Yu Cheng (Jade) ICS 351 Prelab Report 2 September 18 [Question 1] Write the syntax for an ifconfig command that sets the IP address of the interface eth0 to 128.143.2.3/16 with broadcast address 128.143.255.255. `ifconfig eth0 128.143.2.3 netmask 255.255.0.0 broadcast 128.143.255.255` or `ifconfig eth0 128.143.2.3/16 broadcast 128.143.255.255` "netmask" specifies how much of the address to reserve for subdividing networks into subnetworks. The mask includes the network part of the local address and the subnet part, which is taken from the host field of the address. "broadcast" specifies the address to use to represent broadcasts to the network. The default broadcast address is the address with a host part of all 1's. [Question 2] Write the syntax of a tcpdump command that captures packets containing IP data- grams wth a source or destinaton IP address equal to 10.0.1.12. `tcpdump host 10.0.1.12` or `tcpdump dst 10.0.1.12 or scr 10.0.1.12` "dst" is true if the IP destination field of the packet is as specified. It could be either a name or an address. "scr" is true if the IP source field of the packet is as specified. "host" is true if either the IP source or destination of the packet is as specified. [Question 3] Write the syntax of a tcpdump command that captures packets containing ICMP messages with a source or destination IP address equal to 10.0.1.12. `tcpdump icmp host 10.0.1.12` or `tcpdump ip proto \icmp host 10.0.1.12` "ip proto" is true if the packet is an IP packet of the specified protocol type. "icmp" is the abbreviation of "ip proto \icmp". [Question 4] Write the syntax of a tcpdump command that captures packets containing IP data- grams between two hosts with IP addresses 10.0.1.11 and 10.0.1.12, both on interface eth1. `tcpdup -i eth1 '((host 10.0.1.11) or (host 10.0.1.12))'`. "-i" option listens on interface. If unspecfied, tcpdump searches the system interface list for the lowest numbered, configured up interface (exclusing loop- back). Ties are broken by choosing the earlist match. [Question 5] Write a tcpdump filter expression that captures packets containing TCP segments with a source or destination IP address equal to 10.0.1.12. `tcpdump tcp host 10.0.1.12` or `tcpdump ip proto \tcp host 10.0.1.12` "tcp" is the abbreviation of "ip proto \tcp". [Question 6] Write a tcpdump filter expression that in addition to the constraints in Question 5, only captures packets using port number 23. `tcpdump tcp host 10.0.1.12 port 23` "port" is true if either the source or destination port of the packet is as specified. [Question 7] Write the syntax for an wireshark command with capture filter so that all IP datagrams ith a source or destination IP address equal to 10.0.1.12 are recorded. `ip host 10.0.1.12` "ip" specify the protocol. If no protocols are specified, all of the protocols are used. [Question 8] Write the syntax for an wireshark display filter that shows IP datagrams with a destination IP address equal to 10.0.1.50 and frame sizes greater than 400 bytes. `ip.dst == 10.0.1.50 and frame.len > 400` "frame.len" is an unsigned 32-bit integer. It shows the frame length on the wire. [Question 9] Write the syntax for an wireshark dislay filter that shows packets containing ICMP messages with a source or destination IP address equal to 10.0.1.12 and frame numbers between 15 and 30. `icmp.ip == 10.0.1.12 and frame.len >= 15 and frame.len <= 30` [Question 10] Write the syntax for an wireshark display filter that shows packets containing TCP segments with a source or destination IP address equal to 10.0.1.12 and using port number 23. `tcp.ip == 10.0.1.12 and tcp.port == 23` [Question 11] Write an wireshark capture filter expression for Question 10. `tcp host 10.0.1.12 23`
