Le but de ces TP (oups! Sorry I forgot for a second to speak english), the goal of this lab practice is to observe Ethernet and TCP/IP in action as it exists here in the university. You can also do most of this at home with your PC changing some commands.
It would be good if you had a correct configuration of Unix (namely of your shell) to be able to edit commands easily and to access to the network commands. We will use commands which are in the /usr/sbin/
and tcpdump
which up to now is in /export/home/f9999/tcpdump/sbin/
. You can get full description of these commands using man
. There is a small glossary at the end of this document.
netstat -pn
to get the correspondance between the IP addresses and the ether addresses (ARP cache) or arp -a
and netstat -p
to have the correspondance between symbolic names and ethernet address. Use also ifconfig -a
that gives you the configuration of your interfaces.
echo $DISPLAY
. If it is not look in any variable for the location of your display: setenv
.tcpdump -i qfe0 -x -X -e host 192.168.128.18
if your X-Terminal is connected on qfe0 and has IP address 192.168.128.18.tcpdump -i qfe0 -e -x -X arp
and in another one run: telnet 192.168.128.5
(there is no such host as 192.168.128.5 but the routing table says that this is a local host on network 192.168.128 connected on qfe0). How many ARP request are sent and with which frequence?arp -d hostname
, then listening from another xterm you will see both the ARP request and response.tcpdump -i hme0 -x -X -e not ip
? Well, okay, the sun is only connected to ethernet networks, so the only data-link protocol is Ethernet, but you will find inside ethernet frames, packets which are used by the DataLink Layer.
tcpdump -i hme0 -v -e -c 5
tcpdump -i hme0 -v -e -c 5 not host 62.90.24.132 and ip
netstat -rnv
:
What are the network masks used by the Sun? Are they matching the regular domain classes?ping host
to generate ICMP echo request.
traceroute godel.logique.jussieu.fr
and sniff all packets going to this computer. What are the TTL? Try know to also catch all ICMP messages coming back. Are they always generated?
http://www.yahoo.com/oups
and tcpdump
answer the following questions:
telnet 134.157.19.17
. How often and how many times does TCP send a SYN packet before delivering an error to the user? (Did you get any ICMP error?)telnet 212.150.38.101
netstat
to have the state of all the current TCP connections.
First of all you need an account on the Sun. If you do not have one you can use the accounts test
or test2
. You can connect from home using telnet sunlab.science.alquds.edu
if you cannot make it to the university. Another solution is to install windump on your PC at home and to adapt the lab work to your own PC. You can download windump freely.
Your Unix configuration must allow a quick and easy editing of commands (use for example tcsh
shell with a good .tcshrc
configuration file. You can copy mine /export/home/f9999/.tcshrc
). Then you can auto-complete commands, use the history mechanism easily and so on. You also need to configure your PATH
variable to use commands easily: setenv PATH /usr/sbin:/export/home/f9999/tcpdump/sbin:$PATH
is required.
Moreover you need to be familiar with the X environment: opening Xterms, going from one window to another and so on.
Here is the manual page for tcpdump, I also make a brief description in the glossary. Recall also that I wrote an example of tcpdump use./export/home/f9999/tcpdump/sbin/tcpdump
tcpdump [options] expression
-i interface | to choose the interface you sniff |
-e | to display frame informations |
-v | verbose mode: to display more informations. You can also try -vv and even -vvv |
-x -X | to display the beginning (first 64 bytes) of each packet in hexadecimal and their ASCII equivalent. |
-c count | to display only the first count packets. |
-s snaplen | to display snaplen bytes of each packets (with -x or -X options) instead of the default 64. |
arp | consider only ARP packets. |
ip | consider only IP packets. |
tcp | consider only TCP segments. |
host ipAddress | display only IP packets from or to this host. |
dst host ipAddress | display only IP packets with this destination host. |
src host ipAddress | display only IP packets with this source host. |
and
, or
. You can also use not
and parenthesis.
telnet host port
Telnet is a very powerful application protocol to connect to a remote host. It exists under windows and under Unix. You can use it to connect from your PC to the sunlab.
When used with a different port than 23 (the telnet port), this command only open a TCP connection and redirect the standard input and output to this connection. You can use this feature to make some tests about TCP connections.
traceroute [options] host [packet length]
This is a program to discover the route between you and a remote host. It uses the TTL of the IP packets and the ICMP error messages to discover the routers on the route.
There are a lot of possible options, look in the manual (man traceroute
).