# COSC60: Computer Networks Lab#1
## Author: Johan Cruz Hernandez
## Exercise #1
### Question 1a
The domain packetbender.com is registered through GoDaddy.com, LLC. It's using name servers from DomainControl.com, which is typically associated with GoDaddy. To get this information i ran the "traceroute packetbender.com" command.
The IP address 71.19.146.5 is managed by prgmr.com, Inc. The Autonomous System Numbers (ASNs) providing connectivity include AS47066, which is directly associated with prgmr.com, Inc., AS2914, which is owned by NTT America, Inc., and AS6939, which is Hurricane Electric, LLC. To get this information I ran the command whois 71.19.146.5 where 71.19.146.5 is the ip address of packetbender.com.
#### Terminal Output:
### Question 1b
17 network hops separate my machine from packetbender. Used the tool traceroute to figure out how many network hops it takes to get from my computer to packetbender.com. I am assuming that the *** are prvate networks that are inaccessible to me.
#### Terminal Output
### Question 1c
The token I recieved was TOKEN=9BtmELOC. The procedure I followed is outlines below:
- Open terminal 1 and run the command sudo tcpdump -i any icmp -A -vv. Terminal 1 is set to listen to requests.
- Open terminal 2 and run the following:
- echo f004hqk | md5 | cut -c1-8
- echo ID=b8ee4252 | xxd -p
- for i in {30..60}; do ping -c 1 -m $i -v -p 49443d62386565343235320a packetbender.com; done
#### Terminal output
## Exercise #2
- Echo Reply (Type 0 Code 0)
- ping packetbender.com
- 
- Time Exceeded Message (Type 11 Code 0):
- command: traceroute -m 3 packetbender.com
response: Time-to-live exceeded (Time to live exceeded in transit)
- 
- Echo Ping Request (Type 8 Code 0)
- command: ping 10.254.254.254
response: localhost > localhost: ICMP localhost udp port 32376 unreachable, length 36
- 
- Destination Unreachable (Type 3 Code 3)
- command: ping -c 1 -v -p 49443d62386565343235320a packetbender.com
- 
- Summary of Message Types:
(0) Echo Reply
(3) Destination Unreachable
(4) Source Quench
(5) Redirect
(8) Echo
(11) Time Exceeded
(12) Parameter Problem
(13) Timestamp
(14) Timestamp Reply
(15) Information Request
(16) Information Reply
## Exercise #3
- Receive token from TCP protocol: **echo -ne "\x09\x00\xfff004hqk" | nc -p 2103 thepond.cs.dartmouth.edu 603**
- TCP token: 3a27d767
- Receive token from UDP protocol: **echo -ne "\x09\x00\xfff004hqk" | nc -u -p 2696 thepond.cs.dartmouth.edu 603**
- UDP token: 0c0eea5f
#### Terminal output
#### Procedure
#### (1) ssh into the pond
- ssh -p 106 johan@thepond.cs.dartmouth.edu
#### (2) Find the priviledged port set up to listen to UDP and TCP protocol.
- netstat -tuln | grep ":603 "
#### (3) Interact with bot. Send message via UDP and TCP protocols. Figure out how the bot wants the message:
- UDP: echo "Hello" | nc -u thepond.cs.dartmouth.edu 603
- TCP: echo "Hello" | nc thepond.cs.dartmouth.edu 603
#### Terminal Output
#### (4) Bot expected a message of 10 bytes. Send a message of 10 bytes to see bot's reponse.
- UDP: echo -n "Hello " | nc -u thepond.cs.dartmouth.edu 603
- TCP: echo -n "Hello " | nc thepond.cs.dartmouth.edu 603
#### (5) Figure out what the first magic byte is by echoing every possible byte.
- run the bash script: ./magicbyte.sh
- UDP: echo -ne "\x09234567890" | nc -u thepond.cs.dartmouth.edu 603
- TCP: echo -ne "\x09234567890" | nc thepond.cs.dartmouth.edu 603
#### Terminal Output
Output of magicbyte.sh
Output of writing via UDP protocol
Output of writing via TCP protocol
#### Bash Script
To compile and run
```
chmod +x magicbyte.sh
./magicbyte.sh
```
```
#!/bin/bash
HOST="thepond.cs.dartmouth.edu"
PORT=603
MESSAGE="123456789"
ERROR_MESSAGE="Error: Message does not start with magic byte"
MAGIC_BYTE="" # Initialize MAGIC_BYTE variable
for i in {0..255}; do
START_BYTE=$(printf "\\x%02x" $i)
RESULT=$(echo -n -e "\x$START_BYTE$MESSAGE" | nc -u -w 1 $HOST $PORT)
if [ "$RESULT" == "$ERROR_MESSAGE" ]; then
continue
else
echo "Found magic byte: $START_BYTE"
MAGIC_BYTE=$START_BYTE
break
fi
done
if [ -z "$MAGIC_BYTE" ]; then
echo "Magic byte not found."
else
echo "Magic byte found: $MAGIC_BYTE"
echo "Sending message with magic byte:"
echo -n -e "\x$MAGIC_BYTE$MESSAGE" | nc -u -w 1 $HOST $PORT
fi
```
#### (6) Figure out what the second magic byte is by echoing every possible byte.
- run bash script: ./mb2.sh
- UDP: echo -ne "\x09\x0023456789" | nc -u thepond.cs.dartmouth.edu 603
- TCP: echo -ne "\x09\x0023456789" | nc thepond.cs.dartmouth.edu 603
#### Terminal Output
Output of mb2.sh
Output of echo via UDP Protocol
Output of echo via TCP Protocol
#### Bash Script
To compile and run
```
chmod +x mb2.sh
./mb2.sh
```
```
#!/bin/bash
HOST="thepond.cs.dartmouth.edu"
PORT=603
MESSAGE="12345678" # 8 additional characters to make total length 10 with two bytes
FIRST_MAGIC_BYTE="\x09"
ERROR_MESSAGE="Error: Message does not start with magic byte"
# Iterate over all possible second bytes
for i in {0..255}; do
SECOND_BYTE=$(printf "\\x%02x" $i)
FULL_MESSAGE=$FIRST_MAGIC_BYTE$SECOND_BYTE$MESSAGE
# Send the full message to the server and capture the result
RESULT=$(echo -ne "$FULL_MESSAGE" | nc -u -w 1 $HOST $PORT)
# Check if the response is not the known error message
if [[ "$RESULT" != "$ERROR_MESSAGE" ]]; then
echo "Found second magic byte: $(printf "%02x" $i)"
echo "Magic bytes found: 09 $(printf "%02x" $i)"
echo "Sending message with magic bytes:"
echo -ne "$FULL_MESSAGE" | nc -u -w 1 $HOST $PORT
exit 0
fi
done
echo "Second magic byte not found."
```
#### (7) Figure out what the third magic byte is by echoing every possible byte.
- run bash script:
- UDP: echo -ne "\x09\x00\xff1234567" | nc -u thepond.cs.dartmouth.edu 603
- TCP: echo -ne "\x09\x00\xff1234567" | nc thepond.cs.dartmouth.edu 603
#### Terminal Output
Output of echo via UDP Protocol
Output of echo via TCP Protocol
#### (8) Insert NetID into the payload with the three magic bytes.
- UDP: echo -ne "\x09\x00\xfff004hqk" | nc -u thepond.cs.dartmouth.edu 603
- TCP: echo -ne "\x09\x00\xfff004hqk" | nc thepond.cs.dartmouth.edu 603
#### Terminal Output
Output of echo via UDP Protocol
Output of echo via TCP Protocol
#### (9) Find correct soure port by sending to all possible source ports.
- UDP: Source port 2696
- echo -ne "\x09\x00\xfff004hqk" | nc -u -p 2696 thepond.cs.dartmouth.edu 603
- TOKEN= 0c0eea5f
- TCP: Source port 2103
- echo -ne "\x09\x00\xfff004hqk" | nc -p 2103 thepond.cs.dartmouth.edu 603
- TOKEN= 3a27d767
#### Terminal Output
Output of UDP Echo
Output of TCP Echo
Output of Bash Script for UDP sp.sh
Output of Bash Script for TCP sp_tcp.sh
#### Bash Scripts
UDP Protocol: sp.sh
To compile and run
```
chmod +x sp.sh
./sp.sh
```
```
#!/bin/bash
HOST="thepond.cs.dartmouth.edu"
PORT=603
MESSAGE="\x09\x00\xff\xf004hqk" # Adjusted message with the correct magic bytes
RANGE_START=2000
RANGE_END=2999
for (( SRC_PORT=RANGE_START; SRC_PORT<=RANGE_END; SRC_PORT++ )); do
# Sending the message from the specified source port
RESULT=$(echo -ne "$MESSAGE" | nc -u -p $SRC_PORT -w 1 $HOST $PORT)
# Check if the response is what we expect or if we need to keep trying
if [[ "$RESULT" != "Error: Incorrect source port." ]]; then
echo "Success from port $SRC_PORT: $RESULT"
break
else
echo "Tried port $SRC_PORT, but got: $RESULT"
fi
done
```
TCP Protocol: sp_tcp.sh
To compile and run
```
chmod +x sp_tcp.sh
./sp_tcp.sh
```
```
#!/bin/bash
HOST="thepond.cs.dartmouth.edu"
PORT=603
MESSAGE="\x09\x00\xff\xf004hqk" # Adjusted message with the correct magic bytes
RANGE_START=2000
RANGE_END=2999
for (( SRC_PORT=RANGE_START; SRC_PORT<=RANGE_END; SRC_PORT++ )); do
# Attempt to send the message from the specified source port using TCP
RESULT=$(echo -ne "$MESSAGE" | nc -p $SRC_PORT -w 1 $HOST $PORT 2>&1) # Redirect stderr to stdout to capture errors
# Check if the result indicates a successful transmission or an error
if [[ "$RESULT" == *"Success"* ]]; then
echo "Success from port $SRC_PORT: $RESULT"
break
elif [[ "$RESULT" == *"bind failed: Address already in use"* ]]; then
echo "Port $SRC_PORT in use, trying next."
continue
else
echo "Tried port $SRC_PORT, but got: $RESULT"
fi
done
```
Sign in with Wallet
Connect another wallet