TELE $30004|$ Assignment $1(10\%)$

Instructions:

$$ This is a group assignment $(2$ students per group$).$

$$ Upon receipt of this assignment, each group must enroll in a group on SLATE.

$$ For this assignment you will need to use the following tools: tcpdump, hping$3$ and nmap. I recommend using Kali Linux to complete this assignment. I also recommend you use your Ethernet port instead of WiFi.

$$ When using tcpdump, turn off name resolution $(-$n$)$ and turn on verbose output $(-$v$)$ to show IP header fields.

$$ Make one submission per group to SLATE Dropbox. Make sure your submission contains the names of both group members. The submission should consist of two files; one PDF file $($this file saved as PDF$)$ that contains all the answers and one zip file that contains the $3$ pcap files. Failure to follow this instruction will result in $10\%$ penalty.

$1.$ Sending a fragmented ping

$$ Ping your partner$$s computer by sending a ping that has a size of $2000$ bytes. You can use Windows or Linux to send this ping.

$$ Capture the fragments when they arrive at your partner$$s computer. Save the fragments $($only the fragments that make up the ping, so just $2$ fragments$)$ in a PCAP file using tcpdump filters and the $$w and $$c options. Filename: A$1$Q$1.$pcap

Answer the following questions:

Your IP address $($sender of ping$)$: $[$type IP address here$]$

IP address of your partner $($running tcpdump$)$: $[$type IP address here$]$

In the next table cell, type the command you used to send the ping.

ping

In the next table cell, type the command $($including the filter$)$ you used to capture$/$display the fragments.

tcpdump

In the empty table cell below, paste a screenshot of the tcpdump output $($hex and ASCII dump, and $-$v to show the IP fields$)$ showing the two fragments only. Show only the first $300$ bytes of each packet by changing the snapshot length. Crop out any irrelevant parts of the screen $(10\%$ penalty if I can$$t easily read the output in the screenshot$).$

$[$paste screenshot here$]$

$2.$ Sending a fragmented packet using hping$3$

$$ Use hping$3$ to send one fragmented UDP segment to port $200$XX on your partner$$s computer, where XX is your SLATE group number $($e$.$g$.$ if your group number is $8,$ send the UDP message to port $20008).$

$$ Pick a fragment size $(--$mtu option$)$ so that you end up with three fragments, no more no less. The message below has to be spread over the three fragments.

$$ The UDP segment should contain the following data $($replace name $1$ and name $2$ with your names$)$:

Hello world. My name is $[$full name $1]$ and my partner$$s name is $[$full name $2].$ This assignment is fun.

$$ Capture the $3$ fragments when they arrive at your partner$$s computer. Save the fragments $($only the $3$ fragments that make up the packet you sent above, so only one fragment train$)$ in a PCAP file using tcpdump filters and the $$w and $$c options. Filename: A$1$Q$2.$pcap

In the next table cell, type the command you used to send the UDP segment.

hping$3$

In the next table cell, type the command $($including the filter$)$ you used to capture$/$display the fragments.

tcpdump

In the empty table cell below, paste a screenshot of the tcpdump output $($hex and ASCII dump, and $-$v to show the IP fields$)$ showing the fragment train. Crop out any irrelevant parts of the screen $(10\%$ penalty if I can$$t easily read the output in the screenshot$).$

$[$paste screenshot here$]$

$3.$ Sending a fragmented SYN using nmap

$$ Send a fragmented SYN using nmap to port $300$XX on your partner$$s computer, where XX is your SLATE group number.

$$ Capture the fragments when they arrive at your partner$$s computer. Save the fragments $($only the fragments that make up the first SYN$,$ so only one fragment train$)$ in a PCAP file using tcpdump filters and the $$w and $$c options. Filename: A$1$Q$3.$pcap

In the next table cell, type the command you used to send the SYN probe.

nmap

In the next table cell, type the command $($including the filter$)$ you used to capture$/$display the fragments.

tcpdump

In the empty table cell below, paste a screenshot of the tcpdump output $($hex and ASCII dump, and $-$v to show the IP fields$)$ showing the fragment train. Crop out any irrelevant parts of the screen $(10\%$ penalty if I can$$t easily read the output in the screenshot$).$

$[$paste screenshot here$]$

How did you make sure that the fragments above are all part of one fragment train? What do they all have in common?

$[$Type your answer here$]$