SI110: Network Assembly

A. Preparation

Before you begin assembling the network, follow the steps below:

To start a shell running "as administrator":

click on the Windows orb at the bottom left.
type cmd (but not enter) in the search box at the bottom of the resulting pop-up window.
right-click on command prompt icon and select Run as administrator.

Start a Windows Command Prompt shell as administrator. Do this by right-clicking the command prompt icon and selecting Run as administrator. All the network configuration commands (starting with the very next item!) should be given in this shell, because they require superuser priveleges.
Suggestion: Launching two or three cmd processes (i.e. keeping multiple shell windows open) will make this lab easier.
Issue the following command (in an administrator shell!), which will clear your old network settings (which you got via dhcp):
```
ipconfig /release
```
Turn the wireless radio switch on the side of your laptop to the OFF position.
You can turn the Windows firewall off with the GUI with the following: From the Windows Start Menu, navigate to the "Windows Firewall" control panel (Start->Control Panel->System and Security->Windows Firewall) and click on the "Turn Windows Firewall on or off" option from the left panel. From this new menu, turn off the firewall for all three network locations and click OK.
Issue the following command (in an administrator shell!), which will turn off the Windows Firewall:
```
netsh advfirewall set allprofiles state off
```
Issue the following command (in an administrator shell!), which will clear your arp table:
```
arp -d
```

B. Build a Network

In this first part of the lab, you will create a wired Ethernet network to communicate with your classmates. As discussed in class, the very basic layout of a wired network is as follows: 4 computers connected to a single switch.

4 computers connected to a single switch.

Assemble the network (left) with three other students using your laptop and the provided Ethernet switch and cables. First, connect the switch's power cord and plug it into an electrical outlet. Next, plug one end of the Ethernet cable into an empty port on the switch and the other end into the Ethernet port on your laptop (located on the opposite side of the CD/DVD drive).

Now that you have an assembled computer network, you need to configure your computer with an IP address and subnet mask so that you can communicate over the network. To do this, execute the following in the Windows command prompt, consulting the table below for your IP address and subnet mask.

You must coordinate with your group members when setting your IP addresses to prevent having two hosts with the same IP address. Use the table and form below to assign IP addresses for your group.

Enter the following information to generate a command to copy and paste into your Windows shell.

Group Number	Assigned IP Addresses	Subnet Mask
Group 1	85.170.15.1 - 85.170.15.4	255.255.255.224
Group 2	85.170.15.33 - 85.170.15.36	255.255.255.224
Group 3	85.170.15.65 - 85.170.15.68	255.255.255.224
Group 4	85.170.15.97 - 85.170.15.100	255.255.255.224
Group 5	85.170.15.129 - 85.170.15.132	255.255.255.224

This command must be entered into a shell that is running "as administrator"! See step A.1 for details.

C. Test the Network

Verify your IP address actually changed by executing the ipconfig command in the Windows shell. ← Worksheet question 2 Once you have verified that your IP is correct, test your connectivity with the other computers on the network using ping. Type ping IPaddress in the command prompt window to test your connection with the computer at IPaddress. ← Worksheet question 3 If you have connectivity, you should see something like this:

If, instead of reply messages, you see destination unreachable messages, then there is a problem with the network. Check and double check the following possible causes:

An Ethernet cable is disconnected or loose.
An Ethernet cable is damaged.
A computer is configured with an incorrect IP address.
The switch is off/unplugged

If you have checked and re-checked all of the above and are still having connection issues, let your instructor know.

D. Communicate via Netcat Over the Network

If, during this lab or a previous activity, you tried to run a netcat server process and you didn't click the "Allow access" button in window that popped up as a result, windows will refuse to allow nc to listen to ports from that time onwards! To fix things, give the following command in an Administrator shell:

netsh advfirewall firewall delete rule name=nc

Later we'll talk about firewalls, but to give you a peek ahead: not clicking "Allow access" creates firewall rules that stops nc from being able to listen to ports. The above command removes those rules.

At this point, you have a functional network of four hosts. Let's do something interesting with it, like chat with eachother. There are many ways to talk to eachother via computers, but this lab will focus on using Netcat over TCP.

Let's start chatting with other members of our group who share the same network.

Listen on TCP port 1845 by entering the following command in the Windows shell:
```
nc -l -p 1845
```
Important: Click "Allow access" if a permission Window pops up!
Okay, now your computer is listening for TCP connections on port 1845.
Once another member of your group is also listening on port 1845, establish a connection to his/her IP address with the following shell command (replacing IPaddress with the actual IP address of the computer you want to connect to):
```
nc IPaddress 1845
```

↑ Worksheet question 4

E. Connect the Network to Other Networks

You will need to know an IP address on the other group's network to test the connection.

Great! You can share thoughts with everyone in your local network, but what about hosts on the other networks? Connect your switch to the switch from another group (not yet router!) using the empty Ethernet ports and test the connection using ping.

What message did you receive? Why didn't it work? ← Worksheet question 5

Take another look at the IP address and subnet mask combinations for each group. Enter the IP address and subnet mask for two hosts from different groups and compare the network address that is calculated. If they are equal, then the two IP addresses are on the same network and the packet is sent directly to the destination host. If not, the packet needs to be sent to a router, which knows where to send the packet next. Your computer does this exact same comparison prior to sending each packet out on the network because it needs to know where to send the packet.

Group/Port Mapping
9	8	7	6
1	2	3	4
5
5	4	3	2

Now you see that each group is a separate network and know that a router is necessary to connect with other groups, let's do something about it. Disconnect your switch from the other one and plug the Ethernet cable into your group's designated port number on the router using the adjacent diagram as a guide. ← Worksheet question 6

Ok, now that you are all connected to the router, try to ping a host from one of the other networks again.

What message did you get this time? Now why didn't it work? ← Worksheet question 7

When a host sends a packet to a host on another network, that packet must go to the router, called a gateway router. Well, the sender needs to know where the router is (i.e. its IP address) in order to send anything there. So, go back and set your host's Default Gateway address based on your group number. The complete table is below:

Group Number	Assigned IP Addresses	Subnet Mask	Default Gateway
Group 1	85.170.15.1 - 85.170.15.4	255.255.255.224	85.170.15.30
Group 2	85.170.15.33 - 85.170.15.36	255.255.255.224	85.170.15.62
Group 3	85.170.15.65 - 85.170.15.68	255.255.255.224	85.170.15.94
Group 4	85.170.15.97 - 85.170.15.100	255.255.255.224	85.170.15.126
Group 5	85.170.15.129 - 85.170.15.132	255.255.255.224	85.170.15.158

This command must be entered into a shell that is running "as administrator"! See step A.1 for details.

Copy and paste the following command (minus the comments in green) into the administrator command prompt:

route add 0.0.0.0 mask 0.0.0.0 <GatewayIP>		#adds a default gateway address for all foreign networks. 
							#The 0.0.0.0 mask 0.0.0.0 is a fancy way of saying all 
							#networks other than my own

This command will set your Gateway Router. ← Worksheet question 8 You'll see a box like

pop up. Just choose Public network. This limits the amount of information other hosts can discover about your host.

If it doesn't work this time, then you should refer back to the network testing section for troubleshooting.

Now that everything is set completely and correctly, test your connection with a host on any other network!

Using netcat (nc), send a message to a host on another network. Using netcat (nc), recieve a message from a host on another network. ← Worksheet question 9
Do a traceroute tracert to another member of your group and then traceroute tracert to a member not in your group. Explain why their displayed outputs were different? ← Worksheet question 10
Run the following three ping commands, in order. Pay attention to the output then answer ← Worksheet question 11
```
 
```
```
 
```
```
 
```
At this point, every host in the classroom is connected via the classroom internet. Give the command:
```
 arp -av 
```
... and examine the output. Explain what determines whether or not a host from the classroom appears in the arp table. ← Worksheet question 12
NOTE: Ignore addresses in the arp table that don't start with with 85.170. Even with this, there will be one address you don't recognize. It's called the broadcast address, and it's beyond the scope of this lab.

STOP AND WAIT FOR INSTRUCTOR LED DISCUSSION!!

Participate in the instructor-led discussion of routers. ← Worksheet question 13

F. Postlab Restoration

Setting up a new network requires configuration changes to every host added to the network, as you saw today. Before you reconnect to the USNA network, you must undo the changes you made in lab.

You can turn the Windows firewall off with the GUI with the following: From the Windows Start Menu, navigate to the "Windows Firewall" control panel (Start->Control Panel->System and Security->Windows Firewall) and click on the "Turn Windows Firewall on or off" option from the left panel. From this new menu, turn on the firewall for all three network locations and click OK.
Important: Issue the following command (in an administrator shell!), which will turn off the Windows Firewall back on
```
netsh advfirewall set allprofiles state on
```
Turn the wireless radio switch on the side of your laptop to the ON position.
Next copy and paste the following command into the Windows shell (which tells the system to revert back to dhcp):
This command must be entered into a shell that is running "as administrator"! See step A.1 for details.
```
netsh interface ipv4 set address name="Local Area Connection" source=dhcp
```

← Worksheet question 14-15

	IP Address	Binary Representation
Host A:	==>
Host B:	==>
Subnet Mask:	==>