Práctica de relevamiento de protocolos
Fecha: 26 de abril del 2016 Clase: CCNA 1 R&S
Escenario
En esta clase, presentamos un esquema para relevar o encontrar todos los protocolos posibles, y ante la sospecha
de alguna sigla sospechosa que nos indique que pueda ser, investigarla.
Configuraciones de los equipos
La primer pista sobre protocolos corriendo (o no) es realizar un show running y leer línea por línea, aunque
no tengamos ni idea de que se trata cada una, pero da para indagar sobre que se trata.
GW_aula7b#sh runn
Building
configuration...
Current configuration
: 1151 bytes
!
version 12.4
no service timestamps
log datetime msec
no service timestamps
debug datetime msec
no service
password-encryption
!
hostname GW_aula7b
!
no ip cef
no ipv6 cef
!
spanning-tree mode
pvst (1)
!
interface
FastEthernet0/0 (2)
ip address
192.168.1.1 255.255.255.0 (3)
duplex auto
speed auto
!
interface
FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.0.0.1
255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
ip address 10.0.0.5
255.255.255.252
encapsulation ppp (4)
clock rate 2000000
!
interface Serial0/1/0
ip address 10.0.0.9
255.255.255.252
encapsulation
frame-relay (5)
ip ospf network broadcast
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100 (6)
network 10.0.0.0
0.0.0.3
network 10.0.0.4
0.0.0.3
network 192.168.1.0
auto-summary
!
router ospf 1 (7)
log-adjacency-changes
network 10.0.0.8
0.0.0.3 area 0
network 192.168.1.0
0.0.0.255 area 0
!
ip classless
!
ip flow-export
version 9 (8)
!
line con 0 (9)
!
line aux 0
!
line vty 0 4 (10)
login
!
end
GW_aula7b#
Sucursal#sh runn
Building
configuration...
Current configuration
: 1339 bytes
!
version 12.4
no service timestamps
log datetime msec
no service timestamps
debug datetime msec
no service
password-encryption
!
hostname Sucursal
!
no ip cef
no ipv6 cef
!
spanning-tree mode
pvst
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface
FastEthernet0/0.10
encapsulation dot1Q
10 (11)
ip address
192.168.10.1 255.255.255.0
!
interface
FastEthernet0/0.20
encapsulation dot1Q
20
ip address
192.168.20.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 10.0.0.2
255.255.255.252
!
interface Serial0/0/1
ip address 10.0.0.6
255.255.255.252
encapsulation ppp
!
interface Serial0/1/0
ip address 10.0.0.10
255.255.255.252
encapsulation
frame-relay
ip ospf network
broadcast
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 100
network 10.0.0.0
0.0.0.3
network 10.0.0.4
0.0.0.3
network 192.168.10.0
network 192.168.20.0
auto-summary
!
router ospf 1
log-adjacency-changes
network 10.0.0.8
0.0.0.3 area 0
network 192.168.10.0
0.0.0.255 area 0
network 192.168.20.0
0.0.0.255 area 0
!
ip classless
!
ip flow-export
version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Sucursal#
Switch aula7b.com:
Switch#sh runn
Building
configuration...
Current configuration
: 1619 bytes
!
version 12.2
no service timestamps
log datetime msec
no service timestamps
debug datetime msec
no service password-encryption
!
hostname Switch
!
spanning-tree mode
pvst
!
interface
FastEthernet0/1
spanning-tree
portfast
!
interface
FastEthernet0/2
spanning-tree
portfast
!
interface
FastEthernet0/3
spanning-tree
portfast
!
interface
FastEthernet0/4
spanning-tree portfast
!
interface
FastEthernet0/5
spanning-tree
portfast
!
interface
FastEthernet0/6
spanning-tree
portfast
!
interface
FastEthernet0/7
spanning-tree
portfast
!
interface
FastEthernet0/8
spanning-tree
portfast
!
interface
FastEthernet0/9
spanning-tree portfast
!
interface
FastEthernet0/10
spanning-tree
portfast
!
interface
FastEthernet0/11
spanning-tree
portfast
!
interface
FastEthernet0/12
spanning-tree
portfast
!
interface
FastEthernet0/13
spanning-tree
portfast
!
interface
FastEthernet0/14
spanning-tree
portfast
!
interface
FastEthernet0/15
spanning-tree
portfast
!
interface
FastEthernet0/16
spanning-tree
portfast
!
interface
FastEthernet0/17
spanning-tree
portfast
!
interface
FastEthernet0/18
spanning-tree
portfast
!
interface
FastEthernet0/19
spanning-tree
portfast
!
interface
FastEthernet0/20
spanning-tree
portfast
!
interface
FastEthernet0/21
spanning-tree
portfast
!
interface
FastEthernet0/22
spanning-tree
portfast
!
interface
FastEthernet0/23
spanning-tree
portfast
!
interface
FastEthernet0/24
spanning-tree
portfast
!
interface
GigabitEthernet0/1 (12)
!
interface
GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
Switch#
Switch de sucursal:
Switch#sh runn
Building configuration...
Current configuration
: 1696 bytes
!
version 12.2
no service timestamps
log datetime msec
no service timestamps
debug datetime msec
no service
password-encryption
!
hostname Switch
!
spanning-tree mode
pvst
!
interface
FastEthernet0/1
spanning-tree
portfast
!
interface
FastEthernet0/2
spanning-tree
portfast
!
interface
FastEthernet0/3
spanning-tree
portfast
!
interface
FastEthernet0/4
spanning-tree
portfast
!
interface
FastEthernet0/5
spanning-tree
portfast
!
interface
FastEthernet0/6
spanning-tree
portfast
!
interface
FastEthernet0/7
spanning-tree
portfast
!
interface
FastEthernet0/8
spanning-tree
portfast
!
interface
FastEthernet0/9
spanning-tree
portfast
!
interface
FastEthernet0/10
switchport access
vlan 10
spanning-tree
portfast
!
interface
FastEthernet0/11
spanning-tree
portfast
!
interface
FastEthernet0/12
spanning-tree
portfast
!
interface
FastEthernet0/13
spanning-tree
portfast
!
interface
FastEthernet0/14
spanning-tree
portfast
!
interface
FastEthernet0/15
spanning-tree portfast
!
interface
FastEthernet0/16
spanning-tree
portfast
!
interface
FastEthernet0/17
spanning-tree
portfast
!
interface
FastEthernet0/18
spanning-tree
portfast
!
interface
FastEthernet0/19
spanning-tree
portfast
!
interface
FastEthernet0/20
switchport access
vlan 20
spanning-tree
portfast
!
interface
FastEthernet0/21
spanning-tree
portfast
!
interface
FastEthernet0/22
spanning-tree
portfast
!
interface
FastEthernet0/23
spanning-tree
portfast
!
interface
FastEthernet0/24
switchport mode trunk
spanning-tree portfast
!
interface
GigabitEthernet0/1
!
interface
GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
Switch#
Protocolos encontrados
1.- Spanning-tree: protocolo para evitar bucles de capa 2.
2.- FastEthernet: protocolo (o estándard) de 100 Mbps.
3.- IP: protocolo de capa 3.
4.- PPP: protocolo de capa 2 para enlaces WAN.
5.- Frame-relay: protocolo de capa 2 para enlaces WAN.
6.- EIGRP: protocolo de enrutamiento propietario de Cisco.
7.- OSPF: protocolo de enrutamiento abierto.
8.- NetFlow: propietario de Cisco, detalla los flujos de tráfico
que atraviesan una interface.
9.- RS232: estándard para el intercambio de datos en serie.
10.- Telnet: protocolo que actúa como una consola de administración
remota.
11.- 802.1q: protocolo de capa 2 para etiquetar tráfico de diferentes
VLANs.
12.- GigabitEthernet: protocolo (o estándard) de 1000 Mbps.
13.- CDP: Por default esta habilitado en todos los equipos Cisco.
Sucursal#sh cdp neighbors
Capability Codes: R - Router, T - Trans
Bridge, B - Source Route Bridge
S - Switch, H - Host,
I - IGMP, r - Repeater, P - Phone
Device ID Local
Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/0 168 S 2960 Fas 0/24
GW_aula7b Ser 0/0/0 174 R C1841 Ser 0/0/0
GW_aula7b Ser 0/0/1 174 R C1841 Ser 0/0/1
Sucursal#
14.- HDLC: Por default en las interfaces serial de los routers Cisco.
GW_aula7b#sh
int s0/0/0
Serial0/0/0 is up, line protocol is up
(connected)
Hardware is HD64570
Internet address is 10.0.0.1/30
MTU
1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set,
keepalive set (10 sec)
Last
input never, output never, output hang never
Last
clearing of "show interface" counters never
Input
queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output
queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/256 (active/max
active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5
minute input rate 17 bits/sec, 0 packets/sec
5
minute output rate 20 bits/sec, 0 packets/sec
14
packets input, 925 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0
input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
13
packets output, 780 bytes, 0 underruns
0
output errors, 0 collisions, 1 interface resets
0
output buffer failures, 0 output buffers swapped out
0
carrier transitions
DCD=up DSR=up DTR=up
RTS=up CTS=up
GW_aula7b#
15.- NTP (Network Time Protocol): Si bien no esta configurado, está activo, también en el server.
GW_aula7b#sh
ntp stat
Clock is unsynchronized, stratum 16, no
reference clock
nominal freq is 000.0000 Hz, actual freq is
000.0000 Hz, precision is 0**00
reference time is 00000000.00000000
(00:00:00.000 UTC Mon Jan 1 1990)
clock offset is 0.00 msec, root delay is
0.00 msec
root dispersion is 0.00 msec, peer dispersion
is 0.00 msec.
GW_aula7b#
16.- VTP (Vlan Trunking Protocol): Por default en las interfaces trunk de los switchs Cisco.
Switch#sh
interfaces trunk
Port Mode
Encapsulation Status Native vlan
Fa0/24
on 802.1q trunking 1
Port
Vlans allowed on trunk
Fa0/24
1-1005
Port
Vlans allowed and active in management domain
Fa0/24
1,10,20
Port Vlans in spanning tree forwarding state
and not pruned
Fa0/24
1,10,20
Switch#
Switch#sh
vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 255
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xFC 0x48 0xEB 0xA1
0xFB 0xBC 0xDA 0x1E
Configuration last modified by 0.0.0.0 at
3-1-93 00:18:57
Local updater ID is 0.0.0.0 (no valid interface
found)
Switch#
17.- DTP (Dynamic Trunk Protocol): por default está habilitado en todos los puertos de los switchs Cisco.
18.- HTTP
19.- HTTPS
20.- DHCP: En en el server y la PC de aula7b.com (la PC es cliente).
PC>ipconfig
/all
FastEthernet0 Connection:(default port)
Connection-specific DNS Suffix..:
Physical Address................: 0004.9A4B.624D
Link-local
IPv6 Address.........: FE80::204:9AFF:FE4B:624D
IP
Address......................: 192.168.1.100
Subnet
Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
DNS
Servers.....................: 192.168.1.10
DHCP Servers....................:
192.168.1.10
DHCPv6
Client DUID..............: 00-01-00-01-23-CA-B8-41-00-04-9A-4B-62-4D
PC>
21.- DHCPv6: En el server aula7b.com (desactivado)
22.- IPv6: En la PC de aula7b.com
PC>ipconfig
/all
FastEthernet0 Connection:(default port)
Connection-specific DNS Suffix..:
Physical Address................: 0004.9A4B.624D
Link-local IPv6 Address.........: FE80::204:9AFF:FE4B:624D
IP
Address......................: 192.168.1.100
Subnet
Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
DNS
Servers.....................: 192.168.1.10
DHCP
Servers....................: 192.168.1.10
DHCPv6 Client DUID..............: 00-01-00-01-23-CA-B8-41-00-04-9A-4B-62-4D
PC>
23.- HTTP: En el server aula7b.com (la PC es cliente).
24.- DNS: En el server aula7b.com (la PC es cliente).
25.- TFTP: En el server aula7b.com.
26.- Syslog: En el server aula7b.com.
27.- Radius: Protocolo de AAA en el server aula7b.com.
28.- Radius: Protocolo de AAA en el server aula7b.com.
29.- SMTP: protocolo de
correo electrónico.
30.- POP3: protocolo de correo electrónico.
31.- FTP: protocolo de transferencia de archivos.
32.- ISKAMP: fase I de IPsec. (si bien los protocolos no aparecen explicitamente, si buscamos
33.- ESP: fase II de IPsec. como actúa un cliente VPN los encontraremos).
34.- PPoE: protocolo para conexiones PPP sobre (over) Ethernet.
35.- ICMP: protocolo de mensajería de errores y control de la suite IP.
36.- IMAP: protocolo de correo electrónico.
37.- NetBIOS: protocolo de Microsoft para redes pequeñas.
38.- SFTP: protocolo de FTP seguro.
39.-SNMP: protocolo de administración (management) de redes.
40.- SSH: protocolo seguro de consola remota, la variante segura de
Telnet.
41.- SKYNNY: protocolo de señalización de la solución de telefonía
Cisco.
42.- RTP: Protocolo de voz estandarizado en telefonía IP.
43.- 802.11: si bien no se menciona explicitamente, si investigamos veremos que nuestras placas WiFi son 802.11 algo.
GW_aula7b#sh
ip interface
FastEthernet0/0 is up, line protocol is up
(connected)
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address
determined by setup command
MTU is
1500 bytes
Helper
address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled (44)(protocolo para encontrar una MAC dada la IP)
Security level is default
Split
horizon is enabled
ICMP
redirects are always sent
ICMP
unreachables are always sent
ICMP
mask replies are never sent
IP fast
switching is disabled
IP fast
switching on the same interface is disabled
IP Flow
switching is disabled
IP Fast
switching turbo vector
IP
multicast fast switching is disabled
IP
multicast distributed fast switching is disabled
Router
Discovery is disabled
IP
output packet accounting is disabled
IP
access violation accounting is disabled
TCP/IP header compression is disabled (45)(protocolo de capa 4)
RTP/IP header compression is disabled (relevado como 42)
Probe
proxy name replies are disabled
Policy
routing is disabled
Network
address translation is disabled
BGP Policy Mapping is disabled (46)(protocolo de enrutamiento abierto)
Input
features: MCI Check
WCCP Redirect outbound is disabled (47)(https://es.wikipedia.org/wiki/WCCP)
WCCP
Redirect inbound is disabled
WCCP
Redirect exclude is disabled
(2016) Sensei,
LSD is a protocol ?
Rosario, Argentina