TiagoRG
/
uaveiro-leci
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[RC1] Add pratica04 

- Also create link for project submodule

Signed-off-by: TiagoRG <tiago.rgarcia@ua.pt>
This commit is contained in:
Tiago Garcia 2023-11-10 00:21:36 +00:00
parent c4f71fc5fa
commit b1e1a3dede
Signed by: TiagoRG
GPG Key ID: DFCD48E3F420DB42
18 changed files with 821 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -20,3 +20,6 @@
/**/*.qpf
/**/*.qsf
!/1ano/2semestre/lsd/master.qsf
# QEMU Virtual Hard Disks
/**/*.qcow2

3
.gitmodules vendored
View File

@ -14,3 +14,6 @@
[submodule "2ano/1semestre/aed/trabalho1-113221-114184"]
path = 2ano/1semestre/aed/trabalho1-113221-114184
url = https://github.com/detiuaveiro/trabalho1-113221-114184.git
[submodule "2ano/1semestre/rc1/rc1-project"]
path = 2ano/1semestre/rc1/rc1-project
url = https://github.com/TiagoRG/rc1-project.git

BIN
2ano/1semestre/rc1/pratica04/Guide3_RC1_DHCP_NAT_IPv6_VMware.pdf Normal file
View File

Binary file not shown.

BIN
2ano/1semestre/rc1/pratica04/ipv6-ex1.pcapng Normal file
View File

Binary file not shown.

BIN
2ano/1semestre/rc1/pratica04/ipv6-ex2.pcapng Normal file
View File

Binary file not shown.

BIN
2ano/1semestre/rc1/pratica04/ipv6-ex3.pcapng Normal file
View File

Binary file not shown.

BIN
2ano/1semestre/rc1/pratica04/ipv6-ex4.pcapng Normal file
View File

Binary file not shown.

BIN
2ano/1semestre/rc1/pratica04/ipv6-ex5.pcapng Normal file
View File

Binary file not shown.

312
2ano/1semestre/rc1/pratica04/pratica04-ipv6/p04-ipv6.gns3 Normal file
View File

@ -0,0 +1,312 @@
{
"auto_close": true,
"auto_open": false,
"auto_start": false,
"drawing_grid_size": 25,
"grid_size": 75,
"name": "p04-ipv6",
"project_id": "1b3231f6-4dbd-4ae3-97ae-fc4db89f5afd",
"revision": 9,
"scene_height": 1000,
"scene_width": 2000,
"show_grid": false,
"show_interface_labels": false,
"show_layers": false,
"snap_to_grid": false,
"supplier": null,
"topology": {
"computes": [],
"drawings": [],
"links": [
{
"filters": {},
"link_id": "597bc895-8637-45ac-94be-a053c5628fcd",
"link_style": {},
"nodes": [
{
"adapter_number": 0,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "e0",
"x": 72,
"y": 24
},
"node_id": "94e87dbb-89d9-4938-a0c6-ced3802d1b58",
"port_number": 0
},
{
"adapter_number": 0,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "e0",
"x": -4,
"y": 21
},
"node_id": "e304c27b-756f-49f0-b7ec-f7acbcd7cda4",
"port_number": 0
}
],
"suspend": false
},
{
"filters": {},
"link_id": "ce5e6499-05fa-4de9-9899-6f97e38567b4",
"link_style": {},
"nodes": [
{
"adapter_number": 0,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "e1",
"x": 75,
"y": 14
},
"node_id": "e304c27b-756f-49f0-b7ec-f7acbcd7cda4",
"port_number": 1
},
{
"adapter_number": 0,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "f0/0",
"x": -6,
"y": 23
},
"node_id": "fdddf689-2b11-4e73-8644-5bb3c5a4de49",
"port_number": 0
}
],
"suspend": false
}
],
"nodes": [
{
"compute_id": "local",
"console": 5002,
"console_auto_start": false,
"console_type": "none",
"custom_adapters": [],
"first_port_name": null,
"height": 32,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "Switch1",
"x": 7,
"y": -25
},
"locked": false,
"name": "Switch1",
"node_id": "e304c27b-756f-49f0-b7ec-f7acbcd7cda4",
"node_type": "ethernet_switch",
"port_name_format": "Ethernet{0}",
"port_segment_size": 0,
"properties": {
"ports_mapping": [
{
"name": "Ethernet0",
"port_number": 0,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet1",
"port_number": 1,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet2",
"port_number": 2,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet3",
"port_number": 3,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet4",
"port_number": 4,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet5",
"port_number": 5,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet6",
"port_number": 6,
"type": "access",
"vlan": 1
},
{
"name": "Ethernet7",
"port_number": 7,
"type": "access",
"vlan": 1
}
]
},
"symbol": ":/symbols/ethernet_switch.svg",
"template_id": "1966b864-93e7-32d5-965f-001384eec461",
"width": 72,
"x": -65,
"y": -132,
"z": 1
},
{
"compute_id": "local",
"console": 5000,
"console_auto_start": false,
"console_type": "spice",
"custom_adapters": [],
"first_port_name": "",
"height": 59,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "Debian10-1",
"x": -5,
"y": -25
},
"locked": false,
"name": "Debian10-1",
"node_id": "94e87dbb-89d9-4938-a0c6-ced3802d1b58",
"node_type": "qemu",
"port_name_format": "Ethernet{0}",
"port_segment_size": 0,
"properties": {
"adapter_type": "e1000",
"adapters": 1,
"bios_image": "",
"bios_image_md5sum": null,
"boot_priority": "c",
"cdrom_image": "",
"cdrom_image_md5sum": null,
"cpu_throttling": 0,
"cpus": 1,
"create_config_disk": false,
"hda_disk_image": "LabComServer2.qcow2",
"hda_disk_image_md5sum": "534cd2b4f40ba5a9ff5dd52ac65f3190",
"hda_disk_interface": "ide",
"hdb_disk_image": "",
"hdb_disk_image_md5sum": null,
"hdb_disk_interface": "none",
"hdc_disk_image": "",
"hdc_disk_image_md5sum": null,
"hdc_disk_interface": "none",
"hdd_disk_image": "",
"hdd_disk_image_md5sum": null,
"hdd_disk_interface": "none",
"initrd": "",
"initrd_md5sum": null,
"kernel_command_line": "",
"kernel_image": "",
"kernel_image_md5sum": null,
"legacy_networking": false,
"linked_clone": true,
"mac_address": "0c:e8:7d:bb:00:00",
"on_close": "power_off",
"options": "",
"platform": "x86_64",
"process_priority": "normal",
"qemu_path": "/usr/bin/qemu-system-x86_64",
"ram": 1024,
"replicate_network_connection_state": true,
"tpm": false,
"uefi": false,
"usage": ""
},
"symbol": ":/symbols/qemu_guest.svg",
"template_id": "a97b619f-01b3-4a60-b31f-e257a1ea6774",
"width": 65,
"x": -294,
"y": -146,
"z": 1
},
{
"compute_id": "local",
"console": 5003,
"console_auto_start": false,
"console_type": "telnet",
"custom_adapters": [],
"first_port_name": null,
"height": 45,
"label": {
"rotation": 0,
"style": "font-family: TypeWriter;font-size: 10.0;font-weight: bold;fill: #000000;fill-opacity: 1.0;",
"text": "R1",
"x": 20,
"y": -25
},
"locked": false,
"name": "R1",
"node_id": "fdddf689-2b11-4e73-8644-5bb3c5a4de49",
"node_type": "dynamips",
"port_name_format": "Ethernet{0}",
"port_segment_size": 0,
"properties": {
"auto_delete_disks": true,
"aux": null,
"clock_divisor": 4,
"disk0": 0,
"disk1": 0,
"dynamips_id": 1,
"exec_area": 64,
"idlemax": 500,
"idlepc": "",
"idlesleep": 30,
"image": "c7200-adventerprisek9-mz.151-4.M2.image",
"image_md5sum": "d54b063e3d0b368a702ffb49f497825e",
"mac_addr": "ca01.8b87.0000",
"midplane": "vxr",
"mmap": true,
"npe": "npe-400",
"nvram": 512,
"platform": "c7200",
"power_supplies": [
1,
1
],
"ram": 512,
"sensors": [
22,
22,
22,
22
],
"slot0": "C7200-IO-FE",
"slot1": "PA-2FE-TX",
"slot2": "PA-2FE-TX",
"slot3": null,
"slot4": null,
"slot5": null,
"slot6": null,
"sparsemem": true,
"system_id": "FTX0945W0MY",
"usage": ""
},
"symbol": ":/symbols/router.svg",
"template_id": "4e0ff74f-f52f-457f-bca1-d3e4a7639f57",
"width": 66,
"x": 183,
"y": -137,
"z": 1
}
]
},
"type": "topology",
"variables": null,
"version": "2.2.43",
"zoom": 100
}

BIN
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap Normal file
View File

Binary file not shown.

2
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/dynamips/fdddf689-2b11-4e73-8644-5bb3c5a4de49/configs/i1_private-config.cfg Normal file
View File

@ -0,0 +1,2 @@
end

127
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/dynamips/fdddf689-2b11-4e73-8644-5bb3c5a4de49/configs/i1_startup-config.cfg Normal file
View File

@ -0,0 +1,127 @@
!
!
! Last configuration change at 19:43:25 UTC Sun Nov 5 2023
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
no ip domain lookup
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex half
ipv6 address 2001:A:1:1::100/64
ipv6 address 2001:A:1:2::100/64
ipv6 address 2001:A:1:2::/64 eui-64
ipv6 enable
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
end

31
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/dynamips/fdddf689-2b11-4e73-8644-5bb3c5a4de49/dynamips_i1_log.txt Normal file
View File

@ -0,0 +1,31 @@
Nov 05 16:56:23.289 HYPERVISOR: Release 0.2.23-amd64/Linux (tag 2023010200)
Nov 05 16:56:23.289 HYPERVISOR: Started on IP = 127.0.0.1, TCP port = 53197.
Nov 05 16:56:23.293 HYPERVISOR: exec_cmd: hypervisor version
Nov 05 16:56:23.293 HYPERVISOR: exec_cmd: hypervisor working_dir /home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/dynamips
Nov 05 16:56:23.293 GENERAL: working_dir=/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/dynamips
Nov 05 16:56:23.293 HYPERVISOR: exec_cmd: ethsw create Switch1
Nov 05 16:56:23.383 HYPERVISOR: exec_cmd: nio create_udp udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 10001 127.0.0.1 10000
Nov 05 16:56:23.383 HYPERVISOR: exec_cmd: ethsw add_nio Switch1 udp-7bb00811-df56-4ecf-8168-6e8c7b294b90
Nov 05 16:56:23.397 HYPERVISOR: exec_cmd: ethsw set_access_port Switch1 udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 1
Nov 05 16:56:23.415 HYPERVISOR: exec_cmd: nio create_udp udp-828f6597-2a0d-4064-9212-01e3d84cc17a 10002 127.0.0.1 10003
Nov 05 16:56:23.415 HYPERVISOR: exec_cmd: ethsw add_nio Switch1 udp-828f6597-2a0d-4064-9212-01e3d84cc17a
Nov 05 16:56:23.417 HYPERVISOR: exec_cmd: ethsw set_access_port Switch1 udp-828f6597-2a0d-4064-9212-01e3d84cc17a 1
Nov 05 17:16:37.827 HYPERVISOR: exec_cmd: nio bind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 capture
Nov 05 17:16:37.827 HYPERVISOR: exec_cmd: nio setup_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 en10mb /home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap
Nov 05 17:36:02.498 HYPERVISOR: exec_cmd: nio unbind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2
Nov 05 17:36:54.416 HYPERVISOR: exec_cmd: nio bind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 capture
Nov 05 17:36:54.416 HYPERVISOR: exec_cmd: nio setup_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 en10mb /home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap
Nov 05 19:29:24.577 HYPERVISOR: exec_cmd: nio unbind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2
Nov 05 19:29:28.547 HYPERVISOR: exec_cmd: nio bind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 capture
Nov 05 19:29:28.547 HYPERVISOR: exec_cmd: nio setup_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 en10mb /home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap
Nov 05 19:33:41.465 HYPERVISOR: exec_cmd: nio unbind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2
Nov 05 19:33:43.951 HYPERVISOR: exec_cmd: nio bind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 capture
Nov 05 19:33:43.951 HYPERVISOR: exec_cmd: nio setup_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 en10mb /home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap
Nov 05 19:44:07.461 HYPERVISOR: exec_cmd: nio unbind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2
Nov 05 19:44:11.195 HYPERVISOR: exec_cmd: nio bind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 capture
Nov 05 19:44:11.196 HYPERVISOR: exec_cmd: nio setup_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2 en10mb /home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap
Nov 05 20:01:21.037 HYPERVISOR: exec_cmd: nio unbind_filter udp-7bb00811-df56-4ecf-8168-6e8c7b294b90 2
Nov 05 20:01:33.700 HYPERVISOR: exec_cmd: ethsw delete Switch1
Nov 05 20:01:33.722 HYPERVISOR: exec_cmd: hypervisor stop
Nov 05 20:01:34.155 HYPERVISOR: Stopped.
Nov 05 20:01:34.155 GENERAL: reset done.

21
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/dynamips/fdddf689-2b11-4e73-8644-5bb3c5a4de49/dynamips_i1_stdout.txt Normal file
View File

@ -0,0 +1,21 @@
Cisco Router Simulation Platform (version 0.2.23-amd64/Linux stable)
Copyright (c) 2005-2011 Christophe Fillot.
Build date: Sep 5 2023 18:29:26
Log file: writing to dynamips_i1_log.txt
Console binding address set to localhost
Hypervisor TCP control server started (IP 127.0.0.1 port 53197).
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: capturing to file '/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap'
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: ending packet capture.
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: capturing to file '/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap'
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: ending packet capture.
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: capturing to file '/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap'
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: ending packet capture.
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: capturing to file '/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap'
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: ending packet capture.
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: capturing to file '/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/captures/Debian10-1_Ethernet0_to_Switch1_Ethernet0.pcap'
NIO udp-7bb00811-df56-4ecf-8168-6e8c7b294b90: ending packet capture.
Hypervisor: closing control sockets.
Hypervisor: closing remote client connections.
Shutdown in progress...
Shutdown completed.

1
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/qemu/94e87dbb-89d9-4938-a0c6-ced3802d1b58/qemu-img.log Normal file
View File

@ -0,0 +1 @@
qemu-img: This image format does not support checks

6
2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/qemu/94e87dbb-89d9-4938-a0c6-ced3802d1b58/qemu.log Normal file
View File

@ -0,0 +1,6 @@
Start QEMU with /usr/bin/qemu-system-x86_64 -name Debian10-1 -m 1024M -smp cpus=1,sockets=1 -enable-kvm -machine smm=off -boot order=c -drive file=/home/tiagorg/repos/uaveiro-leci/2ano/1semestre/rc1/pratica04/pratica04-ipv6/project-files/qemu/94e87dbb-89d9-4938-a0c6-ced3802d1b58/hda_disk.qcow2,if=ide,index=0,media=disk,id=drive0 -uuid 94e87dbb-89d9-4938-a0c6-ced3802d1b58 -spice addr=localhost,port=5000,disable-ticketing -vga qxl -monitor tcp:127.0.0.1:45655,server,nowait -net none -device e1000,mac=0c:e8:7d:bb:00:00,netdev=gns3-0 -netdev socket,id=gns3-0,udp=127.0.0.1:10007,localaddr=127.0.0.1:10006
Execution log:
qemu-system-x86_64: -spice addr=localhost,port=5000,disable-ticketing: warning: short-form boolean option 'disable-ticketing' deprecated
Please use disable-ticketing=on instead
qemu-system-x86_64: warning: Spice: ../spice-0.15.2/server/display-channel.cpp:2356:display_channel_validate_surface: surface 0 is NULL

314
2ano/1semestre/rc1/pratica04/pratica04.md Normal file
View File

@ -0,0 +1,314 @@
# Guião 4
# NAT/PAT mechanisms
## Ex2
Before establishing any connection, this is the output for `show ip nat statistics`:
```console
R1#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
FastEthernet1/1
Inside interfaces:
FastEthernet1/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 2 pool MYNATPOOL refcount 0
pool MYNATPOOL: netmask 255.255.255.0
start 192.1.1.21 end 192.1.1.21
type generic, total addresses 1, allocated 0 (0%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
```
### PC1 → 192.1.1.45 (PCB)
There's an exchange in packets between these IP addresses. After running `show ip nat translations` we get the following output:
```console
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- 192.1.1.21 192.168.1.1 --- ---
R1#
```
And the output for `show ip nat statistics`:
```console
R1#show ip nat statistics
Total active translations: 1 (0 static, 1 dynamic; 0 extended)
Peak translations: 6, occurred 00:07:42 ago
Outside interfaces:
FastEthernet1/1
Inside interfaces:
FastEthernet1/0
Hits: 10 Misses: 0
CEF Translated packets: 10, CEF Punted packets: 0
Expired translations: 5
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 2 pool MYNATPOOL refcount 1
pool MYNATPOOL: netmask 255.255.255.0
start 192.1.1.21 end 192.1.1.21
type generic, total addresses 1, allocated 1 (100%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
```
### PC2 → 192.1.1.45 (PCB)
There's an exchange of packets between the devices even though the destination was unreachable:
```console
PC2> ping 192.1.1.45
*192.168.1.254 icmp_seq=1 ttl=255 time=6.796 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=2 ttl=255 time=12.338 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=3 ttl=255 time=11.187 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=4 ttl=255 time=12.594 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=5 ttl=255 time=11.072 ms (ICMP type:3, code:1, Destination host unreachable)
PC2>
```
The output for `show ip nat translations` is still the same and the output for `show ip nat statistics` is the following:
```console
R1#show ip nat statistics
Total active translations: 1 (0 static, 1 dynamic; 0 extended)
Peak translations: 6, occurred 00:23:37 ago
Outside interfaces:
FastEthernet1/1
Inside interfaces:
FastEthernet1/0
Hits: 10 Misses: 0
CEF Translated packets: 10, CEF Punted packets: 15
Expired translations: 5
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 2 pool MYNATPOOL refcount 1
pool MYNATPOOL: netmask 255.255.255.0
start 192.1.1.21 end 192.1.1.21
type generic, total addresses 1, allocated 1 (100%), misses 15
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
```
The difference between this and the previous output is the existence of CEF Punted packets.
From these results and from the wireshark capture we can conclude the packets having their source IP addresses translated are the ones being sent from PC1.
This is because while configuring the router's nat pool, we only set the pool with a single public address. Since PC1 was the first to execute the ping command, it's the one who takes and keeps the only public address of that private network, therefore PC2 won't be able to communicate to the public network.
---
## Ex3
Now that we've cleared the router's nat pool, PC2 is able to ping outside the private network, now taking the only public address to itself.
```PC2> ping 192.1.1.45
84 bytes from 192.1.1.45 icmp_seq=1 ttl=63 time=29.740 ms
84 bytes from 192.1.1.45 icmp_seq=2 ttl=63 time=19.308 ms
84 bytes from 192.1.1.45 icmp_seq=3 ttl=63 time=19.172 ms
84 bytes from 192.1.1.45 icmp_seq=4 ttl=63 time=21.246 ms
84 bytes from 192.1.1.45 icmp_seq=5 ttl=63 time=20.365 ms
PC2>
```
---
## Ex4
When setting the NAT timeout to 60 seconds, upon 60 seconds of inactivity from PC1, the timer starts and when reaching 0, PC2 can now take the public address.
When executing `ping 192.1.1.40` from PC2 right after pinging from PC1, we get the following output:
```console
(...)
*192.168.1.254 icmp_seq=84 ttl=255 time=7.848 ms (ICMP type:3, code:1, Destination host unreachable)
84 bytes from 192.1.1.40 icmp_seq=85 ttl=63 time=18.135 ms
84 bytes from 192.1.1.40 icmp_seq=86 ttl=63 time=18.628 ms
84 bytes from 192.1.1.40 icmp_seq=87 ttl=63 time=17.988 ms
```
---
## Ex5
The advantages are that many terminals in a private network are able to use the same public address, distinguishing each connection by their respective port, preserving security and privacy.
```
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.1.1.21:41850 192.168.1.1:41850 192.1.1.45:41850 192.1.1.45:41850
icmp 192.1.1.21:42106 192.168.1.1:42106 192.1.1.45:42106 192.1.1.45:42106
icmp 192.1.1.21:1024 192.168.1.1:42362 192.1.1.45:42362 192.1.1.45:1024
icmp 192.1.1.21:1025 192.168.1.1:42618 192.1.1.45:42618 192.1.1.45:1025
icmp 192.1.1.21:1026 192.168.1.1:42874 192.1.1.45:42874 192.1.1.45:1026
icmp 192.1.1.21:42362 192.168.1.2:42362 192.1.1.45:42362 192.1.1.45:42362
icmp 192.1.1.21:42618 192.168.1.2:42618 192.1.1.45:42618 192.1.1.45:42618
icmp 192.1.1.21:42874 192.168.1.2:42874 192.1.1.45:42874 192.1.1.45:42874
icmp 192.1.1.21:43130 192.168.1.2:43130 192.1.1.45:43130 192.1.1.45:43130
icmp 192.1.1.21:43386 192.168.1.2:43386 192.1.1.45:43386 192.1.1.45:43386
R1#
```
---
## Ex6
If we take a look at the command `ping 192.1.1.40 -2 -p 80`, the argument `-2` represents a UDP port, `-3` represents a TCP port and `-p ##` sets the port to `##`.
For UDP we have the following ping output:
```
84 bytes from 192.1.1.40 udp_seq=1 ttl=63 time=20.132 ms
```
For TCP we have:
```
Connect 80@192.1.1.40 seq=1 ttl=63 time=25.151 ms
SendData 80@192.1.1.40 seq=1 ttl=63 time=15.486 ms
Close 80@192.1.1.40 seq=1 ttl=63 time=16.103 ms
```
After pinging `192.1.1.40` using the specified ports and running `show ip nat translations` we get the following output:
```
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.1.1.21:20618 192.168.1.1:20618 192.1.1.40:80 192.1.1.40:80
udp 192.1.1.21:28795 192.168.1.1:28795 192.1.1.40:80 192.1.1.40:80
udp 192.1.1.21:30114 192.168.1.1:30114 192.1.1.40:22 192.1.1.40:22
tcp 192.1.1.21:50598 192.168.1.1:50598 192.1.1.40:22 192.1.1.40:22
udp 192.1.1.21:42352 192.168.1.2:42352 192.1.1.40:80 192.1.1.40:80
udp 192.1.1.21:64301 192.168.1.2:64301 192.1.1.40:22 192.1.1.40:22
R1#
```
From this we can conclude that all UDP connections are registered even if the port had already been used, but when connecting using TCP through an already used port, the previous connection is overwritten.
---
## Ex7
PCA is unable to ping any terminal in the private network.
---
## Ex8
Once setting up the static public address for PC1, PCA is now able to ping it.
The request packets use the PCA address and the reply packets use the PC1 private address.
NAT/PAT is often required in scenarios where a device inside a private network needs to be accessible from the public internet. For example, if a company hosts its own website on a server within its private network, it would use static NAT/PAT to allow internet users to access that website. It could also be useful for home networks, since it preserves a terminal's private address.
---
# DHCP
## Ex10
### ip dhcp
We initially have a DHCP Discovery packet, used to check if the IP address is available by requesting an ARP packet. After that we have another DHCP Discovery packet, this time to validate if the address is available. Then we have a DHCP Offer packet to tell the terminal that it can use that address. Afterwards, we have a DHCP Request packet from the terminal to the router telling it that it wants to use that address. Finally we have a DHCP ACK (acknowledge) packet that goes from the router to the terminal confirming that it will be using that address.
### ip dhcp -r
This time we only have one DCHP Discovery since it comes from a terminal that the DCHP service knows that it has an IP address linked to it. The other steps and packets are the same as the previous command. This command is used to renew its lease.
### ip dchp -x
The only packet exchanged is the DCHP Release packet that tells the router to release the IP address that was being used by it.
### ip dchp
The procedure is the same as the first execution of this command but now the IP address is increased by 1 (from 192.168.1.101 to 192.168.1.102).
---
# IPv6 Basic Mechanisms
## Ex1
There are two types of packets shown, ICMPv6(IPv6) and MDNS.
First, there is a solicitation from the VM to the Switch for a specific IPv6 address. Then, the Switch "flushes" that IPv6 address, shown through MDNS packets.
The Switch attempts to communicate with a Router (through Router Solicitation), but since there is no Router connected, nothing happens.
---
## Ex2
The captured packets are similar to the ones found in the previous exercise, but this time, since there is a router to communicate, we get Router Advertisements and CDP packets, that show where the Router is connected and that there is connection between the VM and the Router.
After verifying the IPv6 information on the Router by running `show ipv6 interface brief` and `show ipv6 route`, we can verify that the IPv6 address does correspond with the one captured in the packets.
---
## Ex3
With the command `ipv6 address 2001:A:1:1::100/64`, we are giving the VM the IPv6 address `2001:A:1:1::100/64`. This can be seen by checking the Router's information, as shown below.
```console
R1#show ipv6 interface brief
FastEthernet0/0 [up/up]
FE80::C801:8BFF:FE87:0
2001:A:1:1::100
FastEthernet1/0 [administratively down/down]
unassigned
FastEthernet1/1 [administratively down/down]
unassigned
FastEthernet2/0 [administratively down/down]
unassigned
FastEthernet2/1 [administratively down/down]
unassigned
```
On the VM:
```console
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 0c:e8:7d:bb:00:00 brd ff:ff:ff:ff:ff:ff
inet6 2001:a:1:1:1dbc:639a:3c2b:69a4/64 scope global temporary dynamic
valid_lft 604646sec preferred_lft 85768sec
inet6 2001:a:1:1:ee8:7dff:febb:0/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591846sec preferred_lft 604646sec
inet6 fe80::ee8:7dff:febb:0/64 scope link noprefixroute
valid_lft forever preferred_lft forever
```
The IPv6 address was obtained by the following steps:
1. The Router sends a message to the VM (remember that the IPv6 address was requested in the Router);
2. A solicitation from the Router to the VM for that specific IPv6 address;
3. Another message from the router indicating that the address is available and can be used;
4. An advertisement from the VM to the router to confirm that the IPv6 address will be used by the VM.
## Ex4
The process of completion of the last 64 bits is explained in the image below:
![An image explaining the EUI-64 process](https://cdn.discordapp.com/attachments/1031545540757966878/1170815832545304777/ipv6-eui-64.png?ex=655a6a37&is=6547f537&hm=bb6ef828c35959d543c760c464c1587364e3591f998111e821db34766e178840&)
One of the disadvantages of using EUI-64 is that if an attacker gains access inside a network, it can easily triangulate someone's IPv6 address, and then target that specific terminal. This can be avoided by simply randomizing the Interface ID, making our IPv6 address harder to track/find.
The process of obtaining a IPv6 address does not change if done by the same MAC address, since the process is the exact same, hence why it's not very secure to use.
---
## File created by:
* Rúben Gomes, 113435
* Tiago Garcia, 114184

1
2ano/1semestre/rc1/rc1-project Submodule

@ -0,0 +1 @@
Subproject commit 07e08da3e95990fa0ccd7ba804801dfcb7ab2ed2