FIT9135 Data Communications

FIT9135 Data Communications
Assignment 2 – Semester 2, 2018 (v2)
Submission Guidelines
• Deadline: 12 October 2018, 11:55 pm
• Submission format: One PDF for the report. You can use any
freely available PDF converter or lab computer to make a PDF
file from an editable one. In addition, you need to submit the
.imn file saved from the CORE network simulator.
• Submission platform: Moodle.
• Files to submit: You need to submit one file with your student
ID as part of the name: StudentID_LastName_Assign2.pdf. You
also need to submit your network simulator file for task 2.
• Late submissions:
o Via special consideration request
o Or, without special consideration request, you lose 10%
of your mark per day that you submit late. Submissions
will not be accepted more than 3 days late.
Plagiarism and Academic Integrity
It is an academic requirement that your submitted work be original.
Zero marks will be awarded for the whole submission if there is
any evidence of copying, collaboration, pasting from websites, or
copying from textbooks. – The University Plagiarism Policy applies
to all assessments.
Marks
• This assignment is worth 20% of the total unit marks.
• This assignment is marked out of 80 nominal marks.
Specification updated on 21 September 2018:
• Clarified that no Wireshark file submission is required
1. WLAN Network Design and Security
For this task, you will perform a WLAN site survey. Your task is to produce a
map of (part of) a building that gives an overview of the wireless networks that
are available, as well as an analysis of the network.
What you will need: a WiFi-enabled laptop (some smartphones also work, see
below), and a place to scan. You can perform a survey of your home, of an office
space, of parts of the Monash campus, or inside a shopping centre. If you don’t
own a suitable device that you could use for this activity, please try to borrow
one from a friend, or contact us to figure out an alternative.
This activity has two sub-tasks:
a) Survey
Create a map of the place you want to survey. A simple floorplan will be
sufficient, it doesn’t have to be perfectly to scale. See the appendix for an
example. Your survey should cover an area of at least 60 square meters
(e.g. 6x10 meters, or 4x15, or two storeys of 6x5 each). Be creative – the
survey can include hallways or outside areas. Be sure to take the analysis
in part b) into account, by designing your survey to include walls, door
etc. it will be easier to write something interesting in part b).
Furthermore, your survey must include at least three WiFi access
points. These can be your own, but can also include neighbours’ APs. If
you are scanning in a commercial area or on campus, you should be able
to see enough APs. If you want, you can create an additional AP with a
phone (using “Personal hotspot” or “Tethering” features).
For the survey, use a WLAN sniffing tool (see below) at at least eight
different locations on your map. For each location, record the technical
characteristics of all visible APs. Depending on the scanning tool you use,
you can record features such as the network name, MAC address, signal
strength, signal to noise ratio (SNR), 802.11 version(s) supported, band (2.4
or 5 GHz) and channel(s) used.
Add the data gathered from the survey into the map of the covered area.
On the map you should indicate the location of the access points and the
locations where you took measurements.
For the access points, use the actual location if you know it, or an
approximation based on the observed signal strength (e.g. if it’s your
neighbour’s access point and you don’t know exactly where it is).
For each measurement point, you can either add the characteristics
directly into the map, or create a separate table with the details. You can
submit several maps if you choose to enter data directly into the maps, or
a single map if you use additional tables. Create the map yourself, do not
use the mapping features available in some commercial (i.e., paid) WLAN
sniffing tools.
(15 marks)
b) Write a report (word limit 600) on your observations analysing the data
collected in the previous step. Your analysis should investigate the
following aspects:
• Channel occupancy: Are different access points competing on the
same channels? Are they configured to use overlapping channels?
Could the configuration be improved?
(5 marks)
• Interference from walls, doors etc.: How do different materials affect
signal strength and/or noise? Can you notice a difference in
attenuation for different APs? (5 marks)
• Coverage: Do the access points sufficiently cover the desired area?
Could the placement or configuration be improved? (5 marks)
• Any other aspect of your own choice. Here are a few suggestions:
o measure the attenuation caused by your own body
o measure the download and upload speeds in different locations
o determine the overlap that has been implemented to enable
roaming
o describe how you interpolated the locations of access points
from the signal strengths
Describe your findings and explain them with some technical detail
(i.e., not only say what you found, but also how you performed the
analysis or why you think the network is behaving that way).
(5 marks)
Tools: You can use e.g. Acrylic Wifi (https://www.acrylicwifi.com/en/) for
Windows, NetSpot (http://www.netspotapp.com) for Mac OS and Windows, and
LinSSID or wavemon for Linux. If you have an Android smartphone, apps like
Wifi Analyzer can also be used. On iOS, WiFi scanning apps do not provide
enough detail, so iPhones won’t be suitable for this task.
For drawing the site maps, any drawing tool should work, for example
LucidChart, or even presentation tools such as PowerPoint, Keynote or Google
Slides. Scans of hand-drawn maps are acceptable if they are neat and easily
readable.
2. Network Design and bug fixing
Download your personalised CORE Simulator network from Moodle, by
entering your student ID. Make sure the student ID matches the one in the
simulator.
The configuration shows a (fictitious) company network. The company
purchased a block of IP addresses (a class B network) and has subdivided it into
an intranet server network, a client network, and several backbone networks.
The network configuration has a number of errors. Your task is to find and fix
those errors, to implement new functionality, and to extend the network with a
new subnet.
Submission: You need to submit your modified network configuration (the .imn
file) through Moodle, and describe your fixes and changes in a report (in the
same document as task 1).
Tasks:
a) Set up static routing tables in all four routers such that the three networks
containing computers (the clients, the www server, and the intranet
server) can reach each other. Take into account the link speeds between
the routers, to find routes that deliver good speed and latency (you are
not allowed to change the link speeds). In the report, describe the
reasons for the particular routes you chose.
(10 marks)
b) Find three errors in the network configuration. All errors are in either
the configuration of the IP addresses and masks and/or the static routing
tables. For each error, describe what the problem is, how you found it,
the fix you applied, and how you can test that the fix works.
After fixing the errors, you should be able to execute the command
lynx www.fit9135
successfully.
(6 marks)
c) The network currently has no gateway to the Internet. We want to make
router R3 the gateway router. Add default routes to all other routers such
that any packet whose destination is outside of the company network is
routed via R3.
(5 marks)
d) Add a new subnet with 3 clients that are connected to the existing
network using a new router. The subnet is allocated the network address
192.168.192.0/20.
The new router should be named External. It connects to the gateway
router R3 and should be configured with a default route to R3. To get full
marks, the clients need to be configured with DHCP, i.e., the new External
router must be running a DHCP server. You can use router R1 and the
clients in its subnet as an example of how to set up DHCP.
(12 marks)
e) The server with the label www acts as the company’s public web server,
and the server with the label ssh as the remote-login (secure shell)
server. The company decided to update its security policy and implement
a Demilitarised Zone (DMZ). Your task is to implement a firewall on
router R3 such that:
a. Any packets for the specific servers in the DMZ are accepted
(HTTP packets for www, SSH packets for ssh, and DNS packets for
dnsserver), as well as any ICMP packets for devices in the DMZ.
b. Any packets from inside the company network are accepted.
c. Any packets relating to connections that were established from
inside the company network are accepted.
d. Any SSH packets from the ssh server into the company network
are accepted.
e. Any other packets are blocked.
Document the design of the DMZ, including the firewall rules you used, in
your written report. Document four test cases that verify different aspects
of your DMZ firewall. A test case would consist of a command executed on
a particular device, e.g. a ping, lynx or ssh command, that shows the
desired behaviour. Use the new subnet added in d) to test the behaviour
for devices that are outside the company network.
(12 marks)
Hints for testing: There are a number of things you can test. Try out whether
the ping and traceroute commands work as expected between different pairs of
devices. Remember that both commands require routing to work in both
directions: Let’s assume you ping from node A to to B, then the ping packet needs
to be routed from A to B, but the response needs to be routed back from B to A in
order for the ping command to display the result!
You can use the lynx command line web browser to test whether you can access
the web server. The network contains a DNS server, so if a client is configured
correctly, the command lynx www.fit9135 should succeed.
Appendix
This is just to give you an idea of the level of detail required in the floorplan /
map. In addition to the map, your survey would have to include tables that
contain details and measurements for the indicated locations.
Dimensions: 10 m (width), 6 m (height)
Red circles: locations of access points
Blue circles: locations of measurements