IT 643 Lab 1 Packet Analysis on Linux IT 643 Lab 1 IT 643 Lab 1

Lab 1: Packet Analysis on Linux

SNHU

Lab 1 Procedure

The following requirements must be met in order to set up this lab:

Windows or Linux 64-bit-based host operating system—this system will be used to install VirtualBox and set up the VM for this lab (Windows Vista/7 or Ubuntu Linux)

4GB of RAM on the host system with at least 50GB of hard drive space

Copy of VirtualBox available from https://www.virtualbox.org/wiki/Downloads (use the download that is appropriate for Windows hosts or Linux hosts)

Ubuntu 12.04 LTS install image available from http://www.ubuntu.com/download/desktop

ssh if using Linux, or Putty if you are using Windows as the host operating system. Putty is available from http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe

Internet access for adding packages to the install of Ubuntu

VM Setup

After downloading VirtualBox, install the software, accepting the default settings, which includes installing device software on Windows.

Start up VirtualBox. If prompted to install the “VirtualBox Extension Pack,” you can select “yes” to download the latest extension pack and install it.

From the main window, click the “New” button.

In the “Create Virtual Machine” windows, type “Ubuntu” as the name, then select Linux as the type and Ubuntu (64-bit) for the version and click Next.

The default memory size of 512MB is acceptable; click Next.

Click Create to “Create a virtual hard drive now.”

Leave the default VDI option and click Next.

• Leave “Dynamically allocated” selected and click Next.
• Change the hard drive size from 8GB to 20GB just to leave some space for future labs and click “Create.”
• You will now have a newly created Ubuntu VM. Click “Start,” which will turn on the VM. Information about keyboard capturing may appear; just click OK and select to not show the message again.
• When prompted for a startup disk, browse to the location where you downloaded the Ubuntu 64-bit 12.04 install and click Start.
• Click OK or select “Do not show this message again” for all of the warning messages about mouse pointing and video messages for VirtualBox.
• Click “Install Ubuntu.”
• Click to check “Download updates while installing” and click Continue.
• Select “Erase disk and install Ubuntu.”
• The 20GB hard drive should be selected; click Install Now (Ubuntu will install while moving through additional configuration options.
• Change the time zone by typing in GMT, and click Continue. Select a keyboard layout you want to use and click Continue.
• For your name, enter the computer name as “IT643-VM” and the username “normal-user” and set the password to something that is displayed as a “strong password,” something between 12 to 14 characters, and click Continue.
• The system will take about 10–20 minutes to install. Click “Restart Now” when it appears.
• Press to reboot.
• When Ubuntu starts, LightDM will show normal-user selected. Type in the password you used during the installation and press .
• By default, the VM will be NATed through the host operating systems network. To make sure the host operating system can send network packets to the VM, we are going to set up host-only networking to set up a private network between just the VM and the host operating system. In the top right corner, you will find options for the logged-in user. Click the gear and select shutdown as shown in Figure 1.

Figure 1 – How to Shut Down the VM

sudo apt-get update && sudo apt-get -y dist-upgrade(You will be prompted to type in your password)

• Once the VM says “Power Off,” select the VM and click the “Settings” button.
• Click Network, which will show Adapters 1 through 4. For Adapter 2, click to “Enable Network Adapter” and select “Host-only Adapter” to attach too.
• Click the “Advanced” arrow and select “Allow All” for Promiscuous Mode and click OK.
• Start up the VM and log back in as “normal-user.”
• Type + which will bring up the “Run Command” menu. Type in “gnome-terminal” and press .
• This will load up a terminal to run commands with. With the terminal open, the operating system will need to be updated before continuing, so type in the following to update and install security patches for Ubuntu:

Setting Up Wireshark and Performing a Packet Capture

• Once the update is done, hit the Right key or move the mouse outside of the VM. Click “Devices” and select “Install Guest Additions.”
• Click Run to install the VBOX Additions.
• Type in the password for the normal-user and click Authenticate.
• Once the installation is completed, press to close the terminal window.
• On the left side of the desktop is the Unity application launcher. Right click on the “Terminal” window and select “Lock to Launcher.” This will ensure simple access to the terminal.
• Click the gear in the top right corner and select “Shut down” then select “Restart” to reboot the system.

sudo apt-get -y install wireshark



Figure 2 – Capturing Interface Window

• Open up the terminal and run the following command to install Wireshark, which provides a graphical packet capturing utility.
• There will be two network interfaces defined, eth0 and eth1. eth0 will have an IP address in the 10.0.2.0/24, and eth1 should have an IP in the range 192.168.56.0/24.
• From the Windows/Linux host operating system, open a command prompt or shell and try to ping the IP address of the VM, which can be found by typing “ifconfig eth1” in the terminal. The default host-only network address is usually 192.168.56.101.
• Type “sudo wireshark” in the terminal and enter your password. This will open up Wireshark. Start a packet capture by selecting Capture and selecting interfaces and shown in Figure 2:

Lab 1 Assignment

• Interface eth0 should be set to an IP in the 10.0.2.0/24 IP range (10.0.2.15) by default. Click “Start” to begin the packet capture.
• With Wireshark running, click on the Firefox logo (Shown in Figure 2 as the Fox and blue globe). Navigate to http://www.snhu.edu. Once the webpage loads, close Firefox.
• There will be a number of packets in the Wireshark screen; select Capture from the file menu and select “Stop.”
• Click “File->Save” to save the packet capture before continuing. Save the packet capture in the /home/normal-user directory and name it lab1.

Your assignment for this lab is to provide two packets from the packet capture.

For the lab report, provide the text of the packet or provide a screenshot of the packet as shown in Wireshark.

• Provide the packet that provides the DNS query for www.snhu.com
• Provide the HTTP Request packet (hint: GET request) sent to www.snhu.com

Lab 1 Questions

Lab Question 1

When navigating through the packet capture, why were there so many other TCP/UDP connections beyond the request for www.snhu.edu?

Lab Question 2

From the packet capture, what is the HTTP response code sent after the request to www.snhu.edu (hint: this is a specific code that is important for HTTP)?

Lab Question 3

From the HTTP response from www.snhu.edu, what is the server that SNHU is reporting in the HTTP Server header?