Lab 0 Windows: Using CORE and Network Tools in Windows

This is a do-it-yourself lab to help you familiarize with the CORE network emulator software that you will be using in future labs as well as several low level network tools. You should complete this lab within Weeks 2-3. The instructions in this handout are meant for a Microsoft Windows user.

Once you have completed all the tasks in this lab, show your running CORE virtual machine (VM) to any of the tutors. The tutors may ask you some questions regarding your setup. If you do not show to a tutor that you have completed this lab, you will not be able to submit future lab exercises.


The instructions that follow assume that you are using a Microsoft Windows 10 computer. Your computer needs to have large hard disk and RAM to be able to run the VM. It is recommended that your computer has at least 100 GB available hard disk and at least 16 GB RAM.

This lab also requires the installation of the following software packages:

Download and install these packages before starting this lab. Familiarize yourself about how to use WinSCP, Putty and especially VcXsrv. VcXsrv will install a program callend XLaunch which is necessary for you to launch GUI-based applications such as CORE.
This lab also assumes that you have basic knowledge of Linux commands and that you are able to navigate and explore the filesystem using these commands within a terminal/shell. If this is not the case, you may read this online resource.

Getting Started

CORE is a network emulator software developed by the U.S. Naval Research Laboratory for emulating complex networks. In CORE, you can create and study complex virtual networks consisting of hosts, routers and switches at "no cost". To make the labs easier and more user-friendly, we have already prepared a virtual machine (VM) image that contains CORE and all the low-level network tools that you will need in future labs. However, to be able to perform the future labs, you will need to do your part by configuring your own running and working CORE virtual machine. This is the purpose of this lab.

Getting the VM Image

The VM image is a large file that needs to be stored on a local disk (not a network drive). You can download the image using WinSCP. (If you do not have WinSCP installed in your computer, download it from To download the VM image, open WinSCP and when prompted, enter the following information:

Port number: 22
Username: Your ECS username
Password: Your ECS password

The VM image is located in the following folder:

Download nwen302-labs.ova to an appropriate location in your hard drive. Remember that the VM image is around 2 GB, so it might take you awhile to complete the download.

Configuring Oracle VirtualBox

Oracle VirtualBox is a software that allows you to host and run virtual machines. (If you have not installed VirtualBox yet, download a copy for your operating system from Start VirtualBox. You should see the VirtualBox main window.


You may need to change the default folder for Virtualbox VMs. Select File -> Preferences -> General -> Default Machine Folder and set this to an appropriate location in your hard disk with enough space.

Importing and Running the VM in Oracle VirtualBox

You are now ready to import the NWEN 302 VM image that you have downloaded to a local directory. To do that, in the main VirtualBox window, select File -> Import Appliance, then choose the nwen302-labs.ova file that you have downloaded and click Next. Keep the default options, then click Import.

Once you have successfully imported the VM, you will need to configure the network interfaces of the VM. Two kinds of network interface are useful for the NWEN302 labs. These are NAT and Host-Only networks.

To create a NAT network, in Virtualbox, navigate to File -> Preferences -> Network, and click the "Add new NAT network" button on the right. Edit the newly added NAT network. Refer to the screenshots below to configure the NAT network (the defaults should be fine).


The Host-Only network should already be configured and enabled if you followed the import instructions above. To confirm, in the main Virtualbox, click "Tools" then select "Network".



Once these are created the networks will need to be associated with the VM. To do this click on the virtual machine, click the Settings button and navigate to the Network menu. As per the screenshots, select NAT and Host Only networks under Adapter 1 and Adapter 2. Note the "VirtualBox Host-Only Ethernet Adapter" here is the name of the host-only network created above.



To start your VM, use the start button in Virtualbox. This will give you command line access to the virtual machine on screen. It can be shutdown via the terminal or through the Virtualbox GUI.

Connecting to the VM

Once the VM has completed the bootup process, you can now connect to it to open a terminal or shell. To do that, you can use putty. If putty is not yet installed on your computer, download and install a copy from

Start putty. On the main putty window, enter the following information:

Host Name:
Port: 22
Connection Type: SSH

On the left side of the main putty window (Category), select Connection->SSH->X11. Check Enable X11 forwarding. Click Open to initiate the connection to the VM. (Answer Yes when prompted about security keys/certificates). To login, use nwen302 as username and password. If the login is successful, you will now see the terminal/shell command prompt which means that you are ready to enter commands in the VM.

Trying Out the Low Level Network Tools

As mentioned, we have installed several low level network tools in the VM. These tools are essential parts of your toolkit in understanding networks and diagnosing network issues. While there are many useful sophisticated graphic tools which provide network information these tools are available on all Unix based systems. At some point in your networking career you will be faced with using these tools to decipher what is going on!

  • ifconfig allows you to examine the interfaces on a host to see what addresses are in use
  • ping is useful as it can tell you whether two way communication exists between two hosts on the network. In addition its response times can be a good indicator of network health
  • arp can be used to examine the ARP tables on your local machine.
  • netstat shows network status
  • tcpdump is the Swiss Army knife in your toolkit. You can use it to find out all sorts of information about traffic on a network.
  • traceroute can be used to examine the path that packets take on their way to a particular host and can be used to find out where a network failure occurs

Use the man command to find out more about these tools. You can enter these commands in a terminal/shell that is connected to the VM.


Using ifconfig to find out more about your workstation

At the command prompt, type:
$ ifconfig -a

You should see several interfaces. What does each represent?

Examine the entry for one of the interfaces with IP address (enp0sX where X is a number)

What information can you extract from the entry?

Record details of the type of hardware, speed, duplex, hardware address, status, mtu etc and give an explanation of what each term means.


We can use ping to find out information about remote hosts.

At the command prompt, type:
$ ping
$ ping
$ ping
$ ping
$ ping

Describe how ping works to host on the same LAN and to one that is remotely connected. What can you infer about the location of these hosts?

What MAC address do the ICMP response packets come from?

What is the IP address of this host?


The arp program displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol (arp(4)).

At the command prompt, type:
$ arp -a

What information can you get from this?

Try pinging the workstation "mono" (unless you're on "mono", in which case ping "rubia") and then run the arp command again. What changed? Why?

Try pinging the ECS undergraduate gateway host, "barretts" and run the arp command again. What changed? Why?

Read up on how ARP works. How long will entries normally be held in this table?


netstat is a powerful tool with many different options. We will use it here to look at the routing tables on your workstation. At the command prompt, type:
$ netstat -rn 

Explain the flags used.

How would modify the above command to show only the IPv4 routing table? And the IPv6 table?


At the command prompt, type:
$ sudo tcpdump -n -i enp0sX

where enp0sX is the interface with IP address Explain what the flags mean.

This shows all traffic on the interface. Note that this includes traffic which may be discarded by any firewall filters running on a machine. This can be very useful when debugging firewall problems.

We're going to focus on arp and icmp traffic.

Modify the tcpdump command to show just those traffic types.

Open another terminal window and run this command:
$ ping

What do you see in the tcpdump window? What can you infer about the above address?

Repeat using "regents"

How would you modify the tcpdump command to see the Ethernet MAC address of the traffic?

Record two ICMP and two ARP packets for your report and describe them as best you can.

Using tcpdump to save data to a file

Construct a suitable command line to save tcpdump data to a file for later evaluation. What happens if you forget to stop this command? How can you avoid this problem? How do you read back the data you've captured?


Use the traceroute command to each of the hosts named in the ping section above.

Record the tcpdump trace for each traceroute and use them to describe how the traceroute command works.

Running CORE Graphical Interface

As mentioned, we have already installed CORE in the provided VM. To launch CORE, make sure you are connected to the VM via putty with X11 forwarding enabled. (CORE uses the X Window protocol for display which means that your Windows computer needs to have X display capability. This can be done by installing Xming which you can download from Xming contains the program XLaunch which you should run prior to running the CORE GUI. Once you have XLaunch running, you are now ready to launch CORE GUI.)

You should create a working directory and run the core-gui command from there, e.g:

$ mkdir nwen302-lab0 
$ cd nwen302-lab0
$ sudo core-gui

Be sure to run core-gui as root (the sudo command as used above does this), as if you do not some features such as the Wireshark integration will not work correctly.

After launching CORE, you should see a blank canvas similar to this:


You are now ready to use CORE for your lab exercises.

Backing Up Your Work

You are strongly encouraged to save your working files on a regular basis into different files. Don't spend a couple of hours making changes only to find the save fails and you have to do it all again.

When you have finished using CORE, use the “stop the session” button at the top left-hand side of the CORE GUI. Do not forget to save your work before you close the GUI!

Managing and Accessing Files In VM

If a host-only network is enabled, you will be able to SSH into the machine or access files via WinSCP.

You can now show the tutor that you have completed this exercise by walking him through the steps that you have followed to get CORE up and running.

Resizing Disk Size

The size of the virtual disk used by the file system needs to be resized. To do this, just connect a terminal/shell to the running VM, then execute the following commands:
$ sudo lvm
lvm> lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
lvm> exit

$ sudo resize2fs /dev/ubuntu-vg/ubuntu-lv 

For the changes to take effect, you need to restart the VM. You can do this by executing the following commands:

$ sudo shutdown -r now

Reusing This Material

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 New Zealand License.