⚠️ This is a restoration of Diana's exam wiki. Content may be incomplete or outdated. Where possible, links to the wayback machine have been added. Questions, want to chat or need help? Contact entity@runeterra.be (Sysadmin) or isw@ucll.be (General)
# 2019 oplossingen labo 2 - Lars Lemmens Met dank aan de [Github van Martijn](https://github.com/martijnmeeldijk/TI-oplossingen) en natuurlijk Lars Lemmens # LABO 2 ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#what-is-the-ip-address-of-your-computer)What is the IP address of your computer? ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#what-is-the-status-code-returned-from-the-server-to-your-browser)What is the status code returned from the server to your browser? ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#when-was-the-html-file-that-you-are-retrieving-last-modified-on-the-server)When was the HTML file that you are retrieving last modified on the server?
``` 'user:~$'echo -ne 'HEAD /HTTP-Wireshark-file1.html HTTP/1.1\r\nHost: virtualhostname.x.cnw2.uclllabs.be\r\n\r\n' | nc localhost 80 | grep 'Last-Modified:' 'user:~$' • tshark -r http.pcapng -Y http -T fields -e http.last_modified ```
- The -n argument does not output the trailing newline - The -e argument enables interpretation of backslash escapes - The nc command is a TCP/IP swiss army knife - The -r argument reads the packet date from infile - The -Y command captures the link type - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#how-many-bytes-of-content-are-being-returned-to-your-browser)How many bytes of content are being returned to your browser? ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#what-software-and-version-is-the-web-server-running)What software and version is the web server running?
``` 'user:~$' • tshark -r http.pcapng -Y http.server -T fields -e ip.src -e http.server | sort -u ```
- The -r argument reads the packet date from infile - The -Y argument captures the link type - The -T argument sets the format of the output when viewing decoded packet data. - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The -u argument output only the first of an equal run ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#explain-in-detail-the-above-tshark-command)Explain in detail the above tshark command. ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#what-tcp-ports-are-in-use-at-the-client-and-the-server-during-your-browsing-session)What TCP ports are in use at the client and the server during your browsing session?
``` 'user:~$' • tshark -r http.pcapng -Y http -T fields -e tcp.port | sort -u ```
- The -r argument reads the packet date from infile - The -Y argument captures the link type - The -T argument sets the format of the output when viewing decoded packet data. - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The -u argument output only the first of an equal run ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-1)Exercise 1: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#which-http-method-was-used-the-most-during-the-entire-browsing-session)Which HTTP method was used the most during the entire browsing session?
``` 'user:~$' • tshark -r http.pcapng -Y http.request.method -T fields -e http.request.method | sort | uniq -c | head -1 | awk '{print $2}' 'user:~$' • tshark -r http.pcapng -Y http.request.method -T fields -e http.request.method | sort | uniq -c | awk 'NR=1{print $2}' ```
- The tshark command dumps and analyzes network traffic - The -r argument reads the packet date from infile - The -T argument sets the format of the output when viewing decoded packet data. - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The uniq command reports or omits repeated lines - The -c argument prefixes lines by the number of occurences - The head command shows output for only the first part of files - The awk command is used for pattern scanning and processing language ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#in-case-you-would-like-to-automate-this-with-tshark-and-a-bash-loop)In case you would like to automate this: With tshark and a Bash loop"
``` 'user:~$' • tshark -r http.pcapng -Y 'http.request.method==GET' -T fields -e tcp.srcport | sort -u | while read PORT;do tshark -r http.pcapng -Y "tcp.dstport==$PORT && http.server contains Apache" -T fields -e ip.src;done | sort -u ```
- The tshark command dumps and analyzes network traffic - The -r argument reads the packet date from infile - The -T argument sets the format of the output when viewing decoded packet data. - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The -u argument output only the first of an equal run - The -Y command captures the link type ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-2)Exercise 2: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#how-many-http-get-request-messages-did-your-browser-send)How many HTTP GET request messages did your browser send?
``` 'user:~$' • tshark -r http.pcapng -Y http.request.method==GET | wc -l ```
- The tshark command dumps and analyzes network traffic - The -r argument reads the packet date from infile - The wc command prints a newline, word, and byte counts for each file - The -l argument prints the newline counts ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#to-which-internet-addresses-were-these-get-requests-sent)To which Internet addresses were these GET requests sent?
``` 'user:~$' • tshark -r http.pcapng -Y http.request.method==GET -T fields -e ip.dst | sort -u ```
- The tshark command dumps and analyzes network traffic - The -r argument reads the packet date from infile - The -Y command captures the link type - The -T argument sets the format of the output when viewing decoded packet data. - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The -u argument output only the first of an equal run ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-5)Exercise 5: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#use-netcat-to-download-these-images-check-the-echo--ne-options-or-use-printf-if-needed-slow-down-netcat-with-option--i-the-image-part-in-the-http-stream-starts-after-a-blank-line)Use Netcat to download these images. check the echo -ne options or use printf. If needed, slow down netcat with option -i. The image part in the HTTP stream starts after a blank line.
``` 'user:~$'echo -ne "GET /nw2/images/image1.jpg HTTP/1.1\r\nHost: darthvader.uclllabs.be\r\n\r\n" |\ nc darthvader.uclllabs.be 80 | sed '1,/^\r/d' > image1.jpg 'user:~$'echo -ne "GET /nw2/images/image1.jpg HTTP/1.1\r\nHost: darthvader.uclllabs.be\r\n\r\n" |\ nc darthvader.uclllabs.be 80 | grep -A9999999999999999 -B0 -Pa 'JFIF' > image1.jpg ```
- The -n argument does not output the trailing newline - The -e argument enables interpretation of backslash escapes - The sed command is a stream editor for filtering and transforming text - The nc command is a TCP/IP swiss army knife - The -A argument prints NUM lines of trailing context after matching lines. - The -B argument interprets PATTERN as a Perl regular expression (PCRE, see below). - The -a argument processes a binary file as if it were text; this is equivalent to the --binary-files=text option. ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-7)Exercise 7: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#use-httpie-a-curl-like-tool-for-humans-to-inspect-the-various-http-headers-in-request-and-responses-connect-to-various-websites-and-explain-the-use-of-the-http-headers)Use httpie, a cURL-like tool for humans to inspect the various HTTP headers in request and responses. Connect to various websites and explain the use of the HTTP headers.
``` 'user:~$' • http -v -a Rey:StarWars http://darthvader.uclllabs.be/nw2/private/ ```
- The -v argument is for verbose ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-8)Exercise 8: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#a-simulated-phone-is-running-at-httpdarthvaderuclllabsbenw2phone-create-a-oneliner-to-bruteforce-the-pincode-tip-pincode-range-1200-1300)A simulated phone is running at [http://darthvader.uclllabs.be/nw2/phone/](http://darthvader.uclllabs.be/nw2/phone/). Create a oneliner to bruteforce the pincode. Tip: pincode range: 1200-1300
``` 'user:~$'for foo in {1200..1300}; do if wget -q --http-user='admin' --http-password=$foo http://darthvader.uclllabs.be/nw2/phone; then echo $foo;break;fi;done ```
- The wget command is the non-interactive network downloader - The -q argument turns of the wget's output - The --http-user AND --http-password specifies the username and the password on a http server ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-9)Exercise 9: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#put-the-following-texttxt-on-your-web-server-this-text-contains-the-string-goed-bezig--)"Put the following text.txt on your web server. This text contains the string Goed bezig :-) ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#write-an-http-request-by-using-the-range-header-so-your-web-server-will-only-return-this-exact-string-goed-bezig---try-to-do-this-by-only-using-netcat)Write an HTTP request by using the Range header so your web server will only return this exact string 'Goed bezig :-)'. Try to do this by only using netcat
``` 'user:~$' • curl http://your.server.name/output.txt -i -H "Range: bytes=1-" 'user:~$'echo -ne "GET /output.txt HTTP/1.1\r\nHost: your.server.name\r\nRange: bytes=1-\r\n\r\n" | nc your.server.name 80 ```
- The curl command is used to transfer a URL - The -i argument includes the HTTP-header in the output - The -H argument is used as a extra header to use when getting a web page - The nc command is a TCP/IP swiss army knife - The -n argument does not output the trailing newline - The -e argument enables interpretation of backslash escapes ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-10)Exercise 10: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#this-can-be-accomplished-by-sending-the-output-of-tshark-or-tcpdump-to-stdout-instead-of-a-regular-file-direct-this-stdout-stream-to-wireshark-running-on-your-local-computer)This can be accomplished by sending the output of tshark or tcpdump to STDOUT instead of a regular file. Direct this STDOUT stream to Wireshark running on your local computer.
``` 'root #' • ssh myserver.X.cnw2.uclllabs.be tcpdump -nli eth0 not tcp port 22345 -s0 -w - | wireshark -nki - 'root #' • ssh myserver.X.cnw2.uclllabs.be 'tshark -nli eth0 -f "not tcp port 22345" -s0 -w -' | wireshark -nki - ```
- The ssh command is a remote login program - The -n argument redirects stdin from /dev/null (actually, prevents reading from stdin). - The -l argument specifies the user to log in as on the remote machine. - The -i argument selects a file from which the identity (private key) for public key authentication is read. - The -s argument may be used to request invocation of a subsystem on the remote system - The -w argument Requests tunnel device forwarding with the specified tun(4) devices between the client (local\_tun) and the server (remote\_tun). - The -n argument disables network object name resolution (such as hostname, TCP and UDP port names), the -N flag might override this one. - The -k argument starts the capture session immediately. - The -i argument sets the name of the network interface or pipe to use for live packet capture. - The -f argument (in tshark command) sets the capture filter expression ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-11)Exercise 11: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#capture-some-http-traffic-while-browsing-several-websites-and-save-it-to-the-file-httppcapng)Capture some HTTP traffic while browsing several websites and save it to the file http.pcapng. ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#you-can-also-use-the-test-capture-in-homelogs-on-leia-create-a-cli-oneliner-which-parses-the-captured-file-httppcapng-and-displays-all-http-server-strings-which-do-not-contain-apache)You can also use the test capture in /home/logs on leia. create a CLI oneliner which parses the captured file http.pcapng and displays all HTTP server strings which do not contain Apache. ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#only-the-commands-tshark-and-sort-are-allowed)Only the commands tshark and sort are allowed.
``` 'user:~$' • tshark -r http.pcapng -Y 'http.server && !(http.server contains Apache)' -T fields -e http.server | sort -u ```
- The -r argument reads the packet date from infile - The -Y command captures the link type - The -T argument sets the format of the output when viewing decoded packet data. - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The -u argument output only the first of an equal run ## [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#exercise-12)Exercise 12: ### [](https://github.com/martijnmeeldijk/TI-oplossingen/blob/master/Semester_2/Computernetwerken%202/Labo's/LABO%202.md#this-exercise-is-a-small-variation-of-the-previous-one-count-and-sort-all-http-server-strings-which-do-not-contain-apache-in-http-responses-on-your-get-requests)This exercise is a small variation of the previous one. Count and sort all HTTP server strings which do not contain Apache in HTTP responses on your GET requests.
``` 'user:~$' • tshark -r http.pcapng -Y '!(http.request.method==GET)' -T fields -e tcp.srcport | sort -u | while read PORT;do tshark -r http.pcapng -Y "tcp.dstport==$PORT && http.server && !(http.server contains Apache)" -T fields -e http.server;done | sort | uniq -c | sort -rn ```
- The tshark command dumps and analyzes network traffic - The -r argument reads the packet date from infile - The -Y command captures the link type - The -e argument (in tshark command) adds a field to the list of fields to display if -T fields is selected - The sort command sorts lines of text files - The -u argument output only the first of an equal run - The -T argument sets the format of the output when viewing decoded packet data. - The uniq command reports or omits repeated lines - The -c command prefixes lines by the number of occurrences - The -r argument (in sort command) reverses the results of comparisons - The -n compare according to string numerical value