Computer Network Design - Lab 0: Using Network Tools
NWEN 302: 2019 Trimester 2
Getting startedThese low level tools are essential parts of your toolkit in understanding networks. While there are many useful sophisticated graphic tools which provide network information these tools are available on all Unix based systems. At some point in your networking career you will be faced with using these tools to decipher what is going on!
- ifconfig allows you to examine the interfaces on a host to see what addresses are in use
- ping is useful as it can tell you whether two way communication exists between two hosts on the network. In addition its response times can be a good indicator of network health
- arp can be used to examine the ARP tables on your local machine.
- netstat shows network status
- tcpdump is the Swiss Army knife in your toolkit. You can use it to find out all sorts of information about traffic on a network.
- traceroute can be used to examine the path that packets take on their way to a particular host and can be used to find out where a network failure occurs
ifconfigUsing ifconfig to find out more about your workstation At the command prompt, type:
$ ifconfig -aYou should see several two interfaces. eth0 and lo0, what does each represent? Examine the entry for eth0 What information can you extract from the entry? Record details of the type of hardware, speed, duplex, hardware address, status, mtu etc and give an explanation of what each term means.
pingWe can use ping to find out information about remote hosts. At the command prompt, type:
$ ping barretts.ecs.vuw.ac.nz $ ping www.stuff.co.nz $ ping www.edinburgh.ac.uk $ ping www.bbc.co.uk $ ping www.bbc.comDescribe how ping works to host on the same LAN and to one that is remotely connected. What can you infer about the location of these hosts? What MAC address do the ICMP response packets come from? What is the IP address of this host?
arpThe arp program displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol (arp(4)). At the command prompt, type:
$ arp -aWhat information can you get from this? Try pinging the workstation "mono" (unless you're on "mono", in which case ping "rubia") and then run the arp command again. What changed? Why? Try pinging the ECS undergraduate gateway host, "barretts" and run the arp command again. What changed? Why? Read up on how ARP works. How long will entries normally be held in this table?
netstatis a powerful tool with many different options. We will use it here to look at the routing tables on your workstation. At the command prompt, type:
$ netstat -rnExplain the flags used. How would modify the above command to show only the IPv4 routing table? And the IPv6 table?
tcpdumpAt the command prompt, type:
$ tcpdump -n -i eth0Explain what the flags mean. This shows all traffic on the interface. Note that this includes traffic which may be discarded by any firewall filters running on a machine. This can be very useful when debugging firewall problems. We're going to focus on arp and icmp traffic. Modify the tcpdump command to show just those traffic types. Open another terminal window and run this command:
$ ping barrettsWhat do you see in the tcpdump window? What can you infer about the above address? Repeat using "regents" How would you modify the tcpdump command to see the Ethernet MAC address of the traffic? Record two ICMP and two ARP packets for your report and describe them as best you can. Using tcpdump to save data to a file Construct a suitable command line to save tcpdump data to a file for later evaluation. What happens if you forget to stop this command? How can you avoid this problem? How do you read back the data you've captured?
traceroutecommand to each of the hosts named in the ping section above. Record the tcpdump trace for each traceroute and use them to describe how the traceroute command works.
Reusing this material
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 New Zealand License.