To use investigate some aspects of the Network Layer. This lab will ask you some questions. You should turn in your answers over email (either in the message body or in a separate document).
In order to see your IP address, you can use the
$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000 link/ether 42:01:0a:8e:00:02 brd ff:ff:ff:ff:ff:ff inet 10.142.0.2/32 scope global dynamic ens4 valid_lft 80666sec preferred_lft 80666sec inet6 fe80::4001:aff:fe8e:2/64 scope link valid_lft forever preferred_lft forever
There are two network interfaces here. The first is the "loopback" interface which can only connect programs on the same machine. 127.0.0.1 is a special IP address for the loopback interface. If any computer connects to 127.0.0.1, it will connect to itself.
The second interface is the "real" network. IPv4 information is under "inet", including the address and how much time is left on this IP address, under "valid_lft".
Since the Google cloud uses network address translation, the IP address you see above is not a public IP. The only way to find your public IP is to ask another machine what it sees you as. This is because router's hide the fact that your IP is private from you.
In order to test this, you should run the following program on your VM:
#!/usr/bin/python3 import socket # the host we are connecting to and the port HOST = "126.96.36.199" PORT = 4040 # create our socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # connect the socket to the server sock.connect((HOST, PORT)) # get our local information ip, port = sock.getsockname() print("Client thinks its IP is ", ip, " and port is ", port, ".", sep="") # print the server's message print(sock.recv(1024).decode()) sock.close()
This program connects to a server. The purpose of the server is just to tell any clients that connect what it sees their IP address and port number is. The program prints out what it thinks its IP and port are, and then what the server sees.
Just like the Ethernet frame information, TShark can be used to read fields from IP packets. To specify a particular field, you can use these flags:
$ tshark -T fields -e FIELD
You can pass more than one field by repeating the -e flag like this:
$ tshark -T fields -e FIELD1 -e FIELD2
Below are some fields from the IP header:
|ip.src||The source IP address|
|ip.dst||The destination IP address|
|ip.ttl||The time to live value|
|ip.checksum||The header's checksum|
For the questions below, run TShark to capture 10 packets. These will most likely be packets sent between your local computer and VM as part of the SSH connection.
It is possible to find the path that a packet takes through the
Internet to its destination. The
can do this. To install it do:
$ sudo apt install traceroute
This command makes use of the time to live field of a packet. It first
sends a packet with a time to live of 1. When the packet is discarded, the
router which discards it sends a message back.
can see info on this particular router. It then does the same thing with
a TTL of 2, then 3, etc. until the packet arrives properly.
traceroute can use different protocols underneath this. The
most reliable is ICMP. To get this, pass the -I flag like this:
$ sudo traceroute -I en.wikipedia.org traceroute to en.wikipedia.org (188.8.131.52), 30 hops max, 60 byte packets 1 184.108.40.206 (220.127.116.11) 13.784 ms 13.797 ms 13.797 ms 2 18.104.22.168 (22.214.171.124) 13.290 ms 13.304 ms 13.784 ms 3 xe-3-3-3.cr2-eqiad.wikimedia.org (126.96.36.199) 14.272 ms 14.263 ms 14.263 ms 4 text-lb.eqiad.wikimedia.org (188.8.131.52) 13.758 ms 13.897 ms 13.897 ms
Note that this command needs
sudo access because it interferes
with the system's network operation.
The command prints the IP address of the router at each hop. It also prints the host name if it has one. It also prints the round trip time a packet takes to that node. It does three samples for each.
Unfortunately, not all routers send back a message when a packet is discarded.
When this happens,
traceroute can find no information on that hop,
and it prints "* * *":
ifinlay@chatserver:~$ sudo traceroute -I www.google.com traceroute to www.google.com (184.108.40.206), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 vl-in-f104.1e100.net (220.127.116.11) 0.886 ms 0.898 ms 0.898 ms
Here, we don't know what routers our packet stopped at along the way, but can infer that there were 10 hops.
Run a traceroute from your VM to the school's web server "www.umw.edu", and answer the following:
When you're finished, email your answers to email@example.com.
Copyright © 2018 Ian Finlayson | Licensed under a Creative Commons Attribution 4.0 International License.