To use investigate some aspects of the Network Layer. This lab will ask you some questions. You should turn in your answers over email (either in the message body or in a separate document).
In order to see your IP address, you can use the ip a
command:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
link/ether 42:01:0a:8e:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.142.0.2/32 scope global dynamic ens4
valid_lft 80666sec preferred_lft 80666sec
inet6 fe80::4001:aff:fe8e:2/64 scope link
valid_lft forever preferred_lft forever
There are two network interfaces here. The first is the "loopback" interface which can only connect programs on the same machine. 127.0.0.1 is a special IP address for the loopback interface. If any computer connects to 127.0.0.1, it will connect to itself.
The second interface is the "real" network. IPv4 information is under "inet", including the address and how much time is left on this IP address, under "valid_lft".
Questions:
Since the Google cloud uses network address translation, the IP address you see above is not a public IP. The only way to find your public IP is to ask another machine what it sees you as. This is because router's hide the fact that your IP is private from you.
In order to test this, you should run the following program on your VM:
#!/usr/bin/python3
import socket
# the host we are connecting to and the port
HOST = "34.73.23.1"
PORT = 4040
# create our socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# connect the socket to the server
sock.connect((HOST, PORT))
# get our local information
ip, port = sock.getsockname()
print("Client thinks its IP is ", ip, " and port is ", port, ".", sep="")
# print the server's message
print(sock.recv(1024).decode())
sock.close()
This program connects to a server. The purpose of the server is just to tell any clients that connect what it sees their IP address and port number is. The program prints out what it thinks its IP and port are, and then what the server sees.
Questions:
Just like the Ethernet frame information, TShark can be used to read fields from IP packets. To specify a particular field, you can use these flags:
$ tshark -T fields -e FIELD
You can pass more than one field by repeating the -e flag like this:
$ tshark -T fields -e FIELD1 -e FIELD2
Below are some fields from the IP header:
| Field | Meaning |
|---|---|
| ip.src | The source IP address |
| ip.dst | The destination IP address |
| ip.ttl | The time to live value |
| ip.checksum | The header's checksum |
| ip.len | Packet length |
For the questions below, run TShark to capture 10 packets. These will most likely be packets sent between your local computer and VM as part of the SSH connection.
Questions:
It is possible to find the path that a packet takes through the
Internet to its destination. The traceroute command
can do this. To install it do:
$ sudo apt install traceroute
This command makes use of the time to live field of a packet. It first
sends a packet with a time to live of 1. When the packet is discarded, the
router which discards it sends a message back. traceroute then
can see info on this particular router. It then does the same thing with
a TTL of 2, then 3, etc. until the packet arrives properly.
traceroute can use different protocols underneath this. The
most reliable is ICMP. To get this, pass the -I flag like this:
$ sudo traceroute -I en.wikipedia.org traceroute to en.wikipedia.org (208.80.154.224), 30 hops max, 60 byte packets 1 216.239.35.163 (216.239.35.163) 13.784 ms 13.797 ms 13.797 ms 2 108.170.240.100 (108.170.240.100) 13.290 ms 13.304 ms 13.784 ms 3 xe-3-3-3.cr2-eqiad.wikimedia.org (206.126.236.221) 14.272 ms 14.263 ms 14.263 ms 4 text-lb.eqiad.wikimedia.org (208.80.154.224) 13.758 ms 13.897 ms 13.897 ms
Note that this command needs sudo access because it interferes
with the system's network operation.
The command prints the IP address of the router at each hop. It also prints the host name if it has one. It also prints the round trip time a packet takes to that node. It does three samples for each.
Unfortunately, not all routers send back a message when a packet is discarded.
When this happens, traceroute can find no information on that hop,
and it prints "* * *":
ifinlay@chatserver:~$ sudo traceroute -I www.google.com traceroute to www.google.com (74.125.141.104), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 vl-in-f104.1e100.net (74.125.141.104) 0.886 ms 0.898 ms 0.898 ms
Here, we don't know what routers our packet stopped at along the way, but can infer that there were 10 hops.
Run a traceroute from your VM to the school's web server "www.umw.edu", and answer the following:
Questions:
When you're finished, email your answers to ifinlay@umw.edu.
Copyright © 2024 Ian Finlayson | Licensed under a Creative Commons BY-NC-SA 4.0 License.