Lab 0: Using CORE and Network Tools

This is a do-it-yourself lab to help you familiarize with the CORE network emulator software that you will be using in future labs as well as several low level network tools. You should complete this lab within Weeks 2-3. It is highly recommended that you use the computers in CO246 to complete all the labs in this course.

Once you have completed all the tasks in this lab, show your running CORE virtual machine (VM) to any of the tutors. The tutors may ask you some questions regarding your setup. If you do not show to a tutor that you have completed this lab, you will not be able to submit future lab exercises.

Prerequisites

The instructions that follow assume that you performing the lab in CO246. If you are not able to access CO246 because you are currently overseas, please contact nwen302-staff@ecs.vuw.ac.nz as soon as possible. You may follow the Windows-based version of this handout here.
This lab also assumes that you have basic knowledge of Linux commands and that you are able to navigate and explore the filesystem using these commands within a terminal/shell. If this is not the case, you may read this online resource.

Getting Started

CORE is a network emulator software developed by the U.S. Naval Research Laboratory for emulating complex networks. In CORE, you can create and study complex virtual networks consisting of hosts, routers and switches at "no cost". To make the labs easier and more user-friendly, we have already prepared a virtual machine (VM) image that contains CORE and all the low-level network tools that you will need in future labs. However, to be able to perform the future labs, you will need to do your part by configuring your own running and working CORE virtual machine. This is the purpose of this lab.

Getting the VM Image

The VM image is a large file that needs to be stored on a local disk (not a network drive). If you are doing this lab in CO246, you can copy the image to a directory in /local/scratch. Keep in mind that /local/scratch is not networked, hence, you will need to use the same workstation in your future labs. Follow the commands below to obtain your own local copy of the VM image.

Open a terminal/shell window (Konsole).

Create a directory in /local/scratch where you want to copy the VM image by typing this command in the terminal/shell.
mkdir /local/scratch/<your-username>

where <your-username> is your ECS username. Then, use cp to perform the actual copy:
cp /vol/courses/nwen302/nwen302-labs.ova /local/scratch/<your-username>

To verify that you have successfully copied the image, go to /local/scratch/<your-username> and check that the file is indeed there.

Configuring Oracle VirtualBox

Oracle VirtualBox is a software that allows you to host and run virtual machines. These are already installed in the CO246 lab computers. To run VirtualBox, just type

virtualbox &

in the terminal. You should see the VirtualBox main window.

Important: Change the default folder for Virtualbox VMs. Select File -> Preferences -> General -> Default Machine Folder and set this to /local/scratch/<your-username>/VirtualBox VMs where <your-username> is your ECS username

Importing and Running the VM in Oracle VirtualBox

You are ready to import the NWEN 302 VM image that you have copied to a local directory. To do that, select File -> Import Appliance, then choose the nwen302-labs.ova file in /local/scratch/<your-username>, select Next, then click Import.

Once you have successfully imported the VM, you will need to configure the network interfaces of the VM. Two kinds of network interface are useful for the NWEN302 labs. These are NAT and Host-Only networks.

To create a NAT network, in Virtualbox navigate to File -> Preferences -> Network, and click the "Add new NAT network" button. Refer to the screenshots below to configure the NAT network (the defaults should be fine). If there is already an existing NAT network named NatNetwork, double check that its settings are similar to the screenshot below.

add new nat.pngnat details.png

To create a Host-Only network, in the main Virtualbox window go to "Global Tools" in the top right and click "Create". Refer to the screenshots below for the configuration (the defaults should be fine). In newer versions of VirtualBox, you can just click "Tools" from the main VirtualBox window, then click "Create".

global settings.pnghost local added.png

Once these are created the networks will need to be associated with the VM. To do this click on the virtual machine, click the settings button and navigate to the Network menu. As per the screenshots, select NAT and Host Only networks under adapter 1 and adapter 2. Note the "vboxnet0" here is the name of the host-only network created above.

network adapter 1.pngnetwork adapter 2.png

To start your VM, use the start button in Virtualbox. This will give you command line access to the virtual machine on screen. It can be shutdown via the terminal or through the Virtualbox GUI.

Connecting to the VM

Once the VM has completed the bootup process, you can now connect to it to open a terminal or shell. To do that, you can use the ssh client as follows:

ssh -X nwen302@192.168.56.10

The '-X' option is important! Without it, you will not be able to open xterm and other GUI applications in the VM. To login, use nwen302 as username and password. If the login is successful, you will now see the terminal/shell command prompt which means that you are ready to enter commands in the VM.

Trying Out the Low Level Network Tools

As mentioned, we have installed several low level network tools in the VM. These tools are essential parts of your toolkit in understanding networks and diagnosing network issues. While there are many useful sophisticated graphic tools which provide network information these tools are available on all Unix based systems. At some point in your networking career you will be faced with using these tools to decipher what is going on!

  • ifconfig allows you to examine the interfaces on a host to see what addresses are in use
  • ping is useful as it can tell you whether two way communication exists between two hosts on the network. In addition its response times can be a good indicator of network health
  • arp can be used to examine the ARP tables on your local machine.
  • netstat shows network status
  • tcpdump is the Swiss Army knife in your toolkit. You can use it to find out all sorts of information about traffic on a network.
  • traceroute can be used to examine the path that packets take on their way to a particular host and can be used to find out where a network failure occurs

Use the man command to find out more about these tools. You can enter these commands in a terminal/shell that is connected to the VM.

ifconfig

Using ifconfig to find out more about your workstation

At the command prompt, type:
$ ifconfig -a

You should see several interfaces. What does each represent?

Examine the entry for one of the interfaces with IP address 192.168.56.10 (enp0sX where X is a number)

What information can you extract from the entry?

Record details of the type of hardware, speed, duplex, hardware address, status, mtu etc and give an explanation of what each term means.

ping

We can use ping to find out information about remote hosts.

At the command prompt, type:
$ ping barretts.ecs.vuw.ac.nz
$ ping www.stuff.co.nz
$ ping www.edinburgh.ac.uk
$ ping www.bbc.co.uk
$ ping www.bbc.com

Describe how ping works to host on the same LAN and to one that is remotely connected. What can you infer about the location of these hosts?

What MAC address do the ICMP response packets come from?

What is the IP address of this host?

arp

The arp program displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol (arp(4)).

At the command prompt, type:
$ arp -a

What information can you get from this?

Try pinging the workstation "mono" (unless you're on "mono", in which case ping "rubia") and then run the arp command again. What changed? Why?

Try pinging the ECS undergraduate gateway host, "barretts" and run the arp command again. What changed? Why?

Read up on how ARP works. How long will entries normally be held in this table?

netstat

netstat is a powerful tool with many different options. We will use it here to look at the routing tables on your workstation. At the command prompt, type:
$ netstat -rn 

Explain the flags used.

How would modify the above command to show only the IPv4 routing table? And the IPv6 table?

tcpdump

At the command prompt, type:
$ tcpdump -n -i enp0sX

where enp0sX is the interface with IP address 192.168.56.10. Explain what the flags mean.

This shows all traffic on the interface. Note that this includes traffic which may be discarded by any firewall filters running on a machine. This can be very useful when debugging firewall problems.

We're going to focus on arp and icmp traffic.

Modify the tcpdump command to show just those traffic types.

Open another terminal window and run this command:
$ ping barretts

What do you see in the tcpdump window? What can you infer about the above address?

Repeat using "regents"

How would you modify the tcpdump command to see the Ethernet MAC address of the traffic?

Record two ICMP and two ARP packets for your report and describe them as best you can.

Using tcpdump to save data to a file

Construct a suitable command line to save tcpdump data to a file for later evaluation. What happens if you forget to stop this command? How can you avoid this problem? How do you read back the data you've captured?

traceroute

Use the traceroute command to each of the hosts named in the ping section above.

Record the tcpdump trace for each traceroute and use them to describe how the traceroute command works.

Running CORE Graphical Interface

As mentioned, we have already installed CORE in the provided VM. To launch CORE, make sure you are connected to the VM via ssh. You should create a working directory and run the core-gui command from there, e.g:

$ mkdir nwen302-lab0 
$ cd nwen302-lab0
$ sudo core-gui

Be sure to run core-gui as root (the sudo command as used above does this), as if you do not some features such as the Wireshark integration will not work correctly.

After launching CORE, you should see a blank canvas similar to this:

image1.png

You are now ready to use CORE for your lab exercises.

Backing Up Your Work

You are strongly encouraged to save your working files on a regular basis into different files. Don't spend a couple of hours making changes only to find the save fails and you have to do it all again.

When you have finished using CORE, use the “stop the session” button at the top left-hand side of the CORE GUI. Do not forget to save your work before you close the GUI!

Managing and Accessing Files In VM

If a host-only network is enabled, you will be able to SSH into the machine or access file via SCP or FISH (Files transferred over Shell) protocols. Use SSH from a terminal on your host machine to connect to the VM.

FISH is a handy protocol for viewing files in Dolphin (the free and open source file manager included in the KDE Applications bundle.) In Dolphin, simply enter fish://nwen302@192.168.56.10/ in the address bar (click on the folder structure to open the address field as the bar isn't immediately visible) and you will be able to view the folders and directories quickly. It is strongly recommended that you make a bookmark to this folder for easy access.

It is also recommended you use the text editors kate, kwrite or atom when using the ECS machines when using fish to access files -- some of the other text editors are not able to properly save remotely opened files!

You can now show the tutor that you have completed this exercise by walking him through the steps that you have followed to get CORE up and running.

Resizing Disk Size

The size of the virtual disk used by the file system needs to be resized. To do this, just connect a terminal/shell to the running VM, then execute the following commands:
$ sudo lvm
lvm> lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
lvm> exit


$ sudo resize2fs /dev/ubuntu-vg/ubuntu-lv 

For the changes to take effect, you need to restart the VM. You can do this by executing the following commands:
$ sudo shutdown -r now

Reusing This Material

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 New Zealand License.