Home CPSC 414

Lab 5: Network Layer Lab



To use investigate some aspects of the Network Layer. This lab will ask you some questions. You should turn in your answers over email (either in the message body or in a separate document).


Part 1: IP Addresses

In order to see your IP address, you can use the ip a command:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq_codel state UP group default qlen 1000
    link/ether 42:01:0a:8e:00:02 brd ff:ff:ff:ff:ff:ff
    inet scope global dynamic ens4
       valid_lft 80666sec preferred_lft 80666sec
    inet6 fe80::4001:aff:fe8e:2/64 scope link 
       valid_lft forever preferred_lft forever

There are two network interfaces here. The first is the "loopback" interface which can only connect programs on the same machine. is a special IP address for the loopback interface. If any computer connects to, it will connect to itself.

The second interface is the "real" network. IPv4 information is under "inet", including the address and how much time is left on this IP address, under "valid_lft".


  1. What is the IPv4 address of your VM?
  2. Is this an internal IP address, or an external one?
  3. How can you tell?
  4. How many more hours will your IP be valid?
  5. Do you think this IP was set manually or with DHCP?


Part 2: Network Address Translation

Since the Google cloud uses network address translation, the IP address you see above is not a public IP. The only way to find your public IP is to ask another machine what it sees you as. This is because router's hide the fact that your IP is private from you.

In order to test this, you should run the following program on your VM:


import socket

# the host we are connecting to and the port
HOST = ""
PORT = 4040

# create our socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

# connect the socket to the server
sock.connect((HOST, PORT))

# get our local information
ip, port = sock.getsockname()
print("Client thinks its IP is ", ip, " and port is ", port, ".", sep="")

# print the server's message


This program connects to a server. The purpose of the server is just to tell any clients that connect what it sees their IP address and port number is. The program prints out what it thinks its IP and port are, and then what the server sees.


  1. What IP address and port does the client program see?
  2. What IP address and port does the server program see?
  3. Is the IP address different? Why or why not?
  4. Is the port different? Why or why not?


Part 3: IP Packets

Just like the Ethernet frame information, TShark can be used to read fields from IP packets. To specify a particular field, you can use these flags:

$ tshark -T fields -e FIELD

You can pass more than one field by repeating the -e flag like this:

$ tshark -T fields -e FIELD1 -e FIELD2

Below are some fields from the IP header:

ip.srcThe source IP address
ip.dstThe destination IP address
ip.ttlThe time to live value
ip.checksumThe header's checksum
ip.lenPacket length

For the questions below, run TShark to capture 10 packets. These will most likely be packets sent between your local computer and VM as part of the SSH connection.


  1. What IP addresses are communicating with this traffic?
  2. What values do you see for the TTL field? Assuming the initial value is 64, how many "hops" does this mean are between your computer and the VM?
  3. What is the average packet length?


Part 4: Routing

It is possible to find the path that a packet takes through the Internet to its destination. The traceroute command can do this. To install it do:

$ sudo apt install traceroute

This command makes use of the time to live field of a packet. It first sends a packet with a time to live of 1. When the packet is discarded, the router which discards it sends a message back. traceroute then can see info on this particular router. It then does the same thing with a TTL of 2, then 3, etc. until the packet arrives properly.

traceroute can use different protocols underneath this. The most reliable is ICMP. To get this, pass the -I flag like this:

$ sudo traceroute -I en.wikipedia.org
traceroute to en.wikipedia.org (, 30 hops max, 60 byte packets
 1 (  13.784 ms  13.797 ms  13.797 ms
 2 (  13.290 ms  13.304 ms  13.784 ms
 3  xe-3-3-3.cr2-eqiad.wikimedia.org (  14.272 ms  14.263 ms  14.263 ms
 4  text-lb.eqiad.wikimedia.org (  13.758 ms  13.897 ms  13.897 ms

Note that this command needs sudo access because it interferes with the system's network operation.

The command prints the IP address of the router at each hop. It also prints the host name if it has one. It also prints the round trip time a packet takes to that node. It does three samples for each.

Unfortunately, not all routers send back a message when a packet is discarded. When this happens, traceroute can find no information on that hop, and it prints "* * *":

ifinlay@chatserver:~$ sudo traceroute -I www.google.com
traceroute to www.google.com (, 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  vl-in-f104.1e100.net (  0.886 ms  0.898 ms  0.898 ms

Here, we don't know what routers our packet stopped at along the way, but can infer that there were 10 hops.

Run a traceroute from your VM to the school's web server "www.umw.edu", and answer the following:


  1. How many hops were needed to reach it?
  2. Of these, how many sent back a discard message?
  3. Are there any IP addresses in the list which share prefixes? What does this tell you about those nodes?
  4. Based on the hostname of the last hop, where is our website hosted?



When you're finished, email your answers to ifinlay@umw.edu.

Copyright © 2024 Ian Finlayson | Licensed under a Attribution-NonCommercial 4.0 International License.