In this lab, we'll examine the ARP on a linux server. ssh into linux.cs.pdx.edu.
Use the ip address command to find the IPv4 address and hardware address of the local ethernet card interface (Typically beginning with eth, ens, or enp).
- Include both in your lab notebook
Perform a netstat -rn to list the route table for the machine.
- What is the default router's IP address (e.g. the gateway address for the default route 0.0.0.0/0)
Perform an arp command (both with and without the -n flag) on the IP address of the router.
- What is the name of the default router and its hardware address?
Next, we'll examine the ARP table on the server. Perform the command below to list the entire table.
arp -aAs the output shows, there are a number of machines directly connected to this server. The command outputs the DNS name, the IP address, and the hardware address of each. We can pipe the output of the command to wc -l to determine the number of entries in the table.
arp -a | wc -l- How many entries are there in the ARP table?
It is possible to assign multiple IP addresses to the same network hardware address. In order to see if this is being done for machines on this network, we can sort the output by hardware address. The sort utility with its -k flag can be used to sort the ARP table based on the field number of the output (assuming fields are delimited by spaces). Using the field number of the hardware addresses, output the ARP table sorted by hardware address. For example if the hardware address were field 8, the command would be:
arp -a | sort -k ...- List any IP addresses share the same hardware address
We can now use awk and uniq to find the total number of unique hardware addresses in the ARP table. As with sort, awk also utilizes the space delimiter to separate fields. By using uniq to remove duplicates, we can then count the total number of hardware addresses in the ARP table.
arp -a | sort -k ... | awk '{print $...}' | uniq | wc -l- How many less hardware addresses are there than IP addresses in the ARP table?
We can also use awk to generate a list of IP addresses with entries in the table. Note that the IP address in the output of the command is enclosed in parentheses. By default, awk uses the space character as a delimiter between output fields. We can use the -F flag of awk to specify alternate characters instead. The flag accepts a regular expression so the following expression -F '[()]' passed to awk instructs it to use either parenthesis character as a delimiter.
Use a single command-line to create a file that contains each IP address that appears in the machine's ARP table and places the results in a file called arp_entries. The command should be similar to the one below:
arp -an | awk -F '...' '{print ...}' > arp_entries
- Include the command in your lab notebook
Examine the arp_entries file:
- What network prefix do most of the IP addresses in the ARP table share?
In Cloud Shell, bring up your Ubuntu VM.
gcloud compute instances start <name_of_VM>ssh into the VM and install the net-tools package that includes arp and netstat.
sudo apt update -y sudo apt install net-tools -y
Find the IP address and hardware address of the local ethernet card interface (Typically beginning with eth, ens, or enp).
ip address
- Include both in your lab notebook
Then, examine the route table for the machine.
netstat -rn
- What is the default router's IP address (e.g. the gateway address for the default route 0.0.0.0/0)
Finally, find the hardware address of the default router by using arp to resolve its IP address
arp <IP_address_of_router>
- What is the default router's hardware address?
Create an account and complete all levels of Netsim
- https://netsim.erinn.io
- For the ping and traceroute levels, ensure ICMP is capitalized when specifying the proto field
- For the traceroute level, it is solved in two steps. The first identifies the hidden routers, the second pings each one.
Upon completion of all levels
- Take a screenshot of the completed list of levels including your OdinID