Computer Network Design - Lab 0: Using Network Tools

NWEN 302: 2019 Trimester 2

Getting started

These low level tools are essential parts of your toolkit in understanding networks. While there are many useful sophisticated graphic tools which provide network information these tools are available on all Unix based systems. At some point in your networking career you will be faced with using these tools to decipher what is going on!

  • ifconfig allows you to examine the interfaces on a host to see what addresses are in use
  • ping is useful as it can tell you whether two way communication exists between two hosts on the network. In addition its response times can be a good indicator of network health
  • arp can be used to examine the ARP tables on your local machine.
  • netstat shows network status
  • tcpdump is the Swiss Army knife in your toolkit. You can use it to find out all sorts of information about traffic on a network.
  • traceroute can be used to examine the path that packets take on their way to a particular host and can be used to find out where a network failure occurs

Use the man command to find out more about these tools.

Some of these tools will not be in your normal search path. You should modify your shell configuration file, .cshrc, to add 'need nwenlabtools' to your environment. See http://ecs.victoria.ac.nz/Support/TechNoteCustomisingYourUnixEnvironment#How_to_customise for more information.

ifconfig

Using ifconfig to find out more about your workstation

At the command prompt, type:
$ ifconfig -a

You should see several two interfaces. eth0 and lo0, what does each represent?

Examine the entry for eth0

What information can you extract from the entry?

Record details of the type of hardware, speed, duplex, hardware address, status, mtu etc and give an explanation of what each term means.

ping

We can use ping to find out information about remote hosts.

At the command prompt, type:
$ ping barretts.ecs.vuw.ac.nz
$ ping www.stuff.co.nz
$ ping www.edinburgh.ac.uk
$ ping www.bbc.co.uk
$ ping www.bbc.com

Describe how ping works to host on the same LAN and to one that is remotely connected. What can you infer about the location of these hosts?

What MAC address do the ICMP response packets come from?

What is the IP address of this host?

arp

The arp program displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol (arp(4)).

At the command prompt, type:
$ arp -a

What information can you get from this?

Try pinging the workstation "mono" (unless you're on "mono", in which case ping "rubia") and then run the arp command again. What changed? Why?

Try pinging the ECS undergraduate gateway host, "barretts" and run the arp command again. What changed? Why?

Read up on how ARP works. How long will entries normally be held in this table?

netstat

netstat is a powerful tool with many different options. We will use it here to look at the routing tables on your workstation. At the command prompt, type:
$ netstat -rn 

Explain the flags used.

How would modify the above command to show only the IPv4 routing table? And the IPv6 table?

tcpdump

At the command prompt, type:
$ tcpdump -n -i eth0

Explain what the flags mean.

This shows all traffic on the interface. Note that this includes traffic which may be discarded by any firewall filters running on a machine. This can be very useful when debugging firewall problems.

We're going to focus on arp and icmp traffic.

Modify the tcpdump command to show just those traffic types.

Open another terminal window and run this command:
$ ping barretts

What do you see in the tcpdump window? What can you infer about the above address?

Repeat using "regents"

How would you modify the tcpdump command to see the Ethernet MAC address of the traffic?

Record two ICMP and two ARP packets for your report and describe them as best you can.

Using tcpdump to save data to a file

Construct a suitable command line to save tcpdump data to a file for later evaluation. What happens if you forget to stop this command? How can you avoid this problem? How do you read back the data you've captured?

traceroute

Use the traceroute command to each of the hosts named in the ping section above.

Record the tcpdump trace for each traceroute and use them to describe how the traceroute command works.

Reusing this material

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 New Zealand License.