Lab 7: Network Layer Lab

 

Objective

To investigate some aspects of the Network Layer.

 

Part 1: IP Addresses

In order to see your IP address, you can use the ip a command:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
    link/ether 42:01:0a:8e:00:02 brd ff:ff:ff:ff:ff:ff
    inet 10.142.0.2/32 scope global dynamic ens4
       valid_lft 80666sec preferred_lft 80666sec
    inet6 fe80::4001:aff:fe8e:2/64 scope link 
       valid_lft forever preferred_lft forever

There are two network interfaces here. The first is the "loopback" interface which can only connect programs on the same machine. 127.0.0.1 is a special IP address for the loopback interface. If any computer connects to 127.0.0.1, it will connect to itself.

The second interface is the "real" network. IPv4 information is under "inet", including the address and how much time is left on this IP address, under "valid_lft".

Questions:

  1. What is the IPv4 address of your VM?
  2. Is this an internal IP address, or an external one?
  3. How can you tell?
  4. How many more hours will your IP be valid?
  5. Do you think this IP was set manually or with DHCP?
 

Part 2: Network Address Translation

Since the Google cloud uses network address translation, the IP address you see above is not a public IP. The only way to find your public IP is to ask another machine what it sees you as. This is because routers hide the fact that your IP is private from you.

In order to test this, you can run the following command:

$ curl --local-port 40000 ifconfig.me/all

Curl is a program which downloads data over the Internet. Here we use it to download data from the site ifconfig.me. If we visit this site in a browser it gives us a web page with lots of info. If we grab it with curl, it prints it dumps it to our terminal as text. We can let curl pick the port, but here we specify it so that we can see what is being used locally. The service returns back to us what it sees our IP and port as.

Questions:

  1. What IP address and port do we on the machine locally see?
  2. What IP address and port does the external server program see?
  3. Is the IP address different? Why or why not?
  4. Is the port different? Why or why not?
 

Part 3: IP Packets

Just like the Ethernet frame information, TShark can be used to read fields from IP packets. To specify a particular field, you can use these flags:

$ tshark -T fields -e FIELD

You can pass more than one field by repeating the -e flag like this:

$ tshark -T fields -e FIELD1 -e FIELD2

Below are some fields from the IP header:

FieldMeaning
ip.srcThe source IP address
ip.dstThe destination IP address
ip.ttlThe time to live value
ip.checksumThe header's checksum
ip.lenPacket length

For the questions below, run TShark to capture 10 packets. These will most likely be packets sent between your local computer and VM as part of the SSH connection.

Questions:

  1. What IP addresses are communicating with this traffic?
  2. What values do you see for the TTL field? Assuming the initial value is 64, how many "hops" does this mean are between your computer and the VM?
  3. What is the average packet length?
 

Part 4: Routing

It is possible to find the path that a packet takes through the Internet to its destination. The traceroute package can do this.

This command makes use of the time to live field of a packet. It first sends a packet with a time to live of 1. When the packet is discarded, the router which discards it sends a message back. traceroute then can see info on this particular router. It then does the same thing with a TTL of 2, then 3, etc. until the packet arrives properly.

traceroute can use different protocols underneath this:

Sometimes one of these provides better information than the others with TCP generally being the best.

$ sudo traceroute -T amazon.com
traceroute to amazon.com (98.87.170.71), 30 hops max, 60 byte packets
 1  172.253.65.138 (172.253.65.138)  11.354 ms 142.251.239.99 (142.251.239.99)  10.923 ms  11.032 ms
 2  * 192.178.249.224 (192.178.249.224)  10.980 ms 192.178.249.238 (192.178.249.238)  10.343 ms
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  ec2-98-87-170-71.compute-1.amazonaws.com (98.87.170.71)  25.347 ms * *
 8  * ec2-98-87-170-71.compute-1.amazonaws.com (98.87.170.71)  26.129 ms  27.319 ms

The command prints the IP address of the router at each hop. It also prints the host name if it has one. It also prints the round trip time a packet takes to that node.

Unfortunately, not all routers send back a message when a packet is discarded. When this happens, traceroute can find no information on that hop, and it prints "* * *", as in the example above. Some networks provide more info than others.

Use traceroute on your VM to answer the following questions:

Questions:

  1. How many hops are needed to reach canvas.umw.edu? How many of them did not provide a message back to us?
  2. Based on the hostname of the last hop you found in question 1, where is our Canvas site hosted?
  3. How many hops are needed to reach goolge.com? Why does that make sense?
  4. How many hops are needed to reach en.wikipedia.org? Are there any IP addresses in the list which share prefixes? What does this tell you about those nodes?
 

Submitting

Submit the answers to the questions in the assignment in Canvas.