Specialised Protocols in Computer Networks

Computer Science Department

 

 

Lecturer:

Adrian Sergiu DARABANT      

dadi(at)scs.ubbcluj.ro  (students use this address to send me lab matters. For any official inquiry write me on my @cs address)

 

Microsoft Teams access code: 3npxlt8

Note: Class activity will be held on Microsoft Teams team – join Specialized Protocols in Computer Networks or join with code: 3npxlt8

Information and Requirements:

An aprox. course syllabus is presented at this location: SYLLABUS

Linux Virtual Machine for the various Labs (for those not having a Linux system handy)– needs Vmware Player/Virtual Box installed on your machine.

Examination and grading

Oral Presentation and practical networking project setup (generally does not involve programming) – minimum passing grade 5.00

Feel free to consult the documents in the computer networks area at THIS LOCATION (available only from the faculty’s network)

Last Presentations: 28/01/2013 – 9:00 Campus

Those Not Registered for the Course please do so now by updating your study contracts

.

Presentations:

Labs:

1)      Wireshark, tcpdump and Ethereal – RT packet analysis

2)      Unix firewalls – iptables and modules, routing,SNAT, DNAT, mangle, mark, etc

3)      Windows firewalls (XP, Vista,…)– routing, SNAT, DNAT, etc

4)      Raw Sockets programming

5)      IP-IP tunnels – Linux  and windows

6)      IP Tunnels – GRE

7)      IP Tunnel PPTP + OpenVPN

8)      IPSec – transport mode

9)      IPSec – tunnel mode

10)  Voip protocols and applications

11)   Peer 2 Peer – Bittorent, Emule, etc

12)   Firewall Hole Punching – UDP and TCP hole punching, Hamachi

13)  Traffic shaping

14)  Final lab – questions and demonstrations

 

Lab1- Iptables Firewalls

Implementation of the first part here<-

Implement a Firewall policy on router that:

1.      Blocks all traffic from Internet to the router

2.      Allows ping from Internet to the router with data packets of max 100 bytes

3.      Permits network traffic from the router everywhere in Internet

4.      Allows access to the router from Internet using SSH

5.      Implements NAT for its local network to the Internet between 9:00 and 18:00

6.      Blocks traceroute from the local network to the internet

7.      Forwards incoming traffic to the router from Internet on port 80 and 443 (http and https) to a host in the LAN (192.168.179.130 but it depends on your setup) on the same ports

8.      Allows ping from the LAN to the Internet with packets up to 1000 bytes and only between 18:00 and 22:00

9.      Allows access to Internet  (NAT) from the LAN for a host having the IP address Y (choose a value depending on your LAN addressing) at all times.

10.  Allows access to Internet for the IP range IP1..IP2 between 8:00 and 24:00

11.  Block all packets departing from the LAN to Internet or incoming from Internet to LAN using the http protocol containing words “help”, “stackoverflow” or shit. 

 

Changing the default route (in hosts on simulated LAN):

route delete default

route add default gw 192.168.179.128                      new gateway is now 192.168.179.128

 

Iptables – common commands:

iptables –L  list the content of the filter table (INPUT, FILTER and OUTPUT chains)

iptables –t nat –L – lists the nat table

iptables –F  empties the filter table

iptables –X deletes all custom (user created) chains

iptables –P INPUT DROP change the default policy of the INPUT chain to DROP

iptables –I INPUT <criteria>  adds a new rule to the INPUT chain

 

The class simulated network architecture with a HOST machine and 2 VMs is depicted bellow: