Feb 13, 2019

Teaching routing and network security — Daily log

Today I have been mostly teaching or preparing upcoming courses. I also had a nice lunch discussion with colleagues on DNS and the role of transaction IDs, but that story will have to wait until tomorrow!

Teaching routing

I gave another networking course for first year's students today. This was the first practical session where they actually had to plug some cables around: you can imagine the excitement but also the mess! To make things even easier, the course was in a new networking lab I had never been before, so I had to improvise with the hardware lying around.

The students learnt how to configure network interfaces (ifconfig, route & netstat on FreeBSD), and they had to use their prior knowledge of packet capture and ping to troubleshoot when things didn't work as expected. They had to form a simple "chain" topology (shown below) with two subnets, and the computer in the middle needed to be configured as a router. They needed to figure out that static routes were required on both edge computers, so that they knew how to reach the remote subnet through the router. Finally, they looked in details at the behaviour of ARP and the scope of MAC addresses.


Network security course

I then prepared an upcoming practical session on network security with a colleague working for Quarkslab. I already have a good part of the course ready from last year on firewalling and advanced uses of iptables (including compiling custom BPF programs!). My colleague wants to add a part where students will practice ARP spoofing, so we looked at how to integrate that with the existing content.

Interestingly, he showed me how to automate virtual machine generation using Packer. This should be really helpful for future teachers in this course: they will be able to easily customize and rebuild the virtual machine images used by the students! Last year, I installed and configured the virtual machine manually, which makes it hard to update it or apply the same modifications to a new VM image.