CIS-2151 Lab Assignment #3: IPv6

Reading: ...

The purpose of this lab assignment is to explore the IPv6 protocol in a manner similar to that used in the previous lab.

As with Lab #2, there is a server program running on Lemuria that provides the "daytime" service, except this server is using the IPv6 protocol instead of the IPv4 protocol. It is running on port 9002 (instead of 9001). To see what it does, try running the daytime client that is also installed on Lemuria using a command such as:

      $ dtclient6 ::1 9002

Note that the client is dtclient6 instead of dtclient as in the previous lab. Notice also that the loop back address is given as ::1 for IPv6.

There is a script running on node3 (instead of node4) of the cluster that queries the daytime server every 15 seconds. As before, eight IP packets are exchanged with each query: three to form the TCP connection, one to hold the actual data, and four more to close the TCP connection. Nothing about the TCP protocol has changed. TCP is a layer four protocol and thus independent of the underlying network protocol (in theory).

Proceed as follows:

You will want to know the IPv6 address of Lemuria and of node3, so you can recognize them in the packets you will capture. On Lemuria use the command:
```
      $ ip addr
    
```
To show the IP addresses associated with all the network interfaces known to the machine. There are several interfaces, and each interface may have several IP addresses (especially several IPv6 addresses). You are looking for the interface "em2" which connects to the cluster network. The IP address used by the script is the one labeled "scope global" (not the one labeled "scope global dynamic..."). Make a note of that address in your report.
To get the IPv6 address for node3, log into that node using the command:
```
      $ ssh node3
    
```
This runs the command-line OpenSSH client and connects to the machine named "node3". This abbreviated name will be understood by software running on Lemuria. You do not need to specify your username; ssh will try to use the same username as you have on Lemuria.

You should be able to log into node3 using your Lemuria password. User accounts on the cluster nodes are synchronized. If you have an account on Lemuria, you automatically have an account on all the nodes with the same credentials.

Use the same ip addr command on node3. The interface connected to the cluster is named "eth0" on that node. In this case you should note the "scope global dynamic..." address. Ignore the "scope link" address for now.

Use the exit command to log out of node3 and return to Lemuria. Do not forget to do this!
Run tshark on the em2 interface (that connects to the cluster) and capture frames going to/from port 9002. Direct tshark to capture only IPv6 traffic using a command such as:
```
      $ tshark -i em2 -f 'ip6 and port 9002' -w lab-03.pcap
    
```
This saves the frames in the capture file lab-03.pcap, but feel free to use another name if you prefer. As with the previous lab, you only need to capture 8 frames, or one entire query between the client and server. Notice that the capture filter has been augmented to only capture IPv6 traffic to/from port 9002 (on the em2 interface). In our situation the only traffic to/from port 9002 should be IPv6 traffic, but this illustrates how capture filters can be made more specific.
As with Lab #2, display the contents of the first frame in hex, and then manually decode the IPv6 packet header showing the value of each field in your report. The latest IPv6 specification is in RFC-8600. Section #3 shows the header format. Notice that IPv6 has no header checksum to calculate! The Ethernet frame header is still there and is still the first 14 bytes, which we will ignore for now. As before the IP header starts with the 15^th byte. Copy the entire tshark output into your report.
Use tshark's -V option to check your work above. Copy tshark's "dissected" output into your report for just the IP header.
For this section you will need to create a second session with Lemuria. Start PuTTY (or whatever SSH client you are using) a second time and log into Lemuria again. In one window using the following command to capture ICMPv6 traffic on em2:
```
      $ tshark -i em2 -f 'icmp6' -w lab-03-ping.pcap
    
```
In the other session run the command:
```
      $ ping6 fd25:f376:7b60:10:230:48ff:febf:debe
    
```
Replace the IPv6 address above with that for node3's interface. Let the ping6 command run for a few seconds (you should see it working... no errors) and then type ^C to stop ping6. In the other window use ^C to stop tshark.
Use tshark to read your captured data with no other options, and it should display a summary of the frames it captured. You are interested in the first frame that says "Echo (ping) request" and the following frame that says "Echo (ping) reply". There may be other frames in the capture because ICMPv6 is used for other purposes.

Dissect (using -V) the request and reply. You should see an "Internet Control Message Protocol v6" packet inside an IPv6 packet. What is the Type and Code fields for the request? What is the sequence number? What is the data in the request? Do the same thing for the reply.

Submit a document to Canvas (PDF preferred, but Word, text, or ODF are all acceptable) containing your answers to the questions above. Also include the full tshark commands you used. Be sure to include your name in the file. This lab is worth 20 points.