Reporte

Nombre: Jesús Argenis Moya Tovar Matrícula: 1744774

Nombre del curso: Seguridad Informática y Nombre del profesor: Miguel Ángel Gómez
Criptografía Marroquín

Modulo Netacad: Modulo 5 Actividad: Lab M5 5.3.7

Fecha: 06/02/2022

Bibliografia (Formato APA):

Cisco Systems. (2022, 10 enero). Networking Academy. Recuperado 5 de febrero de

2022, de https://www.netacad.com/es/node/24256

Objetivo:
Part 1: Install and Verify the Mininet Topology
Part 2: Capture and Analyze ICMP Data in Wireshark

Procedimiento y Resultados:

Instructions Part 1: Install and Verify the Mininet Topology

In this part, you will use a Python script to set up the Mininet Topology inside the
CyberOps VM. You will then record the IP and MAC addresses for H1 and H2.

Step 1: Verify your PC’s interface addresses.

Start and log into your CyberOps Workstation that you have installed in a previous
lab using the following credentials:

Username: analyst Password: cyberops

Step 2: Run the Python script to install the Mininet Topology.

Open a terminal emulator to start Mininet and enter the following command at the
prompt. When prompted, enter cyberops as the password.
[analyst@secOps ~]$ sudo
~/lab.support.files/scripts/cyberops_topo.py [sudo]
password for analyst:
 Reporte

Step 3: Record IP and MAC addresses for H1 and H2.

a. At the mininet prompt, start terminal windows on hosts H1 and H2. This will
open separate windows for these hosts. Each host will have a separate
configuration for the network including unique IP and MAC addresses.
***
Starting
CLI:
mininet>
xterm H1
mininet>
xterm H2
 Reporte

b. At the prompt on Node: H1, enter ip address to verify the IPv4 address and
record the MAC address. Do the same for Node: H2. The IPv4 address and MAC
address are highlighted below for reference.
[root@secOps analyst]# ip address
<output omitted>
2: H1-eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000 link/ether
ba:d4:1d:7b:f3:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet
10.0.0.11/24 brd 10.0.0.255 scope global H1-eth0 valid_lft
forever preferred_lft forever inet6
fe80::b8d4:1dff:fe7b:f361/64 scope link valid_lft forever
preferred_lft forever

IP Address MAC Address

Host-interface

H1-eth0 10.0.0.11/24 56:96:a1:69:9a:4b

H2-eth0 10.0.0.12/24 6a:6b:e5:35:eb:a5

Part 2: Capture and Analyze ICMP Data in Wireshark

In this part, you will ping between two hosts in the Mininet and capture ICMP
requests and replies in Wireshark. You will also look inside the captured PDUs for
specific information. This analysis should help to clarify how packet headers are
used to transport data to the destination.

Step 1: Examine the captured data on the same LAN.

 Reporte

In this step, you will examine the data that was generated by the ping requests of
your team member’s PC. Wireshark data is displayed in three sections:

o The top section displays the list of PDU frames captured with a summary of
the IP packet information listed.
o The middle section lists PDU information for the frame selected in the top
part of the screen and separates a captured PDU frame by its protocol
layers.
o The bottom section displays the raw data of each layer. The raw data is
displayed in both hexadecimal and decimal form.

a. On Node: H1, enter wireshark & to start Wireshark (The pop-up warning is not
important for this lab.). Click OK to continue.
[root@secOps]# wireshark &
[1] 1552
[root@secOps ~]#
** (wireshark:1552): WARNING **: Couldn't connect to
accessibility bus: Failed to connect to socket /tmp/dbus-
f0dFz9baYA: Connection refused
Gtk-Message: GtkDialog mapped without a transient parent.
This is discouraged.
 Reporte

b. In the Wireshark window, under the Capture heading, select the H1-eth0
interface. Click Start to capture the data traffic.

c. On Node: H1, press the Enter key, if necessary, to get a prompt. Then type ping
-c 5 10.0.0.12 to ping H2 five times. The command option -c specifies the count
or number of pings. The 5 specifies that five pings should be sent. The pings will
all be successful.
[root@secOps analyst]# ping -c 5 10.0.0.12
 Reporte

d. Navigate to the Wireshark window, click Stop to stop the packet capture.

e. A filter can be applied to display only the interested traffic.

Type icmp in the Filter field and click Apply.

f. If necessary, click the first ICMP request PDU frames in the top section of
Wireshark. Notice that the Source column has H1’s IP address, and the
Destination column has H2’s IP address.
 Reporte

g. With this PDU frame still selected in the top section, navigate to the middle
section. Click the arrow to the left of the Ethernet II row to view the Destination
and Source MAC addresses.
 Reporte

Question:

Does the Source MAC address match H1’s interface?

Si, son la misma dirección MAC.
Does the Destination MAC address in Wireshark match H2’s MAC

address? Concuerdan ambas Mac (la de la Tabla e imagen).

Note: In the preceding example of a captured ICMP request, ICMP data is encapsulated
inside an IPv4 packet PDU (IPv4 header) which is then encapsulated in an Ethernet II
frame PDU (Ethernet II header) for transmission on the LAN.

Step 2: Examine the captured data on the remote LAN.

 Reporte

You will ping remote hosts (hosts not on the LAN) and examine the generated data
from those pings. You will then determine what is different about this data from the
data examined in Part 1. a. At the mininet prompt, start terminal windows on hosts
H4 and R1.
mininet>
xterm H4
mininet>
xterm R1

b. At the prompt on Node: H4, enter ip address to verify the IPv4 address and
record the MAC address. Do the same for the Node: R1.
 Reporte

[root@secOps analyst]# ip address

Host-interface IP Address MAC Address

H4-eth0 172.16.0.40/12 02:29:65:9e:ac:98

R1-eth1 10.0.0.1/24 8a:1f:e2:23:8b:3d

R1-eth2 172.16.0.1/12 ca:24:7d:45:b4:9e

c. Start a new Wireshark capture on H1 by selecting Capture > Start. You can also
click the Start button or type Ctrl-E Click Continue without Saving to start a
new capture.
d. H4 is a simulated remote server. Ping H4 from H1. The ping should be
successful.
[root@secOps analyst]# ping -c 5 172.16.0.40

e. Review the captured data in Wireshark. Examine the IP and MAC addresses that
you pinged. Notice that the MAC address is for the R1-eth1 interface. List the
destination IP and MAC addresses.

IP address:

172.16.0.40.
MAC address:

8a:1f:e2:23:8b:3d.
 Reporte

f. In the main CyberOps VM window, enter quit to stop Mininet.

mininet> quit
*** Stopping 0 controllers

*** Stopping 4 terms

***
Stopping 5
links .....
***
Stopping 1
switches s1
*** Stopping 5 hosts
H1 H2 H3 H4 R1
*** Done

g. To clean up all the processes that were used by Mininet, enter the sudo mn -c
command at the prompt.
analyst@secOps ~]$
sudo mn -c [sudo]
password for analyst:
*** Removing excess controllers/ofprotocols/ofdatapaths/pings/noxes
killall controller ofprotocol ofdatapath ping nox_core lt-nox_core
ovs-openflowd ovscontroller udpbwtest mnexec ivs 2> /dev/null
killall -9 controller ofprotocol ofdatapath ping nox_core lt-
 Reporte

nox_core ovs-openflowd ovs-controller udpbwtest mnexec ivs 2>

/dev/null pkill -9 -f "sudo mnexec" *** Removing junk from /tmp rm
-f /tmp/vconn* /tmp/vlogs* /tmp/*.out /tmp/*.log *** Removing old
X11 tunnels *** Removing excess kernel datapaths ps ax | egrep -o
'dp[0-9]+' | sed 's/dp/nl:/'
*** Removing OVS
datapaths ovs-vsctl --
timeout=1 list-br ovs-
vsctl --timeout=1
list-br
*** Removing all links of the pattern foo-
ethX ip link show | egrep -o '([-
_.[:alnum:]]+-eth[[:digit:]]+)' ip link show
*** Killing stale mininet
node processes pkill -9 -
f mininet: *** Shutting
down stale tunnels pkill
-9 -f Tunnel=Ethernet
pkill -9 -f .ssh/mn rm -f
~/.ssh/mn/* *** Cleanup
complete.
End of document
 Reporte

Conclusiones:
Ya he trabajado en materias previas con wireshark, resulta interesante como monitorea el
contacto entre dispositivos remotos, servidores y enrutadores; la advertencia de que el usar este
software podría considerarte una brecha de seguridad en los equipos me deja ver el porque se
utiliza una maquina virtual para no poner en exposición equipos propios o de la escuela si fuese
el caso.

Me parece interesante que la topología se muestre en la terminal y que esta se pueda manipular
y monitorear desde la misma línea de comando, resulta similar a la manera de trabajar con packet
tracer donde los distintos elementos de la terminal se pueden trabajar con terminales individuales
para cada uno, y el que dentro de estas mismas se pueda ejecutar Wireshark facilita mucho el
trabajo de monitorear si tienen una buena comunicación entre ellos y la correcta interacción.