Page 1 of 21

University of Jordan Faculty of Engineering & Technology Computer Engineering Department

Computer Networks Laboratory 907528 Lab. 1 Cabling & Packet Sniffing

1. To become familiar with the different types of cables used in the lab. Objectives

2. To become familiar with cable tester equipment 3. To become familiar with the WIRESHARK packet sniffer software package.

1. Read thoroughly and prepare the experiment sheet. Pre-lab Preparation:

2. Review the sections in the book regarding HTTP communications. 3. Review the Ethernet frame format, the IPv4 packet format and the TCP/UDP segment formats. 4. You must bring a printed copy of this experiment with you to the lab.

You can find the problem sheet on Drive D: of the lab PCs. Procedure:

Part 1: Cabling

Choosing the cables necessary to make a successful LAN or WAN connection requires consideration of the different media types. There are many different Physical layer implementations that support multiple media types.

UTP cabling connections are specified by the Electronics Industry Alliance/Telecommunications Industry Association (EIA/TIA).

The RJ-45 connector is the male component crimped on the end of the cable. When viewed from the front, the pins are numbered from 8 to 1. When viewed from above with the opening gate facing you, the pins are numbered 1 through 8, from left to right. This orientation is important to remember when identifying a cable.

Page 2 of 21

Types of Interfaces

In an Ethernet LAN, devices use one of two types of UTP interfaces - MDI or MDIX.

The MDI (media-dependent interface) uses the normal Ethernet pinout. Pins 1 and 2 are used for transmitting and pins 3 and 6 are used for receiving. Devices such as computers, servers, or routers will have MDI connections.

The devices that provide LAN connectivity - usually hubs or switches - typically use MDIX (media-dependent interface, crossover) connections. The MDIX connection swaps the transmit pairs internally. This swapping allows the end devices to be connected to the hub or switch using a straight-through cable.

Typically, when connecting different types of devices, use a straight-through cable. And when connecting the same type of device, use a crossover cable.

Straight-through UTP Cables

A straight-through cable has connectors on each end that are terminated the same in accordance with either the T568A or T568B standards.

Identifying the cable standard used allows you to determine if you have the right cable for the job. More importantly, it is a common practice to use the same color codes throughout the LAN for consistency in documentation.

Use straight-through cables for the following connections:

Switch to a router Ethernet port Computer to switch Computer to hub

Page 3 of 21

Crossover UTP Cables

For two devices to communicate through a cable that is directly connected between the two, the transmit terminal of one device needs to be connected to the receive terminal of the other device.

The cable must be terminated so the transmit pin, Tx, taking the signal from device A at one end, is wired to the receive pin, Rx, on device B. Similarly, device B's Tx pin must be connected to device A's Rx pin. If the Tx pin on a device is numbered 1, and the Rx pin is numbered 2, the cable connects pin 1 at one end with pin 2 at the other end. These "crossed over" pin connections give this type of cable its name, crossover.

To achieve this type of connection with a UTP cable, one end must be terminated as EIA/TIA T568A pinout, and the other end terminated with T568B pinout.

To summarize, crossover cables directly connect the following devices on a LAN:

Switch to switch Switch to hub Hub to hub Router to router Ethernet port connection Computer to computer Computer to a router Ethernet port

Page 4 of 21

Rollover UTP Cables

In a rolled cable, the colored wires at one end of the cable are in the reverse sequence of the colored wires at the other end of the cable.

Console Cables (RJ-45 to DB-9 Female)

This cable is also known as Management Cable.

The connection to the console is made by plugging the DB-9 connector into an available EIA/TIA 232 serial port on the computer. It is important to remember that if there is more than one serial port, note which port number is being used for the console connection. Once the serial connection to the computer is made, connect the RJ-45 end of the cable directly into the console interface on the router.

Page 5 of 21

MDI/MDIX Selection

Many devices allow the UTP Ethernet port to be set to MDI or MDIX. This can be done in one of three ways, depending on the features of the device:

1. On some devices, ports may have a mechanism that electrically swaps the transmit and receive pairs. The port can be changed from MDI to MDIX by engaging the mechanism.

2. As part of the configuration, some devices allow for selecting whether a port functions as MDI or as MDIX.

3. Many newer devices have an automatic crossover feature. This feature allows the device to detect the required cable type and configures the interfaces accordingly. On some devices, this auto-detection is performed by default. Other devices require an interface configuration command for enabling MDIX auto-detection.

Page 6 of 21

Serial Cables

In the lab experiments, you may be using Cisco routers with one of two types of physical serial cables. Both cables use a large Winchester 15 Pin connector on the network end. This end of the cable is used as a V.35 connection to a Physical layer device such as a CSU/DSU.

The first cable type has a male DB-60 connector on the Cisco end and a male Winchester connector on the network end. The second type is a more compact version of this cable and has a Smart Serial connector on the Cisco device end. It is necessary to be able to identify the two different types in order to connect successfully to the router.

Data Communications Equipment and Data Terminal Equipment

The following terms describe the types of devices that maintain the link between a sending and a receiving device:

Data Communications Equipment (DCE) - A device that supplies the clocking services to another device. Typically, this device is at the WAN access provider end of the link.

Data Terminal Equipment (DTE) - A device that receives clocking services from another device and adjusts accordingly. Typically, this device is at the WAN customer or user end of the link.

If a serial connection is made directly to a service provider or to a device that provides signal clocking such as a channel service unit/data service unit (CSU/DSU), the router is considered to be data terminal equipment (DTE) and will use a DTE serial cable.

DCEs and DTEs are used in WAN connections. The communication via a WAN connection is maintained by providing a clock rate that is acceptable to both the sending and the receiving device. In most cases, the ISP provides the clocking service that synchronizes the transmitted signal.

For example, if a device connected via a WAN link is sending its signal at 1.544 Mbps, each receiving device must use a clock, sending out a sample signal every 1/1,544,000th of a second. The timing in this case is extremely short. The devices must be able to synchronize to the signal that is sent and received very quickly.

Page 7 of 21

By assigning a clock rate to the router, the timing is set. This allows a router to adjust the speed of its communication operations (the router will therefore use a data communications equipment (DCE) cable), thereby synchronizing with the devices connected to it.

When making WAN connections between two routers in a lab, connect two routers with a serial cable to simulate a point-to-point WAN link. In this case, decide which router is going to be the one in control of clocking. Routers are DTE devices by default, but they can be configured to act as DCE devices.

The V35 compliant cables are available in DTE and DCE versions. To create a point-to-point serial connection between two routers, join together a DTE and DCE cable. Each cable comes with a connector that mates with its complementary type. These connectors are configured so that you cannot join two DCE or two DTE cables together by mistake.

Page 8 of 21

How to prepare a UTP cable Example: Instructions to prepare a Crossover cable

Things you'll need:

RJ-45 Crimp Tool Cat-5e Cable RJ-45 Jacks

Step 1

Prepare your workspace. Take the roll of UTP cable and cut the cable to length using the cutting blade on the crimp tool.

Step 2

Splice the end by using the splicing blades to expose the unshielded twisted pairs.

Step 3

Take each twisted pair and make four wire strands, each going out from the center of the wire.

Step 4

Now take the individual twisted wire pairs and untwist them down to individual wires in the following order: Striped Orange, Orange, Striped Green, Blue, Striped Blue, Green, Striped Brown, Brown.

Page 9 of 21

Step 5

Next, grasp the wires with your thumb and index finger of your non-dominant hand. Take each wire and snug them securely side by side.

Step 6

Using the cutting blade of the crimp tool, cut the ends off of the wires to make each wire the same height.

Step 7

Still grasping the wires, insert the RJ-45 jack on the wires with the clip facing away from you.

Step 8

Insert the jack into the crimper and press down tightly on the tool to seal the wires in place.

Step 9

Once the first head is made, repeat steps two through eight. When untwisting the wires down to sing strands, use the following order: Striped Green, Green, Striped Orange, Blue, Striped Blue, Orange, Striped Brown, Brown.

Step 10

Plug in the cable to test connectivity.

Page 10 of 21

Part 2: Cables Testing In this lab, we are going to use MicroScanner2 UTP cable tester device to verify that cables were prepared correctly else diagnosing cable's faults.

MicroScanner2 Features

Page 11 of 21

Auto Shutoff The tester turns off after 10 minutes if no keys are pressed and nothing changes at the testers connectors.

Changing the Length Units

Page 12 of 21

Page 13 of 21

Page 14 of 21

Diagnosing Wiremap Faults

Open

Wires connected to wrong pins at connector or punchdown blocks Faulty connections Damaged connector Damaged cable Wrong pairs selected in setup Wrong application for cable

Page 15 of 21

Split Pair

Wires connected to wrong pins at connector or punchdown block. Reversed Pairs

Wires connected to wrong pins at connector or punchdown block. Crossed Pairs

Wires connected to wrong pins at connector or punchdown block. Mix of 568A and 568B wiring standards (12 and 36 crossed). Crossover cables used where not needed (12 and 36 crossed).

Short

Damaged connector Damaged cable Conductive material stuck between pins at connector. Improper connector termination Wrong application for cable

******************************************* *** Solve associated parts in the problem sheet *** *******************************************

Page 16 of 21

Part 3: WIRESHARK Packet Sniffer

The purpose of this part is to introduce the packet sniffer WIRESHARK. WIRESHARK will be used for the lab experiments. This part introduces the basic operation of a packet sniffer, and a test run of WIRESHARK.

The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures (sniffs) messages being sent/received from/by your computer; it will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself. Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by application and protocols executing on your machine.

Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts. The packet capture library receives a copy of every link-layer frame that is sent from or received by your computer. Recall from the discussion from section 1.5 in the text (Figure 1.202) that messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer.

The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields within a protocol message. In order to do so, the packet analyzer must understand the structure of all messages exchanged by protocols. For example, suppose we are interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an

Page 17 of 21

Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within the IP datagram.

Finally, it understands the TCP segment structure, so it can extract the HTTP message contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that the first bytes of an HTTP message will contain the string GET, POST, or HEAD

Running Wireshark

When you run the Wireshark program, the Wireshark graphical user interface shown in Figure 2 will be displayed. Initially, no data will be displayed in the various windows.

The Wireshark interface has five major components:

The command menus are standard pulldown menus located at the top of the window. Of interest to us now are the File and Capture menus. The File menu allows you to save captured packet data or open a file containing previously captured packet data, and exit the Wireshark application. The Capture menu allows you to begin packet capture.

The packet-listing window displays a one-line summary for each packet captured, including the packet number (assigned by Wireshark; this is not a packet number contained in any protocols header), the time at which the packet was captured, the packets source and destination addresses, the protocol type, and protocol-specific information contained in the packet. The packet listing can be sorted according to any of these categories by clicking

Page 18 of 21

on a column name. The protocol type field lists the highest level protocol that sent or received this packet, i.e., the protocol that is the source or ultimate sink for this packet.

The packet-header details window provides details about the packet selected (highlighted) in the packet listing window. (To select a packet in the packet listing window, place the cursor over the packets one-line summary in the packet listing window and click with the left mouse button.). These details include information about the Ethernet frame (assuming the packet was sent/received over an Ethernet interface) and IP datagram that contains this packet. The amount of Ethernet and IP-layer detail displayed can be expanded or minimized by clicking on the plus-or-minus boxes to the left of the Ethernet frame or IP datagram line in the packet details window. If the packet has been carried over TCP or UDP, TCP or UDP details will also be displayed, which can similarly be expanded or minimized. Finally, details about the highest level protocol that sent or received this packet are also provided.

The packet-contents window displays the entire contents of the captured frame, in both ASCII and hexadecimal format.

Towards the top of the Wireshark graphical user interface, is the packet display filter field, into which a protocol name or other information can be entered in order to filter the information displayed in the packet-listing window (and hence the packet-header and packet-contents windows). In the example below, well use the packet-display filter field to have Wireshark hide (not display) packets except those that correspond to HTTP messages.

Taking Wireshark for a Test Run

1. Start up your favorite web browser, which will display your selected homepage. 2. Start up the Wireshark software. You will initially see a window similar to that shown in

Figure 2, except that no packet data will be displayed in the packetlisting, packet-header, or packet-contents window, since Wireshark has not yet begun capturing packets.

3. To begin packet capture, select the Capture pull down menu and select Options. This will cause the Wireshark: Capture Options window to be displayed, as shown in Figure 3.

Page 19 of 21

4. You can use most of the default values in this window, but uncheck Hide capture info dialog under Display Options. The network interfaces (i.e., the physical connections) that your computer has to the network will be shown in the Interface pull down menu at the top of the Capture Options window. In case your computer has more than one active network interface (e.g., if you have both a wireless and a wired Ethernet connection), you will need to select an interface that is being used to send and receive packets (mostly likely the wired interface). After selecting the network interface (or using the default interface chosen by Wireshark), click Start. Packet capture will now begin - all packets being sent/received from/by your computer are now being captured by Wireshark!

5. Once you begin packet capture, a packet capture summary window will appear, as shown in Figure 4. This window summarizes the number of packets of various types that are being captured, and (importantly!) contains the Stop button that will allow you to stop packet capture. Dont stop packet capture yet.

Page 20 of 21

6. While Wireshark is running, enter the URL: http://gaia.cs.umass.edu/wireshark-labs/INTRO-wireshark-file1.html And have that page displayed in your browser. In order to display this page, your browser will contact the HTTP server at gaia.cs.umass.edu and exchange HTTP messages with the server in order to download this page. The Ethernet frames containing these HTTP messages will be captured by Wireshark.

7. After your browser has displayed the INTRO-wireshark-file1.html page, stop Wireshark packet capture by selecting stop in the Wireshark capture window. This will cause the Wireshark capture window to disappear and the main Wireshark window to display all packets captured since you began packet capture. The main Wireshark window should now look similar to Figure 2. You now have live packet data that contains all protocol messages exchanged between your computer and other network entities! The HTTP message exchanges with the gaia.cs.umass.edu web server should appear somewhere in the listing of packets captured. But there will be many other types of packets displayed as well (see, e.g., the many different protocol types shown in the Protocol column in Figure 2).

8. Type in http (without the quotes, and in lower case all protocol names are in lower case in Wireshark) into the display filter specification window at the top of the main Wireshark window. Then select Apply (to the right of where you entered http). This will cause only HTTP message to be displayed in the packet-listing window.

Page 21 of 21

9. Select the first http message shown in the packet-listing window. This should be the HTTP GET message that was sent from your computer to the gaia.cs.umass.edu HTTP server. When you select the HTTP GET message, the Ethernet frame, IP datagram, TCP segment, and HTTP message header information will be displayed in the packet-header window3. By clicking plus and- minus boxes to the left side of the packet details window, minimize the amount of Frame, Ethernet, Internet Protocol, and Transmission Control Protocol information displayed. Maximize the amount information displayed about the HTTP protocol. Your Wireshark display should now look roughly as shown in Figure 5. (Note, in particular, the minimized amount of protocol information for all protocols except HTTP, and the maximized amount of protocol information for HTTP in the packet-header window).

10. Exit Wireshark

******************************************* *** Solve associated parts in the problem sheet *** *******************************************

How to prepare a UTP cableThings you'll need: