Lab 1, Part 1 covers the following Chapters in the Wilder text: 1, 2.1-1.5, 3 up to 3.3.2, 6.1-3, in the Stevens text: 1, 2, 3
Objectives
· Getting acquainted with the Unix/Linux/Solaris and Xwindows environment
· Preview of some TCP/IP diagnostic tools
· Capturing link/IP/TCP layer header
· The usage of port numbers and IP protocol field
The basic Unix commands are summarized below; see the manual pages for various options.
man word : getting online help
e.g., man ls displays the manual explanation of ls.
info word : getting online help. Type info info to get help on how to use info
passwd : setting (changing) your password
pwd : displays the current working directory
ls : lists the contents of a directory
more file_name : To scroll through a file.
To list the next page, press the space bar.
To go backwards, press b.
To quit from more, press q.
mv old_file_name new_file_name : renaming a file.
file_name directory_name : move a file to a directory.
old_directory_name new_directory_name : move an entire directory.
rm file_name : deletes(removes) a file.
mkdir directory_name : creates a directory.
rmdir directory_name : removes a directory.
cd directory_name : changes a current working directory to be directory_name.
If directory_name is omitted, the shell is moved to your home directory.
cp file_name new_file_name : copying a file.
file_name directory_name : copying a file into directory_name.
chmod who op-code permission file_or_directory_name : change the file access permissions.
who : u user
: g group
: o other users
: a all (user, group, and other)
op-code : + add permission
- remove permission
permission : r read
w write
x execute
ps : the process status report
kill PID : terminates the job corresponding to PID.
Ctrl-c : Pressing the keyboard sequence Ctrl-c terminates the job before it is finished.
To bring up a terminal window on a Linux PC, left click your mouse on the Terminal Emulation button on the Taskbar.
The following text editors are available on the PC’s under Linux. You should consult the man pages for more details.
The vi editor is one of the most popular UNIX text editors. vi is considered to be the default text editor of the UNIX system.
To start vi, enter vi file_name at the command line. If no such file exists yet, it will be created. Initially, vi enters command mode and awaits instructions.
vi can be in one of the two modes, command mode and text entry mode. Command mode allows you to use a number of commands to modify text. Text is inserted and modified within text entry mode.
To delete a single character, place the cursor over the character and press the x key. To delete a word, type dw, after placing the cursor at the start of the word. A line can be deleted with dd, when the cursor is anywhere on the line that you want to delete.
From command mode, you may enter text entry mode again using one of the keys that we explained before. Or, if you want to save the file and quit vi, press Esc (even is you are in command mode, it doesn’t hurt), and type :wq. To quit vi without saving changes to the file, use the command :q!
Linux provides an interactive ASCII text editor that is intuitive and is easy to use. It is especially convenient for the DOS editor-oriented user. You can invoke the text editor by typing in the terminal window:
kedit
or from the K Menu (which can be invoked by clicking the left mouse-button on the big K icon on the Taskbar), select the -> Applications menu and select -> Text Editor.
The following tools can be used in the Unix environment for copying, printing and saving to a floppy.
1. Mounting a Floppy:
In order to use floppy disks, insert an MS-DOS formatted floppy disk into the floppy disk drive. Then mount the floppy using the commands:
mount /mnt/floppy
This command will mount a floppy
disk under the directory: /mnt.
Then use /mnt/floppy to
refer to your floppy, e.g.: ls /mnt/floppy
To manipulate the files in the floppy disk, use the same Unix commands as usual (e.g. to copy a file into the floppy disk,
cp file_name /mnt/floppy
When you are done, you
need to un mount the floppy using the following command:
umount /mnt/floppy
This will un mount the
floppy. If you eject before un mounting you will crash the machine!
2.
Using mtools
You can also use MS-Dos formatted floppies
directly under Linux without having to mount the floppy. mtools consists
of a public domain collection of tools
that allow Unix based systems to manipulate MS-Dos files (read, write, move,
copy, etc) without having to mount and unmount the filesystem.
The following are some commonly used mtools
commands:
mdir: directory list
mcd: change directory
mcopy: copy file
mdel: delete file
mrd: remove directory
mmove: move file or
directory
mren: rename file or
directory
When the systems crash you can always use the command:
reboot
to get started again.
Exercise 1
Get acquainted with Unix commands, text editor, Xwindows environment, and the man pages.
Exercise 2
Read the man pages for the following programs:
·
arp
·
ifconfig
·
ping
·
netstat
·
tcpdump
·
traceroute
Study the different options associated with each command. Note: Throughout the labs you will be required to use some of these programs rather extensively, especially tcpdump. Click here and it will get you to an html version of the man page of tcpdump.
LAB REPORT #1:
· Explain the above programs briefly in your own words (2-3 sentences per program!)
Many TCP/IP communication services (telnet, ftp, etc.) are handled by a daemon called inetd. Instead of running many network-related daemons, the inetd daemon starts the necessary server processes when requests arrive. When a client requests a certain service from a remote server, the client contacts the inetd daemon through the server’s well-known port number for the service. Then the inetd starts the corresponding server process. The well-known port numbers are listed in the /etc/services file.
The server can handle multiple clients at the same time through the same well-known port number of a service. The client usually uses an ephemeral port number. Thus, the uniqueness of a communication session between two hosts is preserved by means of the port number and IP address pair of the server and client hosts.
We start with a simple one segment network for which all four PCs are in one Ethernet segment. The table below lists the IP addresses that are initially assigned to the PC network interfaces (note: ifconfig was used to setup the host IP addresses). Connect all 4 PCs via Ethernet cables to a single Ethernet hub to create a single segment network.
|
130.91.66.100 |
apple.uci.edu |
|
130.91.66.101 |
orange.uci.edu |
|
130.91.66.102 |
peach.uci.edu |
|
130.91.66.103 |
plum.uci.edu |
Exercise 3
Execute a TCP utility, telnet for example (telnet other_ machine), while tcpdump is running (always use a separate window in which to run tcpdump - to exit from tcpdump use Ctrl C) to capture the packets between your_machine and the other_machine. (Note that your_machine refers to a machine that you are currently active on (i.e., have an open window in which you are typing), other_machine refers to one of the other machines in the cluster.
tcpdump -n host your_machine and other_machine
(Note: Since we don’t run a domain name server, and don’t want to change the /etc/hosts file for every experiment we run, always use the IP address (for e.g. 130.91.66.100) and not the PC name (e.g., apple.uci.edu). All references in this text to, host, your_machine, other_machine, etc. assume IP addresses.) Please recall that you need to open two windows: one for tcpdump and one for the telnet session.
Note: to save the tcpdump output to a file outpu.txt on your computer you can use the following command:
tcpdump –w /tmp/output.txt
To read and parse the output file
use the following options with tcpdump:
tcpdump –r /tmp/outfile.txt:
read the output file
tcpdump –r /tmp/output.txt –v host your_machine and other_machine: read and parse the output file in verbose mode
You can also just redirect the output from screen to a file: tcpdump –ex > output.txt
Read output.txt using any text editor.
LAB. REPORT #2: Answer the following questions:
· What are the port numbers of the remote and the local computer?
· Which machine’s port number matches the port number listed for telnet in the /etc/services file?
Exercise 4
You are going to open two telnet sessions to the same remote host (other_machine) simultaneously, but from two different windows. First, in one window on your_machine, type telnet other_machine, and then issue the same telnet other_machine command in another window on your_machine. Using tcpdump check the port numbers being used on both sides of the connection.
LAB. REPORT #3: Answer the following questions:
· With the two active telnet sessions running on your machine, what port number is used on other_machine?
· Are both connected to the same port number on other_machine?
· What port numbers are used on your machine for the first and second telnet?
Exercise 5
Using tcpdump -ex, capture any packets that contain the link (i.e., Ethernet)/IP/TCP headers. For your report, save any one of the packets in the tcpdump output.
Note: If there is no TCP packet on the network, you may generate traffic with some TCP application programs (e.g., telnet).
LAB. REPORT #4:
· Draw the format of the packet you saved, including the link (i.e., Ethernet)/IP/TCP headers (refer to figures 1.9, 2.5 and 3.1). Identify each field in the link (i.e., Ethernet)/IP/TCP headers. Express the numbers in decimal form, not in hexadecimal form.
· What is the value of the protocol field in the IP header of the packet you saved?
· What is the use of the protocol field?
Exercise 6
Using tcpdump, capture any packets on the LAN and see the output format for different command-line options (e.g. tcpdump, tcpdump –v, tcpdump –x, tcpdump –e, etc.). Study the various expressions for selecting what information will be dumped or how to analyze what you dumped using the different command-line options. For this experiment, use the man page for the tcpdump utility. (I recommend highly that you printout the man page for tcpdump!)
Note: If there is no traffic on the network, you may generate traffic with some application programs (e.g., telnet, ftp, etc.).
Lab 1 Part 2 covers the following Chapters in the Wilder text: 3.3.3, 5.1, 5.3, in the Sevens text: 4, 6, 7, 8
Objectives
· Estimating network load
· Address Resolution Protocol (ARP) and its operation
· Interface configuration (Duplicate IP addresses and Incorrect subnet mask)
· Traceroute program
Getting accurate network statistics (load) needs sophisticated and expensive network analysis equipment. As an alternative, network load can be estimated by examining the collision rate on each machine’s network interface. Depending on the criteria for the network performance, you can determine when your network should be subnetted (or divided), based upon the collision rates for the machines on your network.
The netstat command can be used to see the statistics of the network interface card. The same command is also used for examining the routing table of the machine. The collision rate of a machine is obtained by taking the ratio of the number of collisions to the number of output packets. The average collision rate is the average of the statistics for all the hosts on the network.
Exercise 1
Using netstat -in command, check the statistics on the network for your Ethernet interface. If you don’t see any significant amount of output packets, the machine was probably restarted recently. Do this experiment later.
LAB. REPORT #1: Using the netstat output, answer the following questions:
· How would you calculate the average collision rate on the network?
· What is the maximum transmission unit (MTU) of the Ethernet interface on your system?
Using the IP address, a packet can be delivered up to the netwok that the destination host resides. When the packet enters the destination network, it must follow the physical layer protocols used by that network. The physical network does not recognize IP addressing. Different kinds of physical networks have different kinds of addressing schemes.
To overcome this situation and run TCP/IP over many different kinds of physical transmission media, the link layer provides the function that maps an IP address to the physical network address. The protocol that performs the translation of logical network address, i.e., the IP address, to the physical hardware address is the Address Resolution Protocol (ARP).
The ARP maintains the translation table which is built automatically. Once the ARP creates an entry in the table, the entry has an expiration time of about 20 minutes. Even though the ARP table does not need any attention, with superuser privilege, we can create and eliminate the ARP table entries. In the following experiment, we shall see the contents of the ARP table and the operation of ARP.
Exercise 2
Use
arp -v
to see the entire ARP table (Note: If ARP comes back with nothing, that means there are no entries in its table, all have expired and been cleared.). Observe that all the IP addresses displayed are on the same net/submet. While
tcpdump -enx host your_machine
is running to capture traffic between your_machine and the other_machine, that has currently no entry in the ARP table, execute telnet to the other_machine to generate traffic between them. If all the hosts are in the ARP table, you need to delete a host from the table using
arp -d host
That host then becomes the other_machine above! Note that only the hardware address is removed from the table not the entire host entry.
Observe the first few lines of the tcpdump output to see how ARP operates. Examine the ARP translation table to see a new line added.
Save the arp -v command outputs before and after you telnet to the another machine.
Save the tcpdump output of the first few packets (ARP request/response) for the lab report. Note that if you only run one tcpdump session on one machine, then you will only see the ARP request or the reply. If you run tcpdump on both machines (i.e. tcpdump –enx host your_machine on your_machine and tcpdump –enx host other_machine on the other_machine), then you will see both ARP reply and request in each tcpdump output. Or if you run just tcpdump –enx you will capture all packets and see both ARP messages.
After getting the necessary output, you may exit from the telnet session.
LAB. REPORT #2:
· From the saved tcpdump output, explain how ARP operates. Identify and explain every field in the tcpdump output related to ARP.
· Your report should include the answers to the following questions:
· What is the target IP address in the ARP request?
· At the MAC layer, what is the destination Ethernet address of the ARP request packet?
· Who sends the ARP response packet? What Ethernet addresses are used?
For this section we will force an error to occur to see the operation of ICMP. As an example we will execute a simple file transfer using tftp. tftp uses UDP instead of TCP and so when errors occur, ICMP kicks in to inform the application of any problems. When executing tftp, it connects to its well known port on the destination machine. By giving it a port number you are forcing it to use the designated port number. If the number is invalid an error will occur.
Exercise 3
While running tcpdump -x host your_machine and other_machine, type:
tftp
After getting the tftp> prompt, type:
connect other_machine 8888
get /root/.cshrc
The wrong port is given by the number 8888. Quit the tftp program and save the tcpdump output.
LAB. REPORT #3:
· In the tcpdump file you will notice an ICMP port unreachable error. Explain the error message in conjunction with Figure 6.9 in the textbook.
· Why are the first 8 bytes of the original datagram data field included in the ICMP message?
· Include in your report one ICMP message from your tcpdump output.
Exercise 4
Use ping -v other_machine to test whether a host is reachable, while running the following command:
tcpdump
–ex host your_machine and
other_machine
Save the tcpdump output and ping output
for future lab exercises on ping.
To change the IP address of a PC, the ifconfig command can be used. The ifconfig command is used to set the interface address, the subnet mask, and the broadcast address. Among the various functions we list the following which are sufficient for the reconfiguration of the IP address and network mask.
ifconfig -a : shows the states of all interfaces in the system.
Exercise 5
With the ifconfig -a command, find the IP address and the net mask of your_machine.
LAB. REPORT #4: Answer the following questions:
· Based on the output of ifconfig, is the lab network subnetted? How can you tell?
What are the reasons for subnetting?
You first need to deactivate the network interface before you can do anything to it. Type:
ifconfig eth0 down
In this section we will observe what happens when the same IP address is assigned to two different hosts. We will also set an incorrect subnet mask for a host and see what happens.
Exercise 6 Change the IP address of one of the PCs (Orange in the table below) as follows:
|
130.91.66.100 : apple.uci.edu 130.91.66.100 : orange.uci.edu 130.91.66.102 : peach.uci.edu 130.91.66.103 : plum.uci.edu |
First deactivate the network interface of Orange by logging onto Orange and typing: ifconfig eth0 down. Then to assign a new IP address to a PC interface (e.g. assigning IP address 130.91.66.100 to Orange) type:
ifconfig eth0 IP address
Activate the network interface by typing:
ifconfig eth0 up
Then delete the ARP table entries of all the other PCs using arp –d host on each PC (Note: do not delete the entry of the host itself or that of the multicast address 224.0.0.0).
Run tcpdump on any PC to observe traffic related to one of the PCs with a unique address, e.g., Peach (IP address: 130.91.66.102) or Plum (IP address 130.91.66.103):
tcpdump
-e host 130.91.66.102
or
tcpdump -e host 130.91.66.103
First, execute telnet from one of the two PCs with the duplicate IP address to a PC with a unique IP address (e.g., apple --> peach) for which you are running tcpdump.
Now, from the other PC with the duplicate IP address, execute the telnet command to the same PC (orange --> peach).
Observe what happens and save the tcpdump output and the ARP tables in all the PCs.
Second, execute telnet 130.91.66.100 from peach.
LAB. REPORT #5: Answer the following questions:
· Which PC provides the TELNET connection for both situations? Why?
· Explain what happened using examples from your tcpdump output file, include the examples in your report.
Exercise 7 Change the IP address of the PCs to reflect the assignments given in the table below:
|
IP Address |
Name |
Subnet Mask |
|
130.91.66.100 |
apple.uci.edu |
255.255.255.240 |
|
130.91.66.101 |
orange.uci.edu |
255.255.255.0 |
|
130.91.66.102 |
peach.uci.edu |
255.255.255.0 |
|
130.91.66.120 |
plum.uci.edu |
255.255.255.240 |
To set/change a subnet mask (e.g. netmask = 255.255.255.240) type:
ifconfig eth0 down
ifconfig eth0 netmask netmask
ifconfig eth0 up
In the table above, two hosts (apple and plum) have been assigned the incorrect subnet masks. Use the ifconfig command to change the subnet masks on these two hosts.
Capture the packets with the tcpdump -e command for the following scenarios:
1. when 130.91.66.100 sends a ping message to one of the hosts that has the correct subnet mask.
2. when 130.91.66.120 sends a ping message to one of the hosts that has the correct subnet mask.
3. when a host with the correct subnet mask sends a ping message to 130.91.66.100.
4. when a host with the correct subnet mask sends the ping message to 130.91.66.120.
To avoid confusion, only one machine should generate traffic in each case.
LAB. REPORT #6
· Explain what happened in each case from the tcpdump outputs. Explain why one of the PCs with the new subnet mask cannot be reached from the other PCs; whilst the other PC can communicate with the other PCs. Use examples from your tcpdump output to illustrate your explanation and include the examples in your lab report.
Exercise 8 Now move to a PC that is connected to the UCI network. Run the traceroute program (in /usr/bin/traceroute or /opt/local/bin/traceroute) and save its output so that you can analyze and study the traceroute output. Note you do not need to be root or super user (su) to do that.
traceroute destination_machine
LAB. REPORT #7
· Printout your traceroute output for your lab report.
Sample output of
various programs:
netstat -in
Name Mtu
Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232
127.0.0.0 127.0.0.1 472972 0 472972 0
0 0
eth0 1500 130.91.66.0 130.91.66.100 3633 0
2444 0 0 0
----------------------------------------------------------------------------
ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:969 errors:0 dropped:0 overruns:0
TX packets:969 errors:0 dropped:0 overruns:0
eth0 Link encap:Ethernet HWaddr 00:20:AF:EA:26:CD
inet addr:130.91.61.102 Bcast:130.91.61.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:109089 errors:0 dropped:0 overruns:0
TX packets:80 errors:0 dropped:0 overruns:0
Interrupt:10 Base address:0x210
----------------------------------------------------------------------------
apple#
arp -v
Net to
Media Table
Device IP Address Mask
Flags Phys Addr
------
-------------------- --------------- ----- ---------------
eth0 130.91.66.106 255.255.255.255
00:00:86:34:0c:26
eth0 130.91.66.101 255.255.255.255
00:00:c0:89:ed:1b
eth0 apple 255.255.255.255 SP 00:00:c0:52:d2:f3
eth0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
ARP in operation:
%tcpdump -e -x (for "ping 130.91.66.100" from 130.91.66.102)
tcpdump: listening on eth0
13:43:54.675220 0:20:af:ea:26:cd Broadcast arp 42: arp who-has 130.91.66.100 tell 130.91.66.102
0001 0800 0604 0001 0020 afea 26cd 825b
3d66 0000 0000 0000 825b 3d64
13:43:54.675220 0:20:af:ea:24:87 0:20:af:ea:26:cd arp 60: arp reply 130.91.66.100 is-at 0:20:af:ea:24:87
0001 0800 0604 0002 0020 afea 2487 825b
3d64 0020 afea 26cd 825b 3d66 6666 6666
6666 6666 6666 6666 6666 6666 6666
13:43:54.675220 0:20:af:ea:26:cd 0:20:af:ea:24:87 ip 98: 130.91.66.102 > 130.91.66.100: icmp: echo request
4500 0054 0e28 0000 4001 ed00 825b 3d66
825b 3d64 0800 63d9 ca0a 0000 da80 9635
6462 0a00 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819
13:43:54.675220 0:20:af:ea:24:87 0:20:af:ea:26:cd ip 98: 130.91.61.100 > 130.91.61.102: icmp: echo
reply
4500 0054 1af1 0000 4001 e037 825b 3d64