M 602: Interplanetary Overlay Network-Delay Tolerant Network (ION-DTN) (15 pts)

What You Need

Two Linux machines. I used two Ubuntu 18.04 64-bit Server virtual machines.

Background

Spacecraft don't use normal internet protocols like TCP and UDP, because the transmissions have high latency and loss rates. Instead, they use Delay-Tolerant Networking (DTN), defined in RFC 4838.

You can see live transmissions to spacecraft on this page, as shown below.

If you click a device that is in use, and click the "more detail" link in the lower right corner of the page, you see more information about the transmissions, as shown below. When I did it, this data link was running at 3 Mb/sec.

Purpose

To run DTN on local machines, capture the traffic in Wireshark, and examine it.

Interplanetary Overlay Network (ION)

This is the software we'll use to run DTN, described here:

https://sourceforge.net/projects/ion-dtn/

Network Setup

You need two Linux machines that can ping each other. Each server also needs a numerical ID--I used the last octet in the IP address for that. I used these two servers:

Server 149 with IP 172.16.123.149
Server 150 with IP 172.16.123.150

You will have to adjust the network addresses and IDs in the instructions below to match your systems.

Installing ION

On both machines, in a Terminal, execute these commands:
sudo apt update
sudo apt install build-essential -y
wget https://sourceforge.net/projects/ion-dtn/files/ion-3.6.2.tar.gz/download
tar xzvf download
cd ion-3.6.2
./configure
make
sudo make install
sudo ldconfig

Configuring Server 149

First you need a configuration file that describes your network of two servers and tells ION to send the traffic over UDP on port 1113.

For complete details of the configuration, see the "ION Deployment Guide.pdf" file in the ion-3.6.2 folder you just created with the previous commands.

In a Terminal, execute these commands:

mkdir dtn
cd dtn
nano host149.rc
Paste in this code, as shown below.

You will need to adjust the IP addresses for your network!

## begin ionadmin 
1 149 ''
s

a contact +1 +3600 149 149 100000
a contact +1 +3600 149 150 100000
a contact +1 +3600 150 149 100000
a contact +1 +3600 150 150 100000

a range +1 +3600 149 149 1
a range +1 +3600 149 150 1
a range +1 +3600 150 149 1
a range +1 +3600 150 150 1

m production 1000000
m consumption 1000000
## end ionadmin 

## begin ltpadmin 
1 32
a span 149 32 32 1400 10000 1 'udplso 172.16.123.149:1113' 300
a span 150 32 32 1400 10000 1 'udplso 172.16.123.150:1113' 300
s 'udplsi 172.16.123.149:1113'
## end ltpadmin 

## begin bpadmin 
1
a scheme ipn 'ipnfw' 'ipnadminep'
a endpoint ipn:149.0 q
a endpoint ipn:149.1 q
a endpoint ipn:149.2 q
a protocol ltp 1400 100
a induct ltp 149 ltpcli
a outduct ltp 149 ltpclo
a outduct ltp 150 ltpclo
s
## end bpadmin 

## begin ipnadmin 
a plan 149 ltp/149
a plan 150 ltp/150

## end ipnadmin 

Save the file with Ctrl+X, Y. Enter.

Testing the Server Locally

We can use ION to send a message from this server back to itself, just to test it.

First we'll use the "killm" command, which kills any previously running ION processes. Then we'll start the ION server. On server 149, in a Terminal, execute these commands:

killm
ionstart -I host149.rc
If your configuration file is correct, ION will start with "0 errors", as shown below. Otherwise you'll have to debug your file.

Execute this command to see the listening UDP socket, as highlighted in the image below.

ss -panu

Execute this command to see the status of some ION services:

ipcs
You should see three "Semaphore Arrays", as shown below.

Execute this command to send a "loopback" message from your server to itself, via DTN:

echo "Hello, World!" | bpsource ipn:149.1
Execute this command to see the message:
bpsink ipn:149.1
You should see the "Payload delivered", as shown below. Press Ctrl+C to exit "bpsink".

Setting Up Server 150

On your other server, which I am calling "Server 150", in a Terminal, execute these commands:
mkdir dtn
cd dtn
nano host150.rc
Paste in this code, as shown below.

You will need to adjust the IP addresses for your network!

## begin ionadmin 
1 150 ''
s

a contact +1 +3600 149 149 100000
a contact +1 +3600 149 150 100000
a contact +1 +3600 150 149 100000
a contact +1 +3600 150 150 100000

a range +1 +3600 149 149 1
a range +1 +3600 149 150 1
a range +1 +3600 150 149 1
a range +1 +3600 150 150 1

m production 1000000
m consumption 1000000
## end ionadmin 

## begin ltpadmin 
1 32
a span 149 32 32 1400 10000 1 'udplso 172.16.123.149:1113' 300
a span 150 32 32 1400 10000 1 'udplso 172.16.123.150:1113' 300
s 'udplsi 172.16.123.150:1113'
## end ltpadmin 

## begin bpadmin 
1
a scheme ipn 'ipnfw' 'ipnadminep'
a endpoint ipn:150.0 q
a endpoint ipn:150.1 q
a endpoint ipn:150.2 q
a protocol ltp 1400 100
a induct ltp 150 ltpcli
a outduct ltp 149 ltpclo
a outduct ltp 150 ltpclo
s
## end bpadmin 

## begin ipnadmin 
a plan 149 ltp/149
a plan 150 ltp/150

## end ipnadmin 

Save the file with Ctrl+X, Y. Enter.

Testing the Server Locally

On server 150, in a Terminal, execute these commands:
killm
ionstart -I host150.rc
If your configuration file is correct, ION will start with "0 errors", as shown below. Otherwise you'll have to debug your file.

Execute these commands to send a "loopback" message from your server to itself, via DTN:

echo "Hello, World!" | bpsource ipn:150.1
bpsink ipn:150.1
You should see the "Payload delivered", as shown below. Press Ctrl+C to exit "bpsink".

Sending Traffic from One Server to the Other

On server 149, execute this command:
echo "This is Server 149 calling Server 150" | bpsource ipn:150.1

On server 150, execute this command:

bpsink ipn:150.1
Your message should arrive, as shown below. Press Ctrl+C to exit "bpsink".

Viewing the DTN Traffic in Wireshark

Start Wireshark and monitor the interface connecting your virtual machines.

At the top of the Wireshark window, in the filter bar, enter this filter:

ltp
On server 149, execute this command again:
echo "This is Server 149 calling Server 150" | bpsource ipn:150.1
The traffic should appear in Wireshark, as shown below:


M 602: Protocol Name (15 pts)

Wireshark uses a different name for this protocol, covered by a green box in the image above.

That's the flag.


References

I saw a demonstration of this by Laura Chappell at the WASTC 2019 Winter ICT Educators' Conference which inspired me to get this working. Go see her talks, they are always wonderful!

Converted to a CTF 3-1-19