These are the passing problems for the Netreads F'16 term. You will find the exercises for S'14 in passing-S14.txt and those for F'15 in passing-F15.txt. Submit your command line scripts and packet captures. Add screenshots as needed. Please note that I will _not_ accept MS Word files (.doc, .docx), but only plain text, Markdown, LaTeX, or PDF. You are expected to use the Unix shell, Scapy, tcpdump, wireshark/tshark or any other tools necessary. Throughout these exercises, you will need to suppress some responses of your native OS kernel. Use IPtables if your machine is GNU/Linux; if it's MacOS X, work from a Linux VM or use MacOS' native pf (see solutions-f15.txt for hints). 0. Get yourself some kind of IPv6 connectivity. Hurricane Electric's tunnelbroker.net would work best with a public routable IP or a NAT box that supports protocol 41, otherwise a Miredo IPv6 tunnel should work for you. The task5.txt file has the details. Note that Miredo tunnels can be unreliable, so always start with checking connectivity to test6.dartmouth.edu, and repeat sending your crafted packets several times to make sure it's not a connectivity glitch that's getting in your way. In particular, Scapy's sr1() _may not work the first time_ if you are using Miredo. Try a few times---and remember that sr1() may not work at all for crafted IPv6 packets. Also note: when sending DNS packets with Scapy, make sure that your most basic query works before trying manipulations of it to solve the problem. Your ISP's or Dartmouth's firewall may block DNS packets with null IDs and unusual ports (including the source port of 53 on queries). 1. Send an IPv4 ICMP echo request packet to padlock.cs.dartmouth.edu that (1) has your first and last name instead of the standard ICMP echo payload and (2) has the TTL of exactly 2 when it reaches the host. If both of these conditions are satisfied, you should get an ICMP echo reply packet that gives you a name of a server in the test6.dartmouth.edu network (rather than your own name back). Record it. 2. Look up the name obtained in (1) using the IPv6 nameserver for test6.dartmouth.edu. You are looking for an IPv4 address. At that IP address you will find another DNS server. Use it to look up the A record and the AAAA record for the name "conundrum.test6.dartmouth.edu". Only this special DNS server knows about this name. Asking any others, including the main nameserver for test6.dartmouth.edu will not help. You will encounter an obstacle. There is a firewall between you and the DNS server. It drops incoming UDP DNS packets of size exactly 75 bytes. You need to get your DNS query past that firewall and determine the IPv4 and IPv6 addresses of "conundrum.test6.dartmouth.edu" You can check your connectivity to the server by querying for b.ns.test6.dartmouth.edu (the size of this query is less than 75 bytes). You should get back the IP of the server. 3. At the IPv4 address of "conundrum.test6.dartmouth.edu" you will find a webserver. This webserver serves a tiny web page (over HTTP) that contains a link to a picture. Retrieve that picture. You will encounter a problem. There is a firewall between you and the webserver that drops IP packets with lengths over 600 bytes. For short HTTP responses such as the tiny web page, this obstacle does not matter. However, for the picture, which is over 200K in size, the webserver tends to use larger packets, and these packets get dropped by the firewall, causing your requests to not succeed. Find a way to get around this obstacle. 4. At the IPv6 address of "conundrum.test6.dartmouth.edu" you will also find a webserver serving a picture. Retrieve that picture. You will encounter a problem. There is a firewall between you and that server that will block HTTP packets with a substring from the name of the picture. You will need to bypass it. Recall that URLs in HTTP requests can be encoded in a variety of ways. The picture, incidentally, contains a cat. Where is the cat? Note that when using an IPv6 address in a URL, you need to enclose it in []s. For example, asking for a page hosted at 2604:5f00:ffff:fe00::bad:c0de needs the URL of http://[2604:5f00:ffff:fe00::bad:c0de]/ and should produce a tiny web page with "Nothing special here". Have fun & good luck!