CS176B: Winter '11

Network Computing 
Main Lectures Homeworks Resources

Homework 1

Both parts of the homework are due January 19th at 11:59pm. All assignments are to be carried out individually. No collaboration is allowed.

Part A.

Analyze the cs176b-dump.gz traffic dump, which has been collected using the tcpdump tool, and answer the following questions:

  1. How many packets are contained in the file?
  2. How many IP packets are contained in the file?
  3. How many TCP packets are contained in the file?
  4. How many UDP packets are contained in the file between timestamp 898085180.549701 and timestamp 898085429.515582?
  5. How many TCP connections are contained in the file? (A TCP connection should be counted if the three-way handshake is completed correctly. Note that TCP connections that didn't shutdown completely before the end of the file should be counted anyway)
  6. How much data was exchanged on TCP connections that involved port 80? (number of bytes)
  7. Which TCP connection streams contain both the words "security" and "information"? (Specify the connections using [source IP]:[source port]-[destination IP]:[destination port]. Note that a TCP connection has two streams, one for each direction of the communication. You need to identify only the streams that contain the specified words.

For each of the questions, you have to briefly describe how you came to your results. Create a file in the directory for each of the questions. The files must be named homework1A_n.txt where n is the number of the question. Each file will contain a first line with the answer, followed by an empty line, followed by the explanation of how you reached your conclusions (You can see an example of the required format here).

Note that you can only use tcpdump, tcpslice, tcpflow, and the UNIX command-line utilities (such as grep, ls, awk, find, du, bc, and wc, to name a few). You cannot use Ethereal (or other fancy tools) to carry out this assignment. If you are in doubt (about a tool), ask the instructor.

Part B.

In this assignment, you will explore the various tools that an end user can use to discover how a machine is connected to the network and what the network looks like beyond the first hop. You investigation will use the following six tools:
  1. ifconfig
  2. arp
  3. traceroute
  4. netstat
  5. nslookup
  6. whois

Assignment Details

All of these tools should be available on any machine running a UNIX-based operating system, i.e. the machines in CSIL. However, unlike the other assignments, you can do this assignment from any machine that has all of these commands available.

You will want to make extensive use of the man pages for each command.

0. ifconfig

  1. Run ``ifconfig -a'' on the machine you will be using. Capture the output, and identify and explain as much of what is printed as you can. NOTE: You should be able to understand almost all of it.

1. ARP

  1. How do you show the full ARP table for your machine? Capture a printout of what it is. Explain each column of what is printed.
  2. If you try and use the arp command to add or delete an entry to the ARP table what happens? Why do you suppose this the case?
  3. You still have the ability to modify the ARP table, just not directly. How can you affect (either add, delete, or change) entries in the ARP table? Use this mechanism to add at least two new hosts to the ARP table and include a printout.
  4. How long do entries stay cached in the ARP table? Describe a trail-and-error method to discover the timeout value.
  5. What will happen if two IP addresses map to the same Ethernet address? Be specific on how all hosts on the subnet operate.

2. traceroute

  1. Explain in detail how traceroute works.
  2. Perform a traceroute from your machine to tourism.at.ru. Include a copy of the output and explain what happened including a description of what each of the fields means.
  3. Here's the challenge for this question: we want to traceroute to a non-existant machine outside of UCSB. The first problem is how do we KNOW that a particular machine does not exist? If we just pick an IP address and ping it, why is that not sufficient?
  4. Determine an IP address for a machine that you know definitely does not exist. Do a traceroute to that machine. Include a copy of the result.
  5. Identify a completely different (in all octets) IP address for a non-existant machine. Do a traceroute to this machine. Include a copy of this result.
  6. Repeat the above exercise (but you don't have to include traceroutes to more than two machines in your writeup) enough times so you can detect a pattern about what is happening. What pattern exists and why?

3. netstat

  1. What is netstat and what is it used for?
  2. What parameters for netstat should you use to show all the TCP connections established? Include a printout of this list for your machine. Be sure to explain what all fields are.
  3. What does netstat -r show? What are each of the fields in this output?
  4. netstat can be used to display network interface status. What option of netstat does this? By using netstat, figure out the number of interfaces on your machine. In the output you will find an interface named lo0 as a loopback interface. Can you say anything about this interface, about its function?

4. nslookup

  1. What is the IP address for the machine kubi.cs.berkeley.edu?
  2. What local machine is this information coming from? Why is it coming from this machine?
  3. Here is the problem: I want to find the IP address of where my email to somebody@hotmail.com goes. What you really need to do is find the ``mail exchanger'' for hotmail.com. There is an option in nslookup that tells you what the mail exchanger is for hotmail.com. Figure out the exact syntax of the format of this command, and execute it. Now what is the IP address of where my email to hotmail goes?

5. whois

    HINT: You will need to use a different server than the default whois server. One to try is: whois.arin.net.

    HINT: Getting whois.arin.net to return information is a challenge. Make sure you try all combinations of the network name, the host address, and the network address.

    HINT: You can also do a domain search at someplace like http://www.networksolutions.com/.

  1. Who is the ``coordinator'' for the network on which funnies.cs.ucsb.edu resides?
  2. Who is the coordinator for the network that kubi.cs.berkeley.edu is on?
  3. Like the hotmail example, I have another friend I send email to at AOL. Her email address is something@aol.com. What can you say about the coordinator for the AOL email network, i.e. contact info, etc? Include information about the steps you took and the results of the queries you made to figure out this information.
  4. What machine has IP address 198.182.196.56? What machines act as the DNS nameserver for the domain that 198.182.196.56 is in?

Submission

The submission process for this assignment uses the turnin package. Do a man turnin to find more info about this program. The name of the assignment is hw1.

To submit:

  1. Create a directory whose name is your CS account. For example, user John Doe --whose account is jdoe-- would do: 
    % mkdir jdoe
  2. Put in the directory a single text or PDF file that contains all of your code.
  3. Execute the turnin program. For example, user jdoe would execute: 
    % turnin hw1@cs176b jdoe

You can execute turnin up to 10 times per project. Earlier versions will be discarded. The timestamp of turnin has to be before the due date.