CPSC 441, Fall 2014
Lab 2: Basic Network Utilities

This lab introduces some basic network monitoring/analysis tools. There are a few exercises along the way. You should write up answers to the exercises and turn them in next Friday. (You should try out each tool, whether it is needed for an exercise or not!)

Some Basic Command-Line Utilities

Start with a few of the most basic command line tools. These commands are available on Unix, including Mac OS and Linux (and the first two, at least, are also for Windows). Some parameters or options might differ on different operating systems. Remember that you can use  man <command>  to get information about a command and its options.

Exercise 1: Experiment with ping to find the round trip times to a variety of destinations. Write up any interesting observations, including in particular how the round trip time compares to the physical distance. Here are few places from which I was able to get replies: math.hws.edu, www.hws.edu, www.cornell.edu, berkeley.edu, www.uchicago.edu, www.ox.ac.uk (England), www.u-tokyo.ac.jp (Japan).

Traceroute

Traceroute is discussed in the textbook (pages 42–43). The command  traceroute <host>  will show routers encountered by packets on their way from your computer to a the specified <host>. For each n = 1, 2, 3, ..., traceroute sends a packet with "time-to-live" (ttl) equal to n. Every time a router forwards a packet, it decreases the ttl of the packet by one. If the ttl drops to zero, the router discards the packet and sends an error message back to the sender of the packet. (Again, as with ping, the packets might be blocked or might not even be sent, so that the error messages will never be received.) The sender gets the identity of the router from the source of the error message. Traceroute will send packets until n reaches some set upper bound or until a packet actually gets through to the destination. It actually does this three times for each n. In this way, it identifies routers that are one step, two steps, three steps, ... away from the source computer. A packet for which no response is received is indicated in the output as a *.

Traceroute is installed on the computers in Lansing 310. It was not installed in your virtual server last week, but you can install it with the command  sudo apt-get install traceroute

Exercise 2: (Very short.) Use traceroute to trace the route from your cslab computer to math.hws.edu and to www.hws.edu. Explain the difference in the results.

Exercise 3: Two packets sent from the same source to the same destination do not necessarily follow the same path through the net. Experiment with some sources that are fairly far away. Can you find cases where packets sent to the same destination follow different paths? How likely does it seem to be? What about when the packets are sent at very different times? Save some of the outputs from traceroute. (You can copy them from the Terminal window by highlighting and right-clicking, then paste into a text editor.) Come back sometime next week, try the same destinations again, and compare the results with the results from today. Report your observations.

Whois

The whois command can give detailed information about domain names and IP addresses. It is installed on the computers in Lansing. Whois can tell you what organization owns or is responsible for the name or address and where to contact them. It often includes a list of domain name servers for the organization.

When using whois to look up a domain name, use the simple two-part network name, not an individual computer name (for example, whois hws.edu not whois math.hws.edu).

Exercise 4: (Short.) Use whois to investigate a well-known web site such as google.com or amazon.com, and write a couple of sentences about what you find out.

Exercise 5: (Should be short.) Because of NAT, the domain name math.hws.edu has a different IP address outside of HWS than it does on campus. Using information in this lab and working on a cslab computer, find the outside IP address for math.hws.edu. Explain how you did it.

Geolocation

A geolocation service tries to tell, approximately, where a given IP address is located physically. They can't be completely accurate—but they probably get at least the country right most of the time.

I have not installed a geolocation program on our computers, but you can access one on the command line using the curl command, which can send HTTP requests and display the response. The following command uses curl to contact a public web service that will look up an IP address for you:  curl ipinfo.io/<IP-address>  (I got this from http://www.maketecheasier.com/ip-address-geolocation-lookups-linux/.) For a specific example:

curl  ipinfo.io/129.64.99.200

(As you can see, you get back more than just the location.)

Exercise 6: Find a few IP addresses that are connected to the web server on math.hws.edu right now, and determine where those IP addresses are located. (I'm expecting that there will be several; if not, try again in a few minutes or sometime later.) Find one that is far from Geneva, NY. Explain how you did it.

On the Web

A lot of network information can be accessed on web sites that provide various network tools for free. Here's one site that has links for DNS lookup, whois, and geolocation: http://www.topwebhosts.org/. You can find more by googling.

I will also mention that many web browsers—including Chrome, Firefox, and Safari—can show you a lot of information about their network activity. For example, you can see exactly what files have been retrieved as part of a page, and you can see the HTTP request and response headers for each file. I hope to demonstrate this in class.