//Cyber Battlefield/Build-a-LAN Lab

Do not close this web page. Open two copies of this web page in your browser.

A. Preparation

Before you begin assembling the network, follow the steps below:

Follow these steps to open an Administrator shell in Windows:
  1. Press the System (Windows) key
  2. Type in: cmd
  3. Right-click cmd.exe to bring up the context menu.
  4. Select Run as administrator.
  1. Be careful while connecting and disconnecting your Ethernet cables, the physical port on your laptop is delicate.
  2. Verify nk works.
    1. Open a Windows shell
    2. Enter the command: C:>nk
    3. If you do not see a usage statement, then download nk (see below)
      nk usage statement:
      nk (netkitteh): Send/receive bytes using TCP or UDP.
      
      Usage: nk [-h] [-u] [-l port] [host port]
             -h = print this help message
             -u = use UDP
             -l = listen on 'port'
           host = name of a server listening on 'port'
                  (hostname, domainname, or IP address)
      
      Examples: TCP server: nk -l 12345
                    client: nk foo.bar.net 12345
                UDP server: nk -u -l 12345
                    client: nk -u 128.56.19.80 12345

    As required, download nk:

    1. Download (Right click, Save link as ...) this program: nk.exe and save it to C:\SI110Programs\ as nk.exe.
    2. Reverify nk works.
      Failure to have nk working on your laptop will result in a grade deduction on the lab, and/or the instructor option portion of your grade.
  3. The commands in the black boxes on this web page are set up so that you can copy and paste the command into your Windows Administrator shell. Some commands are LONG, so be sure you have copied the entire command (triple-click!)
  4. Notify your instructor if there are any errors with any shell commands or actions taken during lab!
  5. Keep this browser window open during lab - you cannot get to the USNA network after you complete these Preparation steps. Also, once you start entering in data into the page and generating commands, if you refresh or leave the page and use the BACK button - you will lose the pre-configured commands for your host and need to generate the commands again by re-entering your host IP Address and Subnet mask.
  6. Start a Windows Administrator shell. All the network configuration commands (starting with the very next item!) should be given in this shell, because they require super-user privileges.
    Suggestion: Have two or three Windows shells open, multiple cmd processes, to assist with the various lab activities.
  7. Issue the following command (in an Administrator shell!), which will clear your old network settings to include your IP address, your subnet mask, your default gateway router, etc:
    ipconfig /release
  8. Press the wireless button wireless icon off to turn off your wireless adapter. The icon will be orange once it is turned off
  9. You can turn the Windows firewall off with the GUI with the following:
    1. From the Windows Start Menu, navigate to the Windows Firewall control panel (Start->Control Panel->System and Security->Windows Firewall)
    2. Click on the Turn Windows Firewall on or off link in the left panel
    3. From this new menu, turn off the firewall for all three network locations and click OK.
    At the end of the lab you will turn your firewalls back on.
    Issue the following command (in an administrator shell), which will turn off the Windows Firewall:
    netsh advfirewall set allprofiles state off
  10. Silence is Golden. When successful, arp -d * will not return any output.
    Issue the following command (in an administrator shell), which will clear your ARP table:
    arp -d *
     ↑ Worksheet Question  

B. Build a Network

In this first part of the lab, you will create a wired Ethernet network to communicate with your classmates. As discussed in class, the very basic layout of a wired network is as follows: 4 computers connected to a single switch.

Assemble the network (left) with three other students using your laptop and the provided Ethernet switch and cables. First, connect the switch's power cord and plug it into an electrical outlet. Next, plug one end of the Ethernet cable into an empty port on the switch and the other end into the Ethernet port on your laptop (located on the opposite side of the CD/DVD drive).  ← Worksheet Question  

Now that you have an assembled computer network, you need to configure your computer with an IP address and subnet mask so that you can communicate over the network. To do this, execute the following in the Administrator Windows command prompt, consulting the table below for your IP address and subnet mask.

You must coordinate with your group members when setting your IP addresses to prevent having two hosts with the same IP address. Use the table and <FORM> below to assign IP addresses for your group.

Enter the following information to generate a command to copy and paste into your Windows shell.

IP Address:   
Subnet Mask:
Group Number   Assigned IP Addresses   Subnet Mask
Group 1   85.170.15.1   - 85.170.15.5   255.255.255.224
Group 2   85.170.15.33  - 85.170.15.36   255.255.255.224
Group 3   85.170.15.65  - 85.170.15.68   255.255.255.224
Group 4   85.170.15.97  - 85.170.15.100   255.255.255.224
Group 5   85.170.15.129 - 85.170.15.132   255.255.255.224
This command must be entered into a shell that is running "as administrator" See Step A.3. for details.
 

C. Test the Network

Verify your IP address actually changed by executing the ipconfig command in a Windows shell.  ← Worksheet Question 2 
Once you have verified that your IP is correct, test your connectivity with the other computers on the network using ping. Type ping IPaddress in a shell to test your connection with the computer at IPaddress.  ← Worksheet Question 3 
If you have connectivity, you should see something like this:

capture of ping

If, instead of reply messages, you see destination unreachable messages, then there is a problem with the network. Check and double check the following possible causes:

If you have checked and re-checked all of the above and are still having connection issues, let your instructor know.

D. Communicate via netkitten Over the Network

If, during this lab or a previous activity, you tried to run a netkitten server process and you didn't click the Allow access button in window that popped up as a result, windows will refuse to allow nc to listen to ports from that time onwards! To fix things, give the following command in an Administrator shell:
netsh advfirewall firewall delete rule name=nc
netsh advfirewall firewall delete rule name=nk
Later we'll talk about firewalls, but to give you a peek ahead: NOT clicking Allow access creates firewall rules that stops nc from being able to listen to ports. The above command removes those rules.

At this point, you have a functional network of four hosts. Let's do something interesting with it, like chat with each other. There are many ways to talk to each other via computers, but this lab will focus on using netkitten over TCP.

Let's start chatting with other members of our group who share the same network.

  1. Partner with one group member and decide who will listen on TCP port 42123, and who will connect to a host listening on port 42123.
  2. Server:
    • Enter the following command in one of your Windows shells:
      nk -l 42123
      Hit Enter. Important: Click "Allow access" if a permission Window pops up!
      Okay, now your computer is listening for TCP connections on port 42123.
    • Wait for client to connect (don't type anything in the shell until you receive a message (text) from the client!)
  3. Client:
    • Connect to the server's host on port 42123 by issuing the following shell command (replacing IPaddress with the server's actual IP address):
      nk IPaddress 42123
    • Hit Enter. Now send a short message (type in the shell) to the server's host, hit Enter.
  4. Both Server and Client: Once the three way handshake is set up (TCP connection established) and you can send text back and forth, in a separate Administrator shell, type:
    netstat -ant | more
    Use spacebar to scroll through the output one page at a time. Look for the entry in the output for netstat that shows your TCP connection to your group member's host.
  5. Now, switch roles (you can switch group members you are working with too, if desired), again using netstat to find the connection.
  6. Complete Worksheet Question 4.  ← Worksheet Question 4 

E. Connect the Network to Other Networks

You will need to know an IP address on the other group's network to test the connection.
Great! You can share thoughts with everyone in your local network, but what about hosts on the other networks? Connect your switch to the switch from another group (NOT the router!) using the empty Ethernet ports and test the connection using ping.

What message did you receive? Why didn't it work?

Take another look at the IP address and subnet mask combinations for each group. Enter the IP address and subnet mask for two hosts from different groups and compare the network address that is calculated using the below form. If they are equal, then the two IP addresses are on the same network and the packet is sent directly to the destination host. If not, the packet needs to be sent to a router, which knows where to send the packet next. Your computer does this exact same comparison prior to sending each packet out on the network because it needs to know where to send the packet.

  IP Address Binary Representation  
Host A: ==>
Host B: ==>
Subnet Mask: ==>

Now you see that each group is a separate network and know that a router is necessary to connect with other groups, let's do something about it.  ← Worksheet Question 5 

Now disconnect your switch from the other one and plug the Ethernet cable into your group's designated port on the router using the below diagram as a guide.  ← Worksheet Question 6 

Router Port/Group Mapping
9 8 7 6
5 4 3 2
1 2 3 4
5 - - -

OK, now that you are all connected to the router, try to ping a host from one of the other networks again.

What message did you get this time? Now why didn't it work?  ← Worksheet Question 7 

When a host sends a packet to a host on another network, that packet must go to the router, called a gateway router. Well, the sender needs to know where the router is (i.e. it needs to know the router's IP address) in order to send anything there. Type ipconfig in your shell...is there an IP address listed for Default Gateway? Nope. This means your host doesn't know the gateway router's IP address. The router has one configured, but no network server was available to specifically tell your host to use that gateway IP address. So, go back and set your host's Default Gateway router IP address based on your group number. The complete table is below:

Group Number   Assigned IP Addresses   Subnet Mask   Default Gateway
Group 1   85.170.15.1   - 85.170.15.5   255.255.255.224   85.170.15.30
Group 2   85.170.15.33  - 85.170.15.36   255.255.255.224   85.170.15.62
Group 3   85.170.15.65  - 85.170.15.68   255.255.255.224   85.170.15.94
Group 4   85.170.15.97  - 85.170.15.100   255.255.255.224   85.170.15.126
Group 5   85.170.15.129 - 85.170.15.132   255.255.255.224   85.170.15.158
This command must be entered into a shell that is running "as administrator"! See step A.1 for details.

Copy and paste the following command (minus the comments in green) into the administrator shell:

route add 0.0.0.0 mask 0.0.0.0 <GatewayIPAd>          #adds a default gateway address for all foreign networks.
                                                      #The 0.0.0.0 mask 0.0.0.0 is a fancy way of saying all
                                                      #networks other than my own
This command will set your Gateway Router.  ← Worksheet Question 8  You'll see a box like pop up. Just choose Public network. This limits the amount of information other hosts can discover about your host.
If it doesn't work this time, then you should refer back to the network testing section for troubleshooting.

Now that everything is set completely and correctly, test your connection with a host on any other network!

F. Instructor Demo

STOP AND WAIT FOR INSTRUCTOR LED DISCUSSION!!

G. Post Lab Restoration

Setting up a new network requires configuration changes to every host added to the network, as you saw today. Before you reconnect to the USNA network, you must undo the changes you made in lab.

  1. You can turn the Windows firewall on with the GUI with the following: From the Windows Start Menu, navigate to the "Windows Firewall" control panel (Start->Control Panel->System and Security->Windows Firewall) and click on the "Turn Windows Firewall on or off" option from the left panel. From this new menu, turn on the firewall for all three network locations and click OK.
    Important: Issue the following command (in an administrator shell!), which will turn off the Windows Firewall back on
    netsh advfirewall set allprofiles state on
  2. Press Fn-Print Screen (Air Plane Mode) toggle your laptops wireless radios on.
  3. Next copy and paste the following command into the Windows shell (which tells the system to revert back to settings supplied by USNA's intranet network):
    This command must be entered into a shell that is running "as administrator"! See step A.1 for details.
    netsh interface ipv4 set address name="Ethernet" source=dhcp
     ↑ Worksheet Question 14 
  4. Before leaving class, ensure you have full Internet connectivity to the USNA network (you can get to your mail, for example). In a shell, enter ipconfig. You have one last question to answer.  ← Worksheet Question 15