COMP 1170 PROF MACLEAN BASIC NETWORKING FUNCTIONS Name: ___________________________________ Let’s look at some basic network functionality to tie together the concepts we’ve been studying. Go to a command prompt. This will open up a new black window. Type “ipconfig” without the quotes. Copy and paste what you see. What is your machine’s IP address? Is it an IPv4 address, or an IPv6? Type “ipconfig /release” without the quotes in your window. Type “ipconfig/renew” without the quotes in the window. What just happened? Why would these commands be useful? What is your machine’s MAC address? Remember that we defined the DNS protocol in earlier lectures and labs. You can see the IP address of the DNS server in your command window. What is the DNS server’s IP address? What is that DNS server doing? Type “ipconfig /all” in your window (without the quotes). This will give you a list of all of your options with this command. Copy and paste your results here. We’re going to explore the PING command. The syntax is “ping” (no quotes) plus the host name or IP address. It’s the DNS server that allows us to ping by name in addition to IP address. The DNS is a hierarchal distributed database that is the database with the highest hit rate in the world. We studied distributed architectures at the beginning of the term. What is meant by distributed database? Ask the person next to you for his or her IP address and ping it. What happens? Ping waldenu.edu and copy and paste the results here: Note the “% loss” note. This is of interest to us because packet loss kills our throughput. Zero packet loss is critical to have an Internet connection that responds well. A slower connection with 0 lost packets can easily outperform a faster connection that drops packets. It’s the last “hop,” the destination, which is of the most concern. What does TTL mean? Using the “-i” option of ping allows us to set the TTL value of outgoing ping packets. Type “ping –i 1 google.com” That is the number one, not a lower-case L. Valid values are 1 to 255. See what happens. What is the message you get? Why do you get it? Try this command a few more times, incrementing by 5s until you get a reply from google. What’s the lowest number for your machine that gets one? What does this tell you? Now we will look at the TRACERT command. TRACERT sends out an ICMP packet. We previous defined ICMP packets in the Packets lab; refer back if you don’t remember what it is or does. ICMP takes advantage of the fact that most Internet routers will send back an ICMP ‘TTL Expired in Transit’ message if the TTL field is ever decremented to 0 by a router. TRACERT sends out ICMP packets each with an increasing TTL count, as you did earlier in this assignment, and getting them back shows what hosts the packets went through to reach their destination. Type “tracert google.com” (no quotes) and copy and paste your results here. How many hops did your machine take to reach google.com? Why are ping and tracert helpful to you? Let’s look at the netstat command. Netstat Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, netstat displays active TCP connections. Try running netstat –a and looking at the results. It’s displaying the active TCP connections and the TCP and UDP ports on which the computer is listening. Run netstat –e to display EtherNet statistics. Run netstat –o to display active TCP connections and includes the process ID (PID) for each connection. Run netstat –r to look at the IP routing table. Cut and paste a screen shot here. Why is netstat helpful to you in your study of networks? Let’s combine our new knowledge of ipconfig with our prior knowledge of DHCP and Wireshark. In order to observe DHCP in action, we’ll perform several DHCP-related commands and capture the DHCP messages exchanged as a result of executing these commands. Do the following: 1) Begin by opening the Windows Command Prompt application. Enter “ipconfig /release”. This command releases your current IP address, so that your host’s IP address becomes 0.0.0.0. 2) Start up the Wireshark packet sniffer. Enter “bootp” in the display-filter-specification window, so that only captured DHCP messages will be displayed later in the packetlisting window. If you don’t know what bootp is, google it. 3) Now go back to the Windows Command Prompt and enter “ipconfig /renew”. This instructs your host to obtain a network configuration, including a new IP address. 4) Stop Wireshark packet capture. 1.1 Provide a screenshot of the Command Prompt window. 1.2 Provide a screenshot of Wireshark (captured DHCP messages). Now let’s take a look at the resulting Wireshark window. Answer the following questions: 1.3 A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until the end of the four-message exchange! (We looked at this handshake protocol in class.) If the IP address is not set until the end of the fourmessage exchange, then what values are used in the IP datagrams in the four-message exchange? 1.4 What is the IP address of your DHCP server? 1.5 What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP message contains the offered DHCP address.