CS 426, Spring, 2008, HW 6. <br>
Due March 21, 2008, 11:30 AM. <br>
<br>
The purpose of this PSO is to experiment with ethernet "sniffing" and<br>
session encryption.<br>
<br>
You should do the experiments on the sslab02-sslab25 machines in LWSN
B131.<br> The lore machines or the pod machines do not have secondary<br>
interfact to safely snoop traffic.<br> Use ssh to login to sslab machines to work on them.<br>
<br>
First, you should familiarize yourself with two commands: script and<br>
tcpdump. script will allow you to save a copy of whatever you type and<br>
what is output from a command during an interactive session. You will<br>
use this to save evidence of what you type and see during your PSO.<br>
tcpdump is a command to observe traffic on the network. Now, experiment<br>
running tcpdump using the following command: sudo<br>
/usr/local/etc/tcpdumpwrap-eth1 [options]<br>
Study the options of tcpdump yourself (and if you need help, see the TA
in your Lab).<br>
If you use the -w option to save output to a file, the output should be<br>
a simple name like "out", which will create the output file<br>
/var/tmp/<login>-out (i.e. /var/tmp/ashishk-out). The eth1 network<br>
interfaces are on a private network (10.0.0.0/24). The IP addresses are<br>
10.0.0.n where n is 100+station number. For example, the IP address for<br>
sslab05 is 10.0.0.105.<br>
<br>
Use the options to the tcpdump command that allow you to see the<br>
contents of packets, not simply the headers.<br>
Run tcpdump under script to observe network traffic. ssh to your<br>
account on another connected machine.<br>
The stations are only connected in pairs as<br>
sslab02 <-> sslab03<br>
sslab04 <-> sslab05<br>
...<br>
sslab24 <-> sslab25<br>
1. You can generate traffic by using ssh to the IP address of the other<br>
station (or ping).<br>
2. Start a new session of script and tcpdump.  This time, use "telnet them echo" <br> on the same machine (in a new ssh session on a different terminal).<br>
3. Run a third session, and use ftp to your account in CS on a paired machine (sslab-?? as mentioned above). <br> It would not work, but the messages recorded by tcpdump is about the "no connection". <br>
4. Start a fourth session, and send email to your CS account from the<br>
machine. See what is recorded by tcpdump.<br>
<br>
Turn in the following documents. Write a short analysis of<br>
what you have recorded in steps 1-4. What does this mean? What would<br>
happen if an attacker had broken into the machine and was running his or<br>
her own version of tcpdump (or something like it?). What if someone is<br>
running a "sniffer" program like this on one of the server machines, or<br>
your ISP?<br>