11.2.4.7 Lab - Examining Telnet and SSH in Wireshark
11.2.4.7 Lab - Examining Telnet and SSH in Wireshark
11.2.4.7 Lab - Examining Telnet and SSH in Wireshark
Topology
Addressing Table
Device
Interface
IP Address
Subnet Mask
Default Gateway
R1
G0/1
192.168.1.1
255.255.255.0
N/A
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
Objectives
Part 1: Configure the Devices for SSH Access
Part 2: Examine a Telnet Session with Wireshark
Part 3: Examine a SSH Session with Wireshark
Background / Scenario
In this lab, you will configure a router to accept SSH connectivity, and use Wireshark to capture and view
Telnet and SSH sessions. This will demonstrate the importance of encryption with SSH.
Note: The routers used with CCNA hands-on labs are Cisco 1941 Integrated Services Routers (ISRs) with
Cisco IOS Release 15.2(4)M3 (universalk9 image). The switches used are Cisco Catalyst 2960s with Cisco
IOS Release 15.0(2) (lanbasek9 image). Other routers, switches, and Cisco IOS versions can be used.
Depending on the model and Cisco IOS version, the commands available and output produced might vary
from what is shown in the labs. Refer to the Router Interface Summary Table at the end of this lab for the
correct interface identifiers.
Note: Make sure that the routers and switches have been erased and have no startup configurations. If you
are unsure, contact your instructor.
Required Resources
1 Router (Cisco 1941 with Cisco IOS Release 15.2(4)M3 universal image or comparable)
1 PC (Windows 7 or 8 with terminal emulation program, such as Tera Term, and Wireshark installed)
Console cables to configure the Cisco IOS devices via the console ports
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 1 of 9
d. Disable DNS lookup to prevent the router from attempting to translate incorrectly entered commands as
though they were host names.
e. Assign class as the privileged EXEC encrypted password.
f.
Create a banner that will warn anyone accessing the device that unauthorized access is prohibited.
j.
Configure and activate the G0/1 interface using the information contained in the Addressing Table.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 9
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 3 of 9
d. Enter exit to exit the Telnet session and out of Tera Term.
R1# exit
Step 5: Use the Follow TCP Stream feature in Wireshark to view the Telnet session.
a. Right-click one of the Telnet lines in the Packet list section of Wireshark, and from the drop-down list,
select Follow TCP Stream.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 4 of 9
c.
After you have finished reviewing your Telnet session in the Follow TCP Stream window, click Close.
Step 1: Open Wireshark and start capturing data on the LAN interface.
Step 2: Start an SSH session on the router.
a. Open Tera Term and enter the G0/1 interface IP address of R1 in the Host: field of the Tera Term: New
Connection window. Ensure that the SSH radio button is selected and then click OK to connect to the
router.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 5 of 9
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 6 of 9
In the SSH Authentication window, enter admin for the username and adminpass for the passphrase.
Click OK to sign into the router.
d. You have established an SSH session on the router. The Tera Term software looks very similar to a
command window. At the command prompt, issue the show run command.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 9
Step 5: Use the Follow TCP Stream feature in Wireshark to view the SSH session.
a. Right-click one of the SSHv2 lines in the Packet list section of Wireshark, and in the drop-down list,
select the Follow TCP Stream option.
b. Examine the Follow TCP Stream window of your SSH session. The data has been encrypted and is
unreadable. Compare the data in your SSH session to the data of your Telnet session.
Telnet is now referred to as an insecure method of network connection. SSH is now secure connection
over the remote connections so nobody can grab the password from the network.
c.
d. Close Wireshark.
Reflection
How would you provide multiple users, each with their own username, access to a network device?
You would add each user name and password to the local database using the user name command.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 8 of 9
Ethernet Interface #1
Ethernet Interface #2
Serial Interface #1
Serial Interface #2
1800
1900
2801
2811
2900
Note: To find out how the router is configured, look at the interfaces to identify the type of router and how many
interfaces the router has. There is no way to effectively list all the combinations of configurations for each router
class. This table includes identifiers for the possible combinations of Ethernet and Serial interfaces in the device.
The table does not include any other type of interface, even though a specific router may contain one. An
example of this might be an ISDN BRI interface. The string in parenthesis is the legal abbreviation that can be
used in Cisco IOS commands to represent the interface.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 9 of 9