INTRODUCTION TO COMPUTER NETWORKS

Question:
You have been assigned as network administrator to the new
premises of a Medical Instruments Company (Medicon.com). Your
tasks revolve around design, evaluation, and troubleshooting and
administration of local area networks, internetworks, and wide area
networks as specified in the following requirements.
One of your first goals is as an administrator is to learn about the
network--- that is, to determine its topology, access method,
throughput rates, type of equipment, and the way the equipment is
interconnected. Although you do not have access into the secure
telecommunication and equipment rooms, you do have permission to
log-on to routers and switches. What information could you obtain by
logging in switches and routers? What information could you obtain
from issuing commands at your workstation that is connected to the
network? What kind of information do you suppose would not be
evident unless you could physically access to the network hardware?

Answer:
First of all I have to securely connect to the remote server of
company’s network, this can be achieved by telnet or SSH protocol,
using a client like PuTTY. I will choose SSH (Secure Shell) because
it’s much more secure than telnet, SSH use authentication methods
and encryption unlike telnet where all the data is transmitted in plain
text, including passwords. Also if you are in a public network for
example, or in a not trusted network and you need extra security,
SSH allows you to “tunnel” a port between your local system and the
remote server. Now that I am connected to the company’s server I
can run commands though my terminal or cmd, connect to routers

PAGE 1
and switches and many more. If I want to find informations about the
network, I have to follow seven basic steps. These include:
1. Information gathering
2. Determining the network range
3. Identifying active machines
4. Finding open ports and access points
5. OS fingerprinting
6. Fingerprinting services
7. Mapping the network
I begin running some simple and common commands on my terminal.
For start I try the net view command where displays a list of
computers in your current domain or with some parameters can
displays a list of domains, computers, or resources. Nslookup to find
informations about the DNS. Whois the servers IP and pinging
machines to find the active hosts, tracert / traceroute to determine
network ranges and port scanning individual systems using a
portscaner like nmap, to see which standard ports or services are
running and responding on the system, what operating system is
installed on the system, and what applications and versions of
applications are present. After I can try to fingerprint some services
like telnet, ftp, netcat, etc. Then I can map the network using
commands like traceroute, netstat with parameters like (-a, -t, -u, -I, -
s,-p, etc.), or even perform a visual ping.
Now, I can start log in to routers and switches, here with administrator
privileges I can find almost anything. It is very important the type and
the model and the firmware of the routers and the switches, on most

PAGE 2
cases though there is commands to see everything. Such as show
interface, show version to see everything for the router, show
inventory to see hardware connected to the router, sh ip route, show
ip protocol, sh arp, show cdp neighbors to see directed connected
neighbors and find the topology, etc, also if you have the enable
password for the router, where as administrator you should have, you
can run the command show run where you can find almost
everything like snmp, security methods(triple AAA or radius server),
access list, what protocols supports (like ssh or telnet), interfaces,
wireless bridges, acces points,wireless controlers, one or lan
throughput, etc. (Note: most of the above commands is for cisco
machines) I believe that is out of the bounds of this class to explain
deeper the commands and the information on a router or switch,
actually this topic is a book by its own, in general though, without
accessing the physical network hardware, if you know what to do, you
can find everything, IP addresses, DNS, ports, settings on each port,
routing tables, filtering rules, security methods, topology, access
methods, throughput rates, type of equipment, the way the equipment
is interconnected etc. the only things you could not find unless you
enter the server room is the actual condition of the room, the physical
condition of the machines, wires, jacks, how carefully there are
interconnected, if its labeled and in general if it all responds TIA/EIA
standards requirements, also would be impossible to find the color of
the room.

PAGE 3
I cite an actual outcome of the show run command to have a picture
of how much information there is on every router and switch and to
justify why it’s impossible to analyze deeper in the limits of this class.

version 12.3 network 10.0.2.0 255.255.255.0 lifetime 480

no service pad default-router 10.0.2.1 !
service timestamps debug datetime ! crypto isakmp client configuration
msec ip dhcp pool vlan3 group rtr-remote
service timestamps log datetime msec network 10.0.3.0 255.255.255.0 key secret-password
no service password-encryption default-router 10.0.3.1 dns 10.50.10.1 10.60.10.1
! ! domain company.com
hostname retail ip ips po max-events 100 pool dynpool
! no ftp-server write-enable !
boot-start-marker ! crypto ipsec transform-set vpn1 esp-
boot-end-marker bridge irb 3des esp-sha-hmac
! ! !
enable password cisco123 interface FastEthernet2 crypto ipsec security-association
! no ip address lifetime seconds 86400
username jsomeone password 0 ! !
cg6#107X interface FastEthernet3 crypto dynamic-map dynmap 1
aaa new-model no ip address set transform-set vpn1
! ! reverse-route
aaa group server radius rad_eap interface FastEthernet4 !
server 10.0.1.1 auth-port 1812 acct- no ip address crypto map static-map 1 ipsec-isakmp
port 1813 ! dynamic dynmap
! interface FastEthernet5 crypto map dynmap isakmp
aaa authentication login eap_methods no ip address authorization list rtr-remote
group rad_eap ! crypto map dynmap client
aaa session-id common interface FastEthernet6 configuration address respond
ip subnet-zero no ip address
ip cef ! crypto ipsec client ezvpn ezvpnclient
! interface FastEthernet7 connect auto
vpdn enable no ip address group 2 key secret-password
vpdn-group 1 ! mode client
request-dialin interface FastEthernet8 peer 192.168.100.1
protocol pppoe no ip address !
! ! interface Dot11Radio0
interface dialer 1 interface FastEthernet9 no ip address
ip address negotiated switchport mode trunk !
ppp authentication chap no ip address broadcast-key vlan 1 change 45
dialer pool 1 ! !
dialer-group 1 interface FastEthernet0 encryption vlan 1 mode ciphers tkip
! ip address 192.1.12.2 255.255.255.0 !
dialer-list 1 protocol ip permit no ip directed-broadcast (default) ssid cisco
ip nat inside source list 1 interface ip nat outside vlan 1
dialer 0 overload ip access-group 103 in authentication open
ip classless (default) no cdp enable authentication network-eap
ip route 10.10.25.2 0.255.255.255 crypto ipsec client ezvpn ezvpnclient eap_methods
dialer 0 outside authentication key-management wpa
! crypto map static-map optional
ip dhcp excluded-address 10.0.1.1 duplex auto !
10.0.1.10 speed auto ssid ciscowep
ip dhcp excluded-address 10.0.2.1 ! vlan 2
10.0.2.10 interface FastEthernet1 authentication open
ip dhcp excluded-address 10.0.3.1 no ip address !
10.0.3.10 duplex auto ssid ciscowpa
! speed auto vlan 3
ip dhcp pool vlan1 ! authentication open
network 10.0.1.0 255.255.255.0 crypto isakmp policy 1 !
default-router 10.0.1.1 encryption 3des speed basic-1.0 basic-2.0 basic-5.5
! authentication pre-share 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
ip dhcp pool vlan2 group 2 48.0 54.0

PAGE 4
rts threshold 2312
power local cck 50
power local ofdm 30
channel 2462
station-role root
! bridge-group 2 spanning-disabled
interface Dot11Radio0.1
description Cisco Open
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
! interface BVI2
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
! no ip http secure-server
interface Dot11Radio0.3
encapsulation dot1Q 3
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
! 10B065B
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast (default)
crypto ipsec client ezvpn ezvpnclient
inside
ip inspect firewall in
no cdp enable
bridge-group 1
bridge-group 1 spanning-disabled control-plane
! !
interface Vlan2 bridge 1 route ip
no ip address bridge 2 route ip
bridge-group 2 bridge 3 route ip
!
! ip inspect name firewall tcp
interface Vlan3 ip inspect name firewall udp
no ip address ip inspect name firewall rtsp
bridge-group 3 ip inspect name firewall h323
bridge-group 3 spanning-disabled ip inspect name firewall netshow
! ip inspect name firewall ftp
interface BVI1 ip inspect name firewall sqlnet
ip address 10.0.1.1 255.255.255.0 !
ip nat inside access-list 103 permit udp host
! 200.1.1.1 any eq isakmp
access-list 103 permit udp host
ip address 10.0.2.1 255.255.255.0 200.1.1.1 eq isakmp any
! access-list 103 permit esp host
interface BVI3 200.1.1.1 any
ip address 10.0.3.1 255.255.255.0 access-list 103 permit icmp any any
! access-list 103 deny ip any any
ip classless access-list 105 permit ip 10.1.1.0
! 0.0.0.255 192.168.0.0 0.0.255.255
ip http server no cdp run
!
! line con 0
radius-server local password cisco123
nas 10.0.1.1 key 0 cisco123 no modem enable
group rad_eap transport preferred all
! transport output all
user jsomeone nthash 7 line aux 0
0529575803696F2C49214337582826 transport preferred all
7C7A760E1113734624452725707C0 transport output all
line vty 0 4
user AMER\jsomeone nthash 7 password cisco123
0224550C29232E041C6A5D3C56333 transport preferred all
05D5D560C09027966167137233026 transport input all
580E0B0D transport output all
! !
radius-server host 10.0.1.1 auth-port \
1812 acct-port 1813 key cisco123
!
PAGE 1