Lab Hints for Windows, VMware, Wiresharkx - Richard Gnall

childrenpenΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 11 μήνες)

165 εμφανίσεις



Lab 00
-

HINTS

1

/
22

Gnall


Lab 00
-

HINTS


TABLE OF CONTENTS



Clone a VM

(WS

8)

Page 02



Change the
Compu
ter
/Host/Machine

Name for an XP Machine

Page 05


-----


Move a VM from one Virtual
Switch to Another

(WS

8)

Page 0
8


-----


Manual

IP Configuration

(XP)

Page 09

A
ssign

a
Static IP
Address, Subnet Mask (and DGA, DNS, WINS)

to a Local Area Connection




Automatic IP Configuration
-

DHCP

(XP)

Page 11

Configure

a Local Area Connection

to be a DHCP Client



-----


Add

a NIC to a VM

(WS

8)

Page
1
3



Router

(XP, W7 or Server)

Page 1
4

Enable Routing in a Windows VM



-----


Wireshark Toolbar

Page 1
7



Wireshark Filters


Page 1
9





Lab 00
-

HINTS

2

/
22

Gnall



Clone a VM

TOC



Right
-
click the VM tab…Manage…Clone…

OR

VM menu…Manage…Clone…



Next…



Next…


Select

"
The current state in the virtual
m
achine
"



Lab 00
-

HINTS

3

/
22

Gnall




Next…




Finish…



Create a
full

clone in
C131

Enter the name of the new VM




Make sure the VM will be
stored in the
correct location

Create a
linked

clone in
C139



Lab 00
-

HINTS

4

/
22

Gnall







Close…




Lab 00
-

HINTS

5

/
22

Gnall



Change the
Computer
/Host/Machine

Name for
an
XP

Machine

TOC



Log in with an administrative account.


When viewed with ipconfig, the computer name is labled as "
H
ost
N
ame":




To change the computer name:


My
Computer…Properties…Computer Name Tab…




Change…





Lab 00
-

HINTS

6

/
22

Gnall




OK…





OK…



Enter the correct computer name



Lab 00
-

HINTS

7

/
22

Gnall




OK…





Yes…




Lab 00
-

HINTS

8

/
22

Gnall



Mov
e

a VM from one virtual switch to another

(VMware Workstation 8)

TOC



In:

http://www.richardgnall.com/mcc/VMware/2
-

VMware Networking/


Review:


Networking in VMware (8)
-

PowerPoint.ppt


Networking in VMware (7.1)
-

Document.doc


While the
VM is
either stopped or running:


VM menu…Settings…Hardware Tab…Network Adapter…


Select the desired network connection. Note that Bridged, NAT and Host
-
only networks appear twice
-

once
as a radio button and once in the Custom drop
-
down box
.




Lab 00
-

HINTS

9

/
22

Gnall



Manual

IP Configuration

-

Assign a Static IP Configuration to a Local Area Connection (XP)

TOC





NOTE:


If a powered down VM needs to be configured

with a static IP configuration

but is currently a DCHP client,
connect it first to a network w
ith a DHCP server (e.g. VMnet8) before booting. A VM which is looking for a
DHCP server will boot faster if it can find one. After the VM has booted, change it's IP configuration to static
and then switch it to a network which does not have a DHCP service
running on it.




In the tool tray (lower right hand corner of the Windows desktop):


Double
-
Left
-
Click the Local Area Connection icon


OR


Right
-
Click the Local Area Connection icon…Status




Properties…





Lab 00
-

HINTS

10

/
22

Gnall






OK…


Internet Protocol (TCP/IP)


Properties…

pele捴 "
啳r the

following f倠慤a牥獳s
"

䙩ll in the
:

f倠慤a牥獳

pubnet 浡獫

䑥f慵lt g慴ew慹

䙯爠浯獴 of the l慢猠in thi猠捯u牳攬

le慶e the 䑎a 獥牶敲s慤a牥獳敳sbl慮k



Lab 00
-

HINTS

11

/
22

Gnall



Automatic IP Configuration
-

DHCP

-

Configur
e

a Local Area Connection to use DHCP (XP)

TOC



In the tool tray (lower right hand corner of the Windows desktop):


Double
-
Left
-
Click the Local Area Connection icon


OR


Right
-
Click the Local Area Connection icon…Status




Properties…





Lab 00
-

HINTS

12

/
22

Gnall






OK…


Obtain an IP address automatically









Obtain DNS server address automatically

Internet Protocol (TCP/IP)


Properties…



Lab 00
-

HINTS

13

/
22

Gnall



Add

a NIC to a VM

(VMware Workstation 8)

TOC



While the VM
is either stopped or running,


VM menu…Settings…Hardware Tab…Add… (at this point, it doesn't matter if Network Adapter is selected or not)



Next…



Select which network switch to connect the
new NIC to (this can be changed later)


Finish…
Network Adapter

Select
the desired

network s
witch (hub)



Lab 00
-

HINTS

14

/
22

Gnall



Rout
er

-

Enable Routing in a Windows VM (XP, W7 or Server)

TOC



Enabling routing requires changing a registry setting. Be extremely careful when
working with the registry as
it is easy to make a Windows operating system unbootable.


Start…Run…regedit…OK…




The Registry Editor may open to a different location
-

that's OK.


I have already saved the location of the desired registry setting as a favo
rite.


Favorites Menu…Router…





Lab 00
-

HINTS

15

/
22

Gnall




Right
-
click IPEnableRouter and select Modify




Change "Value data:" from a 0 to a 1


OK…





Lab 00
-

HINTS

16

/
22

Gnall




Close the Registry Editor


Reboot the VM


Lab 00
-

HINTS

17
/
22

Gnall



Wireshark Toolbar

TOC



Focus on the buttons highlighed in
blue
.


Note: The toolbar contains buttons for working with display filters. For the labs in this course, ignore them. Instead, type
filters directly i
nto
the Filter toolbar as explained in the section on
Wireshark Filters
.
List the Available Capture Interfaces…

Show the
Capture Options…

Start a New Live Capture

Stop the Running Live Capture

Restart the Running Live Capture

Close this Capture File

Reload this Capture File

Go to the First Packet

Go to the Packet with Number…

Find a Packet…

Auto Scroll Packet List in

Live Capture

Edit Preferences…

Edit/apply Display Filter…

Edit Capture Filter…

Resize All Columns

Show some help…



Lab 00
-

HINTS

18
/
22

Gnall



Capture Interfaces



Capture Options



Start a Live Capture



Stop Running Live Capture



Restart the Running Live Capture

------


Close Capture File



Reload Capture File

------


Auto
Scroll Packet List in Live Capture


------


Resize All Columns


------


Capture Filters



Display Filters



Preferences


With the exception of "Reload Capture File", all of the above toolbuttons have corresponding menu entries.





Lab 00
-

HINTS

19

/
22

Gnall



Wireshark Filters

TOC



Filter

a

Single
P
rotocol


Type the name of the protocol into the Filter toolbar

text field
. The text field will turn green when Wireshark recognizes a legitimate filter.




Apply…





Lab 00
-

HINTS

20

/
22

Gnall





Lab 00
-

HINTS

21

/
22

Gnall


EXAMPLES


Display only arp packets


arp


Display only arp or icmp packets


arp or icmp


arp || icmp


Don't display arp packets


not arp


! arp


Don't
display arp packets and don't display icmp
packets


not arp and not icmp


not arp && not icmp


! arp and ! icmp


Display only DHCP packets


bootp


Display packets with the syn flag set


tcp.flags.syn

Display only a certain IP address


ip.addr ==
192.168.198.135


Display only a certain source IP address


ip.
src

== 192.168.
206.144


Display only a certain destination IP address


ip.
dst

== 192.168.
206.144


Display only a certain MAC address


eth.addr == 00:0c:29:b
2
:
02
:
3e


eth.addr == 00.0c.29. b
2.02.3e


eth.addr == 00
-
0c
-
29
-

b
2
-
02
-
3e


Display only certain port numbers


udp.port == 137


(NBNS)


Display IP addresses in a certain subnet


ip.addr == 192.168.
206
.0/24


Don't display a certain IP address


!(ip.addr == 192.168.

206.144
)



Note: MAC, IP
and Port

.addr

filters are applied to both the source and destination addresses. Therefore, the
following expression can not be used to filter out IP addresses. If one of the IP addresses does not equal the
specified address while the other IP address does

equal, the packet will still be considered to be a match.


ip.addr != 192.168.
206.144


The correct filter which requires both addresses to match the condition is:


!(ip.addr == 192.168.
206.144
)


(There is no IP address in the packet which matches 192.16
8.198.135)



Lab 00
-

HINTS

22

/
22

Gnall

Saving Display Filters


Enter the filter into the Filter toolbar text field. Click "Save"…




The saved filter now appears on the Filter toolbar. If there too many saved filters to fit on the Filter toolbar, then a drop

down arrow will provide a
ccess to
all of the saved filters.



Enter the name for the new filter.


OK…

呯 牥浯ve 獡sed filte牳r edit the
following file:


~⽁ppli捡cion 䑡a愯ai牥獨慲a⽰牥fe牥n捥c