Skip to content

Instantly share code, notes, and snippets.

@obiknows

obiknows/hw2prelab.md

Last active January 31, 2017 07:23
Show Gist options
  • Save obiknows/9d750b9b1edfb971a7ec603743c5e45e to your computer and use it in GitHub Desktop.
Save obiknows/9d750b9b1edfb971a7ec603743c5e45e to your computer and use it in GitHub Desktop.
Download ZIP
HW2 Prelab
Raw
hw2prelab.md

Pre Lab 2

by Samuel Nnodim (son2105)

  1. Write the syntax for an ifconfig command that sets the IP address of theinterface eth0 to 128.143.2.3/16 with broadcast address 128.143.255.255.

    You could write: ifconfig eth0 128.143.2.3/16 broadcast 128.143.255.255

  2. Write the syntax of a tcpdump command that captures packets containing IP data-grams wth a source or destinaton IP address equal to 10.0.1.12.

    You could write: tcpdump host 10.0.1.12

  3. Write the syntax of a tcpdump command that captures packets containing ICMP messages with a source or destination IP address equal to 10.0.1.12.

    You could write: tcpdump icmp host 10.0.1.12

  4. Write the syntax of a tcpdump command that captures packets containing IP data-grams between two hosts with IP addresses 10.0.1.11 and 10.0.1.12, both on interface eth1.

    You could write: tcpdup -i eth1 '((host 10.0.1.11) or (host 10.0.1.12))'

  5. Write a tcpdump filter expression that captures packets containing TCP segments with a source or destination IP address equal to 10.0.1.12.

    You could write: tcpdump tcp host 10.0.1.12

  6. Write a tcpdump filter expression that in addition to the constraints in Question 5, only captures packets using port number 23.

    You could write: tcpdump tcp host 10.0.1.12 port 23

  7. Write the syntax for an wireshark command with capture filter so that all IP datagrams ith a source or destination IP address equal to 10.0.1.12 are recorded.

    You could write: ip host 10.0.1.12

  8. Write the syntax for an wireshark display filter that shows IP datagrams with a destination IP address equal to 10.0.1.50 and frame sizes greater than 400 bytes.

    You could write: ip.dst == 10.0.1.50 and frame.len > 400

  9. Write the syntax for an wireshark dislay filter that shows packets containing ICMP messages with a source or destination IP address equal to 10.0.1.12 and frame numbers between 15 and 30.

    You could write: icmp.ip == 10.0.1.12 and frame.len >= 15 and frame.len <= 30

  10. Write the syntax for an wireshark display filter that shows packets containing TCP segments with a source or destination IP address equal to 10.0.1.12 and using port number 23.

    You could write: tcp.ip == 10.0.1.12 and tcp.port == 23

  11. Write an wireshark capture filter expression for Question 10.

    You could write: tcp host 10.0.1.12 23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment