Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

159.334 Computer Networks A) Network Diagnostics

advertisement 
1
159.334 Computer Networks
Lab 1
Objectives:
1) Use command line tools to discover extended network.
2) Use Wireshark to examine network protocols
3) Learn about network Domain
Note: Unless specified, the exercises for lab 1 can be performed on a client or a server machine.
KEY:
Do this
Information
A) Network Diagnostics
Check host availability with Ping:
The ping command sends as Internet Control Message Protocol (ICMP) ECHO_REQUEST to
obtain an ICMP ECHO_RESPONSE from a host or gateway.
Ping then calculates latency (turnaround time) in the network. The ping command is useful
for isolating network problems, as well measuring and managing network performance.
Click “Start””Run” (or press Windows + R). Type “cmd” in the textbox and press ‘OK”, or enter key.
The text mode window that pops up is called “Command Prompt”
Type in “ping” followed by the IP address of the computer you wish to check, for e.g. “ping
192.168.4.1”.
If your output looks noticeably different to this (e.g. “Request Timed Out”), it means you can’t reach
the host you were pinging. Check your network cables, and IP address settings.
159.334 Computer Networks
1
2
Q1. Experiment with pinging computes and try removing different network cables to generate some
errors. List two errors here and try to determine what they mean:
You can use “ping –t x.x.x.x” to send ping request indefinitely. (Ctrl-C to cancel)
Determine the path from you PC to the IBM server using ‘tracert’:
Open a command prompt as you did for using ping.
Type “tracert” followed by the IP address of the computer you wish to check, for example
“tracert 192.168.4.1”.
C:\>tracert 192.168.4.1
Tracing route to SERVER[192.168.4.1]
over a maximum of 30 hops:
1
<10ms
<10ms
2
<10ms
<10ms
3
<10ms
<10ms
Trace complete
<10ms
<10ms
<10ms
192.168.2.251
192.168.0.4
SERVER [192.168.4.1]
Tracert shows you the logical path to the target IP address (in this instance through the
router 192.168.2.251 and 192.168.0.4 ie 2 hops).
TTL (Time To Live) of a ping request is a number that is stored inside the packet (at the IP
level). Before each router forwards the packet to the next device on the network, the TTL is
decremented and checked. If the TTL is 0, the router will return a packet to the sender
indicating the packet expired. TTLs exist to prevent packets from becoming stuck in a loop.
Loops are unlikely to occur in a carefully managed LAN, but are more probable on larger
networks with redundant paths.
Set the TTL for a ping using “ping –i <required TTL> x.x.x.x”
Ping 192.168.4.1 with a manually-set TTL(Time To Live) of 1. You should notice that the IP address
displayed is the same as the first line of your tracert output.
Repeat this process with a TTL of 2, you’ll notice this IP is the same as the second line of your tracert
output. This is how tracert finds hops on the path to the server.
159.334 Computer Networks
2
3
Q2. What error message is returned when you send a ping request with a TTL of 1?
Q3. Why when you send a ping to the server with a TTL of 20 does it seem to come back a higher
TTL?
Determine the path from your PC to the IBM server using path recording:
Open a command prompt and enter “ping –n 1 –r 9 192.168.4.1”.
-r is the record route option for ping, 9 specifies the number of hops to record. Due to the
limited size of IPv4 headers, 9 is the maximum valid number. As the ping packet is forwarded
by a router, it records the IP address of the interface the packet will go out.
-n is the option that specifies the number of ping requests to send (four by default).
To see a list of other options you can pass to ping, type “ping /?” at the command prompt.
Q4. Why are there more IP addresses listed here than there were when you used tracert?
Q5. Why does it appear path recording has recorded the hops backwards?
Q6. What are the comparative pros and cons of using tracert or path recording for network
discovery?
159.334 Computer Networks
3
4
Investigate the ARP cache
Open a command prompt and type “arp –a”
The physical address is also sometimes called the Ethernet address or Hardware address, but
is most commonly called the MAC address (Media Access Control).
The ‘Internet Address’ is more commonly known as the IP address or just the IP.
ARP stands for Address Resolution Protocol, it is a listing of MAC address and IP address
pairs. When your computer sends a packet to a specific IP, it can hook up what MAC address
the packet needs to be sent to.
Your list is most probably different, but it will look similar to this:
The type dynamic means this pairs hasn’t been added manually, instead the computer
“asked around” to get the information off the network (you can see how this works in the
next section using wireshark).
Q7. How many entries are there in your ARP cache? ________________________
Ping a valid IP address that isn’t in your ARP cache (you know it is valid if you get normal ping
replies). Check your ARP cache again with “arp –a”
Q8. How many new entries are there in your ARP cache?
List any here:
.
.
.
.
159.334 Computer Networks
.
.
-
-
-
-
-
Static/dynamic (circle one)
Static/dynamic (circle one)
4
5
B) Wireshark
Wireshark (known as “Ethereal” pre2006) is a network protocol analyzer application (or
“packet-sniffer”).
A protocol analyser is a software application that can capture and log data frames passing
over a network. Each captured frame is fully de-encapsulated and the field content of each
contained PDU header is available for examination – as is the information payload. Filters
may be applied so as to focus interception onto particular protocols, or on frames to/from
particular addresses, etc. A protocol analyser may be used for network troubleshooting,
performance analysis, software development and protocol development purposes.
Wireshark is freeware program, available at: http://www.Wireshark.org
Things To Do
1
Apply: ipconfig /all
Record your PC’s allocated IP address and it’s permanent MAC address
IP Address: ___________________
2
MAC Address: ___________________________
Start Wireshark
Establish the following settings:
 Open the Capture menu
 Select the Options choice.
The Capture Options dialog box provides a
range of settings and filters which determines
where data is captured from, which data and
how much data traffic is captured and more.
 Open the Interface pick list
and select your NIC.
159.334 Computer Networks
5
6
When your NIC is selected,
your IP address (etc) will appear here
“Promiscuity” (say yes if you want, but it isn’t going to happen!)
Checking or unchecking has no effect when the LAN
topology is “switched” (the 3D12 case).
If the media is truly shared, selecting “promiscuous” causes
the capture of all frames (otherwise, only your own frames
and “broadcast” type frames are captured)
The Capture Filter field allows you to specify what type of
packets you want to capture. Filtering can be based on
many different packet characteristics.
 Set the Display Options and Name
Resolution check boxes as indicated.
This summary DOES NOT appear
if this option IS Checked
Note: enabling “Name Resolutions” can be useful
but to generate such information Wireshark has to access various servers – which adds network
traffic.
3
Apply the Start button.
Two screens will appear, the main capture screen below and a small summary screen
You may care to minimise
the above.
“Stop” and “Exit” both end
the capture session
PACKET LIST PANE
PACKET DETAILS PANE
If you “click” a packet
in the “List Pane”, full
details of that packet
can be explored in the
“Details Pane”
PACKET BYTES PANE
159.334 Computer Networks
6
7
Observe Ping
In Wireshark, start a capture, enter “ip proto \icmp” in the Capture Filter textbox, select the
VMWare Accelerated AMD PCNet Adapter interface and click “OK”.
Click “OK” to begin capturing.
The window that now pops up displays a summary of captured packets
Captured packets still get to their destination, Wireshark simply takes a copy of them.
At the command prompt, ping the IBM server. Once this has finished, change back to your capture
summary and click “Stop”.
In the Wireshark’s main window, notice that there’s 8 ICMP packets in the top frame. Select one of
the packets marked “Echo (ping) Request”.
The information now contained in the packet detail pane represents the selected packet. The display
is a tree-like structure where you can investigate each part of the packet. Take this opportunity to
examine the various parts of the packet.
Q9. What is the numeric type of an ICMP Echo (ping) Request? _______________________
Observe tracert
In Wireshark, start a capture, enter “ip proto \icmp” in the Capture Filter textbox, select the
VMWare Accelerated AMD PCNet Adapter interface and click “OK”.
At a command prompt, enter “tracert 192.168.4.1”. Once it has completed, click “Stop” on the
capture summary window.
Q10. What is the numeric type of ICMP “Time-to-live exceeded”? _____________________
Observe Ping –r
In Wireshark, start a capture, enter “ip proto \icmp” in the Capture Filter textbox, select the
VMWare Accelerated AMD PCNet Adapter interface, click ‘OK”.
At the command prompt, do a recorded route ping (ping –r). Make sure you only send one request
to save confusion when looking at the packets (i.e. “ping –n 1 –r 9 192.168.4.1”).
Once the ping has finished, click “Stop” on the capture summary. You should have only two packets
captured. Investigate both the request and the reply.
159.334 Computer Networks
7
8
Q11. Where is the recorded route stored? (Hint: In header of which layer of the packet)
Observe ARP requests:
Clear the ARP cache.
“arp –d” deletes all entries in the ARP cache.
Check that the ARP cache is empty by typing “arp –a”.
Start capturing in wireshark using a filter of “arp”.
Ping the IBM server, you should get at least two ARP packets. Stop the capture.
By examining the packets, answer the following:
Q12. What is the broadcast MAC address? ______________________
Q13. What is the numeric type of ARP packets? _______________________
C)
Domain
Join a domain:
On the server, right-click on “My computer”, click “Properties”. Click at the “Change” button
Click the radio button to indicate you’re a member of a domain. Enter “netlab.massey.ac.nz” in the
textbox. Click ‘OK”
When prompt for username and password”, enter the username as “student”, password as
“networks”.
Only users with permission from domain controller may add computers to the domain.
“Student’ is a user on the IBM server with permission to add computers to the domain.
Click “OK” on the welcome message. Click “OK” to restart your computer. Click “OK”, “Yes”.
After you have rebooted the computer, change “Logon To” from “this computer”, to “NETLAB”.
Q14. What error message do you get when you try to log in with username “Administrator”, with the
password you previously used? Why?
Log in using “student”, password “networks”.
159.334 Computer Networks
8
9
Q15. Why would you be unlikely to use a domain on a four computer home network?
Q16. How would a domain benefit a large corporate network (~200 computers)?
Q17. What costs are associated with running a domain controller on any network?
THE END
159.334 Computer Networks
9
Related documents
User DOS FOR Syntax
User DOS FOR Syntax
Chapter-2
Chapter-2
Introduction to Networking with Windows 7 A. Lab Setup B
Introduction to Networking with Windows 7 A. Lab Setup B
Networking LAN and beyond LAB
Networking LAN and beyond LAB
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
UDP Pinger - Network Systems Laboratory
UDP Pinger - Network Systems Laboratory
Chapter 8
Chapter 8
Download
advertisement