Networks -- CS 125

Introduction

This lab is about common Unix networking tools. The primary goal is to become familiar with the tools, their common uses, and the underlying networking concepts that they make visible. While at one time all the varous pings and traceroutes were tested, the openness of the network varies. So be prepared for some non-responsive machines.

Goals

• To become familiar with ifconfig, netstat, arp, ping, and traceroute.
• To learn how to investigate networks both local and remote from any Unix environment with standard utilities.

Acknowledgments

This assignment borrows from Mark Liffiton's lab which borrows from several of Janet Davis' labs which borrow from some of Mike Erlinger's labs...endless loop.

References

For this lab, man pages are a good source of information on the tools. Also, Google should have information on all these tools.

Logistics

Important: All of these parts can be completed when logged into cs.hmc.edu (knuth) or via SSH onto a lab Mac or even your own machine (command syntax may vary). cs.hmc.edu has the most interesting network configuration and connectivity to any host to which we have easy access. If you have access to another Unix host and you would prefer to investigate these tools there, go for it, but make sure to document this fact. The manpages to which this lab refers are those on cs.hmc.edu, and they may differ on other hosts. In particular, you will find that parameters to many of the tools vary. Do a local man to see what is required on that machine.

Wilkes is always available. Usually it is less encombered by protections, so let me know it you had to go there.

iproute2 is a new set of tools that replace most of the tools for this assignment. But iproute2 has not made its way into all the various OSs. Feel free to use iproute2 instead of the listed tools.

Preparation

Let Tim or me know as soon as you encounter some problem with running any of these tools. Our situation is that both of us have few limitations on what knuth will allow us to do.

What to Turn In

Many places a 'Lab Notebook' is mentioned. What is wanted is a text file of what you saw and the answers to the questions. You are to do this lab as a pair and each of you are to submit your own copy.

Assignment

Part A: ifconfig

1. Read the manpage for ifconfig, focusing on the Description section. What is it used for? What does it do if it is invoked without any arguments?
2. Run ifconfig with no arguments. Copy the results into your lab report.
3. Choose an interface other than the local loopback. On cs.hmc.edu, there will only be lo and eth0.
   1. What is the maximum transmission unit (MTU) for this interface?
   2. Using the number of packets and bytes received and transmitted, compute the average size of packets received and the average size of packets transmitted. How do these compare to the MTU?
   3. Use the uptime command to determine how long the host has been running since it last booted.
   4. What are the average RX and TX rates (in bytes per second) for this host?
   5. How many collisions have been reported for this interface? If 0, explain why there are none.

Part B: netstat

1. Read the manpage for netstat, focusing on the Description section. What is it used for?
2. Run netstat -i. Copy the results into your lab report. How do these results compare with what you learned from ifconfig?
3. Run netstat -t -u. Copy the results into your lab report (if there are more than ten lines, just copy the first ten or so lines).
   1. What do those two options, -t and -u, do?
   2. What services have active TCP connections on this host?

   Xtreme Unix Shell Tricks (for your edification, nothing more):
   netstat -t -u | grep ESTABLISHED | cut -d ':' -f 2 | cut -d ' ' -f 1 | sort | uniq
   The | operator is called "pipe", and it's the character above the backslash on your keyboard. In the shell, it redirects the output of one command into the input of another. Try to build up this line one command at a time, from left to right, to learn what each additional command does.

4. Run netstat -t -u -l. Copy the results into your lab report (if there are more than ten lines, just copy the first ten or so lines).
   1. What does the added -l option mean?
   2. What network servers are running on this host? (Server software, that is; e.g. an HTTP server or an SMTP server. Realize that a single host may be running many servers at once, as they all can coexist on one machine without interfering with each other.) If there are more than ten, just list ten or so.
5. Investigate the output of running netstat -r. Interpret and briefly describe the information it produces. (Do interpret it; don't simply report what you see. See the Output section of man route or ask if you're not sure what you're seeing.)

Part C: arp

1. Read the manpage for arp, focusing on the Description section. What is it used for?
2. Run arp -n to see the contents of the host's ARP cache. Copy this into your lab report. NOTE: arp is probably not in your PATH. Try /sbin/arp or cd /sbin followed by ./arp
3. What is the range of IP addresses seen in the ARP cache? Pick an IP within that range that does not show up in the list, and try to ping it using the ping command (see below if you're not sure how to). If it responds, confirm that it now has an entry in the arp cache by rerunning arp -n.
4. Ping www.cs.cmu.edu. See if an entry appears in the arp cache. (It shouldn't.) Explain why no arp cache entry appeared.

Part D: ping

1. Read the manpage for ping, focusing on the Description section. What is it used for? Make sure you figure out
   • what type of information the program reports
   • how you can control the ping "count" and packet size.

2. Experiment with pinging each of the following hosts 20 times using the count option:

   1. www.hmc.edu   (on campus)
   2. www.math.hmc.edu   (on campus)
   3. www.cs.ucla.edu   (across town)
   4. www.illinois.edu   (in Urbana)
   5. www.uchicago.edu   (in Chicago)
   6. www.canterbury.ac.nz   (really West)
   7. www.cs.mit.edu   (on the East Coast)
   8. www.uni-ulm.de   (in Ulm, Germany)
   1. What are the minimum, average, and maximum RTTs for each host?
   2. What are the reported TTLs on the echo_reply packets you received? What information, if any, can you deduce from these TTLs? (Hint: See man ping for information on the TTLs.)
   3. You probably didn't receive any replies from a few of the hosts. Are those hosts down (broken)?

3. Ping www.hmc.edu using packets of different sizes, from 30-byte packets to 1000-byte packets. Does the RTT vary with the size of the packet? What do you think accounts for the differences?
4. Ping a host farther away using packets of different sizes, again from 30B to 1KB. Does the RTT vary with the size of the packet? What do you think accounts for the differences?

Part E: traceroute

1. Read the manpage for traceroute, focusing on the Description section and the last few paragraphs of the Options section. What is it used for, and how does it work?
2. Use traceroute to determine the routes to the hosts listed in Part D above.
   1. What are the hop counts for each?
   2. What are the common hosts traversed by all paths taken to hosts outside HMC's network?
   3. How can traceroute find at least partial paths to some hosts that you couldn't ping?
   4. Extra credit (2pts): Why does traceroute not find paths to some hosts that you can ping?
3. Public traceroute servers allow Internet users to learn about network routes from sources that are outside their own networks. The website www.traceroute.org is a directory of public traceroute servers. Using this website, find at least four geographically dispersed public traceroute servers and trace the route from each of them back to www.iwu.edu. (Personally, I think Kyrgyzstan is a good choice for one of them.)
   1. What would you guess is the average RTT between any two hosts on the Internet? The longest RTT? Explain your reasoning.
   2. What would you guess is the average number of hops between any two hosts on the Internet? The greatest number of hops? Explain your reasoning.

Part F: Pulling it All Together

Describe in detail how you could use all of these utilities to explore and learn about an unknown network on which you had login access to a single Unix server. How would you use each one independently or in conjunction with others to probe the network, study its characteristics, learn about other hosts on the network, and so on? One way to approach this is to write a detailed procedure you could follow on any Unix host.

Part G: The Extra...For the 'A'

iproute2 is a new set of tools that replace most of the tools for this assignment. Assuming you have a better understanding of the above tools use iproute2 to accomplish the same tasks. instead of the above tools.

1. Does iproute2 provide the same information? Where not?

Advice & Hints

You might have to find the correct path to the tools. whereis tells you a lot. Here is what Tim has to day about iproute2. All of our Linux machines have iproute2. (Most of the traditional UNIX network utilities were deprecated on Linux well over a decade ago. While some of them like “route” and “ifconfig” are still around for compatibility (basically for old people like you who are used to running them), most Linux distributions use iproute2. for all automated network configuration at startup time.)

iproute2. includes a number of different commands. Most of the ones that just return information can be run by anyone. The others (e.g., changing the routing table) are typically dangerous. For example, anyone can run routel (to see routes) but only root can run routef (to flush them).

You can run qlist iproute2 | grep bin/ to get a list of commands. Most should have man pages. Most of the functionality is also exposed through the ip command. The man page for ip will give you an overview, but the details for each subcommand are in separate pages (e.g., ip-tcp_metrics)

Lab Report

In general, provide enough about each part so that I know what you did (e.g., what commands you ran), what you saw (e.g., the output of a particular command), and what you thought (answers to any questions and other analysis). Please distinguish between the various sections. Look at script for a way to capture a terminal session. You could also use screen capture. I do not need to see each individual ping command, for example; one example is enough. Use your common sense about what to include and what to simply describe or discuss, and please ask me if you are unsure about anything.

Discussion Questions

1. Based on your experiments with ping and traceroute, what conclusions would you draw about the relationships between RTT, number of hops, and geographic distance? (Are there any relationships?)
2. Did you discover anything else interesting while working on this lab?
3. How long did you spend on this assignment? What problems, if any, did you run into?

Grading

• Do A-F for the B, Add G for the +

Mike Erlinger

Last Modified Saturday, 14-Sep-2019 13:43:59 PDT