Experiment 3: IP Sub-networks and Router Configuration


  1. Setup a simple private sub-network. Determine network parameters for hosts in sub-network.
  2. Configure a host and a router to reach hosts within the sub-network.
  3. Observe the traffic generated by the tracert program to determine the route to a host.
  4. Use a secure shell (ssh) client program


The following topics from class notes: Internet layers, IP addressing, IP routing, rudimentary Ethernet network concepts, ICMP protocols.


Network Setup

The network topology is shown below. Virtual LAN network ID and host IP in virtual LAN in the figure are just illustrative values: actual values for the experiment to be assigned by lab instructor. Note that the router has two IP addresses, one for each LAN.

Network topology diagram

Laboratory LAN network ID:


  1. Ask the lab instructor to be assigned a group number (n), a virtual LAN network ID and the host IP in virtual LAN.

  2. Launch putty ssh client. Log-in to the virtual network server (at5030-eng2453server.lakeheadu.ca). The account name is : group<n>, where <n> is the number assigned by the lab instructor. Only one student in the group should log-in.

  3. At the server prompt run startrouter to bring the router virtual machine up:

    group2@vnetserver:~$ startrouter
    mkdir: cannot create directory `workspace': File exists
    0+0 records in
    0+0 records out
    0 bytes (0 B) copied, 1.1313e-05 s, 0.0 kB/s
    Setting up swapspace version 1, size = 524284 KiB
    no label, UUID=9761b76d-aad6-4885-99f1-7918b29427c9
    Core dump limits :
     soft - 0
     hard - NONE
    Checking that ptrace can change system call numbers...OK
    Checking syscall emulation patch for ptrace...OK
    Checking advanced syscall emulation patch for ptrace...OK
    <more output suppressed>

    After the router is up, you should see the router login screen:

    Debian GNU/Linux 7 router tty0
    line_ioctl: tty0: unknown ioctl: 0x4b64
    router login:

    Log-in as ‘root’, password is ‘default’. You have full administrator privileges on the virtual router. The router has three network interfaces:

    • ‘lo’ is the loopback network interface, configured to This is a special address that always points to the localhost (the router in this case).
    • ‘eth0’ connected to the laboratory LAN
    • ‘eth1’ connected to the private LAN.
  4. The ip command is used to configure the network interfaces. We’ll use the -f inet option to list addresses configured for the IPv4 protocol (can be abbreviated -4). Run ip -f inet addr show (or abbreviated ip -4 a show) to see configured interfaces:

    root@router:~# ip -f inet addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
        inet scope host lo

    Only the loopback interface is currently configured. There is no active connection to other computers in the network.

  5. Configure the interface connected to the lab LAN: the university administers the IP addresses in the lab LAN using the DHCP protocol. We’ll request an IP address, network mask and other network parameters to the DHCP server. The router is already configured for this:

    root@router:~# cat /etc/network/interfaces
    # interfaces(5) file used by ifup(8) and ifdown(8)
    auto lo
    iface lo inet loopback
    #auto eth0
    iface eth0 inet dhcp

    (the cat command is similar to type on the Windows prompt). The ‘#’ character indicates that the line is a comment and is ignored by the system. This configuration is not automatically done at system boot because the ‘auto’ keyword is commented out. To bring eth0 up run:

    root@router:~# ifup eth0
    Internet Systems Consortium DHCP Client 4.2.2
    Copyright 2004-2011 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/
    Listening on LPF/eth0/4e:6f:e2:54:aa:5c
    Sending on   LPF/eth0/4e:6f:e2:54:aa:5c
    Sending on   Socket/fallback
    DHCPDISCOVER on eth0 to port 67 interval 4
    DHCPREQUEST on eth0 to port 67
    DHCPOFFER from
    DHCPACK from
    bound to -- renewal in 1641 seconds.

    Also run ip -4 a show to see all details of the interface configuration:

    root@router:~# ip -4 a show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
        inet scope host lo
    13: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
    +UNKNOWN qlen 1000
        inet brd scope global eth0

    Now you have connection to the outside world. Verify pinging some address (‘-c 3’ is to send 3 packets only):

    root@router:~# ping -c 3 www.cbc.ca
    PING e5220.g.akamaiedge.net ( 56(84) bytes of data.
    64 bytes from a23-45-133-66.deploy.static.akamaitechnologies.com (
    +icmp_req=2 ttl=54 time=30.6 ms
    64 bytes from a23-45-133-66.deploy.static.akamaitechnologies.com (
    +icmp_req=3 ttl=54 time=30.3 ms
    --- e5220.g.akamaiedge.net ping statistics ---
    3 packets transmitted, 2 received, 33% packet loss, time 2009ms
    rtt min/avg/max/mdev = 30.388/30.516/30.645/0.216 ms
  6. Configure eth1: we will use a static configuration for eth1 since there is no DHCP server running on our private network. Normally the router for a network is assigned the first host address for the network. For example, if your group was assigned for the network ID, you should configure your router at We will assign the IP address and add the route to the table directly from the command line using ip command. This is a good approach to change the network configuration on the fly, but keep in mind that the configuration is lost after a reboot. The first command configures the interface (eth1) using the default broadcast address but keeps it disabled, the second command enables the interface:

    ip addr add <address/bits> broadcast + dev <interface>
    ip link set <interface> up

    For a permanent configuration, an eth1 entry must be added in /etc/network/interfaces before the eth0 is configured. We will not pursue this approach for this experiment.

    Check the interfaces are configured by typing ifconfig again (the following is a generic example only, include actual output in your report):

    root@router:~# ip -4 a show
     1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
         inet scope host lo
     13: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
         inet brd scope global eth0
     14: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
         inet scope global eth1

    You should be able to ping the host in the private network (the host address was given by the lab instructor):

    root@router:~# ping -c 2
    PING ( 56(84) bytes of data.
    64 bytes from icmp_req=1 ttl=64 time=0.736 ms
    64 bytes from icmp_req=2 ttl=64 time=0.178 ms

    Type ‘route’ to print the routing table (include in report):

    root@router:~# ip -4 route show
    default via dev eth0 dev eth1  proto kernel  scope link  src dev eth0  proto kernel  scope link  src

    It now appears that the router is ready.

  7. Configure your windows workstation to route packets to your private network (open a cmd.exe window). Basically packets for should be forwarded to your router (the host with IP address in this example) for further routing. For this, add an entry in your routing table as follows (include in report):

    C:\>route add mask

    The first part specifies the network ID and the last address is the router address, referred as the gateway address. Use route print to see the routing table:

    C:\>route print
    Interface List
     11...00 1d 60 1c cc 7c ......NVIDIA nForce Networking Controller
      1...........................Software Loopback Interface 1
     13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    IPv4 Route Table
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
           On-link    306

    Try pinging the host in the private network. It will not work.

  8. The problem is that the router is refusing to forward packets across interfaces. That is the most common configuration setup for regular linux workstations. IPv4 kernel settings can be found on the following directory:

    root@router:~# ls /proc/sys/net/ipv4/
    conf                                tcp_fin_timeout
    icmp_echo_ignore_all                tcp_frto
    icmp_echo_ignore_broadcasts         tcp_frto_response
    icmp_errors_use_inbound_ifaddr      tcp_keepalive_intvl
    icmp_ignore_bogus_error_responses  tcp_keepalive_probes
    icmp_ratelimit                      tcp_keepalive_time
    icmp_ratemask                       tcp_low_latency
    igmp_max_memberships                tcp_max_orphans
    igmp_max_msf                        tcp_max_ssthresh
    (more files suppressed)

    Each file contain a configuration parameter. Parameter values can be seen by typing the file contents:

    root@router:~# cat /proc/sys/net/ipv4/ip_forward

    To enable IP packet forwarding set ip_forward to 1 as follows:

    root@router:~# echo 1 > /proc/sys/net/ipv4/ip_forward
    root@router:~# cat /proc/sys/net/ipv4/ip_forward

    NOTE: this routing configuration works but it is not secure because it forwards any packet. A more secure setup should use IP packet filter rules to forward only packets that may occur under normal use of the network. (see man iptables for more information).

  9. Now try again pinging the host in the private network from your windows workstation (it should work, include output in your report). Open wireshark on windows, start capturing the network traffic and run the traceroute command as follows (on windows it is tracert):

    Tracing route to over a maximum of 30 hops
      1    <1 ms    <1 ms    <1 ms  dhcp-192-168-108-81.lakeheadu.ca []
      2    <1 ms    <1 ms    <1 ms
    Trace complete.

    Stop capturing the interface and locate the packets generated by this program. Include wireshark capture in report.

  10. To verify that you are connecting to the right network, try logging into the host of your private network. Open another putty window. The server name is the IP address of the host in your network ( in this example), the account name is guest and the password is engi2453. After you log in you should see the following message:

    *                      Routing Successful !

    You may logout by typing exit.

  11. After the experiment is finished, stop the router:

    root@router:~# shutdown -h now

    When the router is down you will see the server prompt. Type exit to close the connection.

Report preparation and questions

Prepare a formal report of this experiment in pdf format.

  • Include in your report a diagram of the network topology used in the experiment. Show network ID for each segment, IP address for each interface and routing table in each host.
  • Summarize results from experiment. Include outputs indicated in steps 6, 7 and 9.
  • Use the packets captured with wireshark to explain how the tracert program determines the route to a host.
  • Write comments conclusions about this experiment.