lab1: cabling & packet sniffing - networkslab - home...

University of Jordan

Faculty of Engineering & Technology

Computer Engineering Department

Computer Networks Laboratory

907528

Lab1: Cabling & Packet Sniffing

1 Lab1: Cabling & Packet Sniffing

Physical media refers to the physical materials that are used to transmit information in data

communications. It is referred to as physical media because the media is generally a

physical object such as copper or glass.

Although it is possible to use several forms of wireless networking, such as radio frequency

and Infrared, the majority of installed LANs today communicate via some sort of cable. In

the following sections, we’ll look at two types of cables:

Twisted pair.

Fiber optic.

Twisted-Pair Cable

Twisted-pair cable consists of multiple, individually insulated wires that are twisted

together in pairs. Sometimes a metallic shield is placed around the twisted pairs. Hence, the

name shielded twisted-pair (STP).

Also you will see cable without outer shielding; it’s called unshielded twisted-pair (UTP).

UTP is commonly used in twisted-pair Ethernet (10Base-T, 100Base-TX, etc.), star-wired

networks.

Let’s take a look at why the wires in this cable type are twisted. When electromagnetic

signals are conducted on copper wires that are in close proximity (such as inside a cable),

some electromagnetic interference occurs. In this scenario, this interference is called

crosstalk. Twisting two wires together as a pair minimizes such interference and also

provides some protection against interference from outside sources.

http://en.wikipedia.org/wiki/Data_communications



http://en.wikipedia.org/wiki/Copper

http://en.wikipedia.org/wiki/Glass


Connecting UTP You need to use an RJ (Registered Jack) connector. Most telephones connect withan RJ-11

connector. The connector used with UTP cable is called RJ-45. The RJ-11 has fourwires, or

two pairs, and the network connector RJ-45 has four pairs, or eight wires.

You use a crimper to attach an RJ connector to a cable. The only difference is that the die

that holds the connector is a different shape. Higher-quality crimping tools have

interchangeable dies for both types of cables.


Types of Interfaces

In an Ethernet LAN, devices use one of two types of UTP interfaces - MDI or MDIX.

The MDI (media-dependent interface) uses the normal Ethernet pinouts. Pins 1 and 2 are

used for transmitting and pins 3 and 6 are used for receiving. Devices such as computers,

servers, or routers will have MDI connections.

The devices that provide LAN connectivity - usually hubs or switches - typically use MDIX

(media-dependent interface, crossover) connections. The MDIX connection swaps the

transmit pairs internally. This swapping allows the end devices to be connected to the hub

or switch using a straight-through cable.

Typically, when connecting different types of devices, use a straight-through cable. And

when connecting the same type of device, use a crossover cable.

UTP Cables Connections types:

Straight-through UTP Cables

A straight-through cable has connectors on each end that are terminated the same in

accordance with either the T568A or T568B standards.

Identifying the cable standard used allows you to determine if you have the right cable for

the job. More importantly, it is a common practice to use the same color codes throughout

the LAN for consistency in documentation.

Use straight-through cables for the following connections:

Switch to a router Ethernet port

Computer to switch

Computer to hub

Crossover UTP Cables

For two devices to communicate through a cable that is directly connected between the two,

the transmit terminal of one device needs to be connected to the receive terminal of the

other device.

The cable must be terminated so the transmit pin, Tx, taking the signal from device A at one

end, is wired to the receive pin, Rx, on device B. Similarly, device B's Tx pin must be


connected to device A's Rx pin. If the Tx pin on a device is numbered 1, and the Rx pin is

numbered 2, the cable connects pin 1 at one end with pin 2 at the other end. These "crossed

over" pin connections give this type of cable its name, crossover.

To summarize, crossover cables directly connect the following devices on a LAN:

Switch to switch

Switch to hub

Hub to hub

Router to router Ethernet port connection

Computer to computer

Computer to a router Ethernet port


Rollover UTP Cables

In a rolled cable, the colored wires at one end of the cable are in the reverse sequence of the

colored wires at the other end of the cable.

Console Cables (RJ-45 to DB-9 Female)

This cable is also known as Management Cable.

The connection to the console is made by plugging the DB-9 connector into an available

EIA/TIA 232 serial port on the computer. It is important to remember that if there is more

than one serial port, note which port number is being used for the console connection. Once

the serial connection to the computer is made, connect the RJ-45 end of the cable directly

into the console interface on the router.


Fiber-Optic Cable

Fiber-optic cable transmits digital signals using light impulses rather than electricity; it is

immune to Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI).

Light is carried on either a glass or a plastic core. Glass can carry the signal a greater

distance, but plastic costs less. Regardless of which core is used, the core is surrounded by a

glass or plastic cladding, which is more glass or plastic with a different index of refraction

that refracts the light back into the core. Around this is a layer of flexible plastic buffer.

This can be then wrapped in an armor coating and then sheathed in PVC or plenum.


The cable itself comes in two different styles: single-mode fiber (SMF) and multimode fiber

(MMF).

Single mode fiber optic:

Glass core 8 – 10 micrometers diameter.

Laser light source produces single ray of light.

Distances up to 100km.

Photodiodes to convert light back to electrical signals.

Multimode fiber optic:

Glass core 50 – 60 micrometers diameter.

LED light source produces many rays of light at

different angles, travel at different speeds.

Distances up to 2km, limited by dispersion.

Photodiode receptors.

Cheaper than single mode.

Although fiber-optic cable may sound like the solution to many problems:

Is completely immune to EMI or RFI

Can transmit up to 40 kilometers (about 25 miles)

Here are the Problems of fiber-optic cable:

Is difficult to install

Requires a bigger investment in installation and materials.

Serial Cables In the lab experiments, you may be using Cisco routers with one of two types of physical

serial cables. Both cables use a large Winchester 15 Pin connector on the network end. This

end of the cable is used as a V.35 connection to a Physical layer device such as a

CSU/DSU.

The first cable type has a male DB-60 connector on the Cisco end and a male Winchester

connector on the network end. The second type is a more compact version of this cable and

has a Smart Serial connector on the Cisco device end. It is necessary to be able to identify

the two different types in order to connect successfully to the router.


Data Communications Equipment and Data Terminal Equipment

The following terms describe the types of devices that maintain the link between a sending

and a receiving device:

Data Communications Equipment (DCE) - A device that supplies the clocking services to

another device. Typically, this device is at the WAN access provider end of the link.

Data Terminal Equipment (DTE) - A device that receives clocking services from another

device and adjusts accordingly. Typically, this device is at the WAN customer or user end

of the link.

If a serial connection is made directly to a service provider or to a device that provides

signal clocking such as a channel service unit/data service unit (CSU/DSU), the router is

considered to be data terminal equipment (DTE) and will use a DTE serial cable.

DCEs and DTEs are used in WAN connections. The communication via a WAN connection

is maintained by providing a clock rate that is acceptable to both the sending and the

receiving device. In most cases, the ISP provides the clocking service that synchronizes the

transmitted signal.


When making WAN connections between two routers in a lab, connect two routers with a

serial cable to simulate a point-to-point WAN link. In this case, decide which router is

going to be the one in control of clocking. Routers are DTE devices by default, but they can

be configured to act as DCE devices.

The V35 compliant cables are available in DTE and DCE versions. To create a point-to-

point serial connection between two routers, join together a DTE and DCE cable. Each

cable comes with connectors that mate with its complementary type. These connectors are

configured so that you cannot join two DCE or two DTE cables together by mistake.


How to prepare a UTP cable

Example: Instructions to prepare a Crossover cable

Things you'll need:

RJ-45 Crimp Tool

Cat-5e Cable

RJ-45 Jacks

Step 1

Prepare your workspace. Take the roll of UTP cable and cut the cable to length using the

cutting blade on the crimp tool.

Step 2

Splice the end by using the splicing blades to expose the unshielded twisted pairs.

Step 3

Take each twisted pair and make four wire strands, each going out from the center of the

wire.

Step 4

Now take the individual twisted wire pairs and untwist them down to individual wires in

the following order: Striped Orange, Orange, Striped Green, Blue, Striped Blue, Green,

Striped Brown, and Brown.

Step 5

Next, grasp the wires with your thumb and index finger of your non-dominant hand.

Take each wire and snug them securely side by side.

http://i.ehow.com/images/GlobalPhoto/Articles/4773695/1002029_Full.jpg






Step 6

Using the cutting blade of the crimp tool, cut the ends off of the wires to make each wire

the same height.

Step 7

Still grasping the wires, insert the RJ-45 jack on the wires with the clip facing away

from you.

Step 8

Insert the jack into the crimper and press down tightly on the tool to seal the wires in

place.

Step 9

Once the first head is made, repeat steps two through eight. When untwisting the wires

down to sing strands, use the following order: Striped Green, Green, Striped Orange,

Blue, Striped Blue, Orange, Striped Brown, Brown.

Step 10

Plug in the cable to test connectivity.






Cables Testing

In this lab, we are going to use MicroScanner2 UTP cable tester device to verify that cables

were prepared correctly else diagnosing cable's faults.

MicroScanner2 Features


Auto Shutoff

The tester turns off after 10 minutes if no keys are pressed and nothing changes at the

tester’s connectors.

Changing the Length Units


Diagnosing Wire map Faults

Open

• Wires connected to wrong pins at connector or punch down blocks

• Faulty connections

• Damaged connector

• Damaged cable

• Wrong pairs selected in setup

• Wrong application for cable


Split Pair

Wires connected to wrong pins at connector or punch down block.

Reversed Pairs

Wires connected to wrong pins at connector or punch down block.

Crossed Pairs

• Wires connected to wrong pins at connector or punch down block.

• Mix of 568A and 568B wiring standards (12 and 36 crossed).

• Crossover cables used where not needed (12 and 36 crossed).

Short

• Damaged connector

• Damaged cable

• Conductive material stuck between pins at connector.

• Improper connector termination

• Wrong application for cable


WIRESHARK Packet Sniffer

The purpose of this part is to introduce the packet sniffer WIRESHARK. WIRESHARK

will be used for the lab experiments. This part introduces the basic operation of a packet

sniffer, and a test run of WIRESHARK.

The basic tool for observing the messages exchanged between executing protocol entities is

called a packet sniffer. As the name suggests, a packet sniffer captures (“sniffs”) messages

being sent/received from/by your computer; it will also typically store and/or display the

contents of the various protocol fields in these captured messages. A packet sniffer itself is

passive. It observes messages being sent and received by applications and protocols running

on your computer, but never sends packets itself. Similarly, received packets are never

explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of

packets that are sent/received from/by application and protocols executing on your machine.

Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in

this case, Internet protocols) and applications (such as a web browser or ftp client) that

normally run on your computer. The packet sniffer, shown within the dashed rectangle in

Figure 1 is an addition to the usual software in your computer, and consists of two parts.

The packet capture library receives a copy of every link-layer frame that is sent from or

received by your computer. Recall from the discussion from section 1.5 in the text (Figure

1.202) that messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP,

DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over

physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an

Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet

frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all

protocols and applications executing in your computer.


The second component of a packet sniffer is the packet analyzer, which displays the

contents of all fields within a protocol message. In order to do so, the packet analyzer must

“understand” the structure of all messages exchanged by protocols. For example, suppose

we are interested in displaying the various fields in messages exchanged by the HTTP

protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so

can identify the IP datagram within an Ethernet frame. It also understands the IP datagram

format, so that it can extract the TCP segment within the IP datagram.

Finally, it understands the TCP segment structure, so it can extract the HTTP message

contained in the TCP segment. Finally, it understands the HTTP protocol and so, for

example, knows that the first bytes of an HTTP message will contain the string “GET,”

“POST,” or “HEAD

Running Wireshark

When you run the Wireshark program, the Wireshark graphical user interface shown in

Figure 2 will be displayed. Initially, no data will be displayed in the various windows.

The Wireshark interface has five major components:

The command menus are standard pull-down menus located at the top of the

window. Of interest to us now is the File and Capture menus. The File menu

allows you to save captured packet data or open a file containing previously


captured packet data, and exit the Wireshark application. The Capture menu

allows you to begin packet capture.

The packet-listing window displays a one-line summary for each packet

captured, including the packet number (assigned by Wireshark; this is not a

packet number contained in any protocol’s header), the time at which the packet

was captured, the packet’s source and destination addresses, the protocol type,

and protocol-specific information contained in the packet. The packet listing can

be sorted according to any of these categories by clicking on a column name.

The protocol type field lists the highest level protocol that sent or received this

packet, i.e., the protocol that is the source or ultimate sink for this packet.

The packet-header details window provides details about the packet selected

(highlighted) in the packet listing window. (To select a packet in the packet

listing window, place the cursor over the packet’s one-line summary in the

packet listing window and click with the left mouse button.). These details

include information about the Ethernet frame (assuming the packet was

sent/received over an Ethernet interface) and IP datagram that contains this

packet. The amount of Ethernet and IP-layer detail displayed can be expanded or

minimized by clicking on the plus-or-minus boxes to the left of the Ethernet

frame or IP datagram line in the packet details window. If the packet has been

carried over TCP or UDP, TCP or UDP details will also be displayed, which can

similarly be expanded or minimized. Finally, details about the highest level

protocol that sent or received this packet are also provided.

The packet-contents window displays the entire contents of the captured frame,

in both ASCII and hexadecimal format.

Towards the top of the Wireshark graphical user interface, is the packet display

filter field, into which a protocol name or other information can be entered in

order to filter the information displayed in the packet-listing window (and hence

the packet-header and packet-contents windows). In the example below, we’ll

use the packet-display filter field to have Wireshark hide (not display) packets

except those that correspond to HTTP messages.

Taking Wireshark for a Test Run:

1. Start up your favorite web browser, which will display your selected homepage.

2. Start up the Wireshark software. You will initially see a window similar to that

shown in Figure 2, except that no packet data will be displayed in the packetlisting,


packet-header, or packet-contents window, since Wireshark has not yet begun

capturing packets.

3. To begin packet capture, select the Capture pull down menu and select Options.

This will cause the “Wireshark: Capture Options” window to be displayed, as

shown in Figure 3.

4. You can use most of the default values in this window, but uncheck “Hide capture

info dialog” under Display Options. The networks interface (i.e., the physical

connections) that your computer has to the network will be shown in the Interface

pull down menu at the top of the Capture Options window. In case your computer

has more than one active network interface (e.g., if you have both a wireless and a

wired Ethernet connection), you will need to select an interface that is being used to

send and receive packets (mostly likely the wired interface). After selecting the

network interface (or using the default interface chosen by Wireshark), click Start.

Packet capture will now begin - all packets being sent/received from/by your

computer are now being captured by Wireshark!


5. Once you begin packet capture, a packet capture summary window will appear, as

shown in Figure 4. This window summarizes the number of packets of various

types that are being captured, and (importantly!) contains the Stop button that will

allow you to stop packet capture. Don’t stop packet capture yet.

6. While Wireshark is running, enter the URL:

http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html

And have that page displayed in your browser. In order to display this page, your

browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP

messages with the server in order to download this page. The Ethernet frames

containing these HTTP messages will be captured by Wireshark.

7. After your browser has displayed the INTRO-wireshark-file1.html page, stop

Wireshark packet capture by selecting stop in the Wireshark capture window.

This will cause the Wireshark capture window to disappear and the main Wireshark

window to display all packets captured since you began packet capture.

The main Wireshark window should now look similar to Figure 2. You now have

live packet data that contains all protocol messages exchanged between your

computer and other network entities! The HTTP message exchanges with the

gaia.cs.umass.edu web server should appear somewhere in the listing of packets

captured. But there will be many other types of packets displayed as well (see, e.g.,

the many different protocol types shown in the Protocol column in Figure 2).

8. Type in “http” (without the quotes, and in lower case – all protocol names are in

lower case in Wireshark) into the display filter specification window at the top of

the main Wireshark window. Then select Apply (to the right of where you entered


“http”). This will cause only HTTP message to be displayed in the packet-listing

window.

9. Select the first http message shown in the packet-listing window. This should be the

HTTP GET message that was sent from your computer to the gaia.cs.umass.edu

HTTP server. When you select the HTTP GET message, the Ethernet frame, IP

datagram, TCP segment, and HTTP message header information will be displayed

in the packet-header window3. By clicking plus and- minus boxes to the left side of

the packet details window, minimize the amount of Frame, Ethernet, Internet

Protocol, and Transmission Control Protocol information displayed. Maximize the

amount information displayed about the HTTP protocol. Your Wireshark display

should now look roughly as shown in Figure 5. (Note, in particular, the minimized

amount of protocol information for all protocols except HTTP, and the maximized

amount of protocol information for HTTP in the packet-header window).

10. Exit Wireshark

lab1: cabling & packet sniffing - networkslab - home...

Documents