Noms : Annotations : Note :

TP000 - Familiarisation avec les outils utilisés pendant les TP Pendant les TP, vous allez devoir vous familiariser avec des matériels, des logiciels, des langues différentes (Français et Anglais seulement !...)Cette première séance vise à appréhender facilement les logiciels correspondants aux outils à utiliser pour : Fournir des services : DHCP, NTP, syslog, TFTP, … Faire des mesures : niveaux de signal, tests de débit, … Faire des analyses sur les flux réseau filaires et sans-fil

Pour chaque petit utilitaire que vous vous serez dégoté par vous-même ou téléchargé ici, un mini-lab est proposé pour découvrir chaque outil.Pas (beaucoup) de matériel Wifi utilisé pour le moment…

Table des matièresPréambule.........................................................................................................................................3Notepad “is your friend”; Cut&Paste “is your friend”........................................................................3

What...............................................................................................................................................3Why................................................................................................................................................3What else ?.....................................................................................................................................3

TFTP32/64 de Philippe Jounin............................................................................................................4What...............................................................................................................................................4Why................................................................................................................................................4What else ?.....................................................................................................................................4Nota...............................................................................................................................................5How................................................................................................................................................5

Sniffing the wired or wireless network with Wireshark......................................................................7What...............................................................................................................................................7Why................................................................................................................................................7How................................................................................................................................................7

Inssider Introduction..........................................................................................................................8What...............................................................................................................................................8Why................................................................................................................................................8How................................................................................................................................................8

Iperf: Network Performances measurements....................................................................................9What...............................................................................................................................................9Why................................................................................................................................................9How................................................................................................................................................9

Multicast traffic generator and measurements................................................................................10Annexes iperf en multicast...........................................................................................................11

Annexes..........................................................................................................................................12Réinitialisation du point d’accès Cisco 1240................................................................................12

PréambuleEn TP, il est IMPORTANT que vous preniez de bonnes habitudes dès la première séance :

- habituez-vous à d’abord faire un schéma (au minimum) de votre future implémentation en y rajoutant le plus de détails possibles : adresses IP, ports ethernet, …

- pensez à toujours simplifier la configuration notamment au niveau des PC : les interfaces réseau non-utilisées devront être physiquement débranchées ou désactivées si ce sont des interfaces de VirtualBox non-utilisées pour éviter toute erreur de routage, tout bouclage ou trafic aléatoire.

- Communiquez avec l’enseignant et les autres étudiants, tout en restant polis, courtois et toujours en respectant le calme et la sérénité des salles de TP.

Notepad “is your friend”; Cut&Paste “is your friend”WhatDemonstrate that you can copy into a text-file (using notepad or your favorite editor) your complete Cisco IOS configuration and in the opposite direction, from a show-run to a text-file.

WhyIt’s important to backup your current work (configuration of a Cisco hardware) into a text-file that you can store on a USB key and move it into another site. If you can not finish your set-up, you will save time the next time with your backup instead of starting from scratch.

What else ?You can cut & paste your “show run” result into a text file [the backup] and… from your text file into you Putty console session [the restore]: place the router in state “configure terminal” and paste your txt file commands into your “running-config”. Exclamation marks (point d’exclamations !) placed at the beginning of the line indicates this line is a comment: over-use it to comment your configuration files.

ScenarioUsing the initialization procedure described in the “Annexes”, start one (not two) Cisco 1240 Access Point and connect it to a Cisco 3750 switch for PoE.Using a console in Putty, log in on COM1 with 9600-8N1 and use password “Cisco” (with capital C) to enable the configuration. In the following lines, replace X by your pod (paillasse) number:conf thostn AP_PODXdot11 ssid RTLP_TP00_Xauth openguestexitint bvi1ip add 10.0.0.X 255.255.255.0

no shutint dot11r0ssid RTLP_TP00_Xchannel Xpow loc -1no shutint dot11r1ssid RTLP_TP00_Xchannel dfspow loc -1no shutexitdo wri me do sho ip int briedo sho dot11 bssid

Then use “Cut and paste” (Copy==Crontol-C in Word or Notepad, Paste==right-click in Putty) to download these lines into your Access Point.Check the result on screen of the console and try to connect your access point using Wifi.

TFTP32/64 de Philippe JouninWhatTFTP32/64 is a very valuable utility: it's a shareware but it is also a “MUST HAVE” !...http://tftpd32.jounin.net/« Tftpd32/64 includes DHCP, TFTP, SNTP, DNS and Syslog servers as well as a TFTP client...snip... »We will mostly use it in its DHCP, NTP and TFTP servers configurations instead of using a full monster of Windows Server DHCP server for instance.

WhyActually, most of the Access Points (AP) we are going to study are « DHCP client » enabled and they will request an IP address dynamically at bootup.

What else ?Tftp32 can also be used as … WHAT ARE THE OTHER FEATURES/OPTIONS IN THE SETTINGS TAB OF TFTP64 ?

NotaBe careful of not plugging several DHCP servers on the same segment: it most of the time leads to nightmares debugging situations.In our case, it’s better to use a cross-over cable for initial configuration of the access points.

How-1So, one of your PC (IP@==10.0.X.1/24) connected to the 3750 switch (all other network interfaces deactivated) is going to be running this utility as a DHCP server for instance to provide appropriate IP address to your respective access point.

DRAW A SCHEMA OF THE INSTALLATION WITH IP ADDRESSES, NETWORK PORTS,… AND SHOW IT TO THE INSTRUCTOR BEFORE RUNNING THE DHCP SERVER.

How-2Use a cross-over cable to connect the Ethernet interface cards of your two PC (Ethernet card): one will be the DHCP server (server PC configured with a static IP@) running TFTP32/64 and the other PC will be the DHCP client (client PC configured with a Dynamic IP@) SCHEMA PLEASE…

Remember to download the software on your server PC and save a copy in your USB-tool-stick.Start it, select the « server interface » that will deserve the IP addresses based on requests.In this case, the IP address is configured for “Salle 408”. Change the IP@ manually on the server PC in order to adapt it to your classroom’s design.

On the « DHCP Server » tab, fill in the required field and observe the dynamic allocations in the list. Optionally, browse the « Events Viewer » tab in order to retrieve previous events.

SHOW YOUR INSTRUCTOR THAT DE CLIENT PC GOT AN IP@ ALLOCATED FROM THE SERVER PC.

Bonus: Reading the label on the back of the AP (deduct the MAC address) and aware of your network address schema, you'll use tftp32/64 in order to assign a « static assigned dynamic IP address » sticking to this AP.

Sniffing the wired or wireless network with WiresharkWhatWireshark (http://www.wireshark.org/) is a free protocol analyser (sniffer) available on several OS platforms and producing pcap format dumps. It is able to diplay network traffic as it is sent encapsulated over the network: this action is called “sniffing”.It is supposed to sniff traffic between the machine that runs the Wireshark program and another one exchanging information with it. But it is also supposed to sniff even traffic not directed to it (when the Ethernet destination MAC@ is different from your machine’s MAC@).

WhyPart of your job is to build and troubleshoot networks. This is a must-have and powerful tool.

HowDownload it (and the WinPcap if needed additionally) and save a copy in your USB-tool-stick.Select « Capture/Interfaces »Using « Options » button, browse to all available options.Try sniffing some trafic from your ethernet adapter (NOT the wireless adapter!) in normal and promiscuous mode while browsing the IUT website.Then, do the same thing from your wireless adapter when connected to Unice Hotspot

Save one wireless sniffing session into a .pcap file for further use, for comparison in the next array.By default Wireshark is not supporting « Capture packets in promiscuous mode » on a wireless adapter. Later, we’ll see a work-around using specific Aircrack drivers on some specific wireless adapters that allow “sniffing wireless”.What mode is working, not working ? What is the promiscuous mode ? First, look for the definition of « promiscuous mode » and, then, explain what kind of traffics you are able to capture without promiscuous mode.

What else ?Using Wireshark and a specific USB wireless adapter allows you to turn on “promiscuous mode” but also listen to the Level1 trafic. So you can see the beacons.Open the two .cap or .pcap files and answer the questions below:

Filename +Frame Question Tips&Tricks Your answerFile 00_airodump.cap+Frame 11 What is the requested

website ?Click Hypertext Transfer Protocol

+Frame 12 What kind of frame is that ? Did we get such frames in your sniffing file ? Why ?

Think of CSMA/CA; magic USB wireless adapter

+Frame 12 What is the length of the frame in bytes ?

Click Frame 2 -> Frame Length

+Frame 26 What is the band (b/g/a/n…) and channel used for the transmission of this frame ?

Click 802.11 radio information

+Frame 26 What is the Data rate ? Click 802.11 radio information -> Data Rate

+Frame 26 What is the RSSI in dBm ? Click 802.11 radio information -> Signal Strenth

+Frame 26 What is the noise level in dBM ?

Click 802.11 radio information -> …

+Frame 26 What is the SNR ? Think of SNR= signal on noise ration (ou difference si l’on passe en dBM(log))

+Frame 32 What is the Data rate ?+Frame 25 What is the Data rate ?+Frame 36 Display all the traffic going

through this access point: how many frames do you find ?

Create a filter that displays always the same BSSID (the kind of MAC@ of the access point corresponding to the SSID): Click IEEE802.11 -> BSS Id wlan.bssid == 00:14:a5:cd:74:7b

How many ack frames in this capture ?

Create a filter to only display ACK frames: wlan.fc.type_subtype == 0x001d

+Frame 131 What is the content of the web page that this user is

Select frame, right-click on it and select “Follow” ou “Suivre” then “HTTP

displaying ? Stream”. Cut & paste into notepad; remove all the text before <html> tag and save it into pit.html. Open the file with a web browser.

File 01_airodump.cap+ Frame 1 What kind of frame is it ? “annonce périodiquement la presence

d’un ou plusieurs réseaux wifi”There is only one access point but delivering several WLANs (SSIDs). What are the differents BSSID of the access point ?

Think of each BSSID is like a MAC@ linked to the SSID (WLAN) proposed by this access point.

+ Frame 7 What is the interval time between two beacons in ms?

Click IEEE802.11 wireless LAN management frame -> Fixed Parameters

+ Frame 12 Is this access point broadcasting the name of the SSID or is it hidden ?

Click IEEE802.11 wireless LAN management frame -> Tagged Parameters -> Tag: SSID…

But we know that even if the SSID is hidden, we can find it from the client: so what are the SSID requested by the client ?

Find the probe requests sent by the client. wlan.fc.type_subtype == 0x0004

What are the frames displayed when you apply this filter: !(wlan_mgt.ssid == "") ?

+ Frame 116 What are the supported rate speeds of the wireless client ?

Find “supported rates” and “extended supported rates”

+ Frame 711 Why don’t we see the content of the frame ?

Click 802.11 data -> … parameters

Inssider Introduction

WhatInssider (from MetaGeek) is a small but very useful freeware when you want to know if wireless networks are available in your geographic area. It uses active scanning (sends probes) and once connected to a GPS, it's also a good wardriver utility.

WhyNever wonder what SSID are available at your place?

HowDownload and install Inssider and save a copy in your USB-tool-stick.

Get used to these tools and make some screenshots of both displays in 2,4Ghz and 5Ghz.Isolate all the Cisco AP by selecting them.Write down what are the benefits of Inssider.

Insert a screenshot that displays your access point signal(s).

Jperf : Network Performances measurementsWhatIperf (https://iperf.fr ) is an historic command line client/server set of tools that allow to make some performance mesures on the network link you want to test: whether ethernet, wifi, CPL, aDSL, and so forth … Jperf is a Java front-end to the iperf command-line toolset.For an easy setup, it is the same little software that can be use in client (the attacker) or server mode (the target).Iperf launched in the client mode polls the server (iperf launched in the server mode on another machine) with a customizable protocol (udp, tcp,… unicast, mcast, …) during a predefined period of time and then reports the results of the measurements along the tested network.

WhyEver trusted the vendors when they claim 11 Mbps, 54 Mbps or even 300Mbps throughput on a wireless connection? Get your own measures!!!

HowDownload (iperf or) jperf (java graphical frontend for iperf) and save a copy in your USB-tool-stick.Install jperf on server and client run jperf on the server   : find appropriate options to start as a server in listening mode and look for appropriate default protocol and port used (if you use the command-line, type «   help   » option to have all options described) - run jperf on the client : find appropriate options to start as a client pointing to the appropriate server.When found, make a snapshot or write down the client and server options for further use!!!!

Testing performances for udp trafic: when basic principles are understood with iperf, have a look on jperf: same tool with a graphical interface and easy to select options.Show your instructor the result of a UDP over 100Mb Ethernet switch connection between your two PCs:

Connexion filaire ou wifi

10.4.0(x)9.113 10.4.0(x)9.114

Jperf lancé en mode serveur

Jperf lancé en mode client

- what is the expected throughput? - what is the measured throughput?Now show your instructor the result of a UDP over a RTLP_TP00_X wifi connection of your two PCs:- what is the expected throughput? - what is the measured throughput?- do you expect TCP or UDP to be faster?Note : Of course, when there is a clientserver pair of software that is supposed to work together, the server must be started and in listening mode before any client can connect to it.

Bonus: Multicast traffic generator and measurements You are aware of side effects or troubles due to CSMA/CA in 802.11. One way to investigate the performance of multicast traffic going through your wireless-link is to play a file as a multicast stream using VLC (as a streaming server) and receive it through a wireless link on another VLC (as a client of a registered multicast stream: by the way, that what is currently used in your CretinBox at home through your ADSL link)

Video Lan Client It is a « must have » tool when doing some multicast testing…I was told that VLC is a very famous software when dealing with playing MKV files (I never did but I was told…) but it also has some additional features you would like to be aware of concerning streaming:VLC on the Stream Server side in multicast mode.You can also stream using raw « udp » with a multicast destination address 224.0.55.55 port 5001.Connect another VLC as a client now becoming a listener of this multicast trafic (play with the appropriate « Ouvrir… » options…)

Jperf as a multicast listener to a VLC streamIperf is an alternative multicast trafic generator if you do not mind looking at the streamed video.  Start iperf as a receiver to handle the VLC server stream:iperf -s -u -B 224.0.55.55 -i 1 or use the jperf GUI

Jperf as a multicast generator and listenerUse the -B option while starting the server to bind it to a multicast address.E.g. :-iperf -s -u -B 224.0.55.55 -i 1. This will have the Iperf server listening for datagrams (-u) from the address 224.0.55.55 (-B 224.0.55.55), with a periodic reporting interval of 1s (-i 1). Now, start a client sending packets to this multicast address, with a TTL depending on your Network Topology (if you are unsure, use a high TTL like 64 or higher). E.g. : iperf -c 224.0.55.55 -u -T 32 -t 10 -i 1. This will have a UDP client (-u) connected to the multicast address 224.0.55.55(-c 224.0.55.55), with a TTL of 32 (-T 32), sending data for 10 seconds (-t 10), with a periodic reporting interval of 1s (-i 1).

If it does not decode any traffic using multicast client replace the client command with a unicast destination of the server.E.g. : iperf -c 10.0.X.Y -u -T 32 -t 10 -i 1.

NB: Pensez à stocker les commandes intéressantes dans votre cookbook !...Ce premier TP est (trop) facile mais les prochains le seront beaucoup moins…

Annexes

Réinitialisation du point d’accès Cisco 1240

Afin de restaurer un point d’accès en configuration « usine » (par défaut ou « sorti du carton »), il faut suivre cette procédure :

- débrancher l'alimentation du point d'accès (le connecteur alimentation pour une alimentation externe ou le câble Ethernet pour une alimentation par la ligne en PoE).

- Maintenir enfoncé le bouton MODE en même temps que vous reconnectez l'alimentation (transformateur powercube ou PoE via le cable ethernet). Il est important de maintenir enfoncé le bouton MODE jusqu'à ce que la LED d'état s'allume en orange (3 à 5 secondes).

- Relâcher le bouton mode.

ATTENTION   : Tous les paramètres du point d'accès ont été remis à leurs valeurs d'usine par défaut. Vous pouvez alors accéder à la configuration du point d’accès à l’adresse IP par défaut.Le nom d’utilisateur et le mot de passe par défaut sont « Cisco ».

RESET