Following the procedure in Task 1, open a command-line window. The TFTP command has a different syntax than FTP. For example, there is no authentication. Also, there are only two commands, GET, to retrieve a file, and PUT, to send a file.
Example 4-4 contains Windows TFTP client syntax. The TFTP server has its own directo- ry on Eagle Server, /tftpboot, which is different from the directory structure supported by the FTP server. No authentication is supported.
Example 4-4 TFTP Syntax for a Windows TFTP Client >tftp –help
Transfers files to and from a remote computer running the TFTP service. TFTP [-i] host [GET | PUT] source [destination]
-i Specifies binary image transfer mode (also called octet). In binary image mode the file is moved literally, byte by byte. Use this mode when transferring binary files.
host Specifies the local or remote host.
GET Transfers the file destination on the remote host to the file source on the local host.
PUT Transfers the file source on the local host to the file destination on the remote host. source Specifies the file to transfer.
Destination Specifies where to transfer the file.
Start a Wireshark capture, and then download the s1-central configuration file from Eagle Server with the Windows TFTP client. The command and syntax to perform this follows:
>tftp eagle-server.example.com get s1-central Step 2. Analyze the UDP fields.
Switch to the Wireshark capture windows. Student capture should be similar to the capture shown in Figure 4-8. A TFTP transfer will be used to analyze transport layer UDP opera- tion.
Figure 4-8 UDP Session Capture
Note: If students point to UDP acknowledgments, explain that the UDP header does not contain an acknowledg- ment field. Instead, it is the responsibility of the upper-layer protocol, in this case TFTP, to manage data transfer and receipt information. This will be shown during the UDP datagram examination.
In Wireshark, detailed UDP information is available in the middle window. Highlight the first UDP datagram from the host computer, and move the cursor to the middle window. You might have to adjust the middle window and expand the UDP record by clicking the protocol expand box. The expanded UDP datagram should look similar to Figure 4-9.
Figure 4–9 UDP Datagram Capture
See Figure 4-10, a UDP datagram diagram. Header information is sparse, compared to the TCP datagram. There are similarities, however. Each UDP datagram is identified by the UDP source port and UDP destination port.
Figure 4–10 UDP Format
Using the Wireshark capture of the first UDP datagram, fill in information about the UDP header in Table 4-13. The checksum value is a hexadecimal (base 16) value, denoted by the preceding 0x code.
UDP Segment UDP Source Port
Data
UDP Destination Port
0 16 31
UDP Message Length UDP Checksum
Table 4-13 UDP Header Table
Characteristics Answers
Source IP address *172.16.1.1
Destination IP address 192.168.254.254
Source port number * 1038
Destination port number 69
UDP message length * 30 bytes
UDP checksum * 0x1f04 (correct)
* May differ from what student enters.
How does UDP verify datagram integrity?
A checksum is sent in the UDP datagram, and the datagram checksum value is recomput- ed upon receipt. If the computed checksum is identical with the sent checksum, the UDP datagram is assumed complete.
Examine the first packet returned from Eagle Server. Fill in information about the UDP header in Table 4-14.
Table 4-14 UDP Header Information
Characteristics Answers
Source IP address 192.168.254.254
Destination IP address: 172.16.___.___ *172.16.1.1
Source port number * 32799
Destination port number * 1038
UDP message length *524 bytes
UDP checksum: 0x *0xc5cf (correct)
* May differ from what student enters.
Notice that the return UDP datagram has a different UDP source port, but this source port is used for the remainder of the TFTP transfer. Because there is no reliable connection, only the original source port used to begin the TFTP session is used to maintain the TFTP transfer.
Task 3: Reflection
This lab provided you with the opportunity to analyze TCP and UDP protocol operations from cap- tured FTP and TFTP sessions. TCP manages communication much differently from UDP, but reliabili- ty and guaranteed delivery requires additional control over the communication channel. UDP has less overhead and control, and the upper-layer protocol must provide some type of acknowledgment con- trol. Both protocols, however, transport data between clients and servers using application layer proto- cols and are appropriate for the upper-layer protocol each supports. Both protocols have advantages
and disadvantages. Applications are designed to use one protocol or another based on maximizing the advantages while minimizing the disadvantages. Consider how you would determine which protocol to use if you were designing an application.
Task 4: Challenge
Because neither FTP nor TFTP are secure protocols, all data transferred is sent in clear text. This includes any user IDs, passwords, or clear-text file contents. Analysis of the upper-layer FTP session will quickly identify the user ID, password, and configuration file passwords. Upper-layer TFTP data examination is a bit more complicated, but the data field can be examined and configuration user ID and password information extracted.
Task 5: Cleanup
During this lab, several files were transferred to the host computer and should be removed. Unless directed otherwise by the instructor, turn off power to the host computers. Remove anything that was brought into the lab, and leave the room ready for the next class.