Course Central >
CMPT 471 >
CMPT 471: Networking II
SPRING 2012 (DRAFT ONLY)
Using the Virtual Networking Lab
Acquiring sufficient knowledge to become competent in the GNU/Linux and
X Window System environment is an integral part of the course.
For many of you the learning curve will be steep, particularly if you have
confined yourself within the limits of the Microsoft Windows environment.
Be prepared to spend a significant amount of time on this task in the first
few weeks of the course. Below you will find useful information to get you started.
Additional links to specific useful information can be found along with the class
notes and assignment information.
The Virtual Networking Laboratory
(Much of this section is a revised and/or expanded version of Lou Hafer's Virtual Lab Instructions)
There is a lot of useful information about the virtual lab and how to use it on the
CSIL FAQ page
For many years, Cmpt 471 was taught using a lab facility comprised of about 20 ancient PCs
connected in an internetwork, physically isolated from the rest of the world. In 2008, the lab
went virtual. This note explains how to access the Virtual Network Lab (VNL) and how to work
efficiently on the network of virtual machines.
The first instantiation of the VNL replicates the logical structure of the old physical lab using
20 virtual machines running on a server under VMware. To see the setup of this VNL click
on the following link VNL NETWORK MAP. You will use this virtual lab setup for
Assingments 3 to 6 this term. For your first two assignments you will also be using
a smaller virtual network lab designed specifically for assignments 1 and 2 (LAB1VNL).
There are two copies of the LAB1VNL so more students can work on thier assignments at the same time..
The configuration of LAB1VNL COPYA NETWORK MAP and
LAB1VNL COPYB NETWORK MAP will be
described in detail in the description in lab 1 posted on the assignment
scheule page. Specialized setups, like LAB1VNL, are made possible by using the virtual
technology and will provide more flexibility for the lab portion of CMPT 471 in the future.
The VNL lab includes several networks. First there is an administrative network through which you will
be able to connect to any of the network lab virtual workstations.
This network has network ID 192.168.0.0 and includes ip addresses from 192.168.0.1 to 192.168.0.255.
All workstations that are part of the VNL (or a LAB1VNL) are connected to this network though thier eth0 interfaces.
Logically, in the VNL there are four additional Ethernets which
are to be used for your experiments.
Each of these other Ethernets is assigned a IP network ID. All virtual
workstations in the VNL are connected to one of these four Ethernets. The Ethernets have network ID's 172.16.0.0, 172.17.0.0,
172.18.0.0, 172.19.0.0. Four of the multi-interface workstations are connected to two of these networks
and route packets between the networks to which they are connected. (december, january, february, march). the
diagram of the network indicates which workstations are on each of the four additional
networks, . This diagram includes the IP addresses of each workstation on each
network. This configuration provides a very flexible internet which looks like four separate networks connected by
routers and contains multiple paths between many pairs of machines.
The heart of the VNL are the four ‘routers’ and 16 testbed workstations connected to the network
segments net16 (172.16.0.0), net17 (172.17.0.0), net18 (172.18.0.0), and net19 (172.19.0.0).
The ‘routers’ are not really routers — they’re actually multi-homed workstations with packet forwarding
enabled — but they’ll nicely do for our purposes. Over the course of the semester, you
will be working with the testbed workstations for assignments and using the wireshark protocol
analyser to capture frames on net16, . . ., net19.
The advantage of this structure is that all of the normal network trafific generated by remote
logins, X protocol, and network dæmons of several sorts is confined to net0. The testbed network
segments net16, . . ., net19 have only a small amount of traffic other than the frames that you
generate as part of your work.
It's important to keep in mind that the network lab configuration summarized above is the default configuration.
There may be deliberate changes in the configuration to suit a given assignment. Almost certainly there will be
inadvertent changes to the configuration. One purpose of the course is to give you experience in the art of
diagnosing and correcting network problems. Inadvertent changes and changes your fellow students have
forgotten to undo will provide you with opportunities to practice diagnosing problems.
If you cannot figure out the problem you can reimage any virtual workstation (except seasons) and correct many
problems (remember to backup your files to seasons server before you reimage your workstation). When you
reimage a workstation all student home directories are erased. Please remember to copy your work to seasons
before you reimage a workstation. Instructions on how to reimage a workstation are given below and on the CSIL
Access to the VNL is through the gateway workstation cs-vnl.csil.sfu.ca. On cs-vnl, everyone
is a normal user. cs-vnl provides secure home directories where you can keep your work over the
course of the semester. A second server, seasons, provides DNS and NIS (formerly YP) services
for the VNL. From cs-vnl, you can log in to the testbed workstations over the net0 (192.168.0.0)
subnet. Detailed explanations of how to connect to the virtual network lab are given below and on the
CSIL FAQ page.
When using the network lab you will have root privilege on all workstations within the network lab, except on the gateway
cs-vnl and the server seasons. Because everyone has root access, you have no privacy or security on any of these
The only secure disk space available to you within the network lab is your home directory on cs-vnl. It is advisable
to copy all your working files from any network lab virtual workstations to your home directory on cs-vnl and then
remove them from your home directory on the network lab workstations at the end of each session working in the network
lab. This will maintain maximal privacy and security for your files. It is possible that your files on the network
workstations will not be there when you return to the network lab (someone may have reimaged the workstation).
To assure that you do not lose your work back up
your files to your home directory on cs-vnl at the end of each session. You can copy files between machines in the
network lab using the command scp.
The workstations in the Networking Lab use the Linux operating system. Linux is a version of the Unix operating system
kernel originally written by Linus Torvald's and now maintained and enhanced by a community of professionals and
volunteers around the world. The operating system in the virtual networking laboratory to the Ubuntu Linux distribution.
Using The Virtual Networking Laboratory
STEP 1 Getting Ready
Your SFU campus account will not work in the Network Lab. This is because both the 471 Lab Virtual
Network machines are not part of the campus Active Directory domain, and so cannot use the campus authentication services.
Therefore, the first you will need to do is obtain your password for the virtual lab. To get your password for the
To use the VNL from outside of the Burnaby CSIL lab, you must use either ssh or rdesktop to connect to the front-end host,
cs-vnl.csil.sfu.ca. The best way to connect is to use the remote desktop protocol. The Remote Desktop Protocol (RDP) was originally
developed by Microsoft in order to allow the
sort of remote computing that’s native to X Windows. It provides a way to export the (Microsoft)
Windows desktop from a server to a client. The Windows client is the Microsoft Terminal Server
Client, mstsc. (The icon you see on your desktop may be labelled ‘Remote Desktop’.) The opensource
community has developed its own RDP client, rdesktop, which will display a remote
desktop on an X display.
- 1. Login to the MySFU site
- 2. Go to my courses and select cmpt471 to view your password
You will propably want to use a remote desktop client to connect to the virtual lab. This is the preferrd method
of access because it provides graphical support. The alternate approch (using ssh) may not provide graphical
support because X forwarding may be disabled by SFU. The Remote Desktop Client on
your personal computer may not work to access the virtual lab. The software supporting the virtual lab is only compatible
with an older version for the remote desktop. Unless you are running Windows 7 (64bit edition) you can download and install
and use the older correct version of mstsc using the links below
Window Remote Desktop (correct version)
Linux Remote Desktop (correct version 1.6.0)
If you are running Windows 7 64 bit edition you will find that even if you install the older verision your OS will always revert to
the newest edition of mstsc causing a "Because of a protocol error this session will be discontinued" error when you try to
connect to cs-vnl using mstsc. In this case the workaround is
to use the default version of mstsc (remote desktop connection on your accessories menu) to connect to leto.csil.sfu.ca
(the windows remote gateway).
Then on leto select run and type mstsc into the run window, then press ok. This will get you to the first window illustrated
below. This is the window you would otherwise expect to obtain by running mstsc on your own machine.
STEP 2 Connecting to the Virtual Network Lab
To connect from a Windows system, click on the Remote Desktop icon or otherwise run
the remote desktop software, then follow the prompts. As an example I have described the connection process for windows in detail below.
I have pointed out a few differences I know of for Mac (since I don't have a Mac I can't give all the differences).
Click on the Remote Desktop icon to start.
On a windows machine you can also run mstsc.exe (mstsc cs-vnl.csil.sfu.ca) from the run command or from
a command window. On a linux machine or you could also run rdesk from the command line instead of clicking on the icon.
Starting the remote desktop will open a window that will request the name of the server you wish to log into.
If necessary type cs-vnl.csil.sfu.cainto the window. Then press the connect button. For windows the connect window is illustrated below.
On a window's machine pressing the connect button will bring up a login box. Type in your normal username and your password for
the virtual lab (see below). Then press OK. On a Mac you may have to to open the options drop down box then enter your password and id and login.
If your login is successful you will eventually see the desktop screen for cs-vnl. You may see a progress screen that tells you what is happening while
your are logging in first. It looks like the one below (but will show progress messages instead of login failed).
Just wait for the login to complete and then this screen will dissapear and the desktop for cs-vnl will appear (see image below).
The server, cs-vnl, will provide access to the network lab.
If your login is not successful you will be presented with the login screen below. Enter your id and network lab password
again and you should then see the progress window followed by the desktop screen for cs-vnl.
STEP 3: Using a network lab virtual machine
In the upper right
corner of the desktop I have placed a shortcut for a command line window (terminal), you may also want to do this.
Either click on your shortcut or use the desktop's menuing system to find and open a command line interface window.
You desktop should now have a command window like the one below.
The terminal window can be used to attach to any of the virtual workstations in the network lab. In the
example above the virtual workstation july is chosen. The command ssh -Y july will connect
you to the virtual workstation july. The first time you connect to any virtual workstation in the network
lab you will be asked to verify the RSA fingerprint. To login you must say "yes" to continue connecting.
To complete login you must supply your network lab password.
Notice, in the example above, that there are two messages in the login. First, you are warned that the data for X-11
forwarding does not exist(No xauth data), this is because the data cannot be saved in your home directory because you do not yet
have a home directory. Second, you cannot be moved into your home directory at the end of the login procedure
because you do not yet have a home directory. Clearly, the next thing to do is to make yourself a home directory.
It is only necessary to make your home directory the first time you log into a workstation, or the first time you
login to a workstation after it has been reverted to the original image (snapshot) by you or some other user.
To create a home directory for yourself (say your userid is myID) do each of the following steps:
Please note that after making your home directory you should log out then log back in before you begin using the
virtual workstation. You must also remember to use the -Y when you ssh to log into one of the virtual workstations from
cs-vnl. If you do not log out after creating your home directory,then log back using ssh -Y, you will not be able to use
wireshark or any other application that requires graphics.
- You need to be root to create a directory on the /home partition.
To become root the command is sudo sh. This command creates a new
interactive sh shell with root privilege. To start up the new root shell you will be asked for your password again.
- Go to the home directory by using the change directory command cd /home.
- Use the make directory command to create your home directory mkdir myID.
The name of your home directory must be the same as your userid.
- Now your home directory exists, but is owned by root, not by you. Change the ownership of the directory using the change
ownership command chown myID.myID myID.
- Now you have a home directory. Exit the shell exit
- Log off.
When you login (with an existing home directory) you are ready to begin working. One of the first things
you will want to do is experiment with capturing packets and viewing captured packets. The packet sniffer
you will use to capture packets is wireshark. To capture packets using wireshark you must be root (not yourself),
and you must be using a graphics enable connection (ssh with -Y).
To use wireshark remember the following:
- As yourself execute the command sudo wireshark. You will be asked for your password
(not the root password) and then wireshark will be started.
- If you see the confirmation window below click OK to make wireshark active.
- If wireshark's menu's do not respond to your clicks it is probably because the confirmation window (shown below)
has appeared under the wireshark window. If this happens you need to bring the confirmation window to the front and click OK.
Then wireshark will become active
- Return to the command window in which you started wireshark and type CNTR-Z followed by enter
- Enter the command bg then press enter to put wireshark into the background and let you use your command window
for other things
Next let's look at using wireshark once we have the application open.
First, you will want to select the correct interface for your experiment. You need to decide which interface or interfaces
you wish to collect packets from. You can use the command route to see the
routing table for the virtual machine. The routing table will tell use which network is attached to which
physical interface on the virtual workstation. The ouput from the command ifconfig
will also give you lots of additional information about the configuration of each interface. Using this information you
can decide which interfaces you wish to watch.
Selecting a particular interface allows you to view all packets that travel along the network connected to that interface. You will
see packets destined for the machine running wireshark and for all other machines on the same network. You can also select the
interface lo to see the packets being sent from one process to another within the same virtual workstation.
You can select your interface in at least two ways. First you can select
interfaces from the capture menu show above, then you can begin a capture on any interface by pressing the start button next to the
interface you want on the menu that will appear when you select interfaces (shown below).
Second you can select options from the capture menu shown above. This will bring up the options window shown below. At the top of the
options window is a pull down menu that allows you to select the interface you want. Using the options window has the advantage that
it allows you to choose other options at the same time. In particular you may want to specify a capture filter.
The capture filter will be very useful. There are very large numbers of packets travelling down each internet
so you will want to capture only a subset of them. For each particular assignment/experiment you can
select only the packets you want by designing the appropriate capture filter. Instructions on how the capture
filters work (and the options available) are given in the online documentation on the internet (see www.wireshark.org,
http://wiki.wireshark.org/). As examples
you can select packets for a particular protocol, or packets travelling to or from a particular ip address
A couple of additional suggestions to make the use of the network easier:
- First a warning: be patient a remote system does not respond as fast as a local system
- If you are unable to move your cursor outside of a particular area of the screen
CNTR ALT will free the cursor to move over the entire screen
- If you have difficulty because some windows
appear off your page and you cannot access them reset the resolution of your ubuntu
linux desktop (lower)
- If you wish to move between full screen and window use CNTR ALT ENTER
Root privileges and sudo
As mentioned elsewhere, you have no privacy on the VNL workstations. All students have access to root privileges on all workstations
except cs-vnl and seasons. Do not leave your work lying around on the workstations when you're not working.
If you've worked with unix systems in the past, then you're probably familiar with the su (set user) command. (Contrary to popular belief,
su did not start as an abbreviation for `super user', but everyone thinks of it that way today.) The su command actually allows you to become
any user, as long as you know the proper password; this is something you should keep in mind. In the VNL, however, su does not work.
If you try to use it, the command will hang and you'll need to open a new login to the workstation and use ps to find and kill the process.
Instead, you'll be using the sudo command. The sudo command gives you the privileges of the root ID, but provides a bit more control.
You use your own password (which is not the password of the root account) and the transition from normal user privileges to root privileges
is recorded. One consequence of this is that you cannot simply log in as root. This is a feature. In general, you should execute commands
with root privileges only when you must. It's far too easy to do a lot of damage when you're working with root privileges; a moment's carelessness
can remove or damage large chunks of the computer's file system or render networking inoperable.
The intended use for sudo is to run a single command with root privileges. So, for example, sudo wireshark will run the wireshark protocol analyser
with root privileges. The command sudo bash also runs one command, but the command just happens to be the bash command shell.
This allows you to wield the full power of a command shell, with root privileges. Be careful! Also, notice that once you've used sudo to acquire a root shell,
you can use the `-u' option of sudo to set your user ID to any user ID known to the system, without needing to know the password for the ID.
Not to belabour the point, but you have no privacy on the VNL workstations.
It should have occurred to you by this point that you have no protection from your fellow students on the VNL workstations.
Be polite! `Do unto others as you would have them do unto you' is a really good rule to remember when working in the VNL.
Saving and Recreating Your Work Environment
Each workstation in the VNL has an independent file system. A separate file system means
that system configuration changes that you will make for assignments are confined to a single
workstation1. It also means that files that you create on one workstation will not exist on other
workstations unless you copy them there. You should also keep in mind that all students in the
class have root access on the VNL workstations. You have no privacy on the VNL workstations. Do
not leave completed work, or partially completed work, on the file systems of the VNL workstations
for others to browse. The sole exception is cs-vnl, where you are restricted to normal user privileges
and your home directory permissions will not allow others to see the contents.
For these reasons, you will want to know how to efificiently save a copy of your work environment
to cs-vnl or some other location outside of the VNL.
The most common reason for wanting
to save and recreate your work environment is that you’ve been developing the solution to an
assignment on one workstation and need to leave to do something else. You’ll want to be able to
save your work and then restore it on some other free workstation, perhaps one you’ve never used
before, when you return to the Lab. Another common reason is that you were experimenting with
your environment on a workstation or on cs-vnl and now want to quickly restore it to the state it
was in before you started to experiment.
Less often, you may need to recreate your work environment because you (or someone else)
made an unrecoverable error and had to recreate a virtual workstation from a backup image. You
should not be afraid to do this — if it doesn’t happen to you once or twice over the course of the
semester, you’re not experimenting as much as you should. Just be prepared to recover.
A tar archive (vid. 2.4) is probably the most convenient way to save and restore any directory
tree on a unix system. A alternative is the secure copy command, scp. You’ll need to use the ‘-r’
flag to copy entire directory trees; see the scp man page for further information.
Making and Using a tar Archive
The tar program is convenient to use to do bulk file save and restore operations on unix systems.
tar is a rather old program (the name is short for ‘tape archive’), but it’s been well-maintained
and extended over the years. It does the job nicely, and it’s not limited to tapes. It will copy an
entire directory tree into a single archive file, which can be easily copied from one place to another
and then unpacked to recreate the original directory tree.
To make a tar archive, the simplest form of the command is ‘tar cvf tarfile directory’,
where tarfile is the name for the archive file and directory is the directory you want to
archive. Everything in the directory (i.e., all files and subdirectories, including hidden files and
subdirectories whose names start with ‘.’) will be included in the tarfile.
You can copy tarfile from one place to another in your file system just as you would any
other file, and you can transfer it from one machine to another using scp.
To unpack a tar archive, use the command ‘tar xvf tarfile’.
One approach is to keep one tar archive file which contains all the configuration files which
make up your working environment, and additional tar files which contain directory trees for
your current assignment or project. There are many more things you can do to manipulate a tar archive file;
consult the info or man documentation for details and examples.
If your file system is getting large and you’d like to compress the archive, you can use gzip to
compress the archive and then use gunzip to decompress it when you’ve moved the archive to its
destination. The compressed tar archive is often called a ‘tarball’. The GNU implementation of tar
used by Linux provides a convenient command line option for compression and decompression.
Changing Your Password and Login Shell
User account information, including the account password and login shell, is kept in a database
on seasons. Individual workstations use NIS (Network Information Service, formerly Yellow Pages)
to get this information from seasons. This means that if you want to change your password
or login shell, you must use a NIS-aware command. The proper commands are yppasswd to
change your password, and ypchsh to change your login shell.
* CMPT 471 Information Page
Computing Science Home
Janice Regan, last modified December 29, 2011.