Homework 1
Both parts of the homework are due January 19th at
11:59pm. All assignments are to be carried out individually. No
collaboration is allowed.
Part A.
Analyze the cs176b-dump.gz
traffic dump, which has been collected using the tcpdump tool, and
answer the following questions:
- How many packets are contained in the file?
- How many IP packets are contained in the file?
- How many TCP packets are contained in the file?
- How many UDP packets are contained in the file between
timestamp 898085180.549701 and timestamp 898085429.515582?
- How many TCP connections are contained in the file? (A TCP
connection should be counted if the three-way handshake is completed
correctly. Note that TCP connections that didn't shutdown completely
before the end of the file should be counted anyway)
- How much data was exchanged on TCP connections that
involved port 80? (number of bytes)
- Which TCP connection streams contain both the words
"security" and "information"? (Specify the connections using [source
IP]:[source port]-[destination IP]:[destination port]. Note that a TCP
connection has two streams, one for each direction of the
communication. You need to identify only the streams that contain the
specified words.
For each of the questions, you have to briefly describe how
you came to your results. Create a file in the directory for each of
the questions. The files must be named homework1A_n.txt
where n is the number of the question. Each file
will contain a first line with the answer, followed by an empty line,
followed by the explanation of how you reached your conclusions (You
can see an example of the required format here).
Note that you can only use tcpdump, tcpslice,
tcpflow, and the UNIX command-line utilities (such
as grep, ls, awk,
find, du, bc,
and wc, to name a few). You cannot use Ethereal
(or other fancy tools) to carry out this assignment. If you are in
doubt (about a tool), ask the instructor.
Part B.
In this assignment, you will explore the various tools that an end user
can use to discover how a machine is connected to the network and what
the network looks like beyond the first hop. You investigation
will use the following six tools:
- ifconfig
- arp
- traceroute
- netstat
- nslookup
- whois
Assignment Details
All of these tools should be available on any machine running a UNIX-based
operating system, i.e. the machines in CSIL. However, unlike the other
assignments, you can do this assignment from any machine that has all
of these commands available.
You will want to make extensive use of the man pages for
each command.
0. ifconfig
- Run ``ifconfig -a'' on the machine you will be using. Capture the
output, and identify and explain as much of what is printed as you can.
NOTE: You should be able to understand almost all of it.
1. ARP
- How do you show the full ARP table for your machine? Capture
a printout of what it is. Explain each column of what is printed.
- If you try and use the arp command to add or delete an entry to the
ARP table what happens? Why do you suppose this the case?
- You still have the ability to modify the ARP table, just not directly.
How can you affect (either add, delete, or change) entries in the ARP table?
Use this mechanism to add at least two new hosts to the ARP table and include
a printout.
- How long do entries stay cached in the ARP table? Describe a
trail-and-error method to discover the timeout value.
- What will happen if two IP addresses map to the same Ethernet address?
Be specific on how all hosts on the subnet operate.
2. traceroute
- Explain in detail how traceroute works.
- Perform a traceroute from your machine to tourism.at.ru. Include a copy
of the output and explain what happened including a description of what
each of the fields means.
- Here's the challenge for this question: we want to traceroute to a
non-existant machine outside
of UCSB. The first problem is how do we KNOW that a particular machine does
not exist? If we just pick an IP address and ping it, why is that
not sufficient?
- Determine an IP address for a machine that you know definitely does not exist.
Do a traceroute to that machine. Include a copy of the result.
- Identify a completely different (in all octets) IP address for a non-existant
machine. Do a traceroute to this machine. Include a copy of this result.
- Repeat the above exercise (but you don't have to include traceroutes to
more than two machines in your writeup) enough times so you can detect a
pattern about what is happening. What pattern exists and why?
3. netstat
- What is netstat and what is it used for?
- What parameters for netstat should you use to show all the TCP
connections established? Include a printout of this list for your machine.
Be sure to explain what all fields are.
- What does netstat -r show? What are each of the fields in this
output?
- netstat can be used to display network interface status. What option
of netstat does this? By using netstat, figure out the number of interfaces
on your machine. In the output you will find an interface named lo0
as a loopback interface. Can you say anything about this interface, about
its function?
4. nslookup
- What is the IP address for the machine kubi.cs.berkeley.edu?
- What local machine is this information coming from? Why is
it coming from this machine?
- Here is the problem: I want to find the IP address of where my email
to somebody@hotmail.com goes. What you really need to do is find the
``mail exchanger''
for hotmail.com. There is an option in nslookup that tells you what the mail
exchanger is for hotmail.com. Figure out the exact syntax of the format of
this command, and execute it. Now what is the IP address of where my email
to hotmail goes?
5. whois
HINT: You will need to use a different server than the default
whois server. One to try is: whois.arin.net.
HINT: Getting whois.arin.net to return information is a challenge.
Make sure you try all combinations of the network name, the host address,
and the network address.
HINT: You can also do a domain search at someplace like
http://www.networksolutions.com/.
- Who is the ``coordinator'' for the network on which funnies.cs.ucsb.edu
resides?
- Who is the coordinator for the network that kubi.cs.berkeley.edu is on?
- Like the hotmail example, I have another friend I send email to at AOL.
Her email address is something@aol.com. What can you say about
the coordinator for the AOL email network, i.e. contact info, etc?
Include information about the steps you took and the
results of the queries you made to figure out this information.
- What machine has IP address 198.182.196.56? What machines act
as the DNS nameserver for the domain that 198.182.196.56 is in?
Submission
The submission process for this assignment uses the turnin
package. Do a man turnin to find more info about
this program. The name of the assignment is hw1.
To submit:
- Create a directory whose name is your CS account. For
example, user John Doe --whose account is jdoe--
would do:
% mkdir jdoe
- Put in the directory a single text or PDF file
that contains all of your code.
- Execute the turnin program. For
example, user jdoe would execute:
% turnin hw1@cs176b jdoe
You can execute turnin up to 10 times
per project. Earlier versions will be discarded. The timestamp of turnin
has to be before the due date.