Monday, June 30, 2014

Visiting the Rose Hulman Institute of Technology website

Rose Hulman Institute of Technology is a private college located in Terre Haute, Indiana.   This college specializes in teaching Engineering, Mathematics and Science majors, and is considered to be one of the best educational institutions in the United States.

 Set up the following hardware before using Wireshark to do a packet trace and analysis when I visit the Rose Hulman Institute of Technology website:


The above setup helps in being able to visit a website on one computer and capture all the packets on the other computer.  The advantage in using a hub instead of a switch is every PC on the hub is able to see all packets traversing across the hub, unlike a switch where the traffic flows on dedicated ports.  (I could have achieved this on a switch by doing Port scanning or Port mapping).

Preliminary steps taken:
  • Cleared the DNS cache on the Browsing PC, that's running RedHat Linux:
redhat: / >
redhat: / >
redhat: / > service nscd restart
Stopping nscd:                                            [  OK  ]
Starting nscd:                                            [  OK  ]
redhat: / >
redhat: / >
redhat: / > /etc/init.d/dnsmasq restart

Starting dnsmasq:                                          [  OK  ]
redhat: / >
redhat: / >
redhat: / >
redhat: / >
redhat: / > ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0F:20:FF:1D:8C
          inet addr:192.168.1.249  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2602:306:b80d:1c40:20f:20ff:feff:1d8c/64 Scope:Global
          inet6 addr: fe80::20f:20ff:feff:1d8c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4498 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2900 errors:0 dropped:0 overruns:0 carrier:0
          collisions:704 txqueuelen:1000
          RX bytes:2307159 (2.2 MiB)  TX bytes:380384 (371.4 KiB)
          Interrupt:20

redhat: / >
redhat: / >
redhat: / >
redhat: / > dig www.rose-hulman.edu

; <<>> DiG 9.6.1-P1-RedHat-9.6.1-11.P1.fc12 <<>> www.rose-hulman.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11619
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.rose-hulman.edu.        IN    A

;; ANSWER SECTION:
www.rose-hulman.edu.    14031    IN    CNAME    umbracoprod.rose-hulman.edu.
umbracoprod.rose-hulman.edu. 4341 IN    A    137.112.18.43

;; Query time: 12 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Thu Jan  3 16:02:51 1980
;; MSG SIZE  rcvd: 79

redhat: / >
redhat: / >
  • Confirmed the IP address of the Rose Hulman Institute of Technology website using the # host www.rose-hulman.edu   command:           137.112.18.43
  • Started the Wireshark packet sniffer tool on the Sniffer PC, and specified the Filter: ip.addr == 137.112.18.43
  • Typed in www.rose-hulman.edu for the URL on the Browsing PC


Analysis:

Home page of Rose Hulman Institute of Technology:


Wireshark screenshots:

Three-way TCP handshake:

































Screen 1
-----------


Screen 2
-----------


Screen 3
-----------




































Screen 4
-----------




































Screen 5
-----------























Screen 6
-----------



































Screen 7
-----------


Screen 8
-----------



































Screen 9
-----------






































Posted by at No comments:

Traceroute from home Desktop to Rose Hulman website






















redhat: / >
redhat: / >
redhat: / > traceroute www.rose-hulman.edu
traceroute to www.rose-hulman.edu (137.112.18.43), 30 hops max, 60 byte packets
1  dsldevice.att.net (192.168.1.254)  2.425 ms  2.449 ms  2.515 ms
2  107-128-208-2.lightspeed.sntcca.sbcglobal.net (107.128.208.2)
920.108 ms  920.274 ms  920.406 ms
3  * * *
4  12.83.39.185 (12.83.39.185)  158.155 ms 12.83.39.189
(12.83.39.189)  159.890 ms  160.015 ms
5  gar2.clboh.ip.att.net (12.122.133.197)  211.207 ms  211.567 ms  212.918 ms
6  12.249.183.6 (12.249.183.6)  213.138 ms  217.330 ms  217.391 ms
7  ind1-ar4-xe-0-0-0-0.us.twtelecom.net (66.192.254.242)  220.782 ms
ind1-ar4-xe-0-1-0-0.us.twtelecom.net (66.192.240.254)  215.426 ms
215.593 ms
8  207-67-55-146.static.twtelecom.net (207.67.55.146)  218.161 ms
200.809 ms  201.707 ms
9  ae-0.2009.rtr.ipiu.ilight.net (199.8.220.74)  200.169 ms  201.169
ms  192.929 ms
10  199.8.201.90 (199.8.201.90)  194.552 ms  195.246 ms  193.265 ms
11  137.112.9.25 (137.112.9.25)  193.216 ms  190.852 ms  184.755 ms
12  umbracoprod.rose-hulman.edu (137.112.18.43)  183.489 ms  183.697
ms  184.068 ms
redhat: / >
redhat: / >





























































































































































































































Posted by at No comments:

Saturday, June 7, 2014

Secure shell login ssh across the network

Posted by at No comments:
Subscribe to: Comments (Atom)