Computer Networks - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Computer Networks

Description:

The way emma is written, the sending side transmits the requested amount of data, ... Emma, operating as a receiver, reports many fewer bytes received than the ... – PowerPoint PPT presentation

Number of Views:176
Avg rating:3.0/5.0
Slides: 31
Provided by: jb20
Category:

less

Transcript and Presenter's Notes

Title: Computer Networks


1
Computer Networks
  • Project 4
  • Understanding Protocols

2
TABLE OF CONTENTS
  • Project Overview
  • Report Format
  • Environment and Tools
  • Taking Ethereal For a Test Drive
  • The Program Emma
  • An Environment Question
  • Understanding TCP
  • Understanding ARP
  • Understanding Netstat
  • Understanding ifconfig
  • Snooping Network Traffic

3
Project Overview
  • The purpose of this Project is to become familiar
    with a number of tools that can be used for
    probing whats happening at the Transport,
    Network, and Link Level of your machine.
  • This consists of trying various commands to
    understand the configuration of your machine. It
    also includes using tools to watch and understand
    packets traveling across the network.
  • In addition youll become knowledgeable about the
    contents of transpoort, network and MAC headers.
  • You can work on this either singly or in pairs.
  • Have fun.

4
Report Format
  • What will you be handing in?
  • The answer is everything and absolutely
    nothing.
  • Your goal in this entire lab is to prepare for an
    exam on this material. You can collect any data
    you want here. You can print it out and bring it
    to the exam you can bring as much paper as you
    want.
  • What will be on this exam?
  • It will ask very concrete questions about how to
    use ethereal and the other tools. It will also
    ask more general questions about packets, fields,
    etc. Thats why it will be a good idea to do
    these labs and remember what you did.

5
Environment and Tools
Connection To World 140.132.1.139
Switch
Hub
Tarski
192.168.1.1
  • 192.168.1.2

192.168.1.4
192.168.1.5
192.168.1.3
NET1 This machine has two NICs
NET4
NET5
NET2
NET3
All machines have username / password root /
NetLab Note that by running root you have
complete control over the machine.
6
Environment and Tools
Getting Around You can log into any of the
machines Net2 Net5 via terminal/monitor.
Warning, Net2 is very slow and will be used only
indirectly in this lab. You can ssh between any
of the machines net1 net5 by using their IP
address we arent running a nameserver so you
will not be able to do something like ping
Net2. Saving data between the Networks Lab and
the rest of the world During the course of doing
these various measurements, youll be collecting
a lot of data. This data will be output from
Ethereal, various other outputs, and so on. But
theres no printing or saving facilities in the
lab. So you would really like to get the data
back to your home directory in the regular CS lab
to get your file back to spears. From any of
the machines, you can ssh to tarski (also called
Net1), the machine that sees the world. ssh b
192.168.1.1 l Being able
to ssh in this fashion may or may not be useful
to you. What IS useful is being able to copy
files between nodes. Suppose Im on net2 and I
want to transfer the file CollectedWisdom to my
home directory on Spears. I do that with the
command scp which you can look up. Heres an
example of its use scp CollectedWisdom
jbreecher_at_192.168.1.1CollectedWisdom This will
deposit the file Collected Wisdom in my home
directory.
7
Environment and Tools
  • Some of the simple tools you will use include
  • ARP Netstat Ipconfig ping ftp telnet
    ssh
  • You can read about these for your system as
    described later.
  • Ethereal can be downloaded from http//www.etherea
    l.com/
  • However, it is already installed on the machines
    in the Network Lab so you wont need to download
    it. A manual describing its behavior is at
    http//www.ethereal.com/docs/
  • Chapter 1 gives an overview of the product,
    Chapter 3 gives details of its usage.
  • Theres also a nice summary produced by Kurose
    and Ross at
  • http//gaia.cs.umass.edu/ethereal-labs/labs/Ethe
    real_INTRO.pdf
  • Id recommend that you read portions of this
    document.
  • In fact the whole thing will be useful to you
    except we will not need
  • Getting Ethereal on page 3.
  • We will replace Taking Ethereal For a Test
    Run with our own version.
  • This lab has been written for the machines in the
    Networks Lab. These instructions dont work on
    the machines in the general lab because Ethereal
    is very privileged. Using Ethereal you can see
    all the packets coming into the machine, whether
    those packets are generated by you, or by someone
    else.
  • You COULD run ethereal on your own home computer,
    but there are a number of items that work well or
    work only on machines connected on their own
    subnet and we want to observe this behavior.

8
Taking Ethereal For A Test Drive
  • The best way to learn about any new piece of
    software is to try it out! Do the following
  • Log on to net5. Get a command line started.
    Start up the Ethereal software by saying
    ethereal. You will initially see a window
    similar to that shown in Figure 2
  • 2. Now get back to the command line and do a ping
    to net2 by typing ping 192.168.1.2
  • 3. Returning to ethereal, to begin packet
    capture, select the Capture pull down menu and
    select options. This will cause the Ethereal
    Capture Options window to be displayed, as shown
    in Figure 3.

Figure 2
Figure 3
9
Taking Ethereal For A Test Drive
  • 4. You can use all of the default values in this
    window. The network interfaces (i.e., the
    physical connections) that your computer has to
    the network will be shown in the Interface pull
    down menu at the top of the Capture Options
    window.
  • After selecting the network interface (or -
    most likely -using the default interface chosen
    by Ethereal), click Start. Packet capture will
    now begin - all packets being sent/received
    from/by your computer are now being captured by
    Ethereal!
  • 5. Once you begin packet capture, a packet
    capture summary window will appear, as shown in
    Figure 4. This window summarizes the number of
    packets of various types that are being captured,
    and (importantly!) contains the Stop button that
    will allow you to stop packet capture. Dont stop
    packet capture yet.

Figure 4
10
Taking Ethereal For A Test Drive
  • 6. After ethereal has captured 30 50 packets,
    stop Ethereal packet capture by selecting stop in
    the Ethereal capture window. This will cause the
    Ethereal capture window to disappear and the main
    Ethereal window to display all packets captured
    since you began packet capture. The main Ethereal
    window should now look similar to Figure 5. You
    now have live packet data that contains all
    protocol messages exchanged between your computer
    and other network entities!

Figure 5
11
Taking Ethereal For A Test Drive
  • 7. The ping message communications with the net2
    node should appear somewhere in the listing of
    packets captured. But there will be other types
    of packets displayed as well. Even though the
    only action you took was to run ping, there were
    evidently many other protocols running on your
    computer that are unseen by the user. Well learn
    much more about these protocols as we progress
    through the text! For now, you should just be
    aware that there is often much more going on than
    meets the eye!
  • 8. Type in icmp (without the quotes, and in
    lower case all protocol names are input in
    lower case in Ethereal) into the display filter
    specification window at the top of the main
    Ethereal window. Then select Apply (to the right
    of where you entered icmp). This will cause
    only ICMP message to be displayed in the
    packet-listing window.
  • 9. Select the first icmp message shown in the
    packet-listing window. This should be the first
    ping message that was sent from net5 to net2.
    When you select this message, the Ethernet frame,
    IP datagram, etc. information will be displayed
    in the packet-header window. Play around try
    clicking on various packet information in the
    windows, and figure out what it does.

12
Taking Ethereal For A Test Drive
  • 10 Saving captured traffic You will want to save
    the data inside ethereal to take home with you.
    Remember the total process involves printing the
    data to an ascii file as described here, and then
    doing an scp to tarski as described on a previous
    page.
  • Save the results of the captured traffic as a
    plain text file.
  • This is done by selecting Print in the File
    menu. When a Print window pops up, select the
    options and set a filename.
  • Selecting print options in the Print window for
    saving captured traffic to plain text files
  • o Select the format "Plain Text".
  • o Select the File checkbox and type the
    filename in the field next to the File button.
  • o Select Print summary if you want to save only
    some high level information on each packet. Print
    summary is usually sufficient.
  • o Select Print detail and "Expand all levels"
    if you want to save all details of all packets at
    all levels.
  • o Click the OK button to complete the save
    operation.
  • Play with the various options here and see what
    gets produced. You can also do save as to
    produce a file that you can display using
    ethereal on your home machine.
  • 11. Exit Ethereal

13
The Program Emma
  • Theres a small program named emma that you will
    be using for TCP tests later on. Heres a
    description of the program that will help you
    later on. Remember way back in Project 0 you
    built a client and server that simply sent
    messages back and forth between each other. This
    program is an offshoot of the code from Project
    0. The code for emma.c is available on all the
    netlab machines.
  • Emma has one executable, but it can be run as
    either a sender or a receiver but it does only
    that one instance of the program sends only,
    and the other receives only. Here are the inputs
    for emma
  • emma Address
  • or UDP
  • The program expects switches in a particular
    format. See examples below
  • -b - The total bytes to be sent, after
    which sender closes the
  • connection. Note the receiver may
    not receive this many bytes.
  • -d - Direction - your choices are Send or
    Receive. The receiver also
  • does the accept while the Sender
    will do the connect.
  • -i - IP Address - in the form
    uuu.vvv.www.xxx. This is needed for the
  • Sender/Connector only - it shows how
    to get to the receiver.
  • -p - Port that the receiver will accept
    on. Both sides need to know this.
  • The default port is built into the
    program - this switch is optional.
  • -s - Size of request to be sent or
    received.
  • -t - Transport protocol - either TCP
    (default) or UDP
  • Example
  • emma -d Send -i 140.232.101.125 -b
    1000000
  • emma -d Receive -s 50

14
An Environment Question
  • So now you understand how ethereal works you
    can get it running and you can see results. So
    run the following test
  • On net5, run ping to net2 (192.168.1.2). It
    should run forever, or until you stop it.
  • Run ethereal on net4 and on net3.
  • Observe the ping packets that are going by.
  • What do you see?
  • Explain the difference in terms of switches and
    hubs note that net3 is connected to a switch
    and net4 is connected to a hub. Why does this
    matter?

15
Understanding TCP
  • In this part you will look at transport headers
    and information as produced by TCP.
  • This falls into the following topics
  • Looking at connections and closes.
  • Looking at large data transfers flow control.
  • Solving a mystery.
  • Looking at connections and closes.
  • Perform the following steps
  • Start the program emma as a receiver on net2 ?
    emma -d Receive -s 50
  • Start ethereal on net5 get it so its enabled
    to capture packets.
  • Start emma on net5 using this command ?
  • emma -d Send -i 192.168.1.2 -b 5000 s 50
  • Emma should complete fairly quickly on net5.
  • Stop ethereal.
  • Since you commanded ethereal to send only 5000
    bytes,
  • you should see the entire transaction the
    connection, a small amount
  • of data transfer, and then a close of the
    connection.

16
Understanding TCP
  • What is the IP address and TCP port number used
    by the net5 node (source) that is transferring
    the file to net2? ?To answer this question, its
    probably easiest to select a TCP message and
    explore the details of the TCP packet used to
    carry this message, using the details of the
    selected packet header window.
  • What is the IP address and port on the
    destination node, net2?
  • What is the sequence number of the TCP SYN
    segment that is used to initiate the TCP
    connection between net5 computer and net2? What
    is it in the segment that identifies the segment
    as a SYN segment?
  • What is the sequence number of the SYNACK segment
    sent by net2 to net5 in reply to the SYN? What is
    the value of the ACKnowledgement field in the
    SYNACK segment? How did net2 determine that
    value? What is it in the segment that identifies
    the segment as a SYNACK segment?
  • What is the sequence number of the TCP segment
    containing the first data segment? How do you
    know that its data rather than part of the
    connection request? This segment is the packet
    sent by net5 immediately after the SYN segment.
    How does this sequence number compare to the one
    you found for the SYN?

17
Understanding TCP
  • What are the sequence numbers of the remaining
    data transfer segments? At what time was each
    segment sent? At what time was the
    acknowledgement for each of these segments
    received?
  • Given the difference between when each
    TCP segment was sent, and when its
    acknowledgement was received, what is the RTT
    value for each of the six segments? What is the
    Estimated RTT value (see page 237 in text) after
    the receipt of each ACK? Assume that the value of
    the Estimated RTT is equal to the measured RTT
    for the first segment, and then is computed using
    the Estimated RTT equation on page 237 for all
    subsequent segments.
  • Note Ethereal has a nice feature
    that allows you to plot the RTT for each of the
    TCP segments sent. Select a TCP segment in the
    listing of captured packets window that is
    being sent from net5 to net2. Then select
    Statistics-TCP Stream Graph-Round Trip Time
    Graph.
  • What does the connection close look like? How do
    you know its a close? Remember the answer to
    this means understanding how both sides react to
    a close request.
  • The way emma is written, the sending side
    transmits the requested amount of data, and then
    closes the connection. So you should see net5
    (the sender) initiate the close. And you should
    see net2 then respond to that close request with
    its own close request.

18
Understanding TCP
  • Looking at large data transfers flow control.
  • Perform the following steps
  • Start the program emma as a receiver on net2 ?
    emma -d Receive -s 50
  • Start ethereal on net4 get it so its enabled
    to capture packets.
  • Start emma on net4 using this command ?
  • emma -d Send -i 192.168.1.2 -b 10000000
  • Wait a very few seconds. Stop ethereal the
    segments are going by very quickly so it wont
    take long to collect data.
  • Heres the logic behind this set of commands.
    Net2 is an old slow machine. It shouldnt be
    able to keep up with net4. Besides, weve told
    net2 to make receive requests of only 50 bytes at
    a time whereas net4 is sending 1460 bytes at a
    time. This should force flow control with net2
    reducing its receive window on occasion in order
    to keep net4 in check.
  • Answer these questions
  • What is the length of each of the first six data
    transfer TCP segments?
  • What is the minimum amount of available buffer
    space advertised at the receiver for the entire
    trace? Does the lack of receiver buffer space
    ever throttle the sender? How can you tell this?
  • Are there any retransmitted segments in the trace
    file? What did you check for (in the trace) in
    order to answer this question?
  • How much data does the receiver typically
    acknowledge in an ACK? Can you identify cases
    where the receiver is ACKing every other received
    segment (see Table 3.2 on page 245 in the text).
  • What is the throughput (bytes transferred per
    unit time) for the TCP connection? Explain how
    you calculated this value.

19
Understanding TCP
  • Select a TCP segment in the Ethereals listing
    of captured-packets window. Then select the
    menu (Statistics-TCP Stream Graph-
    Time-Sequence-Graph(Stevens). You should see a
    plot that looks similar to the following plot.
  • Here, each dot represents a TCP segment sent,
    plotting the sequence number of the segment
    versus the time at which it was sent. Note that a
    set of dots stacked above each other represents a
    series of packets that were sent back-to-back by
    the sender.
  • Use the Time-Sequence-Graph(Stevens) plotting
    tool to view the sequence number versus time plot
    of segments being sent from net4 to net2.
  • Comment on ways in which the measured data
    differs from the idealized behavior of TCP that
    weve studied in the text.
  • Additional graphs are in Statistics-TCP Stream
    Graph- Round Trip Time and Statistics-TCP
    Stream Graph- Throughput. Take a look at them
    and make sense of them.

20
Understanding TCP
  • Solving a mystery.
  • Heres the mystery. Emma, operating as a
    receiver, reports many fewer bytes received than
    the sending emma reports having sent. Does this
    mean that bytes are lost? Does it mean that one
    of the programs isnt reporting correctly? The
    goal is to use our environment to measure what is
    going on between two nodes running emma and
    determine if the problem is in the network or in
    emma.
  • Perform the following steps
  • Start ethereal on net3 (note this is NOT net2
    ) get it so its enabled to capture packets.
  • Start the program emma as a receiver on net3 ?
    emma -d Receive
  • Start ethereal on net4 get it so its enabled
    to capture packets.
  • Start emma on net4 using this command ?emma -d
    Send -i 192.168.1.3 -b 10000
  • The sender should finish within a few seconds.
    Stop both ethereals when emma is finished.
  • So what is the answer to the mystery? We know
    that were running emma on a relatively fast
    receiver and that were not slowing it down by
    having it receive only small amounts of data.
    Here are some things to try
  • How many bytes does ethereal say are being sent
    from node4? How many from node3?
  • Is the close coming in the middle of the data on
    node3? This would mean that emma goes to do a
    receive and finds that the connection is closed,
    even though theres more data to be gotten.
  • Which side is issuing the close?
  • Can you determine if the network is behaving
    correctly?

21
Transfer files and clean up
  • This would be a good time to stop and save your
    work.
  • Do an scp and copy your files that youve been
    working on to tarski. Do you have a sensible
    naming scheme for these files so you can figure
    them out later?
  • Its easy to generate all kinds of cruf in these
    directories. Please clean up.

22
Understanding ARP
  • This part of the lab explores the operation of
    the Address Resolution Protocol (ARP) which
    resolves a MAC address for a given IP address. Yo
    will want to read about ARP in your text to get
    an overview of this section. The lab exercises
    use the command arp, for displaying and
    manipulating the contents of the ARP cache. The
    ARP cache is a table that holds entries of the
    form . The most common
    uses of the arp command are as follows
  • arp a
  • Displays the content of the ARP cache.
  • arp d IPAddress or arp d
  • Deletes the entry with IP address IPAddress, or
    all addresses.
  • arp s IPaddress MAC_Address
  • Adds a static entry to the ARP cache which is
    never overwritten by network events. The MAC
    address is entered as a 6 hexadecimal bytes
    separated by colons.
  • Example arp s 00022D0D68C1
  • Each complete entry in the ARP cache will be
    marked with the C flag. Permanent entries are
    marked with M and published entries have the P
    flag.

23
Understanding ARP
  • Time-outs in the ARP cache
  • The entries in an ARP cache have a limited
    lifetime. Entries are deleted unless they are
    refreshed. The typical lifetime of an ARP entry
    is 2 minutes, but much longer lifetimes (up to 20
    minutes) have been observed. You will want to
    verify when your system does remove ARP entries
    automatically after a certain amount of time.
  • Refreshing the ARP cache
  • You will observe that occasionally, a host sends
    out ARP requests to interfaces that are already
    in the ARP cache.
  • Example Suppose that a host with IP address
    has an ARP cache entry
  • is-at
  • Then, this host occasionally sends an unicast ARP
    Request to MAC address 000283392C42 of the
    form
  • Who has ? Tell
  • to verify that the IP address is
    still present before deleting the entry from the
    ARP cache.

24
Understanding ARP
  • Arp requests to a real address not in cache.
  • Start capturing data with ethereal on net4.
  • On net4, view the ARP cache with arp a and then
    delete all entries with the arp d option.
  • 3. Issue a ping command from net4 to net2
  • ping c 2 192.168.1.2
  • Stop ethereal. Observe the ARP packets in the
    ethereal window. Explore the MAC addresses in the
    Ethernet headers of the captured packets. Direct
    your attention to the following fields
  • The destination MAC address of the ARP Request
    packets.
  • The Type field in the Ethernet headers of ARP
    packets and ICMP messages.
  • 4. View the ARP cache again with the command arp
    -a. Note that ARP cache entries get
    refreshed/deleted fairly quickly. Note also that
    the cache needed to have data in it in order to
    satisfy the ping request.
  • 5. Save the results of ethereal to a text file
    for later reference.
  • Questions
  • Use the saved data to answer the following
    questions
  • What is the destination MAC address of an ARP
    Request packet? What does this mean?
  • What are the different values of the Type field
    in the Ethernet headers that you observed?
  • Use the captured data to discuss the process in
    which ARP acquires the MAC address for an IP
    address 192.168.1.2.

25
Understanding ARP
  • ARP requests for a non-real address
  • Observe what happens when an ARP Request is
    issued for an IP address that does not exist.
  • 1. Start capturing data with ethereal on net4.
  • 2. Establish a Telnet session from net4 to
    10.0.1.10 (Note that this address does not exist
    on this network)
  • telnet 10.0.1.10
  • 3. Observe the time interval and the frequency
    with which net4 transmits ARP Request packets.
    Repeat the experiment a number of times to
    discover the pattern.
  • 4. Save the captured output.
  • Questions
  • Using the saved output, describe the time
    interval between each ARP Request packet issued
    by net4 Describe the method used by ARP to
    determine the time between retransmissions of an
    unsuccessful ARP Request. Include relevant data
    to support your answer.
  • Why are ARP Request packets not transmitted
    (i.e. not encapsulated) as IP packets? Explain
    your answer.

26
Understanding Netstat
  • The command netstat displays information on the
    network configuration and activity of a system,
    including network connections, routing tables,
    interface statistics, masquerade connections, and
    multicast memberships. The following exercise
    explores how to use the netstat command to
    extract different types of information about the
    network configuration of a host.
  • Netstat has slightly different switches on
    Linux/Windows/Macs. In general, useful switches
    are -a, -e, -n, -r, -s. Read about and
    understand these usages.
  • Exercise 6.
  • On the netlab Linux node, try the different
    variations of the netstat command listed above
    and save the output to a file for your future
    reference.
  • 1. Display information on the network interfaces
    by typing ????
  • 2. Display the content of the IP routing table by
    typing ????
  • 3. Display information on TCP and UDP ports that
    are currently in use by typing ????
  • 4. Display the statistics of various networking
    protocols by typing ????

27
Understanding Netstat
  • Questions
  • Using the saved output, answer the following
    questions.
  • What are the network interfaces of net4?
  • How many IP datagrams, ICMP messages, UDP
    datagrams, and TCP segments has your machine
    transmitted and received since it was last
    rebooted?
  • Show your machines routing table. What do the
    columns in this table mean. Explain, based on
    this table, how your machine determines routing
    behavior.
  • Explain the role of interface lo, the loopback
    interface.
  • In the port table produced by netstat a, pick
    one of the connections and explain it completely.
    What local program is using the port? What do
    listening and established mean?

28
Understanding ifconfig
  • (Note, this is called ipconfig in the Windows
    world)
  • USAGE
  • ipconfig /? /all /release adapter
    /renew adapter
  • /flushdns /registerdns
  • /showclassid adapter
  • Options
  • /? Display this help message.
  • /all Display full configuration
    information.
  • /release Release the IP address for
    the specified adapter.
  • /renew Renew the IP address for the
    specified adapter.
  • /flushdns Purges the DNS Resolver
    cache.
  • /registerdns Refreshes all DHCP leases
    and re-registers DNS names
  • /displaydns Display the contents of the
    DNS Resolver Cache.
  • /showclassid Displays all the dhcp class
    IDs allowed for adapter.

Play with these see what they do. Some may
force a reboot.
29
Snooping Network Traffic
  • Snoop Passwords from a telnet session
  • Capture traffic from a telnet session between two
    hosts.
  • On net4, run the ethereal command and start it
    capturing.
  • On net4, start up a telnet session to net3
    telnet 192.168.1.3
  • When net 3 responds, try to log in with a
    username/password. As it turns out, there isnt
    really a telnet working, so your login request
    will fail. But thats just fine.
  • Stop ethereal and look at the packets. Find the
    packets that have username and password. What do
    they look like?
  • In ethereal, there is a simple method to view the
    payload sent in a TCP connection. Simply select a
    packet that contains a TCP segment in the main
    window of ethereal, and then click on "Follow TCP
    Stream" in the "Tools" menu of the ethereal
    window. This will create a new window that
    displays only the payload of the selected TCP
    connection.
  • Save the details of the packets, i.e., select
    Print details in the Print window of
    ethereal, which transmit the login name and
    password. As a hint, you can set the display
    filter in ethereal to show only the desired
    packet(s).
  • Questions
  • Using the saved output, identify the port
    numbers of the telnet client and the telnet
    server.
  • Identify the login name and the password, shown
    in plain text in the payload of the packets that
    you captured.

30
Snooping Network Traffic
  • Snoop an ssh session
  • SSH is supposedly secure. In this section you
    will determine if it is.
  • Run ethereal on net4, and start to capture
    traffic.
  • ssh from net4 to net3 and log in.
  • Perform several simple commands that will produce
    packets traveling back and forth between net4 and
    net3.
  • Save the ethereal output to a text file (using
    the Print Summary option).
  • Questions
  • Describe what you see with respect to
    username/password encryption. Explain the
    sequence of packets that accomplish this login.
  • Describe what you see with respect to data
    transfer.
  • Given enough data and knowing the data being
    sent, could you crack this encryption?
Write a Comment
User Comments (0)
About PowerShow.com