December 9, 2012

Password Authentication Protocol on packet tracer (PAP)

The Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption and compression. PPP is used over many types of physical networks including serial cable, phone line,  trunk line, cellular telephone, specialized radio links, and fiber optic links etc. Internet service providers (ISPs) have used PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol. PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB).  
PPP was designed somewhat after the original HDLC specifications. The designers of PPP included many additional features that had been seen only in proprietary data-link protocols up to that time.
HDLC
HDLC provides both connection-oriented and connectionless service. HDLC can be used for point to multipoint connections, but is now used almost exclusively to connect one device to another, using what is known as Asynchronous Balanced Mode (ABM).
PAP
A password authentication protocol (PAP) is an authentication protocol that uses a password. PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system remote servers support PAP.
PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP (the latter is actually a framework).
Password-based authentication is the protocol that two entities share a password in advance and use the password as the basis of authentication. Existing password authentication schemes can be categorized into two types: weak-password authentication schemes and strong-password authentication schemes. In general, strong-password authentication protocols have the advantages over the weak-password authentication schemes in that their computational overhead are lighter, designs are simpler, and implementation are easier, and therefore are especially suitable for some constrained environments.

PAP works basically the same way as the normal login procedure. The client authenticates itself by sending a user name and an (optionally encrypted) password to the server, which the server compares to its secrets database. This technique is vulnerable to eavesdroppers who may try to obtain the password by listening in on the serial line, and to repeated trial and error attacks.

Let us apply PPP on packet tracer. Consider the following simpler topology.
 
1

Let us apply IP addresses on the interfaces and change the state of the interface from down to UP. So that they can communicate.

 2
Similarly, for serial interface.

 3
PC IP setup

 4

The IP configuration on other router.
 5

serial int setup.

 6
Now, we know that PCs that are attached cannot communicate until we apply a routing mechanism. In this case we are applying the RIP V2 protocol. Apply the following set of commands on both routers. We have also set the hostname of the router which will be useful to us later.

 7
Now, let us set the commands on the second router as well.

 8

Now, both PCs can communicate.
 9

Now, we will set the authentication, In this tutorial we are going to apply PAP.

 11

As we set the authentication on one router the communication is disabled.
 12

Let us set it on other router as well.
 13
Now, they can communicate.

 15

Now, if we run show run command in enable mode. We can see the authentication enabled in router.
 16






Challenge Hand Shake Authentication Protocol on Packet Tracer (CHAP)

The Point-to-Point Protocol (PPP) is a data link protocol commonly used in establishing a direct connection between two networking nodes. It can provide connection authentication, transmission encryption and compression. PPP is used over many types of physical networks including serial cable, phone line,  trunk line, cellular telephone, specialized radio links, and fiber optic links etc. Internet service providers (ISPs) have used PPP for customer dial-up access to the Internet, since IP packets cannot be transmitted over a modem line on their own, without some data link protocol. PPP is commonly used as a data link layer protocol for connection over synchronous and asynchronous circuits, where it has largely superseded the older Serial Line Internet Protocol (SLIP) and telephone company mandated standards (such as Link Access Protocol, Balanced (LAPB).  
PPP was designed somewhat after the original HDLC specifications. The designers of PPP included many additional features that had been seen only in proprietary data-link protocols up to that time.
HDLC
HDLC provides both connection-oriented and connectionless service. HDLC can be used for point to multipoint connections, but is now used almost exclusively to connect one device to another, using what is known as Asynchronous Balanced Mode (ABM).
CHAP
CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network. The MS-CHAP variant does not require either peer to know the plaintext, but has been broken. Thus, CHAP provides better security as compared to Password Authentication Protocol (PAP).
CHAP Working
CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link (LCP), and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).
  1. After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
  2. The peer responds with a value calculated using a one-way hash function on the challenge and the secret combined.
  3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
  4. At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.

    Another feature of CHAP is that it doesn't only require the client to authenticate itself at startup time, but sends challenges at regular intervals to make sure the client hasn't been replaced by an intruder, for instance by just switching phone lines.

Let us apply PPP on packet tracer. Consider the following simpler topology.

 1
Let us apply IP addresses on the interfaces and change the state of the interface from down to UP. So that they can communicate.

 2
Similarly, for serial interface.

3
And IP configuration on PC.
4
The IP configuration on other router.

5
Serial Interface setting.

6

Now, we know that PCs that are attached cannot communicate until we apply a routing mechanism. In this case we are applying the RIP V2 protocol. Apply the following set of commands on both routers. We have also set the hostname of the router which will be useful to us later.

7

Now, let us set the commands on the second router as well.


8

Now, both PCs can communicate.

 9
Now, we will set the authentication, In this tutorial we are going to apply CHAP(Challenge Handshake Authentication Protocol).

c1

As we set the authentication on one router the communication is disabled.

 12
Let us set it on other router as well.

c2
Now, the communication is enabled.
 15










CDP: Cisco Discovery Protocol

 
Cisco Discovery Protocol (CDP) is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those devices. CDP can also be used to show information about the interfaces your router uses. CDP is media- and protocol-independent, and runs on all Cisco-manufactured equipment including routers, bridges, access servers, and switches.
Explanation:
CDP runs on all media that support Subnetwork Access Protocol (SNAP), including local-area network (LAN), Frame Relay, and Asynchronous Transfer Mode (ATM) physical media. CDP runs over the data link layer only. Therefore, two systems that support different network-layer protocols can learn about each other.
Each device configured for CDP sends periodic messages, known as advertisements, to a multicast address. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain time-to-live, or holdtime, information, which indicates the length of time a receiving device should hold CDP information before discarding it. Each device also listens to the periodic CDP messages sent by others in order to learn about neighboring devices and determine when their interfaces to the media go up or down. 
CDP is a Cisco proprietary Layer 2 protocol that is media- and protocol-independent, and runs on all Cisco-manufactured equipment that includes:
  • routers
  • bridges
  • access servers
  • switches
A Cisco device enabled with CDP sends out periodic interface updates to a multicast address in order to make itself known to neighbors. Since it is a layer two protocol, these packets (frames) are not routed. Use of SNMP with the CDP MIB allows network management applications to learn the device type and the SNMP agent address of neighboring devices, and to send SNMP queries to those devices.
 
Let us apply CDP on packet tracer.
 
1
In the above topology, we have different devices attached with each other. So, if we want to look for the information of neighboring devices, we will apply the following command on Router enabled mode, “show cdp neighbors”.

2
And on Router 2 and 3 as well, as shown in figures below.

3

It can be seen clearly that it gives us the information of the neighboring devices. Note one thing here, that it gives us the information of the routers and switches that are directly attached to its ports. However, it does not gives us information about the hosts that are attached to it directly.

4



Sticky MAC Addresses


Sticky MAC addresses are addresses that are dynamically learned once and remain stick to the port, we can adjust the max number of sticky MAC addresses to a single interface. the use of this feature is in large networks usually where we cant afford to waste time doing manual mac addresses to port mapping.

Let us apply this concept on packet tracer.

 1
Let us set up a topology. Apply PCs with the IP addresses dynamically with the DHCP server set on the Server.

2

DHCP server setup on server.
 3
Assigning IP to PCs.

 4

Now, let us apply Sticky Mac address to the following interface of switch which is currently attach to PC1. It is interface fa 0/3.
5

The following commands will apply this concept.
 6

Go to enable mode. Apply command,  show running-config.

7

Now, we do not have MAC address of PC here.
For this, remove the interface from PC1 attach it to another PC as shown in the figure below.

 8

Request for DHCP.

9

Now. we have mac address and our port is sticky as shown in figure below.

10

MAC address of PC.

12

Now, re connect to PC1 and request for IP address. It has failed and it has also shutdown the interface because MAC address does not match with the MAC address of the port.
13


Wireless Communication in Packet Tracer

Let us create wireless topology on packet tracer. For this go to the wireless devices and select linksys wireless router, take some PCs and provide them with wireless linksys module so that they can communicate through router wirelessly. For that go to the PC physical mode as shown in the figures below.

22

Go to PC, and remove wired LAN and install wireless LAN module.


 3
4

Now, its removed. Let us add wireless module.


 5
NOw, PCs are connected.

1
Set the IP address.


 5.5

As this wireless router provides us with the DHCP service, so we can obtain IP automatically by using this service for our PCs.
7

So now our PCs can communicate.

2

Now, let us apply authentication to our wireless router. For that, go to Config tab, click on Wireless. Provide it with the information as described below.

6
Go to PC desktop mode, Click on PC Wireless.

8
Click on connect. Select the device, you want to connect to, click connect.
9
Give correct password.

10
Now, we are done with it. We have successfully applied authentication.

Now, let us use Access point to connect to PCs wirelessly.
We can also connect wired router to access point in order to make our router wireless.

11
Apply IP addresses and put the status on.

12
We can also give authentication key to Access Point as well.

13
As in this figure below.

14

C program to Read From a File

#include <stdio.h> #include <stdlib.h> void main() {     FILE *fptr;     char filename[15];     char ch;   ...