1. on My Wintel (Windows Running on Intel) Computer, I Entered the 64-46 = 12
Total Page:16
File Type:pdf, Size:1020Kb
Assignment
1. On my Wintel (Windows running on Intel) computer, I entered the 64-46 = 12 command "ping www.bucks.edu" and received the following reply. 64-45 = 13 Estimate the number of routers in the path between www.bucks.edu and my computer. (Hint, what initial value do you think www.bucks.edu uses for the IP Time-To-Live field. Think in powers of two.)
C:\>ping www.bucks.edu
Pinging www.bucks.edu [192.231.233.6] with 32 bytes of
Reply from 192.231.233.6: bytes=32 time=37ms TTL=45 Reply from 192.231.233.6: bytes=32 time=46ms TTL=46 Reply from 192.231.233.6: bytes=32 time=36ms TTL=46 Reply from 192.231.233.6: bytes=32 time=38ms TTL=46
Ping statistics for 192.231.233.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss) Approximate round trip times in milli-seconds: Minimum = 36ms, Maximum = 46ms, Average = 39ms
2. How many hops are in the path between www.bucks.edu and
a. Your home computer? 64-46 = 12 64-45 = 13 b. Your Temple computer (If our Temple firewall blocks ICMP packets, you will not be able to answer this question). 64-46 = 12
Page 1 3. On my Wintel computer, I entered the command "tracert www.bucks.edu" and received the following (The corresponding Unix command is "traceroute www.bucks.edu”). My computer is only 20 miles from Bucks County Community College. Why would the route from my to computer to Bucks go through New York City?
Comcast is my Internet Service Provider (ISP) at home. Voicenet is the ISP for Bucks County Community College. The closest place that these two networks meet is in New York City.
"wcg" may be Wilkshire Communications Group (WCG) or WilTel Communications. It is possible that Comcast uses the ATT backbone and that Voicenet uses WCG and that AT&T and WCG meet in New York. The split could also occur at one of the Philadelphia locations.
C:\>tracert www.bucks.edu
Tracing route to www.bucks.edu [192.231.233.6] over a maximum of 30 hops:
1 * * * Request timed out. 2 10 ms 7 ms 9 ms ge-2-1-sr01.lansdale2.pa.pa02.comcast.net [68.87.44.113] 3 8 ms 9 ms 9 ms ge-2-4-rr01.plymouthmtg.pa.pa02.comcast.net [68.87.44.137] 4 12 ms 12 ms 13 ms srp-8-1-ar01.torresdale.pa.pa02.comcast.net [68.87.44.5] 5 11 ms 11 ms 11 ms pos-7-1-cr01.torresdale.pa.core.comcast.net [68.87.19.197] 6 14 ms 14 ms 13 ms 12.119.53.49 7 18 ms 15 ms 16 ms tbr1-p012401.phlpa.ip.att.net [12.123.137.45] 8 16 ms 15 ms 16 ms tbr1-cl8.n54ny.ip.att.net [12.122.2.17] 9 13 ms 13 ms 14 ms ggr1-p330.n54ny.ip.att.net [12.122.11.214] 10 36 ms 34 ms 33 ms nycmny2wcx2-pos6-3.wcg.net [64.200.68.41] 11 33 ms 35 ms 38 ms nycmny2wcx2-pos5-0.wcg.net [64.200.68.54] 12 37 ms 35 ms 35 ms phlapa1wce1-pos6-1.wcg.net [64.200.210.29] 13 36 ms 35 ms 36 ms phlapa1wce1-yipes-gige.wcg.net [65.77.115.46] 14 24 ms 23 ms 24 ms 66.7.181.6 15 28 ms 33 ms 33 ms ivyland-gw-oc12.voicenet.net [209.71.48.49] 16 26 ms 27 ms 28 ms ivy3-gw-h0-0.voicenet.net [207.103.5.222] 17 31 ms 29 ms 29 ms bccc-gw-s0.voicenet.net [207.103.5.30] 18 31 ms 32 ms 29 ms bucks-fw.voicenet.net [207.103.210.203] 19 31 ms 29 ms 28 ms www.bucks.edu [192.231.233.6]
Trace complete.
4. What is the most distant city in the route between your home computer and www.bucks.edu. What is the most distant city between your Temple computer and www.bucks edu. (If you receive several consecutive lines containing "* * *", is means you have reached a router or computer that won't generate "hop count exceeded" replies.
a. Most distant city - home computer to www.bucks.edu. New York City
b. Most distant city - Temple computer to www.bucks.edu. Washington DC
5. In what city is www.l3com.com probably located? Salt Lake City (slkut.ip.att.net)
Page 2 6. On my Wintel computer, I entered the command "tracert www.nus.edu.sg" (see next page).
a. How can you tell that the cross-Pacific link is a fiber link, not a satellite link?
The magic altitude for a geosynchronous satellite is 22,300 miles, so the delay for a single hop (uplink + downlink) is (22,300 + 22,300)/186,000 = 240 milliseconds, which is as large as our total round-trip delay.
b. Estimate the length of the cross-Pacific fiber link. 15,400 km.
Average delay = 241-87 = 154 round trip or 77 milliseconds one way. 200 meters per microsecond = 200 km per millisecond, so 77 milliseconds is 200 * 77 or 15,400 km.
C:\>tracert www.nus.edu.sg
Tracing route to www.nus.edu.sg [137.132.12.114] over a maximum of 30 hops:
1 * * * Request timed out. 2 8 ms 9 ms 9 ms ge-2-1-sr01.lansdale2.pa.pa02.comcast.net [68.87.44.113] 3 9 ms 9 ms 9 ms ge-2-4-rr01.plymouthmtg.pa.pa02.comcast.net [68.87.44.137] 4 10 ms 11 ms 12 ms srp-8-1-ar01.torresdale.pa.pa02.comcast.net [68.87.44.5] 5 12 ms 11 ms 11 ms pos-7-1-cr01.torresdale.pa.core.comcast.net [68.87.19.197] 6 13 ms 13 ms 14 ms 12.119.53.53 7 17 ms 15 ms 15 ms tbr2-p012401.phlpa.ip.att.net [12.123.137.49] 8 21 ms 20 ms 18 ms tbr1-cl9.wswdc.ip.att.net [12.122.2.85] 9 19 ms 18 ms 18 ms ggr2-p300.wswdc.ip.att.net [12.123.9.81] 10 19 ms 18 ms 18 ms att-gw.nyc.verio.net [192.205.32.18] 11 28 ms 25 ms 27 ms p16-1-2-2.r21.nycmny01.us.bb.verio.net [129.250.4.26] 12 89 ms 98 ms 99 ms p16-1-1-3.r20.sttlwa01.us.bb.verio.net [129.250.5.61] 13 86 ms 87 ms 86 ms p16-0-0-0.r03.sttlwa01.us.bb.verio.net [129.250.2.15] 14 88 ms 87 ms 85 ms p1-0.usngp.sttlwa01.us.bb.verio.net [129.250.10.178] 15 243 ms 240 ms 241 ms pos1-0.pgp-cr1.singaren.net.sg [202.3.135.6] 16 240 ms 244 ms 241 ms ge3-9.pgp-dr1.singaren.net.sg [202.3.135.18] 17 241 ms 241 ms 239 ms nus-pgp-border.singaren.net.sg [202.3.135.130] 18 242 ms 244 ms 240 ms nusnet-3-193.dynip.nus.edu.sg [137.132.3.193] 19 * * * Request timed out. 20 * * * Request timed out. 21 ^C
Page 3 7. On my Wintel computer, I entered the command "ipconfig /all" and received the following response. The netmask 255.255.255.255 (in binary (11111111 11111111 11111111 00000000) indicates that the first 24 bits of my IP address (192.168.1) identifies my IP network (which happens to be a very small Ethernet) and that the last 8 bits if my IP address (100) identify my computer. (If another computer shares the network portion of your IP network address, communicate directly - otherwise you must send packets to your Gateway (your router) to be forwarded.)
For your home and Temple computers, identify:
Ethernet address net portion of host portion of IP address IP address
home 0 0 : D 0 : B 7 : 7 9 : 8 7 : 7 F 192.168.1 100
Temple 0 0 : 0 6 : 5 B : 5 2 : 1 D : 7 0 192.168.1 130
(On Unix systems, the command is "ifconfig" and you many need to specify the interface (the name of the Ethernet card). If so, use "netstat -nr".)
C:\>ipconfig /all
Windows IP Configuration
Host Name ...... : BOB Primary Dns Suffix ...... : Node Type ...... : Unknown IP Routing Enabled...... : No WINS Proxy Enabled...... : No DNS Suffix Search List...... : lndsd201.pa.comcast.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : lndsd201.pa.comcast.net Description ...... : Intel(R) 82559 Fast Ethernet LAN Physical Address...... : 00-D0-B7-79-87-7F Dhcp Enabled...... : Yes Autoconfiguration Enabled . . . . : Yes IP Address...... : 192.168.1.100 Subnet Mask ...... : 255.255.255.0 Default Gateway ...... : 192.168.1.1 DHCP Server ...... : 192.168.1.1 DNS Servers ...... : 68.80.0.5, 68.80.0.6 Lease Obtained...... : Wednesday, January 05, 2005 8:53 AM Lease Expires ...... : Thursday, January 06, 2005 8:53 AM
Page 4 8. On my Wintel computer, I entered the Windows command "nslookup" followed by the nslookup command "?" and received the following response. Use nslookup to determine the number of computers at Temple University.
Number of computers at Temple University. 33709
C:\>nslookup Default Server: ns01.toresd01.pa.comcast.net Address: 68.80.0.5 > ? Commands: (identifiers are shown in uppercase, [] means optional) NAME - print info about the host/domain NAME using default server NAME1 NAME2 - as above, but use NAME2 as server help or ? - print info on common commands set OPTION - set an option ... retry=X - set number of retries to X timeout=X - set initial time-out interval to X seconds type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV) querytype=X - same as type class=X - set query class (ex. IN (Internet), ANY) [no]msxfr - use MS fast zone transfer ixfrver=X - current version to use in IXFR transfer request server NAME - set default server to NAME, using current default server lserver NAME - set default server to NAME, using initial server finger [USER] - finger the optional NAME at the current default host root - set current default server to the root ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE) -a - list canonical names and aliases -d - list all records -t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.) view FILE - sort an 'ls' output file and view it with pg exit - exit the program
Apparently the "ls" command from non-temple sites is blocked. From inside Temple, you can obtain the following from an nslookup command:
> server ns1.temple.edu > ls -t a temple.edu > temple.txt [ns1.temple.edu] ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################################################################################ ################# Received 40856 answers (33709 records). >
8. Continued
Hint: To talk to one of Temple's nameservers, use the nslookup commands "set type=ns", "temple.edu", and "server ?????" where ????? is one of Temple's nameservers. Then you will have to look at the available nslookup commands and do a little work to find the answer. If one of Temple's nameservers doesn't work, try the other one. Page 5 9. On my Wintel computer, I entered the command "netstat -a" (netstat -l on some Unix machines) to list the TCP ports my computer was listening on. It shows that I am running an ftp server (port 21), an SMTP server on (on port 25), an https (http Secure on port 443) as well as other services.
Such ports are potential security problems because they allow "outsiders" to initiate TCP conversations with your computer. This computer is fairly save because it is located behind a firewall that block all incoming connections.
What TCP ports, if any, are your home and Temple computer listening?
a. home computer? ftp smtp http epmap https microsoft-ds 1025 1034 netbios-ssn
b. Temple computer? http epmap https Microsoft-ds 1027 3389 1029 netbios-ssn 1426
c. What numerical TCP ports are used by each of the following services and what is the name of the service (try google).
port port name or function name number of service
emap 135 Microsoft DCE Locator service aka. end-point mapper. Works like Sun RPC portmapper, except that end-points can also be named pipes. Used by DHCP, DNS, and WINS servers.
microsoft-ds 445 used for resource sharing on Windows 2000, XP, 2003, and other samba based connections (e.g. file shares)
netbios-ssn 139 NETBIOS Session Service
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State TCP BOB:ftp BOB:0 LISTENING TCP BOB:smtp BOB:0 LISTENING TCP BOB:http BOB:0 LISTENING TCP BOB:epmap BOB:0 LISTENING TCP BOB:https BOB:0 LISTENING TCP BOB:microsoft-ds BOB:0 LISTENING TCP BOB:1025 BOB:0 LISTENING TCP BOB:1034 BOB:0 LISTENING TCP BOB:netbios-ssn BOB:0 LISTENING UDP BOB:microsoft-ds *:* UDP BOB:isakmp *:* UDP BOB:1045 *:* UDP BOB:3456 *:* UDP BOB:4500 *:* UDP BOB:ntp *:* UDP BOB:1900 *:* UDP BOB:3932 *:* UDP BOB:ntp *:* UDP BOB:netbios-ns *:* UDP BOB:netbios-dgm *:* UDP BOB:1900 *:*
Page 6 10. On my Wintel computer, I entered the Windows command "apr -a" to print out the IP address to Ethernet address mapping for active computers on my local network. (Inactive entries are removed from the arp cache after several minutes). How many entries are in the apr cache of:
a. your home computer? 3
b. your Temple computer? 1
C:\>arp -a
Interface: 192.168.1.100 --- 0x10003 Internet Address Physical Address Type 192.168.1.1 00-0f-66-2d-9c-d3 dynamic 192.168.1.102 00-0f-66-2e-16-2b dynamic 192.168.1.103 00-48-54-3f-7c-ce dynamic
11. In the Ethereal subdirectory, run ethereal.exe and open the file telnet.dmp. Ignore frames like frame 1 (a Microsoft SMB protocol packet) that are not connected to the telnet session. (To answer some of the questions, you will find "Analyze" and "Follow TCP Stream" very convenient.)
a. What account did I log into? drbob
b. What password did I use? noway123
c. What Unix command did I enter after I logged in? ls
d. Why does (almost) each character I type appear twice (in two packets)?
One packet to send the character from my PC to unix.temple.edu, and one packet (the echo) coming back to display the character on my terminal.
e. How many bytes of Ethernet traffic (total) are 64+64+64 = 192 generated for each character I type? (IP) 41+41+40 = 122
f. What telnet window (terminal) size was negotiated? Width 80, Height 25
g. What telnet terminal type was negotiated? ANSI
h. The Arpanet (the forerunner of the Internet) used 56 kb/s (thousand bit per second) links. If a telnet client were 20 hops away from the telnet server on Arpanet, what minimum delay would there be between typing a character and seeing it echoed on the terminal (in milliseconds).
millisecond delay 365 milliseconds
Assuming 41-byte (or 328 bit) packets, each hop results in a store-and- forward delay of 328/56,000 or 5.9 milliseconds. 40 hops produces a delay of about 234 milliseconds. If Ethernet (512 byte) packets are assumed, the delay is 365 milliseconds.
Even when links are far below capacity, it may be necessary to increase link speed to reduce delay. It also helps to keep packets short (which is why ATM cells are only 53 bytes long).
Page 7 12. In the Ethereal subdirectory, run ethereal.exe and examining the file smtp.dmp. I could have easily done a better job forging the content of the message (e.g. a web page with a presidential seal, etc.). How can you forge the rfc0822 headers? (see http://www.ietf.org/rfc/rfc0822.txt if you need a definition of the headers - they are fairly obvious). Is there a simple way to examine the headers and determine that this is a forgery?
The headers in the mail message were produced by simply creating a new Microsoft Outlook "account" and filling in the information. It would have been just as easy to forge the entire email message (the body plus the RFC 822 headers) and use a telnet session to deliver the email message to an SMTP server.
13. Using Ethereal.exe, examine the dump files l3comhttp2.dmp. It is the trace of a browser request for the web page http://www.l3com.com.
a. How many different TCP sessions are used (different port numbers). 3
(1047, 1048, 1049)
b. How many different files were requested by the session using 36 port 1047.
/, /style.css, /images/bg.gif, /images/logo.gif, /images/flash/main_movie/swf /images/sub_site_map.gif, /images/stripes_top.gif, /images/go.gif /images/sub_search.gif, /images/stock_left.gif /images/products_and_services.gif, /images/about_l3.gif, /images/stripes_bottom.gif, /images/divisions.gif /images/investor_relations.gif, /images/careers.gif, /images/news_and_events.gif, /images/logo_bottom.gif, /images/l-3_is_information.gif, /images/circle.gif /images/hot_products.gif, /images/new_at_l-3.gif, /images/about_l3.gif /images/products_and_services_over.gif /images/about_ls_over.gif /images/divisions.gif /images/news_and_events.gif, /images/investor_relations_over.gif /images/investor_relations.gif, /images/divisions_over.gif /images/news_and_events_over.gif /images/careers.gif /images/careers_over.gif /images/sm_circle.gif /images/sm_circle_on.gif /images/sm_circle.gif
c. What specific files were requested by the session on port 1048.
/include/dyMenu.js /images/logo_top.gif /images/spacer.gif /images/sub_contract_us.gif /images/nav_left.gif /images/flash/ad.swf /images/sm_circle.gif (with cookie)
d. Including all of the conversations, how many bytes were 527,743 transferred?
Between first and last packet 24.565 sec Packets 694 Avg. packets/sec 28.252 Avg. packet size 760.437 Bytes 527743 Avg. bytes/sec 21483.852 Avg. MBit/sec 0.172 Page 8 14. Using Ethereal.exe, examine the dump files l3comhttp3.dmp. This is also the trace of a browser request for the web page http://www.l3com.com.
a. Including all of the conversations, how many bytes were 64,712 transferred?
b. Why is it so much shorter than the conversations from l3comhttp2.dmp.
Because the pages had not been modified, the browser on my computer used the copies of the files in its cache. No actual data was transferred.
15. Examine the dump file wsdl.dmp. This file shows the transfer of a WSDL (Web Services Description Language) document that describes the method (function) calls for a web service. Examine the WSDL and record the method (function) signatures – the method names, the types of the formal parameters and the type of the return value.
first method string AddInts(int int1, int int2)
second method int AddIntArray(int[] myarray)
third method Point AddPoint(Point pt1, Point pt2)
class Point { float x; float y; }
16. Examine the dump file soap.dmp, which contains the actual parameters transferred to a web service and the value returned.
first parameter
second parameter
result returned
17. A large file is being transferred with a TCP connection over a 5000 km high speed cross country fiber link. What is the maximum transfer rate?
The TCP window field is 16 bits long. By default, the TCP window field counts bytes so that the maximum possible window size is 2**16 bytes or 2*19 bits (about 1/2 million bits). Even if the fiber speed (in bits per second) were unbounded, the sender would have to stop transmitting after 1/2 million bits were sent to wait for an acknowledgement from the receiver (with a new window allocation). The round trip is 10,000 km at 200 km per millisecond or 50 milliseconds. 1/2 megabit in 50 milliseconds is 10 megabits per second.
There is a TCP option to allow the window to count larger chunks (e.g. megabytes instead of bytes). Page 9