# Lab 5: Network Layer Lab

## Objective

To use investigate some aspects of the Network Layer. This lab will ask you some questions. You should turn in your answers over email (either in the message body or in a separate document).

## Part 1: IP Addresses

In order to see your IP address, you can use the ip a command:

$ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000 link/ether 42:01:0a:8e:00:02 brd ff:ff:ff:ff:ff:ff inet 10.142.0.2/32 scope global dynamic ens4 valid_lft 80666sec preferred_lft 80666sec inet6 fe80::4001:aff:fe8e:2/64 scope link valid_lft forever preferred_lft forever  There are two network interfaces here. The first is the "loopback" interface which can only connect programs on the same machine. 127.0.0.1 is a special IP address for the loopback interface. If any computer connects to 127.0.0.1, it will connect to itself. The second interface is the "real" network. IPv4 information is under "inet", including the address and how much time is left on this IP address, under "valid_lft". Questions: 1. What is the IPv4 address of your VM? 2. Is this an internal IP address, or an external one? 3. How can you tell? 4. How many more hours will your IP be valid? 5. Do you think this IP was set manually or with DHCP? ## Part 2: Network Address Translation Since the Google cloud uses network address translation, the IP address you see above is not a public IP. The only way to find your public IP is to ask another machine what it sees you as. This is because router's hide the fact that your IP is private from you. In order to test this, you should run the following program on your VM:  #!/usr/bin/python3 import socket # the host we are connecting to and the port HOST = "34.73.23.1" PORT = 4040 # create our socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # connect the socket to the server sock.connect((HOST, PORT)) # get our local information ip, port = sock.getsockname() print("Client thinks its IP is ", ip, " and port is ", port, ".", sep="") # print the server's message print(sock.recv(1024).decode()) sock.close()  This program connects to a server. The purpose of the server is just to tell any clients that connect what it sees their IP address and port number is. The program prints out what it thinks its IP and port are, and then what the server sees. Questions: 1. What IP address and port does the client program see? 2. What IP address and port does the server program see? 3. Is the IP address different? Why or why not? 4. Is the port different? Why or why not? ## Part 3: IP Packets Just like the Ethernet frame information, TShark can be used to read fields from IP packets. To specify a particular field, you can use these flags: $ tshark -T fields -e FIELD


You can pass more than one field by repeating the -e flag like this:

$tshark -T fields -e FIELD1 -e FIELD2  Below are some fields from the IP header: FieldMeaning ip.srcThe source IP address ip.dstThe destination IP address ip.ttlThe time to live value ip.checksumThe header's checksum ip.lenPacket length For the questions below, run TShark to capture 10 packets. These will most likely be packets sent between your local computer and VM as part of the SSH connection. Questions: 1. What IP addresses are communicating with this traffic? 2. What values do you see for the TTL field? Assuming the initial value is 64, how many "hops" does this mean are between your computer and the VM? 3. What is the average packet length? ## Part 4: Routing It is possible to find the path that a packet takes through the Internet to its destination. The traceroute command can do this. To install it do: $ sudo apt install traceroute


This command makes use of the time to live field of a packet. It first sends a packet with a time to live of 1. When the packet is discarded, the router which discards it sends a message back. traceroute then can see info on this particular router. It then does the same thing with a TTL of 2, then 3, etc. until the packet arrives properly.

traceroute can use different protocols underneath this. The most reliable is ICMP. To get this, pass the -I flag like this:

$sudo traceroute -I en.wikipedia.org traceroute to en.wikipedia.org (208.80.154.224), 30 hops max, 60 byte packets 1 216.239.35.163 (216.239.35.163) 13.784 ms 13.797 ms 13.797 ms 2 108.170.240.100 (108.170.240.100) 13.290 ms 13.304 ms 13.784 ms 3 xe-3-3-3.cr2-eqiad.wikimedia.org (206.126.236.221) 14.272 ms 14.263 ms 14.263 ms 4 text-lb.eqiad.wikimedia.org (208.80.154.224) 13.758 ms 13.897 ms 13.897 ms  Note that this command needs sudo access because it interferes with the system's network operation. The command prints the IP address of the router at each hop. It also prints the host name if it has one. It also prints the round trip time a packet takes to that node. It does three samples for each. Unfortunately, not all routers send back a message when a packet is discarded. When this happens, traceroute can find no information on that hop, and it prints "* * *": ifinlay@chatserver:~$ sudo traceroute -I www.google.com
traceroute to www.google.com (74.125.141.104), 30 hops max, 60 byte packets
1  * * *
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  vl-in-f104.1e100.net (74.125.141.104)  0.886 ms  0.898 ms  0.898 ms


Here, we don't know what routers our packet stopped at along the way, but can infer that there were 10 hops.

Run a traceroute from your VM to the school's web server "www.umw.edu", and answer the following:

Questions:

1. How many hops were needed to reach it?
2. Of these, how many sent back a discard message?
3. Are there any IP addresses in the list which share prefixes? What does this tell you about those nodes?
4. Based on the hostname of the last hop, where is our website hosted?

## Submitting

When you're finished, email your answers to ifinlay@umw.edu.