# 7th Assignment Group: Monday 2-4 - Group 1 Ana Tomi: 413117 Fabian Wagner: 349330 Lukas Hoffmann: 415442 Yasin Kilic: 371955 ## Question 1: Subnets ## In the topology,draw a circle around each sub-network (subnet), i.e., mark which devices, interfaces, and links belong to the same subnet. Assume that the switches are Layer-2, so they do not speak IP and they do not have IP addresses.  Subnet 1: Web Server, Mail Server, 255 other hosts, Switch S2, Router R2( eth1, eth2, eth3) Subnet 2: Router R2(eth0), Router R3(eth0) Subnet 3: Router R4(eth0), Router R1(eth0) Subnet 4: Router R1(eth1), Switch S1, Dad’s PC, Network Printer, Mom’s Tablet, Lisa’s PC) ## Within each subnet, how many interfaces are there? How many IP addresses are needed for each subnet, if each interface only gets one IP address? Subnet 1: 260 interfaces, 262 IP addresses (including network address and broadcast address) Subnet 2: 2 interfaces, 4 IP addresses (including network address and broadcast address) Subnet 3: 2 interfaces, 4 IP addresses (including network address and broadcast address) Subnet 4: 5 interfaces, 7 IP addresses (including network address and broadcast address) ## Question 2: IP address ranges and NAT ### a) Which address class should be used for the company network, if a classful addressing scheme is to be used? Since we want to devide the network into subnets, where every operating system type gets its own network, we need 3 networks. For the Linux PC and Linux Server networks Class C networks are big enough. For the Windows PCs a Class B network is needed since its bigger then 254 systems. Alternatively two Class B networks for the Windows PCs would also work and less IP adresses would be wasted. ### b) Which of the following addresses provide enough IP addresses for all hosts in the network? For the 500 Hosts a Network with Class B or A is big enough. Therefore the two Class B Networks (I) and (III) are bit enough. The Class A Network (II) is alsow big enough but would be overkill for this scenario. ### c) Choose one of the addresses from previous part that provides enough IP addresses for all hosts in your company network. Now your task is to determine address ranges for the hosts present in your network. Allocate an IP address range to each of the following host classes. linux server 136.78.0.2-51 linux pcs 136.78.1.1-50 windows pcs 136.78.2.1-136.78.2.255 and 136.78.3.1-136.78.2.145 ### d) Now assume that due to some re-structuring, it is not possible anymore to use the public IP addresses you have assigned in the previous task. Instead, the whole company network shall be run with private IP addresses and be connected to the Internet via a single public IP using NAT. linux server 192.168.2.0/26 linux pcs 192.168.2.64/26 windows pcs 192.168.0.0/23 ### e) Now, the three Windows PCs winA001, winA002, and winA003 simultaneously request via HTTP a document from a remote server with the IP 141.43.4.130. Furthermore, the LinuxServer server01 is running a web server, which is accessed from an external host with IP address 141.43.4.132 via port 80. Write down the NAT table for the above mentioned connections. | External Add. | External Port | Internal Add. | Internal Port | Dest. Add.| Dest. Port | | -------- | -------- | -------- | -------- | -------- | -------- | | 133.178.23.14 | 5001 | 192.168.0.1 | 3354 | 141.43.4.130 | 80 | | 133.178.23.14 | 5002 | 192.168.0.2 | 3345 | 141.43.4.130 | 80 | | 133.178.23.14 | 5003 | 192.168.0.3 | 2186 | 141.43.4.130 | 80 | | 133.178.23.14 | 5004 | 192.168.2.13| 5486 | 141.43.4.132 | 80 | ### f) If an IP packet is sent from 141.43.4.130 to winA002, which information would the NAT router change and how? - Reply arrives with dest. address: 133.178.23.14:5001 - NAT router changes datagram dest. address 133.178.23.14:5001 --> 192.168.0.2:3345 ### g) If an IP packet is sent from server01 to 141.43.4.132, which information would the NAT router change and how? - NAT router changes datagramm source address 192.168.2.13:5486 --> 133.178.23.14:5004 ### h) Somebody is calling you now and tells you, that one of the employees is abusing the network for file sharing. As a proof for this, the following Ethernet frame is sent to you via e-Mail. Ethernet header: 00 20 da db 23 e6 00 04 75 82 6a ed 08 00 IP Header: 45 00 00 34 0b d9 40 00 80 06 91 2f 0a 00 02 03 c1 63 90 55 TCP Header: f8 8a 00 50 6e fd 88 30 00 00 00 00 80 02 20 00 7b ff 00 00 02 04 05 b4 01 03 03 02 01 01 04 02 IP Version: IPv4 Transport Layer Protocol: TCP Source Address: 10.0.2.3:63626 Destination Address: 193.99.144.85:80 Since the used destination port in use is port 80 the obvious assumption is that the HTTP protocal was used since that is the standard port. The nslookup showes that the IP address belongs to the german news outlet heise. That information is howeever not enough to finally decide weather it was file sharing. There are scenarios thinkable where this ethernet frame would be involved in file sharing. One possible scenarios would be if the IP belonged to another server when the capture was taken and that this server user port 80 for a file sharing protocol. Another scenario could be that the server was hijacked and for specific source adresses the packages were forwared to another port were a file sharing service was running.