Network+ Practice Labs: Network Services and Protocols Part II

Source: cybrary.it

Vendor

Lab

Learning Outcomes

  • Exercise 2 — Identify Default HTTPS Port
  • Exercise 3 — Contrast TCP and UDP Protocols
  • Exercise 4 — Use a Port Scanner

After completing this lab, we will be able to:

  • Start packet capture of packets exchanged using HTTP protocol
  • Create HTTP traffic by accessing a website
  • Verify Port 80 for HTTP
  • Capture HTTPS traffic using Wireshark
  • Verify HTTPS uses port 443 by default
  • Contrast TCP and UDP Protocols
  • Use Advanced IP Scanner tool to collect system information
  • Use Advanced IP Scanner tool to remotely manage systems

CompTIA Network+ Exam Objectives

  • HTTP 80
  • HTTPS 443
  • UDP
  • TCP

N10–007 5.2 — Given a scenario, use the appropriate tool (Software Tools, Port Scanner)

What are we doing?

Why would we want to do this?

Remember, this lab helps us better understand how we can better utilize the tools readily available for us to use, and often times it helps to increase our arsenal of skills when troubleshooting (and monitoring) our network.

Who would use this?

Thoughts?

Exercise 1

Learning objective

Task 1 — Start Packet Capture

If not already, install Wireshark with wincap and USBcap installed, and open the Wireshark application

Step 1: In the toolbar at the top of the Wireshark window, go to Capture and click on Options.

We’ll go ahead and select the checkbox next to the Ethernet interface for this lab.

Step 2: Click the Start button to start capturing data.

Step 3: Now, let’s go on our web browser and connect to http://comptia.org so that we can monitor the http packet activity on Wireshark.

Task 1 Complete!

Task 2 — Identify Port 80 for HTTP

Notice that one of the HTTP data packets on the listing is highlighted in blue. Details of the highlighted packet are listed in the lower pane on the capture window.

Notice that the Source port is a random port number used by our computer PLABSA01 since we’re connected to a remote web server, but the destination port is listed as 80 (http), since we connected to http://comptia.org (which listens to TCP port 80).

Note: The packets carrying this less complex form of data use port 80. However, as the website access becomes more detailed and complex (like background applications or graphics) packets will begin to prefer using port 8080.

Step 2: Click the stop capture icon — the red square — on the toolbar at the top. This stops the on-going data capture.

Now we know how to capture http packet information using Wireshark.

Exercise 1 Complete!

Exercise 2

Learning objective

Task 1 — Restart Wireshark

In this task, we will restart Wireshark and capture a new data stream.

Step 1: In Wireshark, click the start new live capture icon (shark-fin) on the icon bar at the top to begin capturing packets.

Step 2: If you’re asked if you would like to save the captured data accumulated so far, click Continue without Saving, for this lab.

Task 1 Complete!

Task 2 — Capture HTTPS traffic using Wireshark

Step 1: Now, let’s go on our web browser and connect to https://google.com

Note: By explicitly typing https at the beginning of the address, we are forcing the browser to use the HTTPS protocol.

Restore the Wireshark window. Notice data being captured.

In the Filter box, verify that http is typed in the text box.

Note: In Wireshark HTTP and HTTPS are the same when it comes to filtering the results.

Find the packet with Info CONNECT www.google.com:443

By expanding the Transmission Control Protocol section in the center pane, you can see that the destination port is 8080 and not 443. That’s because we’re using a proxy server. However, the connection still uses https as can be seen by the CONNECT request which indicates the use of 443 on Google’s server end of the conversation.

Note: The TLSv1.2 packets we see are used to transfer data in an encrypted form.

Click the stop capture icon — the red square icon — on the icon bar at the top to stop the on-going data capture.

Task 2 Complete!

Task 3 — Block-out HTTPS Access

Step 1: right-click the network icon in our system tray on the lower righthand side of our taskbar and choose Open Network & Internet Settings.

Select the Ethernet option on the left column.

Select the Network and Sharing Center link.

Select the Windows Defender Firewall on the lower left pane.

Select the Advanced settings option from the left-side pane.

Step 2: Select Inbound Rules from the left-side pane.

List of inbound rules is displayed on the middle pane.

Right-click the Inbound Rules node and choose New Rule.

The New Inbound Rule Wizard is displayed.

Step 3: On the Rule Type page, select the Port radio button and click Next.

On the Protocol and Ports page, select the TCP radio button if not selected already.

Select the Specific local ports radio button and type the following in the text box:

80. 443, 8080

Step 4: On the Action page, select the Block the connection radio button and click Next.

On the Name page, specify the name of the rule as Block HTTPS 443 and click Finish.

Step 5: Select the Outbound Rules node, and do the same as we did in Inbound Rules

Task 3 Complete!

Task 4 — Verify HTTPS is Blocked

Step 1: Let’s go on our web browser and try to connect to https://google.com

Notice that the website does not display. This confirms that the firewall effectively blocked access to the outside world.

Task 4 Complete!

Task 5 — Remove Firewall rules blocking HTTPS access

Step 1: Reconnect to the Windows Defender Firewall with Advanced Security window.

Click the Inbound Rules node, again.

on the rules list on the middle pane, right-click the Block HTTPS 443 rule and select Delete.

Do the same for the created outbound rule, as well.

Step 2: Let’s go ahead and try to reconnect to https://google.com using our web browser

There! Now we know how to block and unblock certain ports, like 443!

Exercise 2 Complete!

Exercise 3

Learning Objective

Task 1 — Capture Packets

  • Authentication is needed for Connection-Oriented Protocol Services, while Connectionless Protocol Services don’t require any authentication.
  • Connection-Oriented Protocol Services make a connection and check whether a message is received and sends again if an error occurs, while Connectionless Protocol Services could care less.
  • Connection-Oriented Protocol Services are more reliable than Connectionless Protocol Services, but not as fast and are often times larger in size.
  • Connection-Oriented Protocol Services are stream based and Connectionless Protocol Services are message based (see excerpt below).¹

Before continuing, I want to throw in this excerpt from this -> Oracle doc <-that should help clarify the uses of TCP and UDP:

TCP is an example of a connection-oriented protocol. The process is much like a telephone call, where a virtual circuit is established — the caller must know the person’s telephone number and the phone must be answered — before the message can be delivered.

Examples of services that use connection-oriented transport services are telnet, rlogin, and ftp.

UDP is a connectionless protocol. It is known as a datagram protocol because it is analogous to sending a letter where you don’t acknowledge receipt.

Examples of applications that use connectionless transport services are broadcasting and tftp. Early implementations of NFS used UDP, whereas newer implementations prefer to use TCP.²

Give this article a read, as well, before moving to Step 1:

Difference between Connection-Oriented and Connectionless Service

Also, use this handy interactive reference⁴ for which ports use TCP and/or UDP. For this lab, we’ll go ahead and sample that reference:

Step 1: From the Wireshark window, enter tcp in the Filter text box.

Only the data packets implementing TCP protocol are now being displayed.

Note that there are several application protocols that use TCP such as HTTP and FTP for example. Any such protocols are also included and labeled as such in the list of captured packets since they use TCP.

Step 2: Select a TCP packet from the list displayed. The second pane shows details of the selected packet.

Expand the Transmission Control Protocol section in the second pane.

Notice the Source port (49810) and the Destination port (8080). From our Exercise 2 tasks, we can confirm that TCP is using port 443.

Task 2 Complete!

Task 3 — Identify UDP Packets

Note that UDP is used by several application layer protocols such as DHCP and DNS. Such protocols are also included in this filtered list since they use UDP.

Again, notice the change in the color-coding of the data packets. Only the data packets implementing UDP protocol are now being displayed.

Step 2: Select a UDP packet from the list displayed. For example, select a DHCP packet.

Expand the link User Datagram Protocol section in the middle pane.

Notice that the Source port is 68 and the Destination port is 67. Knowing from our interactive reference, we can confirm that UDP uses ports 68 and 67.

Exercise 3 Complete!

Exercise 4

Learning Objective

A port scanner is a software tool used for probing into local or remote systems to find out open TCP/UDP ports and collect system information such as operating system type installed on the computer. This is used by system administrators to validate the security policy of firewalls and by hackers to determine the open ports on a computer that can be possibly exploited.³

Port scanners are much more than just a piece of software that pings many devices at once. It has many more capabilities, some of which we’ll play with here.

Task 1 — Use Advanced IP Scanner to scan the network

Step 1: For this lab, make sure we are connected to the PLABWIN10 device, and double click the Advanced IP Scanner icon on the desktop.

Note that in the address range field, a default range of IP address is already defined.

Step 2: From this range, remove the 169.254.0.1–169.254.255.254 network ID range.

The remaining network ID range is 192.168.0.1–254.

Click Scan.

After a few seconds, the Advanced IP Scanner lists the devices within the range of 192.168.0.1–192.168.0.254 addresses discovered on our network.

Note: the scan result identifies the IP address, the machine name, the manufacturer, and the MAC (media access control) address of each device.

Step 3: When the scan is successfully completed, expand the listed PLABDC01 host.

Notice that the scanner has also discovered two shared folders on the device. The Advanced IP Scanner can detect shared folders on the network.

Step 4: Right-click the listed PLABDC01, select Tools and then select Ping.

This opens a Command Prompt window, and sets up a ping session from PLABWIN10 to PLABDC01.

Notice that the ping command is executed and replies from the pinged server (PLABDC01)

Note: The pings will continue until you either cancel them by using ‘ctrl+c’ or by closing the Command Prompt window.

Step 5: Right-click PLABDC01 and select Advanced > Shutdown.

On the Shutdown options dialog box, select the Reboot checkbox.

Click Shutdown.

Now we know how to get started using Advanced IP Scanner

Exercise 4 Complete!

Part II of this lab is complete and continues to help bridge our knowledge for further exploration into Part III

Anxious Buddhist | Hobby Eater | Maze Master