Homework Assignment #2 (50 pts)

Install Simnet
  1. Download Simnet v. 1.0 from http://simnet.isi.jhu.edu/
  2. Download Simnet manual draft from http://simnet.isi.jhu.edu/
  3. Unzip the downloaded archive inside your <network_security_home> folder
  4. Change to the created Simnet directory
  5. Run "oldant" to create the classes in the correct places
  6. Run "oldant doc" to get Simnet API documentation
Start Simnet

  1. Change to the Simnet directory
  2. Edit the Simnet script to substitute java command by oldjava. Then run Simnet (it is an executable).
  3. You will get a short prompt ":"
  4. Type "load networks/test.net" + <ENTER> (This loads a network topology that is described in file "test.net")
  5. Type "start all" + <ENTER>
  6. Type "usp" + <ENTER>
    (This makes all nodes initialize their routing tables by testing links.  If you don't run this command you have no routes anywhere.  USP = update shortest path)
  7. To choose a network node, use the command "select".
    For instance, "select JHU" will transport you to the JHU prompt.
  8. Test connectivity by using traceroute.  For instance, "traceroute ATT"
  9. Load the network dump plugin: "plug in all simnet.PacketDump 1"
    (This loads the class PacketDump which enables capture of packets.  These will be recorded in <hostname>.log files. The modifier "all" loads the class in all nodes.  If it was ommitted, only the selected node would do packet capture and logging.  The number `1` basically assigns a process identity to the packet dumper, so you can identify different services in the same node.)
  10. Type "dump any any" (This causes the packet dumper in the selected node to start capturing and logging files from any
    source address to any destination address)
  11. Load a TCP-based echo server.  "plug in submission.Demo.TCPEchoServer 10".  This enables the selected node to run an "echo" server.
  12. Type "open xxx" where "xxx" is a number in the range 100---65000 to enable to the Echo server to bind to port xxx and listen for incoming connections
  13. Select some other node
  14. Type "plug in submission.Demo.TCPEchoClient ??" where ?? is not 1 or 10.  (Why not 1 or 10)?
  15. Type "connect X xxx" where "X" is the node where you opened the EchoServer and xxx is the port number you assigned
  16. Type "echo yyyy" where yyyy is a string containing no spaces.
  17. Type "close" to close the established TCP connection
  18. Select the initial node X where the EchoServer and PacketDump are running
  19. Type "stopdump"
  20. Type "quit"
  21. Inspect the log files and explain the packet traces.
Tasks:
  1. Draw a graph of the network topology for test.net.  You can read the test.net file (and learn how to interpret its entries) or use the traceroute command.  (Lookup Class Traceroute in the simnet package)
  2. Copy test.net to a file called FSU.net. 
  3. To FSU.net add the necessary entries to reproduce the router topology of the FSU network.  (The routers are the green boxes inside the salmon-colored areas which are the FSU-administered areas).
  4. Add a bidirectional link from the FSU uplink router (6506 253.6) to the SPRINT router.
  5. Add a CS-WWW host entry which links to the DSL router. (6509 203.8 in the topology)
  6. Add a CS-Research host entry which links also to the DSL router.
  7. Add firewall rules to the DSL router enabling only access to TCP port 80 on the CS-WWW host. Add rules to filter all incoming ICMP packets (any source, any destination) and all other TCP traffic except 80 to destination CS-WWW.
  8. Add firewall rules to stop TCP connections to all ports to the CS-Research host, except that incoming connections to port 22 (SSH) from the JHU domain are allowed.
Submit (as a single archived file): 
  1. The network topology graph (step 1 in the tasks above)
  2. A packet dump log file, pointing out which messages correspond to a TCP-handshake sequence (to open a connection)
    and which are data transmission messages.
  3. FSU.net
  4. The set of firewall rules you created.