CPSC 441, Fall 2002
Lab 1: Ping and Traceroute (and More)
THIS LAB W two common network utilities, ping and traceroute. You'll also get your first exposure to something called User Mode Linux, which we will be using in some of the other labs for this course. The exercises from this lab are due in class next Wednesday, September 12. Note that two of the exercises require you to do some work on a computer at several different times of day (the more the better).
The ping and traceroute utilities are meant mainly for network maintenance such as measuring performance and diagnosing network problems. While using them for educational purposes is OK, you should use them responsibly. You should not, for example, flood the network with a continuous stream of ping packets (even if you figure out how to do it).
Ping
The ping command sends test packets over an IP network to a specified destination computer. The destination computer responds by sending back an "echo" packet. This tells you that the computer is running and that the network connection to the computer is functional. You also get information about the round trip time between your computer and the destination computer. The round trip time (RRT) is the time it takes for your packet to get to the computer plus the time it takes for that computer's response packet to get back to you.
For example, try pinging math.hws.edu with the command ping math.hws.edu. This will send a sequence of ping packets, one per second, and will continue until you press CONTROL-C. It will report each response packet as it arrives, and after you press CONTROL-C, it will give some summary statistics, including the percentage of packets that were lost and the minimum, average, and maximum RTT. You probably won't see any lost packages when you ping math.hws.edu. But if you ping a computer that is not on the campus network, you might see some lost packets. Packet loss is an indication that the network is congested, so ping can be used as a tool for checking for network congestion.
You should try ping on several computers, including some on other continents. For example: www.uq.edu.au (University of Queensland in Australia; www.bbc.co.uk (The BBC in England); www.unisa.ac.za (University of South Africa). (One way to find computers to ping is to do a Google search.)
The ping command has many options. If you want to learn more about it, read its man page. To do this, use the command man ping on the command line or enter man:ping as a Web page address into the KDE's Konqueror Web browser.
Traceroute
The traceroute command is also used for testing network connections, but it gives a lot more information than ping. Whenever you send a packet to a computer that is not on your own local network, it has to go through one or more routers. The purpose of the traceroute command is to try to list all the routers on a path from your computer to some destination computer.
The traceroute command is not on the standard "execution path" on the cslab computers. This means that you have to use its "full path name," /usr/sbin/traceroute in order to run it. For example, to trace the network route to www.ucla.edu, use the command
/usr/sbin/traceroute www.ucla.edu
Try this command to see what output you get. You will see a list of each domain name or --- when no name is available --- the IP address of each router on the path to www.ucla.edu.
If you try other destinations, you might encounter cases where three stars (* * *) are listed instead of a router. This might indicate a buggy router (apparently, there are many of them out there), or it might indicate that a router is configured so that it refuses to cooperate with traceroute. If this happens a few times in a row, you might as well give up by pressing CONTROL-C.
How does this work? The information needed by traceroute is not automatically available, so traceroute has to play some tricks to get the information. It actually uses ping in a clever way: It is possible to specify that a ping packet will only be sent through a given number of routers. The number is called the TTL (time-to-live) of the packet. Every time a router forwards a packet, it decreases the packet's TTL by 1. If a router receives a packet with a TTL of 0, it considers that to be an error and it sends an error message back to the packet's source. The traceroute program uses this error message to determine the identity of the router. When you run traceroute, it first sends out 3 ping packets with a TTL of 1. These packets will produce a time-out error at the very first router on the path, so traceroute now knows the identity of the first router. Next, it sends out 3 packets with a TTL of 2. These will generate an error at the second router along the path, so traceroute learns the identity of the second router. Traceroute continues in this way, with longer and longer TTL's, until the packets that it sends actually reach the destination. Note that each line of output from traceroute shows not just the identity of the router but also the round trip times of each of the three ping packets. If traceroute fails to get an error response to a given packet within three seconds, it prints a star (*) on the output line.
It's possible for two packets that are sent to the same destination to follow different paths through the Internet. In practice, however, it is unusual for the path to change within the time period that traceroute runs.
You can check the traceroute man page for more information.
User Mode Linux
Some of the exercises that you will do in this course require root access on a Linux computer. Most users on a Linux system are restricted. However, one user, named "root", can do anything. Only the root user (sometimes called the "superuser") has the right to change certain configuration files and to use certain commands. Obviously, for security reasons, you cannot be give root access on the cslab computers. However, you will run a virtual Linux system on which you will be the root user. A program named User Mode Linux (UML) makes this possible. The UML project can be found at http://user-mode-linux.sourceforge.net/. This software is already set up to run on the cslab computers.
UML sets up a virtual Linux computer that runs inside another Linux computer, which is called the "host" computer. The virtual computer has its own set of files and its own networking capability. The files are actually stored inside one or more files on the host system. The first time you run UML, you will have to specify the files for the virtual machine. Every time you start it up, you will have to configure the networking (or you will have to automate this by writing a script). Your goal for this lab is to get UML started and configured. In the process, you will learn a little about network configuration in Linux.
To start UML for the first time, give the following command, exactly as shown here:
uml ubd0=root_fs,/xtra/uml_deb3
The "ubd0=root_fs,/xtra/uml_deb3" specifies where the files for the virtual machine are to be stored. The file /xtra/uml_deb3 contains a full Linux file system which will be used as the basis for your own machine. A file named "root_fs" will be created in your home directory to hold any changes that you make to the virtual machine's files. Later, when you start UML again, you will only have to give the command uml. This will use the root_fs file that already exists in your account. (If ever you mess up your virtual machine, you can just delete the root_fs file and start again.)
When you give the uml command, a virtual Linux machine is started. You will see the usual Linux startup messages. If all goes well, two new windows will open. (If you get a "kernel panic", it probably means that you have not specified the files correctly.) You can log in to either of these windows to use your virtual computer. Log in with user name "root" and password "root". Once you are logged in, you can set up networking on your machine. Here are the steps:
First, turn on networking and specify an IP address for your machine. This is done with the ifconfig command. I will assign to you an IP address to use on your virtual machine. It is very important that you use your assigned address. It can be a real disaster for the whole network if you use an IP address that is already being used by another machine. The ifconfig command that you need is of the form:
ifconfig eth0 ip-address up
where ip-address is the IP address for your virtual machine. At this point, your virtual machine should already be able to communicate with computers on the local network, 172.30. Try pinging 172.30.10.23, for example.
Second, you need to tell your machine what to do with packets that are addressed to computers outside the local network. For this, you have to specify a gateway. This is done with the route command. Ordinarily, the gateway is a router that connects the local network to the rest of the Internet. For the 172.30 network, the gateway has IP address 172.30.0.200. The command for setting up this router as a gateway is
route add default gateway 172.30.0.200
Once you do this, you should be able to "ping 64.80.250.255", for example. (This is the IP address of one of the name server computers at our internet service provider.)
Third, you might want to be able to use graphical applications, such as nedit, from your virtual machine. This is a two-step process. You have to tell the host computer to let the virtual computer open windows, and you have to tell the virtual computer to use the host computer for opening windows. To do the first, give the following command on the host computer:
xhost ip-address-vm
where ip-address-vm is the IP address of the virtual computer. Now, in the virtual computer, give the command:
export DISPLAY=ip-address-host:0
where ip-address-host is the IP address of the host computer. The name of the host will be something like 172.30.217.104. You can use the command ipaddr on the host computer to find out its IP address. (Note that after you do the next step, you will be able to use the host computer name, such as cslab4, instead of the IP address.) To test this, try using the command nedit on the virtual computer.
Fourth, you should set up your virtual computer so that you can use domain names, such as math.hws.edu, instead of IP addresses. To do this, you have to create a file named resolve.conf in the /etc directory. This file contains information about name server computers that can be used to look up domain names. If you did the previous step, you can create this file by giving the command "nedit /etc/resolv.conf". Enter the following lines into the file:
nameserver 172.30.0.101 search hws.eduand save the file. The first line tells your virtual machine to use the computer with IP address 172.30.0.101 as a name server. The second line makes it possible to use abbreviations like "math" instead of full names like "math.hws.edu". (If you haven't gotten nedit to work, ask me about using the vi editor instead.)
After you create the file /etc/resolv.conf, you should be able to "ping math.hws.edu", for example. Note that when you start up your virtual machine in the future, you won't have to do this fourth step again, since the file will already exist.
If you've gotten all this to work, congratulations. You can shut down UML by giving the command halt in the virtual computer. It will take a minute or so for the virtual computer to shut down completely. Remember that the next time that you want to run your virtual computer, you only have to use the command uml. You have to do this in the same directory where the root_fs file is stored. Once the machine starts up, you will still have to set up networking with the ifconfig and route commands.
Exercises
Exercise 1: Try traceroute on an assortment of destinations, and try it on the same destinations at different times of day. Discuss your results: What destinations did you try? Which destination gave the longest route, and how long was it? Did you find any destination for which the route changed from one time of day to another? If so, what was the destination and how did the route change? Did you notice any changes in round trip time at different times of day? Any other interesting observations? (You might want to save your data in a file. You can add the traceroute output onto the end of a file by using a command such as:
/usr/sbin/traceroute www.hws.edu >> trdata
The name of the file is trdata. The ">>" means that the output will be appended to the file. If you use a single ">", the original contents of the file will be replaced by the output of the program.)
Exercise 2: Pick a destination host on the Internet, and try ping on that destination at various times of day. Report your observations. Do you see any variation in rtt (round trip time)? Did you observe any packet loss? (Note: You can tell the ping command to send out a fixed number of packets by using the -c option. For example, the command
ping -c 5 www.ucla.edu
will send 5 ping packets to www.ucla.edu, and will then report packet loss and average round trip time.)
Exercise 3: Several Web sites use ping to gather statistics about network traffic on the Internet. Two such sites are:
- Internet Traffic Report (http://www.internettrafficreport.com/), and
- Internet Weather Report (http://www.mids.org/weather/.
Visit both sites, read about what they do, and examine some of the data that they present. Write a short report (at least one page) about these sites. What sort of information do they provide? How do they use ping to gather information about Internet traffic? What are some examples of specific information that you learned from the sites? You should investigate the sites well enough that you can give more than just a superficial response.
Exercise 4: To show me that you managed to get your User Mode Linux virtual machine running, telnet from the virtual machine to math.hws.edu. (Just give the command telnet math.hws.edu in the virtual machine and log in as usual.) I will check that you have logged in by using the last command on math.hws.edu. It will show that you have logged in from the IP address of your virtual machine.
David Eck, 20 August 2002