 We have topology 5 set up in our Linux virtual network. So using virtual box we've already established and configured topology 5, which has 3 nodes, 1, 2 and 3. Those 3 nodes are already running and I've logged into each of them using username, network, password, network. And we have access to those 3 Linux computers via these windows here. The picture shows us the topology node 1 and node 2 are on the same subnet, network A. And node 2 and 3 are on a separate subnet, network B, and node 2 is acting the router. So what we'll do here is demo 2 things. We'll just ping from node 1 to node 3 and it should get a response. But we'll also capture or record packets on node 2 using a software called TCP dump. And then importantly, we'll copy the file which has the captured packets from node 2, the virtual machine to our host computer, my Windows computer. So let's start our ping from node 1. We're going to ping node 3 and the IP address of node 3 is 192.168. That's what all the virtual nodes have as an IP address. But what's the specific address? You can check on node 3, interface ETH1 as IP address 192.168.2.21. That's ping and it's getting a response. We know how ping works. We get a response back from the receiving node. Now on node 2, the router, those ping messages which are using ICMP should be going through node 2. So node 2 should see those messages. We can use software called TCP dump which we run using the administrator command sudo. TCP dump will show us the messages which are going through an interface on node 2. TCP dump, let's dump everything that's going to interface ETH1 on node 2. Minus n option I commonly use saying I don't want to know any domain names. I just want the raw IP addresses. Let's run this command. We need the password which is network and it shows us some messages on the screen. And if you look closely you'll see that they are ICMP echo requests and echo replies. And if you check the IP addresses you'll see that between node 1 and node 3. It's a bit hard to see on the screen. So what I'm going to do is using that TCP dump command is Ctrl C to stop it. I press the Ctrl C combination there. It stops the capture with TCP dump. Let's run the capture again. But instead of printing the packets on the screen, let's save them to a file. Right using the minus w option to a file. Let's call it ping1.pcap. Pcap is the common extension we use for packet captures. We run that command. It doesn't display on the screen but it should be saving those packets into a format into that file. When we want to stop the capture, Ctrl C again. And it said there were 30 packets received and 30 packets captured. And they should have been written to a file. If I do LS to list the files on my computer, I see that there's a file called ping1.pcap. That's on the node 2. Useful for us is we can open these files with Wireshark. And Wireshark is very nice for graphically looking at the packets and doing filters and finding details of packets. But Wireshark runs in a GUI. Node 2 is just a command line. It doesn't have a GUI. So what we need to do is copy that file from node 2 onto my host computer into my Windows operating system. And then we can open it in Wireshark. So let's show you how to do that. I'll just stop the ping on node 1. So the file is on node 2. But it's inside that Linux virtual machine. How do I copy it to my host computer? We need some file copying software. And I will use FileZilla. But you may use something like WinSCP to do the same thing. So we'll just demo with FileZilla. FileZilla allows us to copy files or transfer files between computers across a network. And the way that the nodes are set up, just go back here. Our three nodes, 1, 2 and 3, they're actually running a secure shell server which we can access via Windows. So each node is set up such that they run a secure shell server and allow us to copy from my Windows computer to and from each node. And we've set them up so that the port number that the secure shell server runs on is based upon their node number. So in red here, node 1 is running a secure shell server on port 2201, node 2 on 2202, and node 3 on 2203. So if you want to access a file from any of those nodes, you connect to a secure shell server on the specific port of the node. The nodes are actually running on my local host. So let's see how we access them with FileZilla. I'm in FileZilla. We can either do the shortcut here or we can create using SiteManager, a new site. Let's call it Node2. And the address of Node2 from my Windows machines perspective, it's on the local host or simply 127.0.0.1. The protocol we're going to use is SFTP, not normal SFTP, so select that. We have a normal login where the username is Network and the password is Network. It's the same. Importantly, you must set the port number to be that of the node you want to connect to. Here Node2, the port number we're set up, is 2202. So it's 22, which is secure shell port number followed by the node number using a zero where necessary. Connect to the local host, port 2202, using username, network, password, network. Let's try that. Connect. It says, do you want to trust it? Well, yes, we've created that virtual machine. I will always trust that. Outside of our FileZilla, we see the files on my Node2 and we notice ping1.pcap is there on the virtual machine. I can double click that to download into my Windows computer. Open up Windows Explorer and we now see ping1.pcap is on my Windows computer. I can double click that and open up the capture in Wireshark on my Windows computer. So this allows us to analyze the packet captures inside the virtual network but we can make use of the graphical software such as Wireshark to make much more easier analysis. So importantly here, to transfer files from a virtual node to your host Windows computer, you can use FileZilla. You can also do similar with WinSCP, both a free software. And make sure when you set up the connection that you specify the correct port number and that's simply 2-2 followed by the node ID. You can copy files in the opposite direction as well.