代写接单-COMS6200 Practical 1 The University of Queensland School

欢迎使用51辅导,51作业君孵化低价透明的学长辅导平台,服务保持优质,平均费用压低50%以上! 51fudao.top

The University of Queensland School of Information Technology and Electrical Engineering Semester 2, 2022 COMS6200 Practical 1 

Introduction to Mininet Installing the COMS6200 Virtual Machine Step 1 Installing VirtualBox The first step to using Mininet is to install VirtualBox, which will enable you to run the prac VM image on your computer. Download Oracle VirtualBox from: https://www.virtualbox.org/ and install it. Step 2 Download the COMS6200 VM Image Download the VM Image (Appliance) from Blackboard, under Pracs, or via this link: https://outbox.eait.uq.edu.au/uqmportm/coms6200/2022/SDNFinal.ova https://www.dropbox.com/s/wwzilgm3g3kxebr/SDNFinal.ova?dl=0 The image is ~5GB, so this might take a little while, please be patient. Please let us know if there is a problem with the download. Step 3 Importing the COMS6200 VM image into VirtualBox Double click on the ova file and a VirtualBox window will appear: Then click Import. It will import: This may take some time. Next, we need to allocate a sensible amount of RAM to the virtual machine. Select the machine and click settings: Now go to System: Drag the slider until it is at least > 2000MB, but preferably at the edge of the green and orange zone. This tells VirtualBox the amount of RAM to allocate to your virtual machine. The more RAM available to the virtual machine is generally better, however, if you are running a lot of programs in the background you may find this reduces performance. A sensible choice is between 2GB-6GB or 2000M-6000M (if possible with your computer). Next go to the Processor tab of System: Again, drag the CPU slider to adjust the number of CPUs available to the virtual machine (taking care to not go into the orange zone). 4 is a reasonable amount, but you can get by on only one. You should now be ready to start your virtual machine, but please check with the Tutors if you have any issues. Step 4 Logging in The username is sdn, and the password is sdn. You can open your terminal by pressing Ctrl+Alt+T, which is where we will be entering all the commands for the pracs. Basic Commands Mininet can be started via the mn command. A good place to start is the mininet help documentation. You can do this by running: $ mn --help For Mininet itself, since Mininet need access to the networking stack, you need to run it as root. When you first run sudo, you will need to re-enter the password sdn. You should see something like: $ sudo mn Creating network Adding controller Adding hosts: h1 h2 Adding switches: s1 Adding links: (h1, s1) (h2, s1) Configuring hosts h1 h2 Starting controller Starting 1 switches s1 ... Starting CLI: mininet> This starts Mininet with the default minimal topology of two hosts (h1 and h2), connected to a single SDN switch (s1). Since we dont specify an SDN controller to program the switch (we will do this later), the switch is configured to behave as a simple bridge, which means it provides basic connectivity between all the connected hosts, i.e. h1 and h2 in this case. At the end of this, you should see the Mininet CLI prompt: mininet> Please note: any commands with the -$ prompt are to be typed in a normal Linux terminal, and any commands with the mininet> prompt are to be run in Mininet. Later (h1) -# will denote xterm commands run on h1. Lets see what commands Mininet supports: mininet> help Documented commands (type help <topic>): ======================================== EOF gterm dpctl help dump intfs exit iperf net py switch quit time sh wait source x xterm iperfudp link links nodes noecho pingall pingallfull px pingpair pingpairfull ports We can now try a few of those commands: nodes This lists all the nodes in the topology (hosts and switches). dump This lists additional detailed information about each node. You can see that each host is associated with a dedicated process, and process ID. links This lists all the links in the network topology. net This further allows you to get information about the entire network. For example, the first line tells you that host h1 has a link from its interface h1-eth0 to switch s1, via the switch interface s1-eth1. mininet> nodes available nodes are: c0 h1 h2 s1 mininet> dump <Host h1: h1-eth0:10.0.0.1 pid=1197> <Host h2: h2-eth0:10.0.0.2 pid=1199> <OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None pid=1204> <Controller c0: 127.0.0.1:6653 pid=1190> mininet> links h1-eth0<->s1-eth1 (OK OK) h2-eth0<->s1-eth2 (OK OK) mininet> net h1 h1-eth0:s1-eth1 h2 h2-eth0:s1-eth2 s1 lo: s1-eth1:h1-eth0 s1-eth2:h2-eth0 c0 quit You can quit mininet by running: mininet> quit Finally, if Mininet crashes for some reason, you can clean up the relevant temporary files and processes via this command: $ sudo mn -c It is a good idea to run this command routinely before starting Mininet, to keep things fresh. Virtualisation Namespaces As mentioned, each host in Mininet behaves like a regular Linux host, and you can run any command on it. Begin by starting mininet with sudo mn. You can specify on which host you want to run a command by typing the host name (eg. h1 / h2), followed by the Linux command. For example, lets try the ls (list directory contents) command on both hosts: You should see the same output when you run: mininet> h2 ls This is because Mininet does not virtualise the file system, and therefore all hosts share the same file system. You can see this by adding a new file in your home directory, and it should be visible on both h1 and h2. You should also see the same set of processes on both hosts (by running ps for example), as well as from a regular terminal (outside Mininet). mininet> h1 ls Desktop Downloads mininet openflow pox pycharmide Templates Documents ideaide Music Pictures Public startovs.sh Videos mininet> h1 ps -a PID TTY 1184 pts/0 1185 pts/0 ... TIME CMD 00:00:00 sudo 00:00:00 mn mininet> h2 ps -a PID TTY 1184 pts/0 1185 pts/0 TIME CMD 00:00:00 sudo 00:00:00 mn ... If you open another terminal, you can also see: Note how the process list is the same. Having everything run in the root process namespace is convenient for debugging, because it allows you to see all of the processes from the console using ps, kill, etc. It also means you do not need to install programs to each individual host, as they have access to all the programs your computer does. $ ps -a PID TTY 1184 pts/0 1185 pts/0 ... TIME CMD 00:00:00 sudo 00:00:00 mn However, Mininet does virtualise the network stack of each host. Lets check this by using the ifconfig command. If you are not familiar with ifconfig, it is incredibly important for computer networking, and you can consult the man pages to learn more: man ifconfig mininet> h1 ifconfig -a h1-eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 255.0.0.0 broadcast 10.255.255.255 inet6 fe80::7c54:fff:fe74:6cb1 prefixlen 64 scopeid 0x20<link> ether 7e:54:0f:74:6c:b1 txqueuelen 1000 (Ethernet) ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) ... Now if you run the command on h2: mininet> h2 ifconfig -a h2-eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.2 netmask 255.0.0.0 broadcast 10.255.255.255 inet6 fe80::940f:73ff:fea4:c207 prefixlen 64 scopeid 0x20<link> ether 96:0f:73:a4:c2:07 txqueuelen 1000 (Ethernet) ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) ... The ifconfig command lists the available network interfaces. You should see a different outcome for both hosts. h1 has the interface h1-eth0, while h2 has interface h2-eth0. Note that the interfaces h1-eth0 and h2-eth0 are not seen by the primary Linux system, e.g. if you type ifconfig in a regular terminal window (outside Mininet): Results shown over page $ ifconfig -a eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.117 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 2003:d1:6724:9f1b:8975:c753:be28:2204 prefixlen 64 scopeid 0x0<global> inet6 2003:d1:6724:9f1b:215:5dff:fe02:7200 prefixlen 64 scopeid 0x0<global> inet6 fe80::215:5dff:fe02:7200 prefixlen 64 scopeid 0x20<link> ether 00:15:5d:02:72:00 txqueuelen 1000 (Ethernet) ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) ... ovs-system: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether ca:0a:66:3d:7d:ef txqueuelen 1000 (Ethernet) ... s1: flags=4098<BROADCAST,MULTICAST> mtu 1500 ether 96:fa:2f:43:d9:45 txqueuelen 1000 (Ethernet) ... s1-eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::40fd:39ff:fef4:ccd4 prefixlen 64 scopeid 0x20<link> ether 42:fd:39:f4:cc:d4 txqueuelen 1000 (Ethernet) ... s1-eth2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::2c9d:7dff:fe17:f909 prefixlen 64 scopeid 0x20<link> ether 2e:9d:7d:17:f9:09 txqueuelen 1000 (Ethernet) ... This is because the host interfaces are specific to the namespace of the specific host process. Namespaces are the mechanism used in Mininet to virtualise the networking stack. However, you should see all the switch interfaces, e.g. s1-eth1, s1-eth2, since in Mininet switches do not run in their own separate namespace by default, and can be treated as regular network adapters that connect to switches in your virtual network (which in turn connect to the virtual hosts). Some more info on Linux namespaces: From Wikipedia (https://en.wikipedia.org/wiki/Linux_namespaces): Namespaces are a feature of the Linux kernel that isolates and virtualizes system resources of a collection of processes. Examples of resources that can be virtualized include process IDs, hostnames, user IDs, network access, interprocess communication, and filesystems. More details on namespaces: http://man7.org/linux/man-pages/man7/namespaces.7.html You can further verify the virtualisation of the networking stack by running the route command on both hosts. Again, you should see a (small) difference in the respective routing tables of the two hosts. (route shows the routing table of a host, check man route for more details.) You can try the same for arp command, which shows the ARP cache of the hosts. However, most likely the ARP chache is empty at this stage, so you wonts see a difference. (Again, check man arp, if you are not familiar with the arp command.) If you need to run multiple commands on different host, a more convenient way of doing this is by opening one or more xterms (virtual terminals) on each host. For example, you can open an xterm on both h1 and h2: mininet> xterm h1 h2 mininet> h1 route ... mininet> h2 route ... Connectivity Test Lets send some packets across our network, and lets use ping for that. Again, check the man pages (man ping) for ping, on the off-chance that you dont remember how to use it. We want to ping h2 from h1. For this, we need to know the IP address of h2. You can find this information via ifconfig: mininet> h2 ifconfig a The address of the h2-eth0 interface should be 10.0.0.2. Now you can run ping from h1: Since finding and typing IP addresses can be a bit of a pain, Mininet makes this easier by substituting IP addresses for host names. This means you can also run ping as follows: mininet> h1 ping c 1 h2 As mentioned above, you can also do this by opening an xterm on h1, and running the ping command from there. However, in that case you will need to type the IP address of h2, since Mininet will not be able to do the automatic address substitution for you. (h1)-# ping 10.0.0.2 Mininet also has a useful built-in CLI command called pingall. This is a wrapper function that simply runs ping between all host pairs in the network. In this case, this is not very exciting, since we only have a single host pair, but this can be quite handy for a larger network. mininet> h1 ping c 1 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.147 ms --- 10.0.0.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.147/0.147/0.147/0.000 ms mininet> pingall Ping: testing ping reachability h1 -> h2 h2 -> h1 Results: 0% dropped (2/2 received) Wireshark Wireshark is a widely used and powerful network capturing and analysis tool, similar to tcpdump, but with a graphical interface. For network engineers and researchers, these are essential tools, and we assume you are familiar with them, at least at a basic level. If not, or if you need a refresher, please have a look at the relevant documentation: https://www.wireshark.org/docs/ and the user guide is here: https://www.wireshark.org/docs/wsug_html_chunked/index.html Start Wireshark from one of the hosts, e.g.: mininet> h1 wireshark & Note, the & here at the end of the console command is used to run Wireshark in the background, so it allows you to enter other commands while it runs. This is a standard feature of Linux bash. Alternatively, you can start it from an xterm corresponding to that host, in which case you can run Wireshark in the foreground (without an &). In Wireshark, go to Capture-> Interfaces, and select h1-eth0 as the interface to listen on. Then, run ping again from h1 to h2, and observe the traffic. You should see the ICMP Echo Request and Reply packets. We will be using Wireshark in the following pracs, and you will need it as a tool for your Project, so it is important that you know how to use it. If you are stuck, the tutors will be able to help you. Running a Basic Webserver Remember that ping isnt the only command you can run on a host. Mininet hosts can run any command or application that is available to the underlying Linux system (or VM) and its file system. You can also enter any bash command, including job control (&, jobs, kill, etc..) Next, try starting a simple HTTP server on h1 (on TCP port 80), send a HTTP GET Request from h2: Curl is another very useful tool, that you should be familiar with. Again, the man pages are your friend. You can even start Firefox on h2 using: mininet> h2 firefox & [If you get an error when running Firefox from h2, you can try the below commands from the Linux shell: And navigate to http://10.0.0.1 to see the webpage. You should also be able to observe the traffic in Wireshark. Now you can shut down the web server: mininet> h1 killall python mininet> h1 python -m SimpleHTTPServer 80 & mininet> h2 curl http://10.0.0.1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html> <title>Directory listing for /</title> <body> ... $sudo chown root ~/.Xauthority $sudo chmod 777 ~/.Xauthority Network Security Testing - Introduction Kali Linux comes pre-installed with several common ethical hacking and penetration testing tools. You can safely experiment using these tools against your virtual hosts. Let us begin with the standard web server: mininet> h1 python -m SimpleHTTPServer 80 & If we are host h2, and want to determine what services are running on h1, we can launch a port scan, which attempts to detect which ports are open on a host. We can do this by running nmap from h2 (nmap is an incredibly common networking tool for scanning and detecting open ports). mininet> h2 nmap -v h1 Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-30 02:19 AEST Initiating ARP Ping Scan at 02:19 Scanning 10.0.0.1 [1 port] Completed ARP Ping Scan at 02:19, 0.03s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 02:19 Completed Parallel DNS resolution of 1 host. at 02:19, 13.00s elapsed Initiating SYN Stealth Scan at 02:19 Scanning 10.0.0.1 [1000 ports] Discovered open port 80/tcp on 10.0.0.1 Completed SYN Stealth Scan at 02:19, 0.62s elapsed (1000 total ports) Nmap scan report for 10.0.0.1 Host is up (0.032s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http MAC Address: CA:07:6D:C4:E5:00 (Unknown) Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 13.72 seconds Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.032KB) Note how it detected 80/tcp as open (the web server port). You can try running this again after killing the server, and the port should not be detected as open. There are a variety of tools bundled with Kali Linux that can be useful for network security research. These tools should only be used against your virtual hosts, it is not appropriate to launch such scans against real hosts. Another useful trick (ID=MAC) By default, hosts start with randomly assigned MAC addresses. This can make debugging tough, e.g. in Wireshark, because every time a network is created in Mininet, the MACs change, so correlating control traffic with specific hosts is tricky. Using ifconfig, check the MAC addresses of hosts h1 and h2 if you start Mininet as we have done so far, i.e. without the --mac option. Notice how the ether / mac address is random and unwieldly. The Mininet --mac CLI option is very useful here. It sets the host MAC and IP addesses to small, unique, easy-to-read IDs. Now exit Mininet, and start it again, but his time with the --mac option. Again, then check the MAC addresses on the host interfaces, and you should notice the difference. mininet> h1 ifconfig -a h1-eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ... ether 7e:54:0f:74:6c:b1 txqueuelen 1000 (Ethernet) mininet> quit -$ sudo mn --mac mininet> h1 ifconfig -a h1-eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 ... ether 00:00:00:00:00:01 txqueuelen 1000 (Ethernet) Thats it for this week. Next week we will look at Mininet in more detail, e.g. we will learn how to create more complex networks with arbitrary topology and different link parameters. 


51作业君

Email:51zuoyejun

@gmail.com

添加客服微信: abby12468