Design and Performance Evaluation of TLC Networks

Design and Performance Evaluation of TLC Networks -- 2007

Professor Nelson Fonseca

Objective: learn to use basic tools that give information and statistics about network in a Unix-like system, and interpret a real network trace to understand the involved steps during the connection establishment to a Internet server.

Obs.1: the tools are programs which run in the command shell.

Obs.2: excepting the questions 12 to 18, the command output must be included in the answer.

Obs.3: include into the PATH environment variable, the directories /usr/bin:/bin:/usr/sbin:/sbin. The command bellow can be used to this inclusion:

   export PATH=/usr/bin:/bin:/usr/sbin:/sbin:${PATH}

Questions:

ping: is used to check connectivity to a host (to check if a host operating and network connections are intact). A small packet is sent through the network to a particular IP address. The host that sent the packet then waits (or 'listens') for a return packet. If the connections are good and the target host is up, a good return packet will be received. The ping can also measure the round trip time of a packet. It sends and receives packets with messages of the ICMP network layer protocol.

1-) Answer the following questions (In these questions you will run the ping -c 10 command):

1.1-) What is the function of the -c parameter? What are the minimum, average and maximum RTT from your station to the University of Trento web server (www.unitn.it)?
1.2-) What are the minimum, average and maximum RTT from your station to the State University of Campinas web server (www.unicamp.br)? Are these times lower or higher than times obtained in the previous question? Why?
1.3-) Is the host www.lrc.ic.unicamp.br reachable by ping? Is the web site at the host accessible (http://www.lrc.ic.unicamp.br)? By the observed in these questions, is the ping a trustable tool to verify the host availability in the Internet?

ifconfig: is used to assign an address to a network interface and to configure or display the current network interface configuration information. If a single interface argument is given, it displays the status of the given interface only.
route: displays and manipulates the kernel routing table.

2-) Run the ifconfig command and answer: What are the IP addresses of your station? What are the network interfaces? How many bytes were sent and received by each interface?

3-) Run the ifconfig lo command. How many packets were received and how many packets were sent by the lo interface? Send two ICMP packets by ping command to IP address associated to the lo interface. After the ping, Did the number of sent packets increase by 2? Why?

4-) Run the route command. How many routes are defined at your station? What is the default network interface to the packets? What is the IP address of the default gateway?

nslookup: is used to find out the corresponding IP address of a host name by contacting Internet Domain Name Servers. It also does reverse name lookup and find the host name for an specified IP address. It sends and receives packets with messages of the DNS application layer protocol.

5-) Answer the following questions (In these questions you will run the nslookup command):

5.2-) What are the IP addresses of the host www.google.com? Is there any advantage to a host name have more than one IP address? What is the configured DNS server at your station?
5.3-) What is the name associated to IP address 127.0.0.1? What is special in this address?

traceroute: traces the route that an IP packet follows from your station to another Internet host. Along the way it gives an understanding of how networks inter-connect. It sends and receives packets with messages of the ICMP network layer protocol.

6-) Answer the following questions (In these questions you will run the traceroute command):

6.1-) How many hops are between your station and the host www.google.com? By looking the host names of the hosts, how many are located in Italy?
6.2-) How many hops are between your station and the host www.unicamp.br? How many hops are common with the route of the previous question?
6.3-) How many hops are between your station and the host home.pl? Is the reverse route made by the same hops used in the normal route? (Check the reverse route at http://home.pl/test).
6.4-) By looking the RTT values at the command output in question 6.2, do the packets reach transatlantic links at which hop?

netstat: allows to print the various data related to the network configuration of a station, including the active connections.

7-) Answer the following questions (In these questions you will run the netstat command):

7.1-) Access the University of Trento site and in parallel verify the output of the netstat command. What are the informations provided by netstat about the connection to the site?
7.2-) Besides the connection made in the previous question, are there more connections made by your station? What is the transport protocol, destination IP address and destination port of these connections?
7.3-) Is there any rule to define the ports used by your station during the accesses to web servers? (Access 5 different sites and verify the netstat output)

telnet: is used to connect from one host to another (remote login) via the Internet network. By default, it sends and receives packets with messages of the TELNET application layer protocol.

8-) Answer the following questions (In these questions you will run the telnet command):

8.1-) Which port is used by HTTP? Is it possible connect to a web server using telnet? How do you run the telnet in order to connect to the default HTTP port at host www.google.com? How do you finish a connection via telnet?
8.2-) What happens if there isn't a process at the server listening in the port accessed by telnet? Is it possible connect to default HTTP port at host localhost? What is missing at host localhost to it accept connections in default HTTP port?

9-) Use telnet in order to connect to the default HTTP port at host www.ic.unicamp.br. After the establishment of the connection, answer the following questions:

9.1-) The GET / HTTP 1.0 command, typed inside of the telnet session, and followed by two ENTER (Line Break), get a .html file like a web browser. Run this command. After the server reply, answer: What is the reply size? What is the Content Type of the server reply? What is the HTTP protocol version used by server?
9.2-) As in the previous question, connect to the default HTTP port at host www.ic.unicamp.br, but this time send the HEAD / HTTP 1.1 command to the web server. What is the server reply? Based in the reply, how do you define the function of the HEAD command?

10-) Use telnet in order to connect to the default SMTP port at host 143.106.7.163. After the establishment of connection, answer the following questions:

10.1-) What is the server identification?
10.2-) What is the name of the software listening at server in the default SMTP port?
10.3-) Simulate the behaviour of an email client running the following commands inside the telnet session (Replace the strings "REPLY" with the server replies):

   helo 143.106.7.163
   REPLY
   mail from: your_email_address
   REPLY
   rcpt to: daniel@lrc.ic.unicamp.br
   REPLY
   data
   REPLY
   This message is the answer to the question 10.3. My name is your_name_here.
   .
   REPLY
   quit
   REPLY

10.4-) As in the previous question, connect to the default SMTP port at host 143.106.7.163, but this time attribute the subject "Question 10.4 your_name_here" to the message. (Hint: some special fields of the emails are identified inside the "data" area by the delimiter : ).

arp: is used to view and manipulate the ARP cache contents. The ARP protocol typically maintains a cache of IP-to-Ethernet address translation pairs on your computer.

11-) Run the arp -v command. The command output will show all the IP addresses from your local network of which the MAC (Ethernet) addresses are known by your station. After the command execution, answer the following questions:

11.1-) Is there any IP address from your local network missing in the ARP cache? (Ask your classmates the IP address of their stations) Choose one address missing in the ARP cache and send five ICMP packets by ping command to it. After the ping, run the arp -v command again. In this time, is the chosen IP address in the ARP cache? Why?
11.2-) Access some web server out of the University. After the complete loading of the site stored at web server run the arp -v command. Did the ARP cache change? Is the MAC address of the web server in the ARP cache? Why?
11.3-) What is the MAC address of the default gateway?

Network trace: Real network traces can be useful to understand the protocols behaviour in the real world and to evaluate simulators with real loads. At http://www.lrc.ic.unicamp.br/~daniel/trento/captura-simples.txt there is a trace of frames which passed through a Ethernet segment during an HTTP access. Each line of this trace describes the details about one frame and has six columns: frame identifier, capture time (relative to the capture start), source IP address, destination IP address, protocol from the higher layer detected in the frame and informations about this protocol. At http://www.lrc.ic.unicamp.br/~daniel/trento/captura.txt, there is another trace with more details (frame size, MAC addresses, etc...) about the frames from the first trace. Open the two traces and answer the following questions:

12-) What is the HTTP server name?

13-) What is the IP address of the client which accessed the HTTP server?

14-) What are the frames containing the TCP 3-way handshake in the connection establishment of the HTTP access?

15-) What is the protocol used before the connection establishment? What is the objective of this protocol?

16-) Besides the HTTP access, two more activities can be noted on the network. What are these activities?

17-) What is the DNS server configured at the client which accessed the HTTP server?

18-) What is the MAC address of the default router configured at the client?