Professional Documents
Culture Documents
Experiment no 1:
Network Analysis Tools
Make sure your PC has the following softwares\libraries installed
1. Netstat
2. Ping
3. WinPcap library
4. Tracert
5. Telnet
6. Trace route
7. Ethereal
8. Demon.net\extemal
You should write any command(s) specified below in the command prompt.
IPConfig
>ipconfig
Netstat
The netstat command is used to display the TCP/IP network protocol statistics and information.
> netstat -a
Ping
Short for Packet InterNet Groper, ping is a utility used to verify if a network data packet is
capable of being distributed to an address without errors. The ping utility is commonly used to
check for network errors.
Helps in determining TCP/IP Networks IP address as well as determine issues with the
network and assists in resolving them.
Ask one of your fellow-student for his IP address. Now issue the following command
>ping ipaddress
>ping -t ipaddress
Tracert
National University of Computer and Emerging Sciences, Lahore Campus
The tracert command is used to visually see a network packet being sent and received and the
amount of hops required for that packet to get to its destination.
>tracert hostname
Example:
169 ms l90 ms l60ms slcl-tc.xmission.com [166.70.1.20]
159ms l60ms l90ms cisco0-tc.xmission.com [166.70.1.1]
165 ms l89 ms l59ms www.computerhope.com [166.70.10.23]
Note:
Min, Max and average hop times are displayed in-order. Systems behind fire-wall cannot use
trace route
Trace route:
1. www.nu.edu.pk
2. www.mit.edu.pk
Q2: Produce route trace using the site http://www.net.princeton.edu/traceroute.html for the
following URLs: highway.ns.edu.pk, uet.edu.pk, www.mit.edu. Why is there a sudden increase
in hop time from hop 10 to hop 11 for the first two URLs but not for the last one?
Ethereal
Ethereal is a packet sniffing software which uses the promiscuous mode of LAN cards. It can
receive and pick packets of any protocol. However the details of the packets shown are
dependent on the protocol of the packet
After running the program go to the capture menu and press “interfaces” button
2. Write down acknowledgment no. and sequence number of the first TCP packet?
3. Carefully look at the ARP packets and describe their source address and destination address?
What these addresses are referring?
ARP:
Q1: Why have two sets of machine addresses – at layer 2 (MAC) and layer 3 (IP)?
ICMP:
Q1: What is the difference between ICMP packets sent by ping and the ones sent by tracert?
National University of Computer and Emerging Sciences, Lahore Campus
Experiment no 2:
Telnet and File Transfer Protocol
20 points
A severe security problem with the file transfer protocol (FTP) is that the login and password
information are transmitted as plain text (not encrypted). Sometimes malicious users exploit
this by snooping passwords on the network.
Here you learn how easy it is to crack passwords by snooping traffic from FTP (RFC 959) and
Telnet (RFC 854) sessions.
Note: The use of applications that do not encrypt passwords, such as FTP and Telnet, is
strongly discouraged. On the Internet, you should use protocols such as Secure Shell (ssh)
tools for file transfers and remote login. .
An FTP server is running on host 172.16.40.104 port 21 on the FAST LAN. You will establish a
connection with the server and capture the traffic exchanged during connection establishment
for analysis. Use the Ethereal capture filter to capture TCP packets only!
You can remotely login to the server as a client using following authentication information:
Inspect the payload of packets with FTP payload that is sent from PC1 to PC2. FTP sessions use
TCP connections for data transfer.
In ethereal, there is a simple method to view the payload sent in a TCP connection. Simply
select a packet that contains a TCP segment in the main window of ethereal, and then click on
"Follow TCP Stream" in the "Tools" menu of the ethereal window. This will create a new window
National University of Computer and Emerging Sciences, Lahore Campus
Now save the details of the packets which transmit the login name and password.
As a hint, you can set the display filter in ethereal to show only the desired packet(s). Then
save your data to a file on some local directory by selecting “Print” in the “File” menu of
ethereal, then selecting “Plain Text” and checking “Output to File”. Print your data in the space
given below.
Note: Your experiments will be graded. So be very careful about what to save and what to
ignore in ethereal’s captured traffic dump. .
• Using the saved output, identify the port numbers of the FTP client and the FTP server.
• Is the FTP connection in active or passive mode? Justify your answer using relevant
packet traces.
• Identify the login name and the password, shown in plain text in the payload of the
packets that you captured. You would need to copy the payload of the required packet(s)
to this document (i.e. Lab Report) and highlight the portion which has the authentication
information in it.
National University of Computer and Emerging Sciences, Lahore Campus
A telnet server is running on host 172.16.40.104 alias nucesf104 on your LAN. You will
establish a telnet connection with the server and capture the traffic exchanged during
connection establishment for analysis. Use the Ethereal capture filter to capture TCP
packets only!
Does Telnet have the same security flaws as FTP? Support your answer using extracts from
the saved output.
Reference:
[1] http://slacksite.com/other/ftp.html
[2] http://tools.ietf.org/html/rfc959
[3] http://tools.ietf.org/html/rfc854
In this exercise, we’ll explore several aspects of the HTTP protocol: the basic GET/response
interaction, HTTP message formats, retrieving large HTML files, retrieving HTML files with
embedded objects, and HTTP authentication and security.
Note: For each of the five scenarios given below you have to note down on the manual the
prints of relevant packets dump from ethereal. Refer to the previous question on the
procedure for saving (printing) packets to a text file.
Let’s begin our exploration of HTTP by downloading a very simple HTML file - one that is
very short, and contains no embedded objects. Do the following:
2. Start up the Ethereal packet sniffer, as described in the Introductory lab (but don’t yet
begin packet capture). Enter “http” (just the letters, not the quotation marks) in the
display-filter-specification window, so that only captured HTTP messages will be displayed
later in the packet-listing window. (We’re only interested in the HTTP protocol here, and
don’t want to see the clutter of all captured packets).
3. Wait a bit more than one minute (we’ll see why shortly), and then begin Ethereal packet
capture.
Your Ethereal window should look similar to the window shown in Figure 1.
The example in Figure 1 shows in the packet-listing window that two HTTP messages were
captured: the GET message (from your browser to the gaia.cs.umass.edu web server) and
the response message from the server to your browser. The packet-contents window shows
details of the selected message (in this case the HTTP GET message, which is highlighted in
the packet-listing window). Recall that since the HTTP message was carried inside a TCP
segment, which was carried inside an IP datagram, which was carried within an Ethernet
frame, Ethereal displays the Frame, Ethernet, IP, and TCP packet information as well. We
want to minimize the amount of non-HTTP data displayed (we’re interested in HTTP here,
and will be investigating these other protocols is later labs), so make sure the boxes at the
far left of the Frame, Ethernet, IP and TCP information have a right-pointing arrowhead
(which means there is hidden, undisplayed information), and the HTTP line has a down-
pointing arrowhead (which means that all information about the HTTP message is
displayed).
(Note: You should ignore any HTTP GET and response for favicon.ico. If you see a reference to this file, it is your
browser automatically asking the server if it (the server) has a small icon file that should be displayed next to the
displayed URL in your browser. We’ll ignore references to this pesky file in this lab.).
By looking at the information in the HTTP GET and response messages, answer the following
questions. When answering the following questions, you should print out the GET and
response messages (see the introductory Ethereal lab for an explanation of how to do this)
1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server
running? (2 points)
2. What languages (if any) does your browser indicate that it can accept to the server? (1
point)
4. What is the status code returned from the server to your browser? (1 point)
5. When was the HTML file that you are retrieving last modified at the server? (1 point)
6. How many bytes of content are being returned to your browser? (1 point)
7. By inspecting the raw data in the packet content window, do you see any headers within
the data that are not displayed in the packet-listing window? If so, name one. (1 point)
Most web browsers perform object caching and thus perform a conditional GET when
retrieving an HTTP object. Before performing the steps below, make sure your browser’s
cache is empty. (To do this under Netscape 7.0, select Edit->Preferences->Advanced-
>Cache and clear the memory and disk cache. For Internet Explorer, select Tools->Internet
Options->Delete File; these actions will remove cached files from your browser’s cache.)
Now do the following:
• Start up your web browser, and make sure your browser’s cache is cleared, as discussed
above.
• Quickly enter the same URL into your browser again (or simply select the refresh button
on your browser)
• Stop Ethereal packet capture, and enter “http” in the display-filter-specification window, so
8. Inspect the contents of the first HTTP GET request from your browser to the server. Do
you see an “IF-MODIFIED-SINCE” line in the HTTP GET? (1 point)
9. Inspect the contents of the server response. Did the server explicitly return the contents
of the file? How can you tell? (1 point)
10. Now inspect the contents of the second HTTP GET request from your browser to the
server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information
follows the “IF-MODIFIED-SINCE:” header? (1 point)
11. What is the HTTP status code and phrase returned from the server in response to this
second HTTP GET? Did the server explicitly return the contents of the file? Explain. (2
points)
In our examples thus far, the documents retrieved have been simple and short HTML files.
Let’s next see what happens when we download a long HTML file. Do the following:
• Start up your web browser, and make sure your browser’s cache is cleared, as discussed
above.
• Stop Ethereal packet capture, and enter “http” in the display-filter-specification window, so
that only captured HTTP messages will be displayed.
In the packet-listing window, you should see your HTTP GET message, followed by a
multiple-packet response to your HTTP GET request. This multiple-packet response deserves
a bit of explanation. Recall from Section 2.2 (see Figure 2.9 in the text) that the HTTP
response message consists of a status line, followed by header lines, followed by a blank
line, followed by the entity body. In the case of our HTTP GET, the entity body in the
response is the entire requested HTML file. In our case here, the HTML file is rather long,
and at 4500 bytes is too large to fit in one TCP packet. The single HTTP response message is
thus broken into several pieces by TCP, with each piece being contained within a separate
12. How many HTTP GET request messages were sent by your browser? (1 point)
13. How many data-containing TCP segments were needed to carry the single HTTP
response? (1 point)
14. What is the status code and phrase associated with the response to the HTTP GET
request? (1 point)
15. Are there any HTTP status lines in the transmitted data associated with a TCPinduced
“Continuation”? (1 point)
Now that we’ve seen how Ethereal displays the captured packet traffic for large HTML files,
we can look at what happens when your browser downloads a file with embedded objects,
i.e., a file that includes other objects (in the example below, image files) that are stored on
another server(s). Do the following:
• Start up your web browser, and make sure your browser’s cache is cleared, as discussed
above.
Your browser should display a short HTML file with two images. These two images are
referenced in the base HTML file. That is, the images themselves are not contained in the
HTML; instead the URLs for the images are contained in the downloaded HTML file. As
discussed in the textbook, your browser will have to retrieve these logos from the indicated
web sites. Our publisher’s logo is retrieved from the www.awl.com web site. The image of
our book’s cover is stored at the manic.cs.umass.edu server.
• Stop Ethereal packet capture, and enter “http” in the display-filter-specification window, so
that only captured HTTP messages will be displayed.
17. Can you tell whether your browser downloaded the two images serially, or whether they
were downloaded from the two web sites in parallel? Explain. (2 points)
Finally, let’s try visiting a web site that is password-protected and examine the sequence of
HTTP message exchanged for such a site. The URL http://gaia.cs.umass.edu/ethereal-
labs/protected_pages/HTTP-ethereal-file5.html is password protected. The username is
“eth-students” (without the quotes), and the password is “networks” (again, without the
quotes). So let’s access this “secure” password-protected site. Do the following:
• Make sure your browser’s cache is cleared, as discussed above, and close down your
browser. Then, start up your browser.
• Stop Ethereal packet capture, and enter “http” in the display-filter-specification window, so
that only captured HTTP messages will be displayed later in the packet-listing window.
18. What is the server’s response (status code and phrase) in response to the initial HTTP
GET message from your browser? (1 point)
19. When your browser’s sends the HTTP GET message for the second time, what new field
is included in the HTTP GET message? (1 point)
The username (eth-students) and password (network) that you entered are encoded in the
string of characters (ZXRoLXN0dWRlbnRzOm5ldHdvcmtz) following the “Authorization:
Basic” header in the client’s HTTP GET message. While it may appear that your username
and password are encrypted, they are simply encoded in a format known as Base64 format.
The username and password are not encrypted! To see this, go to
http://www.securitystats.com/tools/base64.php and enter the base64-encoded string
Fear not! As we will see sometime later, there are ways to make WWW access more secure.
However, we’ll clearly need something that goes beyond the basic HTTP authentication
framework!
Source:
6. Under what extension are Tcl scripts saved? How are these scripts executed?
7. The following questions deal with variable declaration and initialization in Tcl.
(a) Write the command for declaring a variable named ‘int’ initialized by an integer value of
5.
(b) Write the command for declaring a variable named ‘str’ initialized by a string “Hello Tcl”.
(c) Write the command for printing the string “I just declared the variables ‘5’ and ‘Hello
Tcl’”.
(d) Modify the above command to print the same string using the variables ‘int’ and str’.
(e) Write the command for testing whether a given number is greater than another or not.
(g) Declare a list of positive integers containing the above list (not its elements).
(h) Write the command for printing the length of the list above.
(i) Write the command for appending the integers 33 and 67 to the above list.
(j) Write the command for resetting an element of the list at a given index of 4.
(k) Given the declaration “set lst "1 2 3 4"”, what is the difference in the outputs of “puts
[lindex $lst 2]”, “puts “lindex $lst 2”” and “puts {lindex $lst 2}”.
8. The following questions deal with control and loop structures in Tcl.
(a) Write the command for squaring a list of integers using the foreach command..
(b) Perform the same operation as above using for command for first-half of list elements.
(c) For two variables ‘a’ and ‘b’ of arbitrary values, write the command for printing “HIGH”
if a > b and “LOW” otherwise.
(d) For a given numeric variable ‘a’, write the command for printing “POSITIVE” if a > 0,
“NEGATIVE” if a < 0 and “ZERO” if a = 0.
(b) Write a procedure that calculates the area of a circle of radius given as argument.
(c) Write a procedure that iteratively adds up the contents of an arguments list.
10. The following questions deal with declaring classes and objects in OTcl.
(a) Create a class called NewWorld with the following procedures:
--continents: returns the lists of continents (at least three)
-- oceans: stores the lists of all oceans; returns the number of oceans (at least three)
--land{continent}: returns the area of a given continent
(b) Create an instance of the class NewWorld and print its number of continents and oceans.
References:
[1] http://www-net.cs.umass.edu/cs653/notes/simulation.pdf
[2] www.isi.edu/div7/publication_files/advances_in_network.pdf
[3] http://www.isi.edu/nsnam/ns
[4] http://www.isi.edu/nsnam/ns/tutorial/index.html
1. Note down the ARP cache and the routing tables on both PCs.
2. Connect two PCs with a switch. Write down the IP addresses and MAC address (of
physical interfaces) of both machines, and the switch model below:
Machine A:
Machine B:
Switch model:
3. Check the ARP cache and the routing tables on both PCs.
4. What are the differences between the caches and tables checked in steps 1 and 4? Why?
5. Run Ethereal. Start capture on a physical (not virtual) interface. Now change your IP
address to some other address in the same subnet.
6. Using Machine A, ping Machine B. Note down the ARP cache contents.
7. Ethereal should display that some of the packets captured belong to the protocol
“Gratuitous ARP”.
8. Note down the header contents of the Gratuitous ARP packet below:
Ethernet II, Src: ___________________________ Dst: __________________________
Address Resolution Protocol ________________________________________________
Hardware type: _________________________________________________________
Protocol type: __________________________________________________________
Hardware size: _________________________________________________________
Protocol size: __________________________________________________________
Opcode: _______________________________________________________________
Sender MAC address: ___________________________________________________
Sender IP address: _____________________________________________________
Target MAC address: ___________________________________________________
Target IP address: ______________________________________________________
9. Stop capture. Use the Internet to find two specific and distinct uses of the Gratuitous
ARP.
10. Would there be any error reported in case the two machines use different subnet
masks? Why or why not? You may actually try this out by changing the mask of one of the
machines.
You will now try to create an IP address conflict in the following way.
11. Start Ethereal capture. Try assigning the same IP addresses to both machines. Note
down any messages that the operating system gives. Ping one of the machines.
12. Note down the ARP contents of both machines. Give reason for the presence/absence of
any content.
Machine
13. Stop capture. Fill the required information below for all of the Gratuitous ARP packets.
Sr.# Time Source Destination Protocol Information
14. Is the IP address of both machines the same? Why or why not?
15. How was Gratuitous ARP used in the conflict above? Your answer should include: which
machine sends this ARP, what kind of reply it receives and what does this machine infer
from the reply.
References:
[1] Behavior of Gratuitous ARP in Windows NT 4.0, http://support.microsoft.com/kb/199773
[2] ARP Q & A, http://www.geocities.com/SiliconValley/Vista/8672/network/arp.html
[3] Gratuitous ARP, http://wiki.ethereal.com/Gratuitous_ARP
1. Get IPerf.exe [108 KB] either from an Internet [1] or LAN server. The IPerf
documentation is a useful reference for usage.
2. Your first job is to measure the average bandwidth of the Ethernet cable provided to you.
For this purpose, you will be using the IPerf tool. IPerf essentially creates a connection (for
TCP only) between a client machine and a server machine. Then it sends traffic in the form
of a certain number of either UDP or TCP packets for a certain period of time.
4. Connect two machines using a switch. Designate Machine A as the server machine (in the
sense that it listens for and accepts requests for TCP connections) and Machine B as the
client server. Make sure that the machines are connected to each other using the ping
application. Write down the IP addresses and MAC address (of physical interfaces) of both
machines, and the switch model below:
Machine A:
Machine B:
Switch model:
Run the Command Prompt on both machines and enter the directory containing IPerf.exe.
Run Ethereal and start capturing on a physical interface.
7. Write down the final outputs at Machines A and B. Is there any difference in the values of
bandwidth? If yes, give a possible reason for the difference.
9. Using the IPerf documentation, briefly describe the purpose of the commands mentioned
in steps 5 and 6.
11. TCP uses a variable called “Window” to send (or receive) certain amounts of data in one
go. E.g. if TCP Window is set to be 130KByte, this means that the sum of the sizes of all
packets sent (or received) by a machine at a given time is 130KByte. This variable is
directly proportional to the bandwidth and the latency of physical links that TCP packets
traverse. For optimal performance (i.e. maximum bandwidth), it is necessary to select and
set an appropriate value of the variable.
12. You will now use IPerf to find out the best Window size for Machine B for a fixed Window
size of Machine B. To set, e.g., a Window of size 130KBye, you will repeat step 5 but will run
the command “iperf –c <Machine-A-IP-address> –w 130k” on Machine B.
13. Find the optimal Window size for Machine B by setting its Window from 10-150KByte in
steps of 10KByte, and then fine-tuning to a precise optimal value. State also the default
Window size of Machine A as display on its command window after running the command.
14. Run the Command Prompt on both machines and enter the directory containing
IPerf.exe. Run Ethereal and start capturing on a physical interface.
16. In the command window of Machine B, run the command “iperf –c <Machine-A-IP-
address> -u –b 10m” – where <Machine-A-IP-address> is the IP address (in decimal-dot
notation) of Machine A.
17. Write down all the non-zero values, if any, of the number of packets lost as well as jitter
and their corresponding intervals.
19. Using the IPerf documentation, briefly describe the purpose of the commands
mentioned in steps 15 and 16.
20. Exit Ethereal without saving any packet traces. Repeat steps 15 and 16. Note the final
outputs at Machines A and B. Are there any differences in the number of packets lost here
and the number in step 17? If yes, give a possible reason for the difference.
References:
[1] http://dast.nlanr.net/Projects/Iperf
Figure 1
The figure above models a part of the FAST-NUCES Lahore Campus network topology. The
networks labeled Lab-4 and Lab-3 are Ethernet-based Local Area Networks, constituting two
different broadcast domains. Both LAN are connected through various network devices
(shown in the figure) finally to the Internet backbone that connects all of Pakistan. The PIE
router, in Lahore, is connected via FDDI to a gateway router in Karachi (not shown in the
figure).
It has been proposed that the gateway router be connected, via FDDI, to a gateway router
in Amsterdam. You are part of a network design and analysis team in FAST interested in
gauging the effects of the new link on the campus network performance (throughput, delay
etc.). Your first job is to create a simple but fairly accurate model of the new network
topology in the simulator ns-2 while abiding by the following constraints:
• All nodes in any given LAN must be created using for loop(s) in the ns script.
• The LAN topology must be created using the method newLan of the Simulator class.
• The bandwidths and propagation delays must be carefully specified for each link.
Useful data:
One proposal to improve performance is to replace the whole link, but it is deemed too
costly. Another proposal is to use an Automatic-Repeat-Request-based link layer protocol.
As an internee in the Pakistan Internet Exchange (PIE), you suddenly find yourself
responsible for analyzing the performance of a “pipelined” Stop-and-Wait (SAW) ARQ
protocol through simulation using a topology model similar to the one built in Q2. Your first
job is to create a non-pipelined version of the protocol in ns-2.
• Every packet carries a sequence number, which indicates the amount of data
transmitted by the protocol agent. It is calculated by adding the current sequence
number to the size (in characters or bytes) of the data to be sent. The ACK of such a
packet will also contain the same sequence number to indicate the data
acknowledged. [1+2+1 points]
• No data will be sent by a sender agent until one ACK for the previous data packet
has been received. [5 points]
• OPTIONAL: If an ACK has not been received for 1 second, the corresponding data
packet is sent again. [10 bonus points]
You are required to write the header, C++ and Tcl files for this protocol.