handon-networking

course notes for exercise in computer networking

  • start capture:

      • from the image we can verify that
        • an Ethernet frame[Data link layer] encapsulates an IP datagram(Internet Protocol)[Network layer].
        • an IP datagram encapulates a TCP segment(Transmission Contorl protocol)[transport layer].
        • a TCP segment encapsulates an HTTP message(hypertext transfer protocol).
          • if use UDP then the 4th line is: User Datagram Protocol
        • noted that the Frame on top is nor a real protocol but used by Wireshrk as a base for all the protocols showing some info from capturing
    • filter: HTTP(can also apply TCP…..)

      • At the HTTP protocol level exchanged messages are :

        • GET HTTP/1.1 from the web browser to get the content from a web server
        • HTTP/1.1 responses from the server containing the content of the web site.
          1
          2
          104 4.435759000 vpn-252-095.epfl.ch icvmwebsrv2.epfl.ch HTTP    610 GET /favicon.ico HTTP/1.1 
          105 4.442593000 icvmwebsrv2.epfl.ch vpn-252-095.epfl.ch HTTP 463 HTTP/1.1 404 Not Found (text/html)
      • at the TCP protocol level exchanged messages are:

        • SYN (to initiate a TCP connection), SYN ACK, data packets, FIN (to end a connection) and FIN ACK.
          1
          2
          3
          4
          9  3.855667000 vpn-252-095.epfl.ch icvmwebsrv2.epfl.ch TCP 66  52449→http [SYN] Seq=0 Win=8192 Len=0 MSS=1160 WS=256 SACK_PERM=1`
          11 3.861081000 icvmwebsrv2.epfl.ch vpn-252-095.epfl.ch TCP 66 http→52449 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1160 SACK_PERM=1 WS=128
          12 3.861318000 vpn-252-095.epfl.ch icvmwebsrv2.epfl.ch TCP 54 52449→http [ACK] Seq=1 Ack=1 Win=16384 Len=0
          114 14.021210000 vpn-252-095.epfl.ch icvmwebsrv2.epfl.ch TCP 54 52449→http [FIN, ACK] Seq=1211 Ack=8243 Win=16384 Len=0
  • set HTTP filter:
    • analyze one HTTP message: the encapsulation of HTTP protocol data units
      • num of bytes the HTTP message contain:
        • : Transmission Control Portocol - TCP Segment Len: 287
      • num of bytes TCP and IP headers together add to the HTTP message
        • : Internet Prorocol - Header length: 20 bytes
        • : TCP - Header length: 32 bytes
        • intotal: 52 bytes
      • Ethernet frame size
        • Frame - frame length: 353 bytes
      • IP packet size = length of HTTP message data + TCP header + IP header
        • IP - total length: 339 bytes
        • note that Ethernet frame encapsulates the IP packet, which is = IP packet + Ethernet header, so it is always larger than IP packet size
      • num of HTTP sessions were established when the Web page was loaded? Check on and # servers the content of the web page is stored
        • http filter -> Statistics -> Conversation -> Limit to disply filter

EXERCISE 1

nslookup, dig, and host

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
// get the server and address of a website
# nslookup www.google.com
// The address 127.0.0.1 is always the IP address of every computer.
xizeng@icivrgsrv1:~$ nslookup localhost
Server: 128.178.15.7
Address: 128.178.15.7#53

Name: localhost.epfl.ch
Address: 127.0.0.1

$ ifconfig
// get IP address and interface(ethernet, local loopback) of my
// tation

$ ping <url>
// check whether the following machine is reachable
// check minimum, average, and maximum round trip time

$ traceroute <url>
// check the routers between my station and host of <url>
// RETURN RTT: round trip time
// ping returns as output whether a destination is reachable
// along with statistics about packet loss and RTT, traceroute
// shows all the hops in the routing path from source to
// destination along with RTT results for each hop.

$ xizeng@icivrgsrv1:~$ grep "ssh" /etc/services
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp

$ netstat -t
// TCP connections that are up and running on your system


Exercise 2:

  • traceroute to different destination, can find that all of the connection diverge at perticular router
    • if in EPFL network, than this special router is the one connects EPFL and SWITCH, and for the trace of the route, the next router should belong ro SEITCH education network
    • also notes that the number of hops is not proportional to the physical distance.
    • if traceroute from A to B and then from B to A, we can verify that
      • routes on the Internet do not need to be symmetric
        • the forward path and reverse path do not pass the same router
          • may choose seperate routers for ingoing and outgoing connections for load balancing
      • for the common routers between the forward and the reverse path, the IP adress may be different:
        • both IP addresses indeed belong to the same router, but have been allocated to different interfaces of it
    • if we for each packet size = [50,150,500,1000,1500], we send 50 packet by ping to www.google.com and plot it:
      • for same size of packet, delay randomly varies over time. This is mostly due to the variability of processing and queuing delays. The degree of variability is related to the quality of the connection, and it does not necessarily depend on the physical distance or even the number of hops.
      • for different size, delay may or may not depends on the size of the ping packets for all destinations
        • if the transmission delay is the major factor in the overall delay, the dependence is strong
        • if not, it is weak:
          • the destination is far away, and therefore the propagation delay (independent from the packet size) is significantly higher than the transmission delay (dependent on the packet size)
          • queueing delay (rather than the transmission delay) is the one to have the most significant part in the total delay sur to the high congestion in the network (high congestion can explain the “unexpected” drops as the size increase)
  • analyze of delay
    • estimation of the delay:
      • given
      • www.google.com_avg.txt : (for each packet size send 50 packets)
      • packet size/ minimumu delay/ max delay(for a packet in # packet size)
        50 4.638 4.386
        250 4.700 4.480
        500 4.764 4.574
        750 4.861 4.776
        1000 4.937 4.810
        1250 5.211 4.963
        1500 5.237 5.056
  • The propagation delay
    • does not depend on the packet size. It’s related to the link and, in general, does not vary (except if the link varies: cable, satellite, etc.)
  • The queuing delay
    • only depends on the congestion of the network. It will increase with the amount of traffic on the network (the more traffic there is, the more our packet will wait to be treated at a router).
    • avarage ~= average difference between the average and the minimum delays, taking into account all the packet sizes, for this example it is: 1/7 * ( (4.638-4.386) + (4.700-4.480) + (4.764-4.574) + (4.861-4.776) + (4.937-4.810) + (5.211-4.963) + (5.237-5.056) ) = 0.1861 [ms]
  • The transmission delay
    • almost proportional to the packet size; for a fixed packet size, it is constant.
    • assume that the other delay for the mimi delay of different packet size is the same;
    • ~= difference between the minimum delays for the largest packet and the smallest packet: 5.056 - 4.386 = 0.67 [ms] for 1500-50 = 1450 byte packets, 1 Byte = 8 bits
      • link throughput = 81450/[0.6710^(-3)] Mbps or Bit/s
  • The processing delay
    • can depend on the packet size, but to a much smaller degree than transmission delay; for a fixed packet size, it is reasonably constant.
    • for packet in same size, assume the transmission+propagetion+processing delay is the same
    • process + propage dalay ~= minimum delay among all minimum delays (usually it is the min delay for the smallest packet) = 4.386 ms

telnet

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
telnet> o www.google.ch 80
Trying 173.194.112.87...
Connected to www.google.ch.
Escape character is '^]'.
GET / HTTP/1.1
host: www.google.ch

// below is output
HTTP/1.1 200 OK
Date: Sat, 17 Oct 2015 16:56:32 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

// two cookie is stored by www.google.ch
Set-Cookie: PREF=ID=1111111111111111:FF=0:TM=1445100992:LM=1445100992:V=1:S=1eJR j9kphnaCmoih; expires=Thu, 31-Dec-2015 16:02:17 GMT; path=/; domain=.google.ch

Set-Cookie: NID=72=v6MxR_2MLSDmKT0EyV6qrIddaWKZ6FdL-zOEhz-DoRiCqqi8w8u8QBdpq-
fa6cpkDGAmqTiIQYOhSVNsy01hrc3cBzx3C7Ef9KzArtRCiwX-pNIdhMIyMe8bpPAt7rDGLagPsCP4; expires=Sun, 17-Apr-2016 16:56:32 GMT; path=/; domain=.google.ch; HttpOnly

Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

simple email client: SMTP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
$ grep smtp /etc/services
PORT 25
// SMTP use port 25

$ telnet test.smtp.org 25
// test SMTP server

$ help
214-2.0.0 This is sendmail version 8.15.2
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN AUTH
214-2.0.0 STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0 http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
// check if the email addresses are vaild
$ VRFY admin@test.smtp.org
553 5.3.0 admin@test.smtp.org... No such user

$ VRFY bouncer@test.smtp.org
553 5.3.0 bouncer@test.smtp.org... Disabled due to abuse

$ VERY bit-bucket@test.smtp.org
500 5.5.1 Command unrecognized: "VERY bit-bucket@test.smtp.org"
VRFY bit-bucket@test.smtp.org
250 2.1.5 <bit-bucket@test.smtp.org>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
xizeng@icivrgsrv1:~$ telnet mail.epfl.ch 25
Trying 128.178.222.71...
Connected to mail.epfl.ch.
Escape character is '^]'.
220 mail.epfl.ch AngelmatoPhylax SMTP proxy
$ helo
250 mail.epfl.ch
$ mail from: <anyname@gmail.com>
...
$ rcpt to: <firstname.lastname@epfl.ch>
503 successful MAIL needed before RCPT
$ data
503 successful RCPT needed before DATA
$ subject: hhhhh
write something here!!!


.
// end
$ quit
221 bye bye
Connection closed by foreign host.

And then you will receive the email!
notice that only ordered instruction will be recognized


use firefox to track the network
!()[/network/firefox.png]

  • info:
  • application protocol: HTTP 1.1
  • content type: audio/mpeg
  • contene size: 8315297 bytes
  • transport protocol: TCP

by the way, the website https://soundcloud.com/relaxdaily/instrumental-music-to-relax is really good!