, it is possible to obtain the IP of each router on the path (at least in theory). | ||
| + | |||
| + | </spoiler> | ||
| == The Task(s) == | == The Task(s) == | ||
