CS 4514 Computer Networks WPI, B Term 1998
Craig E. Wills Project 3 (20 pts)
Assigned: Tuesday, December 8, 1998 Due: Friday, December 18, 1998

Introduction

This project is intended for you to gain first-hand experience with many network tools as well as perform traffic monitoring and analysis of commonly used applications. These tools use many of the protocols and concepts we have discussed in class. The network analysis will help you better understand the nature of network traffic generated by different applications.

The project is divided into two parts. In the first part, you will be using network tools while in the second part you will be doing traffic monitoring and analysis. You are expected to hand in answers to the questions listed for each part.

Network Tools

The following are the list of network tools that you will be using for this part of the project. A summary description for each tool is given. There are other tools available, both public domain and products, but we will concentrate on these tools for the project.

This part of the project can be done on either a CCC Unix machine or a Windows NT machine in the WINE Lab (Webware, Interfaces and Networking Experimental Lab, Room A25, Fuller Labs). The name and complete path name for each command are given in case the directory is not part of your command path on the Unix systems. Commands on Windows NT should be run from a ``Command Prompt'' window. To obtain one, select ``Start'' (lower left corner), then ``Programs'' and then ``Command Prompt'' (near the top).

See the Unix man pages for more details on the description, options and example usage. On Windows NT, choose ``Help'' from the menu displayed by selecting ``Start'' and then enter the utility name to obtain more details.

The tools:

• ping, /usr/sbin/ping: This utility uses ICMP echo requests to measure the round trip time between two machines.

• traceroute, /usr/sbin/traceroute, tracert on Windows NT: This utility prints the route packets take to a network host. It also prints timing information. This utility works by first sending a packet to the given host with a hopcount of 1. When the first router decrements the hopcount and it reaches zero, the router will return an appropriate ICMP error message to the host. Next, traceroute sends with a hop count of 2, then 3 and so on. It will continue up to a maximum of 30 hops or until the destination host is reached. The utility prints each router and the time to each router.

• nslookup, /usr/ucb/nslookup: This utility allows a Domain Name System server to be queried. This command has its own shell interface (use ``exit'' to terminate the command). Entering a host name causes the IP address of the name server and the IP address of the host to be returned. Entering ``help'' at the prompt gives a list of options.

• netstat, /usr/sbin/netstat: This utility prints various network statistics. Among the more notable options are:

  -r

  This option prints out the host's routing tables.

  -s

  This option prints displays protocol-specific statistics.

  -H

  (available only on Unix system). This option prints out the current ARP cache for the host. This information can also be found using the arp (/usr/sbin/arp) command with the -a option.

Network Tools Questions

The following are specific questions you need to answer for this part of the project as you test out the various network tools.

1. Using ping, what is a typical round trip time between your machine and a CCC machine such as wpi or garden. Between a your machine and sequoia? Between your machine and one located elsewhere (e.g., lcs.mit.edu, www.berkeley.edu, www.umass.edu)? Is there any data loss in any of these tests? Overall, are the results what you expect?

2. Use traceroute to trace the route to each of the hosts in the previous question. What is the number of hops to each host? Do hop and timing results from traceroute correlate and explain your results from the previous question?

3. What is the IP address of the machine ``internet'', WPI's gateway to the Internet?

4. What is the Ethernet address of the machine ``internet'', WPI's gateway to the Internet? Hint: Try netstat -H or arp -a.

Network Traffic Analysis

This part of the project needs to be done on one of the machines in the WINE Lab. These machines provide a controlled environment in that each machine is connected to a switched Ethernet network so that the network interface for a machine only sees traffic going to and from this machine (along with spurious broadcast traffic). In addition, each machine is ``single-user'' so you can better control the applications running that generate network traffic.

In this part of the project you will be analyzing the type and frequency of network traffic as you use different applications generated network traffic. The traffic analyzer you will be using is a Perl script, named netperf, created for this assignment. Perl is an interpreted language with many powerful features.

The expected method to invoke the script is to first create a ``Command Prompt'' window. This window should be created in the folder corresponding to the desktop window of your PC. To invoke the script execute the following command at the prompt:

> \\shiraz\Perl5\perl \\shiraz\cew\netperf

where the perl interpreter is located on shiraz as well as the netperf script.

The script uses the output of netstat -s invoked at 5 second intervals to monitor changes in all protocol statistics. At each 5 second interval, it prints the protocol statistics that have changed during the interval and the counts for that interval. The script will run forever and must be manually terminated using ``Ctrl-c'' (pressing the ``c'' while holding down ``Ctrl''). At this point, netperf will create a file named netdata.csv, which is a ``comma-separated-value'' spreadsheet file readable by Excel. In fact the icon for this file should show it as an Excel file.

Clicking on the netdata.csv icon (should be located on your desktop if you executed netperf from this directory) will cause a spreadsheet of values to pop-up for all protocol statistics that changed during the lifetime of the script. You can graph all variables or portions by selecting ``Insert'', then ``Chart'' and we suggest ``Line''. Then select ``Next;SPMgt;'' to get a chart. Note: It is important that you select ``Series in: Columns'' to get the data plotted with the correct labels. You may ``Continue'' and put in axis labels or just ``Finish.'' Note: Rather than graphing all variables, you may want to select a portion of the columns and graph only those variables. You may want to print the graph of your statistics to support your answers.

For this part of the project you will be monitoring the network traffic generated by various applications. The easiest way to execute the commands (other than the Web browser) is run the netperf script in one window and create another ``Command Prompt'' window for executing commands. You may want to stop the netperf script after each application for easier analysis of that application's traffic patterns. Note: A new copy of the netdata.csv file will be created each time, overwriting the existing copy. The applications are:

• telnet: An interactive login to generate interactive traffic from command-style interface. Use it to login to your CCC Unix account and execute some commands to generate interactive network traffic.

• Netscape: Start up the web browser by double-clicking on the icon from the desktop. Retrieve your home page. Retrieve other pages.

• ftp: A file transfer program. You should login to your CCC Unix account and transfer a larger file using the get command within FTP (use quit to exit).

Network Traffic Analysis Questions

1. Which protocol statistics show activity when a telnet session is active?

2. How many TCP connections are opened when you retrieve a page? Obtain a page with a given set of images. View the information about a web page (using ``Cntl-I'') to see how many embedded images it includes. Does this number correspond to any network statistics?

3. Which protocol statistics show activity when an FTP session is active? How do these statistics compare to those for telnet? What is the data rate for transferred file (from the output of ftp)?

4. A DNS query can use either TCP or UDP. What protocol does nslookup use?

5. What ICMP message types are used with ping and traceroute?

Basic Objective

For the basic objective of the project, worth 18 points, answer the questions given for each of the project parts. For the two additional points, go beyond this set of questions and perform some other test or answer another question that you decide upon. This part of the project is to encourage you to use the tools to obtain results not specifically asked for in the basic portion of the project.

WINE Lab Access

A WINE account has been created you based on the initial class roster with your CCC usernames and passwords the same as username (you will be prompted to change your password on first access). Your home directory is on shiraz (\\shiraz\username). You should not expect to store any files permanently on the workstations as they are not backed up, and may occasionally be reimaged. The room has a card key lock with your student ID serving as the keycard. The lock will open for you Monday-Saturday from 07h00 to 23h00. Any questions or problems should be reported to system@cs.wpi.edu.