Module-3 Practical Exercise

As per ICAO DOC 9868
and DOC 10057
2024
Competency Based Training and Assessment for

ATSEP
Non-PLI Training
On
Data Communication Networking, Cyber
Security and Linux
MODULE-3
Practical Exercise
AAI/ANS/CNS/CATC/2024/CBTA-Non PLI/Data
Communication Networking/Cyber-
सी.ए.टी.सी.,
Security/Linux/Mod-3 /Ver.1.0
प्रयागराज
CATC, PRAYAGRAJ
THIS PAGE IS INTENTIONALLY KEPT BLANK
Module-3
Data Communication Networking, Cyber security and Linux
Training Quality Policy
“To develop the human

resources for the aviation
industry, ensuring conformity of
the processes, by adapting the
best practices within industry
and building higher skills and
standards in training.”
Module-3
Module-3
Version Control
Module Doc No. AAI/CATC/CNS/DCN/CYBER-SECURITY/LINUX/NPLI

Version 1.0 1. Sh. Pravin Kumar Singh, AGM (CNS), CATC
Developed by 2. Sh. Hasan Ashraf, AGM (CNS), CATC
3. Sh. V.P Ratheesh,AGM(CNS),Chennai
4. Narendra Patel,AGM(CNS),CATC
5. Dhiraj Kumar Gupta ,Mgr(CNS),Kolkata
6. Kumar Raunak , AM(CNS),Kolkata
Version 1.0 1. Sh. Govinda Kumar Gupta, AGM (CNS), CATC
vetted by 2. Sh.Hasan Ashraf, AGM (CNS), CATC
3. Sh. V.P Ratheesh, AGM (CNS), Chennai
4. Narendra Kr. Patel,AGM(CNS),CATC
5. Sh. Sandeep.G SM(CNS), Mangalore
Period of vetted Ver. 15th April 2024 to 18th April 2024
1.0
Maintained By CDRC, CATC, PRAYAGRAJ
Version Number Modified By Date Date
Modified approved
Ver 1.0
Module-3
Module-3
Preface
This “Data Communication Networking, Cyber Security and Linux NPLI Training”
handout conforms to the standards and recommended practices of International Civil Aviation
Organization (ICAO) vide Doc. 9868 (PANS Training) Part IV Chapter 3 for ATSEP and Doc. 10057
(Manual on Air Traffic Safety Electronics Personnel- Competency Based Training and Assessment).
With pleasure, I authenticate this handout and make it available for imparting NPLI training
course on “Data Communication Networking, Cyber Security and Linux” for ATSEPs in AAI.
The course content has been approved by CHQ of AAI. It is hoped that the trainee ATSEPs
will find it informative, interesting and better in presentation.
I am sure that the trainees will carry a sense of pride in undergoing this CBTA based NPLI
Training course of ICAO standard.
This handout on “Data Communication Networking, Cyber Security and Linux” is

specifically designed and developed to equip the ATSEPs with requisite competencies required
to understand Introduction to Data Communication, TCP/IP, Classification of networks, Network
devices with basic configuration in switch and router, Loop avoidance in LAN, IP Addressing &
Subnetting, IP Routing and configuration of static and dynamic routing, VLAN, VLAN Trunking and
inter VLAN routing and configure VLAN in switch and Inter VLAN routing, IP Multicast, Different
protocol, Linux operating system, Linux command, Introduction to cyber security, various cyber
threats , Cyber security threats prevention and basic configuration of network devices to
prevent cyber threats
This handout is intended to be kept up to date. It will be amended periodically as new

technological developments are made in the field of Data communication networking and cyber.
For the development and presentation of this module as per ICAO Doc 10057, I would like
to appreciate the meticulous and excellent work done by the course developers.
Errors, if any or suggestions, if brought to the notice of undersigned would be highly

commendable as it will serve to improve this module and contribute to our objective of achieving
excellence in the field of ATSEP training.
GM (CNS)/ Head of ATSEP training

CATC, PRAYAGRAJ-211012
Dated: 18th April. 2024
Module-3
Module-3 Practical Exercise
______________________________
TABLE OF CONTENTS
Practical Exercise: ---------------------------------------------------------------------------------------Page No

Exercise No:-1 Introduction to Network emulation software (CISCO Packet tracer )---------------2
Exercise No:-2 Basic switch and Router configuration--------------------------------------------------20
Exercise No:-3 IP Routing-----------------------------------------------------------------------------------24
Exercise No:-4 VLAN----------------------------------------------------------------------------------------29
Exercise No:-5 Introduction to Network emulation software (GNS3 )--------------------------------33
Exercise No:-6 Multicasting demo-------------------------------------------------------------------------34
Exercise No:-7 Network Analyzer tool--------------------------------------------------------------------35
Exercise No:-8 VRRP----------------------------------------------------------------------------------------36
Exercise No:-9 Switch port security-----------------------------------------------------------------------38
Exercise No:-10 Access List--------------------------------------------------------------------------------45
Exercise No:-11 Firewall------------------------------------------------------------------------------------49
Exercise No:-12 NAT----------------------------------------------------------------------------------------54
Exercise No:-13 LINUX Commands Exercise----------------------------------------------------------------------------60
Annexure-A:-Configuration to bring Radar data from source station to receiving station Example---------69
Civil Aviation Training College, India Page 1

______________________________
Exercise No. 1:- Familiarization With Packet Tracer
Objective: The Objective of this practical exercise is to become familiar with creating
topologies in Packet Tracer.
Packet Tracer – Creating a New Topology

What is Packet Tracer? Packet Tracer is a protocol simulator developed by Dennis Frezzo and his team at
Cisco Systems. Packet Tracer (PT) is a powerful and dynamic tool that displays the various protocols used
in networking, in either Real Time or Simulation mode. This includes layer 2 protocols such as Ethernet and
PPP, layer 3 protocols such as IP, ICMP, and ARP and layer 4 protocols such as TCP and UDP. Routing
protocols can also be traced.
Version: This is based on Packet Tracer 5.0.
Step 1: Start Packet Tracer

______________________________
Step 2: Selection of Devices and Connections
We will begin building our network topology by selecting devices and the media connecting them. Several
types of devices and network connections can be used. For this exercise, we will keep it simple by using
End Devices, Switches, Hubs, and Connections.
Single click on each group of devices and connections to display the various choices. The devices you see
may differ slightly.

______________________________
Step 3: Building the Topology – Adding Hosts
Single click on the End Devices.
Single click on the Generic host.
Move the cursor into the topology area. You will notice that it turns into a plus “+” sign.
Single click in the topology area and it copies the device.
Add three more hosts in the same way.

______________________________
Step 4: Building the Topology – Connecting the Hosts to Hubs and Switches
a) Adding a Hub
Select a hub, by clicking once on Hubs and once on a Generic hub.
Add the hub by moving the plus sign “+” below PC0 and PC1 and click once.
Connect PC0 to Hub0 by first choosing Connections.
Click once on the Copper Straight-through cable.

______________________________
Perform the following steps to connect PC0 to Hub0:
1. Click once on PC0
2. Choose FastEthernet
3. Drag the cursor to Hub0
4. Click once on Hub0 and choose Port 0
5. Notice that green link light will appear on both the PC0 Ethernet NIC and the Hub0 Port 0 showing
that the link is active.
1 2 3 4 5
Repeat the steps above for PC1 connecting it to Port 1 on Hub0. (The actual hub port you choose does not
matter.)

______________________________
b) Adding a Switch
Select a switch, by clicking once on Switches and once on a 2950-24 switch.
Add the switch by moving the plus sign “+” below PC2 and PC3 and click once.
Connect PC2 to Hub0 by first choosing Connections.
Click once on the Copper Straight-through cable.

______________________________
Perform the following steps to connect PC2 to Switch0:
1. Click once on PC2
2. Choose FastEthernet
3. Drag the cursor to Switch0
4. Click once on Switch0 and choose FastEthernet0/1
5. Notice the green link light will appear on PC2 Ethernet NIC and amber light will appear on
Switch0 FastEthernet0/1 port.
The switch port is temporarily not forwarding frames, while it goes through the stages for the
Spanning Tree Protocol (STP) process.
6. After about 30 seconds, the amber light will turn to green indicating that the port has entered the
forwarding stage. Frames can now be forwarded out of the switch port.
Note: Spanning Tree Protocol (STP) will be discussed later.
1 2 3 4 5 6
Repeat the steps mentioned above for PC3 connecting it to port FastEtherent0/2 of switch0. (The actual switch
port you choose does not matter.)
Move the cursor over the green link light to view the port number. Fa means FastEthernet, 100 Mbps Ethernet.

______________________________
Step 5: Configuring IP Addresses and Subnet Masks on the Hosts
To communicate between the hosts, we need to configure IP Addresses and Subnet Masks on the
devices.
Click once on PC0.
Choose the Config tab and click on Settings. H e r e , you can change the name of PC0. You can also enter
a Gateway IP Address, also known as the default gateway and the DNS Server IP Address. We will discuss
this later, but the value in “default gateway address”, would be the IP address of the local router. If you want,
you can enter the Gateway IP Address 172.16.1.1 and DNS Server IP Address 172.16.1.100, although it will
not be used in this lab.

______________________________
Click on Interface and then FastEthernet. Add the IP Address as 172.16.1.10. Click once in the Subnet
Mask field to enter the default Subnet Mask. You can leave this as 255.255.0.0.
Also notice, here you can also change the Bandwidth (speed) and Duplex of the Ethernet NIC (Network
Interface Card). The default is Auto (auto-negotiation), which means the NIC will negotiate with the hub or
switch. The bandwidth and/or duplex can be manually set by removing the check from the Auto box and by
choosing the specific option.
Bandwidth - Auto
If the host is connected to a hub or a switch port which can support 100 Mbps, then the Ethernet NIC on
the host will choose 100 Mbps (Fast Ethernet). Otherwise, if the hub or switch port can only support 10
Mbps, then the Ethernet NIC on the host will automatically choose 10 Mbps (Ethernet).
Duplex - Auto
Hub: If the host is connected to a hub, then the Ethernet NIC on the host will choose Half Duplex.
Switch: If the host is connected to a switch, and the switch port is configured as Full Duplex (or
Autonegotiation), then the Ethernet NIC on the host will choose Full Duplex. If the switch port is configured
as Half Duplex, then the Ethernet NIC on the host will choose Half Duplex. (Full Duplex is a much more
efficient option.)
The information is automatically saved when entered.

______________________________
To close this dialog box, click the “X” in the upper right.
Repeat these steps for the other hosts. Use the information below for IP Addresses and Subnet Masks.
Host IP Address Subnet Mask

PC0 172.16.1.10 255.255.0.0
PC1 172.16.1.11 255.255.0.0
PC2 172.16.1.12 255.255.0.0
PC3 172.16.1.13 255.255.0.0
Verify the information
To verify the information that you entered, move the Select tool (arrow) over each host.
Deleting a Device or Link
To delete a device or link, choose the Delete tool and click on the item you wish to delete.

______________________________
Step 6: Connecting Hub0 to Switch0
To connect like-devices, like a Hub and a Switch, we will use a Cross-over cable. Click once the Cross-over
Cable from the Connections options.
Move the Connections cursor over Hub0 and click once.
Select Port 5 (actual port does not matter).

______________________________
Move the Connections cursor to Switch0.
Click once on Switch0 and choose FastEthernet0/4 (actual port does not matter).
The link light for switch port FastEthernet0/4 will first appear as amber and will eventually change to green as
the Spanning Tree Protocol transitions the port to forwarding.

______________________________
Step 7: Verifying Connectivity in Realtime Mode
Be sure you are in Realtime mode.
Select the Add Simple PDU tool which are used to ping devices.
Click once on PC0, then once on PC3.
The PDU Last Status should show as Successful.

______________________________
Resetting the Network
At this point, we want to reset the network. Whenever you want to reset the network and begin the
simulation again, perform the following tasks:
Click Delete in the PDU area.
Now, select Power Cycle Devices and confirm the action.
Waiting for Spanning Tree Protocol (STP)

Note: Because Packet Tracer also simulates the Spanning Tree Protocol, at times, the switch may show
amber lights on its interfaces. You need to wait for the lights to turn green on the switches before they will
forward any Ethernet frames.

______________________________
Step 8: Verifying Connectivity in Simulation Mode
Be sure you are in Simulation mode.
Deselect all filters (All/None) and select only ICMP.
2
______________________________
Select the Add Simple PDU tool used to ping devices.
Click once on PC0, then once on PC3.
Continue clicking Capture/Forward button until the ICMP ping is completed. You should see the ICMP
messages move between the hosts, hubs and switches. The PDU Last Status should show as Successful.
Click on Clear Event List if you do not want to look at the events or click Preview Previous Events, if you
do. For this exercise, it does not matter.

______________________________
Step 9: Saving the Topology
Perform the following steps to save the topology (uses .pkt file extension).
Opening Existing Topologies

______________________________
Opening Existing PT Topologies

______________________________
Exercise No. 2: - Switch & Router Configuration
Objective: The objective of this practical exercise is to configure basic

settings on a Cisco switch and Router.
.
NETWORK DIAGRAM:
Lab instructions:
A new switch or router purchased from Cisco contains no default
configuration in it. You need to configure the switch or router with setup
mode using the setup mode or from scratch using the command line
interface (CLI) before connecting it in your network environment. It is very
important to know the basic Cisco switch or router configuration
commands to improve the performances and the security of your
internetwork.
This lab exercise will test your ability to configure basic settings on a cisco
switch and router.

______________________________
Solution:-
Configure of Switch (SW1):

1. Configure Switch hostname.
Switch>en
Switch#config t
Switch(config)#hostname CATC
CATC(config)#
2. Configure the password for privileged mode access as "cisco"

CATC(config)#enable secret CNS
3. Configure CONSOLE access [...]

CATC(config)#line con 0
CATC(config-line)# password aai
CATC(config-line)# login
4. Configure TELNET access [...]

CATC(config)# line vty 0 15
CATC(config-line)# password dcn
5. Configure the IP address of the switch as 10.0.0.4/8 and it's

default gateway IP (10.0.0.1).
Note: This configuration is required when any host from different

network want to telnet to SW1.
CATC(config)# int vlan1

______________________________
CATC(config-if)# ip address 10.0.0.4 255.0.0.0
CATC(config)# ip default-gateway 10.0.0.1
Note: 1. Verify console protection from console PC
2. Verify telnet application from LAN PCs.
Router configuration:
1. Configure Router hostname :
Router >en
Router #config t
Router (config)#hostname CATC
CATC(config)#
2. Configure the password for privileged mode access as "cisco"

CATC(config)#enable secret 1234
3. Configure CONSOLE access [...]

CATC(config)#line con 0
CATC(config-line)# password 4567
4. Configure TELNET access [...]
CATC(config)# line vty 0 15
CATC(config-line)# password 4321

______________________________
5. Configure the IP address at the interface of the router:
CATC(config)#int f0/0
CATC(config-if)#ip add 10.0.0.1 255.0.0.0
CATC(config-if)#no shut
CATC(config)#int f0/1
CATC(config-if)#ip add 20.0.0.1 255.0.0.0
CATCconfig-if)#no shut
Note: 1. Verify console protection from console PC
2. Verify telnet application from network PCs.
3. Verify telnet application from different network PCs.

______________________________
Exercise No3: IP Routing
Task1: Configure the following network by Static Routing.
Solution:
Configure Router (R1):
R1>en
R1#config t
R1(config)#int f0/0
R1(config-if)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#no shut
R1(config)#int se2/0
R1(config-if)#ip add 20.0.0.1 255.0.0.0
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 40.0.0.0 255.0.0.0 20.0.0.2
R1(config)#ip route 50.0.0.0 255.0.0.0 20.0.0.2

______________________________
Configure Router(R2):
R2>en
R2#config t
R2(config-if)#ip add 20.0.0.2 255.0.0.0
R2(config)#int f0/0
R2(config-if)#ip add 30.0.0.1 255.0.0.0
R2(config-if)#ip add 40.0.0.1 255.0.0.0
R2(config)#ip route 10.0.0.0 255.0.0.0 20.0.0.1
R2(config)#ip route 50.0.0.0 255.0.0.0 40.0.0.2
Configure Router (R3):

R3>en
R3#config t
R3(config-if)#ip add 40.0.0.2 255.0.0.0
R3(config)#int f0/0
R3(config-if)#ip add 50.0.0.1 255.0.0.0
R3(config)#ip route 10.0.0.0 255.0.0.0 40.0.0.1
R3(config)#ip route 20.0.0.0 255.0.0.0 40.0.0.1
R3(config)#ip route 30.0.0.0 255.0.0.0 40.0.0.1

______________________________
Task2: Configure the following network by RIPV2.
Solution:
Configure R1:
R1>en
R1#config t
R1(config)#int f0/0
R1(config-if)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#ip add 20.0.0.1 255.0.0.0
R1(config)#router rip
R1(config-router)#network 10.0.0.0
R1(config-router)#ver 2
R1(config-router)#no auto-summary

______________________________
Configure R2:
R2>en
R2#config t
R2(config-if)#ip add 20.0.0.2 255.0.0.0
R2(config)#int f0/0
R2(config-if)#ip add 30.0.0.1 255.0.0.0
R2(config-if)#ip add 40.0.0.1 255.0.0.0
Configure R3:
R3>en
R3#config t
R3(config-if)#ip add 40.0.0.2 255.0.0.0
R3(config)#int f0/0
R3(config-if)#ip add 50.0.0.1 255.0.0.0

______________________________

______________________________
Exercise No 4:Virtual LAN
Task1: Configure the Inter VLAN communication using router.
R1
Configure CNS Switch:

Switch(config)#vlan 2
Switch(config-vlan)#name CNS
Switch(config-vlan)#name HR
Switch(config-vlan)#name FIN
Switch(config)#Int f0
Switch(config-if)#switchport access vlan 2

______________________________
Switch(config-if)#switchport mode trunk
Configure HR Switch:
Switch(config-vlan)#name CNS
Switch(config-vlan)#name HR
Switch(config-vlan)#name FIN
Switch(config-if)#switchport mode trunk
Configure Router:
R1(config)#Int f0/0
R1(config-if)#no shut down
R1(config-if)#int f0/0.1
R1(config-subif)#encapsulation dot1q 2
R1(config-subif)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#int f0/0.2
R1(config-subif)#encapsulation dot1q 3
R1(config-subif)#ip add 11.0.0.1 255.0.0.0

______________________________
Task2: Configure the Inter VLAN communication using Layer-3 Switch.
Configuration of Switch:
Switch>
Switch#config t
Switch(config)#VLAN2
Switch(config-VLAN)#name CNS
Switch(config)#VLAN3
Switch(config-VLAN)#name HR
Switch(config)#Int f0/1
Switch(config-if)#exit
Switch(config)#int vlan2
Switch(config-if)#ip add 10.0.0.3
Switch(config-if)#no shut

______________________________
Switch(config)#int vlan3
Switch(config-if)#ip add 11.0.0.3
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#ip routing

______________________________
Exercise No 5: Introduction to Network emulation software (GNS3 ).
Task: Familiarization of GNS3 simulation software in the Data Communication
Networking LAB.

______________________________
Exercise No 6: Multicasting Demo.
Task: Configuration of Multicasting of any small network by the instructor.

______________________________
Exercise No 7: Network Analyzer tool.
Task: Familiarization of Wireshark network analyzer tools.

______________________________
Exercise No 8: Configure VRRP. All IPs are considered classful.
Step1: Configure IP Address to all the interfaces of the router and host.
Step2: Configure Routing by RIPV2.
Step3: Configure VRRP
Router R1 Configuration:
R1(Config)#int f0/0
R1(config-if)#vrrp 123 ip 10.0.0.5
R1(config-if)#vrrp 123 preempt
R1(config-if)#vrrp 123 priority 120
R1(config)#track 1 int f1/0 line-control
R1(config)#int f0/0
R1(config-if)#vrrp 123 track 1 decrement 40
R2(Config)#int f0/0
R2(config-if)# vrrp 123 ip 10.0.0.5
R3(Config)#int f0/0
R3(config-if)#vrrp 124 preempt
R3(config-if)#vrrp 124 priority 120
R3(config)#track 1 int f1/0 line-control
R3(config)#int f0/0
R3(config-if)#vrrp 124 track 1 decrement 40

______________________________
R4(Config)#int f0/0

______________________________
Cyber Security
Exercise No 9: Configure Switch-Port Security:
Create above network topology in Cisco Packet tracer and perform following
exercises –
Task1: Perform restrict mode in switch:
Configure switch port security on interface Fa 0/1 of the switch with the
following settings:
- Port security: enabled
- Mode: restrict
- Allowed mac addresses: 3
- Dynamic mac address learning.
Command used:
#interface FastEthernet0/1
#switchport mode access
#switchport port-security
#switchport port-security maximum 3

______________________________
#switchport port-security mac-address sticky
#switchport port-security violation restrict
Status of port security and interface:
Switch# show port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
------------------------------------------------------------------------------------------
-----
Fa0/1 3 3 0 Restrict
------------------------------------------------------------------------------------------
-----
Switch#show port-security interface fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
Secure Static Address Aging : Disabled
Maximum MAC Addresses :3
Total MAC Addresses :3
Configured MAC Addresses :0
Sticky MAC Addresses :3
Last Source Address:Vlan : 0090.cc0e.5023:1
Security Violation Count :0
Now observe when Intruder laptop is connected to the hub and tries to
communicate with PC0 (192.168.10.1), the number of mac-addresses
learned on fa0/1 interface exceeds 3. The interface drops traffic with the
new mac-address (not learned by the switch because 3 mac addresses
have already been registered on the fa0/1 interface) and increases the
security violation counter based on the 'restrict' port-security
configuration of the interface.
Status of port after violation:

______________________________
Action
------------------------------------------------------------------------------------------
-----
------------------------------------------------------------------------------------------
-----
Violation Mode : Restrict
Aging Time : 0 mins
Task 2: Perform shutdown mode in switch:
Configure port security on interface Fa 0/2 of the switch with the following
settings:
- Port security enabled
- Mode: shutdown (default)
- Allowed mac addresses: 1 (default)
- Dynamic mac address learning.
Command used:

______________________________
#switchport port-security mac-address sticky

Secure Port Max Secure Addr Current Addr Security Violation Security
Action
------------------------------------------------------------------------------------------
-----
Fa0/2 1 0 0
Shutdown
------------------------------------------------------------------------------------------
-----
Violation Mode : Shutdown
Aging Time : 0 mins
Observed that interface Fast Ethernet 0/2 configuration - Shutdown mode

(default) connect one end device at fa0/2 and check communication (ping)
with PC0 (192.168.10.1), which working normal. Now connect intruder
device with fa0/2 after disconnecting previously connected device and try
to communicate (ping) with PC0 (192.168.10.1).
Now the port-security shutdown mode puts the interface into the error-
disabled state immediately as mac learning reached beyond 1 and sends
an SNMP trap notification.

______________________________
Status of port security and interface after violation:

Action
------------------------------------------------------------------------------------------
-----
Fa0/2 1 1 1
Shutdown
------------------------------------------------------------------------------------------
-----
Violation Mode : Shutdown
Aging Time : 0 mins
Task3: Perform protect mode in switch:
Configure port security on interface Fa 0/4 of the switch with the following
settings:
- Port security enabled
- Mode: protect
- Static mac address entry: mac address of device connected at Fa0/4
Command

______________________________
#switchport port-security mac-address 0005.5E24.7875
#switchport port-security violation protect

Action
------------------------------------------------------------------------------------------
-----
Fa0/2 1 1 1
Shutdown
Fa0/4 2 1 0 Protect
------------------------------------------------------------------------------------------

Violation Mode : Protect
Aging Time : 0 mins
Last Source Address:Vlan : 0005.5E24.7875

______________________________
Status of port security and interface after violation:
Observed that in this case port-security protect mode silently drops
packets with unknown source addresses (MAC)-

Action
------------------------------------------------------------------------------------------
-----
Fa0/2 1 1 1
Shutdown
Fa0/4 2 2 0 Protect
------------------------------------------------------------------------------------------
-----
Here you can see violation is not reported by port.

______________________________
Exercise 10: Access-List Configuration
Task1: Host (10.0.0.2) is denied access for the 30.0.0.0 network. All IPs
are considered classful.
Solution: According to the given task, we are denying access to a single host.
Therefore, we configured a standard access-list.
1. Apply the access-list near the destination, i.e., on R2.
2. Apply it outbound on the F0/0 interface of the R2 router.
R2(config)#access-list 10 deny host 10.0.0.2

R2(config)#access-list 10 permit any
R2(config)#int f0/1
R2(config-if)#ip access-group 10 out

______________________________
Task2: Host (10.0.0.2) is denied access icmp for the 30.0.0.2 host. All IPs
are considered classful.
Solution: According to the given task, we are denying access to a host icmp protocol
with any one host. Therefore, we configured a Extended access-list.
1. Apply the access-list near the Source, i.e., on R1.
2. Apply it inbound on the F0/0 interface of the R1 router.
R1(config)#access-list 100 deny icmp 10.0.0.2 0.0.0.0 30.0.0.2 0.0.0.0

R1(config)#access-list 100 permit ip any any
R1(config)#int f0/1
R1(config-if)#ip access-group 100 in

______________________________
Task3: Host (10.0.0.2) is denied access for Web Services. All IPs are
considered classful.
Solution: According to the given task, we are denying access to a host for web service.
Therefore, we configured a Extended access-list.
R1(config)#ip access-list extended abcd

R1(config)#deny tcp 10.0.0.2 0.0.0.0 any eq 80
R1(config)#permit ip any any
R1(config)#int f0/1
R1(config-if)#ip access-group abcd in

______________________________
Task4: Host (10.0.0.2) is only permit for telnet to Router R3. All IPs are
considered classful.
Solution: According to the given task, we are denying access to a host for web service.
Therefore, we configured a Extended access-list.
R1(config)#access-list 110 permit tcp 10.0.0.2 0.0.0.0 any eq 23

R1(config)#access-list 110 deny ip any any
R1(config)#int f0/1
R1(config-if)#ip access-group 110 in

______________________________
Exercise 11: Basic Firewall Configuration
A firewall is a hardware or software network security device that monitors all incoming
and outgoing traffic based on a defined set of security rules, it accepts, rejects, or drops
that specific traffic.
 Accept: Allow traffic.

 Reject: Block traffic but respond with “reachable error”.
 Drop: Block unanswered traffic firewall establishes a barrier between secure
internal networks and untrusted external networks, such as the Internet.
Steps to Configure and Verify Firewall in Cisco Packet Tracer:
Step 1: First, open the Cisco packet tracer desktop and select the devices
given below:
S.NO Device Model Name Quantity
1. PC PC 3
2. server PT-Server 1
3. switch PT-Switch 1
IP Addressing Table:
S.NO Device IPv4 Address Subnet Mask
1. Server 1.0.0.1 255.0.0.0
2. PC0 1.0.0.2 255.0.0.0
3. PC1 1.0.0.3 255.0.0.0

______________________________
S.NO Device IPv4 Address Subnet Mask
4. PC2 1.0.0.4 255.0.0.0
 Then, create a network topology as shown below the image.

 Use an Automatic connecting cable to connect the devices with others.
Server with
Firewall
Step 2: Configure the PCs (hosts) and server with IPv4 address and Subnet Mask
according to the IP addressing table given above.
 To assign an IP address in PC0, click on PC0.
 Then, go to desktop and then IP configuration and there you will IPv4 configuration.
 Fill IPv4 address and subnet mask.
 Repeat the same procedure with the server

______________________________
 Assigning an IP address using the ipconfig command, or we can also assign an IP

address with the help of a command.
 Go to the command terminal of the PC.
 Then, type ipconfig <IPv4 address><subnet mask><default gateway>(if needed)
Example: ipconfig 1.0.0.2 255.0.0.0
 Repeat the same procedure with other PCs to configure them thoroughly.

______________________________
Step 3: Configuring the firewall in a server and blocking packets and allowing
web browser.
 Click on server0 then go to the desktop.

 Then click on firewall IPv4.
 Turn on the services.
 First, Deny the ICMP protocol and set remote IP to 0.0.0.0 and Remote wildcard
mask to 255.255.255.255.
 Then, allow the IP protocol and set remote IP to 0.0.0.0 and Remote wildcard mask
to 255.255.255.255.
 And add them.
Step 4: Verifying the network by pinging the IP address of any PC.
 We will use the ping command to do so.

 First, click on PC2 then Go to the command prompt.
 Then type ping <IP address of targeted node>.
 We will ping the IP address of the server0.

______________________________
 As we can see in the below image we are getting no replies which means the packets
are blocked.
Check the web browser by entering the IP address in the URL.
 Click on PC2 and go to desktop then web browser.

______________________________
Exercise 12: Network Address Translation (NAT)
Task1: Configure static NAT. All IPs are considered classful.
Configuration R1 (Router R1 as a NAT Device)
R1>enable
R1#config t
R1(config)#interface F0/0
R1(config-if)#ip address 10.0.0.1 255.0.0.0
R1(config-if)#ip nat inside
R1(config)#interface Serial0
R1(config-if)#ip nat outside
R1(config)#ip nat inside source static 10.0.0.2 20.0.0.3
R1(config-if)#exit
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2
(Configure static routing in R1 Router only)

______________________________
Configuration R2
R2>en
R2#config t
R2(config-if)#ip add 20.0.0.2 255.0.0.0
R2(config)#int f0/0
R2(config-if)#ip add 30.0.0.1 255.0.0.0
Note: verify NAT configuration by sending packet from source ip 10.0.0.2 to

destination ip 30.0.0.2 or 30.0.0.3.
See the NAT table by command given below:

R2#show nat translation

______________________________
Task2:: Configure Dynamic NAT. All IPs are considered classful.
R1>enable
R1#config t
R1(config)#interface Se2/0
R1(config)#ip nat pool CATC 20.0.0.3 20.0.0.4 netmask 255.0.0.0
R1(config)#ip nat inside source list 1 pool CATC
R1(config)#access-list 1 permit 10.0.0.0 0.255.255.255
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2

______________________________
Configuration R2
R2>en
R2#config t
R2(config-if)#ip add 20.0.0.2 255.0.0.0
R2(config)#int f0/0
R2(config-if)#ip add 30.0.0.1 255.0.0.0



______________________________
Task3:: Configure PAT overloading. All IPs are considered classful.
R1>enable
R1#config t
R1(config)#interface Se2/0
R1(config)#ip nat pool globalnet 20.0.0.3 20.0.0.3 netmask 255.0.0.0
R1(config)# ip nat inside source list 1 pool globalnet overload
R1(config)#access-list 1 permit 10.0.0.0 0.255.255.255
R1(config)#ip route 30.0.0.0 255.0.0.0 20.0.0.2

______________________________
Configuration R2
R2>en
R2#config t
R2(config-if)#ip add 20.0.0.2 255.0.0.0
R2(config)#int f0/0
R2(config-if)#ip add 30.0.0.1 255.0.0.0



______________________________
Exercise-13 LINUX
Task 1:
a) Make two directory named under /home

b) Make a file DCN1 under/ home/< dir>/
c) Check the file permission & change its permission of the owner with 755
d) Copy the file under /tmp & move the file in /home/<dir2>.
e) Change the name of the file DCN1 to DCN2.
STEPS OF Task 1:
a) Make two directory named under /home
# cd /home //To change the directory to home directory.

# mkdir dir1 dir2 //To make two directories
b) Make a file DCN1 under/ home/< dir>/
# cd /home/dir1 //To change directory.

# touch DCN1 //To create a file named DCN1
c) Check the file permission & change its permission of the owner with 755
# cd /home/dir1 //To change directory.

# ls -latr //To list the files.
# chmod 755 DCN1 //To change the file permission.
d) Copy the file under /tmp & move the file in /home/<dir2>.
# cd /home/dir1 // To change directory.

# cp -p DCN1 /tmp //To copy DCN1 file to tmp directory.
#mv DCN1 /home/dir2 //To move DCN1 file to tmp directory.
e) Change the name of the file DCN1 to DCN2
# cd /home/dir2 // To change directory.

# mv DCN1 DCN2 //To change the file name.

______________________________
Task 2:
a) Create a directory under /home

b) Create three files under /home/<dir>
c) Check the size of the directory
d) Make the tar file of the directory & zip it.
e) Copy the zip file to /tmp dir
f) Unzip & extract the contents.
g) Remove the tar file from /tmp.
STEPS OF Task 2:
a) Create a directory under /home
#cd /home //To change the directory.

#mkdir dir1 //To make a directory under home directory.
b) Create three files under /home/<dir>
#cd /home/dir1 //To change the directory

#touch file1 file2 file3 //To create three files under /home/dir1 directory
c) Check the size of the directory
#cd /home/dir1 //To change the directory

#du -h //To check the size of directory. ‘-h’ for human readable format.
d) Make the tar file of the directory & zip it.
#cd /home //To change the directory.

#tar -zcvf dir1.tar.gz dir1 //To tar and zip.
e) Copy the zip file to /tmp directory
Go to home directory and execute the following commands:

#cp -p dir1.tar.gz /tmp //To copy the tar and zip file to /tmp directory.
f) Unzip & extract the contents.
#cd /tmp //To change the directory.

#tar -zxvf dir1.tar.gz //To unzip and untar the tar and zip file.

______________________________
g) Remove the tar file from /tmp.
#rm -f dir1.tar.gz //To remove the file.
Task 3:
Use date command to set date to 07:30 Hrs 10/03/2024.

Using date command format output as
a) ddmmyyyy
b) mmddyyyy
c) dd/mm/yyyy
d) dd/mm/yy
STEPS OF Task 3:
Use date command to set date to 07:30 Hrs 10/03/2024.
Using date command format output as
# date //To check the current date and time

a) ddmmyyyy
#date “+%d%m%Y” //To view the date in ddmmyyyy format.

b) mmddyyyy
#date “+%m%d%Y” //To view the date in mmddyyyy format.

c) dd/mm/yyyy
#date “+%d/%m%Y” //To view the date in dd/mm/yyyy format.

d) dd/mm/yy
#date “+%d/%m/%y” //To view the date in dd/mm/yy format.

______________________________
Task 4:
Use find command to search a file in a given path:

a) By type
b) By size
c) By name
STEPS OF Task 4:
Use find command to search a file in a given path:
a) By type
#find / -type f -print //To find the files inside ‘/’ directory. ‘f’ means to search by file type.
Similarly, ‘d’ means directory and ‘l’ means link file.
b) By size
#find /home -size +10c //To find files and directories of size greater than 10 bytes inside
home directory.
#find /home -size +1G // To find files and directories of size greater than 1 Gb inside home
directory.
c) By name
#find / -name file1 //To find a file named ‘file1’ inside ‘/’ directory.
Task 5:
Use grep, tail, and head command to:
a) Search a string from a given file[s]/directory

b) Show first 15 lines of the file
c) Show last 20 files of the file
STEPS OF Task 5:
Use grep, tail, and head command to:
a) Search a string from a given file[s]/directory
#ls -l|grep ab //To list all files having ‘ab’ pattern.

#cat file1|grep the* //To search for ‘the’ pattern inside file1
b) Show first 15 lines of the file

______________________________
#head -n 15 filename //To show first 15 lines of a file.
c) Show last 20 files of the file
#tail -n 20 filename //To list last 20 lines of a file.
Task 6:
a) Create a directory with the name CATC1 & CATC2 under/ home
b) Make a file with the name ‘file1’ under under /home/CATC1
c) Write some contents under the file
d) Insert a USB drive in the system
e) Mount it under/mnt
f) Copy ‘file1’ file into pendrive & restore this file in /CATC2
g) Remove the pen drive properly
STEPS OF Task 6:
a) Create a directory with the name CATC1 & CATC2 under/ home
#mkdir /home/CATC1 /home/CATC2 //To make two directories inside home directiory.
b) Make a file with the name ‘file1’ under under /home/CATC1
#cd /home/CATC1 //To change the directory.

#touch file1 //To create a file named ‘file1’.
c) Write some contents under the file
#vi file1 //To write some content in ‘file1’ using vi editor.

d) Insert a USB drive in the system.
#fdisk -l //To list the device partition. (output will be like /dev/sdb1 ********)
e) Mount it under/mnt.
#mount /dev/sdb1 /mnt //To mount the external device partition to /mnt directory.
f) Copy ‘file1’ file into pendrive & restore this file in /CATC2
#cp -p /home/CATC1/file1 /mnt //To copy ‘file1’ from CATC1 directory to /mnt directory i.e.
the pendrive..
#cd /mnt

______________________________
#cp -p file1 /home/CATC2 //To copy the file from pendrive. to CATC2 directory.
g) Remove the pen drive properly
#umount /mnt //To unmount the pendrive.
Task 7:
a) Create a user with the name cns & password root1

b) Create a groupuser with the name naa
c) Add cns into naa
d) Log in with this user cns with the above-mentioned password.
e) Create a directory with the name CATC4 under /home/cns
f) Create a file with the name DCN3 under /home/cns/CATC4/ with some contents.
g) Check the feature (creation/modification date and time) of the file with ls –al.
h) Now change the permission for group user as r—for naa (group user), Owner (CNS) has
permission rwx & others have r--
STEPS OF Task 7:
a) Create a user with the name cns & password root1
#useradd cns //To create a user with name as cns.

#id cns //To check if cns user created or not
#passwd cns //To set the password of ‘cns’ user. Enter password as root1 for cns user in
prompt.
b) Create a groupuser with the name naa
#groupadd naa //To create a group with name ‘naa’.

c) Add cns into naa
#usermod -G naa cns //To add cns user in ‘naa’ group.

d) Log in with this user cns with the above-mentioned password.
#su – cns //To switch user to ‘cns’ user. Enter the password root1.
e) Create a directory with the name CATC4 under /home/cns
[cns@localhost ~]$mkdir /home/cns /CATC4 //To create a directory named ‘CATC4’ under
/home/cns directory of cns user.
f) Create a file with the name DCN3 under /home/cns/CATC4/ with some contents.

______________________________
#[cns@localhost ~]$touch /home/cns/CATC4/DCN3 //To make a file named ‘DCN3’ under
/home/cns/CATC4 directory of cns user.
g) Check the feature (creation/modification date and time) of the file with ls –al.
#[cns@localhost ~]$ cd /home/cns

#[cns@localhost ~]$ls -al //To list all the files inside the directory
h) Now change the permission for group user as r—for naa (group user), Owner (CNS) has
permission rwx & others have r—
#[cns@localhost ~]$chmod 744 /home/cns/CATC4 //To set the given permission for the
file[CATC4].
Task 8: Refer section “vi editor” for this task.
a) Create a file named file2 by vi command and write some text in the file
b) Edit the document by inserting & deleting a line, words, & characters
c) Copy another line & undo it
d) Save the file
e) Continue with the same document & put additional information on the same document
f) Now save it & quit
STEPS OF Task 8: Refer section “vi editor” for this task.
a) Create a file named file2 by vi command and write some text in the file.
#vi /home/file2 //To create file2 under home directory. Use vi commands to write some text
in file.
b) Edit the document by inserting & deleting a line,words & characters
c) Copy another line & undo it
d) Save the file
e) Continue with the same document & put additional information on the same document
f) Now save it & quit.

______________________________
Task 9:
Create schedule tasks as follows:

a) Create a dir under /home with name CATC5 and file with some contents with name file4 under
/home/CATC5/
b) Create a program to take a copy of file4 as tar and zipped file with name as backup_file4.tar.gz
and to move file4 under /tmp.
c) Create a program to execute the above task mentioned in point (b) daily at 04:30 IST.
STEPS OF Task 9:
Create schedule tasks as follows:

a) Create a dir under /home with name CATC5 and file with some contents with name file4
under /home/CATC5/
#mkdir /home/CATC5 //To make a directory ‘CATC5’ under home directory.

#cd /home/CATC5 //To change directory to CATC5
#vi file4 //To create and add some content in file4 using vi editor.
b) Create a program to take a copy of file4 as tar and zipped file with name as
backup_file4.tar.gz and to move file4 under /tmp.
#touch /home/script //To create a file named script under home directory.
#chmod 777 /home/script //To change the permission of script file so, that it becomes an
executable file.
#vi /home/script //To open script file with vi editor.
Write down following content in the script file:
cd /home/CATC5
tar -zcvf backup_file4.tar.gz file4
mv file4 /tmp
c) Create a program to execute the above task mentioned in point (b) daily at 04:30 IST.
#crontab -l //To list all the scheduled cron jobs.

#crontab -e //To edit the cron job. After execution of this command a vi-editor window will
open and the following line:
30 04 * * * /home/script

______________________________
Task 10:
Assign an IP=172.32.46.2 to the eth0 port of a Linux machine.
STEPS OF Task 10:
Assign an IP=172.32.46.2 to the eth0 port of a Linux machine.
#cd /etc/sysconfig/network-scripts //To go to network-scripts directory.

#ls //To list the files in this directory.
#vi ifcfg-eth0 //To edit the file ‘ifcfg-eth0’ in the network-scripts directory for assigning the IP to
eth0 port. Edit the IP address field of ifcfg-eth0 with vi and save.
#ifdown eth0 //To shutdown eth0 port.
#ifup eth0 //To up the eth0 interface.
#ifconfig -a //To check the IP address of all the ports.
Note: We executed ifdown and ifup commands above to make the IP change effective.
Task 11:
How to capture the data on eth0 port of a Linux machine.
STEPS OF Task 11:
How to capture the data on eth0 port of a Linux machine.
#tcpdump -i eth0 //To capture the data on eth0 port.

______________________________
Annexure-A
Configuration to bring Radar data from source station to receiving station Example
Radar data from Station A need to be sent to Station B through FTI IP Circuit.
Configuration of Site A Router

Router_A>ena
Router_A#
Router_A#conf t
Router_A(config)#ip multicast-routing
Router_A(config)#int fa0/1
Router_A(config-if)#description Radar_In
Router_A(config-if)#ip address 170.20.1.1 255.255.255.0
Router_A(config-if)#ip pim sparse-mode
Router_A(config-if)#ip igmp static-group 226.23.11.1
Router_A(config-if)#ip pim neighbor-filter 11
Router_A(config-if)#exit
Router_A(config)#int fa0/0
Router_A(config-if)#description Radar WAN FTI to Site B
Router_A(config-if)#ip address 10.15.20.1 255.255.255.252

______________________________
Router_A(config-if)#ip pim sparse-mode
Router_A(config-if)#ip igmp static-group 226.23.11.1
Router_A(config)#interface loopback1
Router_A(config-if)#description RP_for_Radar
Router_A(config-if)# ip address 10.10.10.1 255.255.255.255
Router_A(config-if)# ip pim sparse-mode
Router_A(config)#ip pim rp-address 10.10.10.1 site_A_radar_rp override
Router_A(config)#ip access-list standard 11

Router(config-std-nacl)# deny any
Router(config-std-nacl)#exit
Router_A(config)#ip access-list standard site_A_radar_rp

Router_A(config-std-nacl)#permit host 226.23.11.1
Router_A(config-std-nacl)#exit
Router_A(config)#exit
Router_A#wr
Configuration of Site B Router

Router_B>ena
Router_B#
Router_B#conf t
Router_B(config)#ip multicast-routing
Router_B(config)#int fa0/1
Router_B(config-if)#description Site_A Radar to Auto_LAN
Router_B(config-if)#ip address 171.10.2.1 255.255.255.0
Router_B(config-if)#ip pim sparse-mode

______________________________
Router_B(config-if)#ip igmp version 2
Router_B(config-if)#ip igmp static-group 226.23.11.1
Router_B(config-if)#exit
Router_B(config)#int fa0/0
Router_B(config-if)#description Radar WAN FTI from Site A
Router_B(config-if)#ip address 10.15.20.2 255.255.255.252
Router_B(config-if)#ip pim sparse-mode
Router_B(config-if)#ip igmp static-group 226.23.11.1
Router_B(config-if)#exit
Router_B(config)#ip pim rp-address 10.10.10.1 site_A_radar_rp override
Router_B(config)#ip access-list standard site_A_radar_rp

Router_B(config-std-nacl)#permit host 226.23.11.1
Router_B(config-std-nacl)#exit
Router_B(config)#ip route 170.20.1.0 255.255.255.0 10.15.20.1
Router_B(config)#exit
Router_B#wr

ATSEP CBTA
NON-PLI
DATA
COMMUNICATION
NETWORKING, CYBER
SECURITY AND LINUX
Contents
 Introduction to Network emulation software (CISCO Packet

tracer)
 Basic switch and Router configuration
 IP Routing
 VLAN
 Introduction to Network emulation software (GNS3 )
 Multicasting demo
 Network Analyzer tool
 VRRP
 Switch port security
 Access List
 Firewall
 NAT
 LINUX Commands Exercise
 Annexure-A
AAI/ANS/CNS/CATC/2024/NON-PLI
सी.ए.टी.सी., प्रयागराज TRNG/DATA COMMUNICATION
NETWORKING/CYBER-SECURITY/
LINUX/MOD 3/Ver.1.0
C.A.T.C., PRAYAGRAJ

Module-3 Practical Exercise

Uploaded by

Copyright:

Available Formats

Module-3 Practical Exercise

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module-3 Practical Exercise

Uploaded by

Copyright:

Available Formats

As per ICAO DOC 9868

and DOC 10057

Competency Based Training and Assessment for

Training Quality Policy

“To develop the human

Module Doc No. AAI/CATC/CNS/DCN/CYBER-SECURITY/LINUX/NPLI

This handout on “Data Communication Networking, Cyber Security and Linux” is

This handout is intended to be kept up to date. It will be amended periodically as new

Errors, if any or suggestions, if brought to the notice of undersigned would be highly

GM (CNS)/ Head of ATSEP training

Practical Exercise: ---------------------------------------------------------------------------------------Page No

Civil Aviation Training College, India Page 1

Packet Tracer – Creating a New Topology

Version: This is based on Packet Tracer 5.0.

Step 1: Start Packet Tracer

Civil Aviation Training College, India Page 2

Civil Aviation Training College, India Page 3

Single click on the Generic host.

Single click in the topology area and it copies the device.

Add three more hosts in the same way.

Civil Aviation Training College, India Page 4

Select a hub, by clicking once on Hubs and once on a Generic hub.

Connect PC0 to Hub0 by first choosing Connections.

Click once on the Copper Straight-through cable.

Civil Aviation Training College, India Page 5

Civil Aviation Training College, India Page 6

Select a switch, by clicking once on Switches and once on a 2950-24 switch.

Connect PC2 to Hub0 by first choosing Connections.

Click once on the Copper Straight-through cable.

Civil Aviation Training College, India Page 7

Note: Spanning Tree Protocol (STP) will be discussed later.

Civil Aviation Training College, India Page 8

Click once on PC0.

Civil Aviation Training College, India Page 9

The information is automatically saved when entered.

Civil Aviation Training College, India Page 10

Host IP Address Subnet Mask

Verify the information

Deleting a Device or Link

Civil Aviation Training College, India Page 11

Move the Connections cursor over Hub0 and click once.

Select Port 5 (actual port does not matter).

Civil Aviation Training College, India Page 12

Civil Aviation Training College, India Page 13

Click once on PC0, then once on PC3.

The PDU Last Status should show as Successful.

Civil Aviation Training College, India Page 14

Click Delete in the PDU area.

Now, select Power Cycle Devices and confirm the action.

Waiting for Spanning Tree Protocol (STP)

Civil Aviation Training College, India Page 15

Deselect all filters (All/None) and select only ICMP.

Click once on PC0, then once on PC3.

Civil Aviation Training College, India Page 17

Opening Existing Topologies

Civil Aviation Training College, India Page 18

Civil Aviation Training College, India Page 19

Objective: The objective of this practical exercise is to configure basic

Civil Aviation Training College, India Page 20

Configure of Switch (SW1):