1. Assignment Overview

In this assignment, you will explore various tools that an end user can use to discover what is happening in the network. You will experiment with the following five tools:

1. arp (20 points) 2. ifconfig (20 points) 3. traceroute (20 points) 4. netstat (20 points) 5. nslookup (20 points)

2. Assignment Details

These tools should be available on machines running a LINUX or UNIX-basedoperating system. During the assignment, you will need to consult the man pagesof these tools and will want to do some search on the web.

arp (/usr/sbin/arp)

1. Learn what ARP protocol is and what it is used for. 2. What is the arp table? Why does your machine need this table?

3. What happens when you try to add/delete an entry into the arp table on your machine? Why is this the case?

4. Without being a superuser, how can you affect (either add, delete, or change) entries in the arp table? Use a mechanism to add at least one new host to the arp table and include a printout that is different from Part 2 above.

iconfig(/usr/sbin/ifconfig)

1. Run ifconfig a on your local machine. Capture the output and identify andexplain as much of what is printed as you can.

2. What it the command to determine whether the network interface is controlled by DHCP or not?

traceroute(/usr/sbin/traceroute)

1. Explain in detail how traceroute works.

2. Perform a traceroute from your machine to www.ox.ac.uk. Include a copy of the output and explain what happened including a description of what each of the fields means.

3. What happens if you traceroute to a non-existent machine? Include a copy of thetraceroute. How do you know the machine that you traced to was non-existent instead of just down or not responding? (NOTE: This question is actually tricky and requires some special thought.)

netstat (/usr/bin/netstat)

1. What is netstat and what is it used for?

2. What parameters should you use to show all the TCP connections established? Include a printout of this list.

3. What does netstat r show? What is noteworthy about the output?

4. netstat can be used to display network interface status. What option of netstat does that? By using netstat, figure out the number of interfaces on your machine. In the output you will find an interface named lo0 as a loopback interface. Can you say anything about this interface, about its fuction?

nslookup(/usr/sbin/nslookup)

1. What is the IP address for the machine mortician.cc.gatech.edu?

2. What local machine is this information coming from? Why is it coming from this machine?

3. Here is the problem: I want to find the IP address of where my email tosomebody@aol.com goes. What you really need to do is find the mail exchangerfor aol.com. There is an option in nslookup that tells you what the mail exchanger is for aol.com. Figure out the exact syntax of the format of this command, and execute it. Now what is the IP address of where my email to AOL goes?