Skip Navigation CECS Home | ANU Home | Search ANU

Computer Networks

Linux Networking

This lab involves no programming as such (YAY!). Instead, it is an opportunity to explore some of the networking commands etc. in Linux (and most other Unixes).

It is worth rebooting the machine you will be using for this lab in order to clear away any configuration information left over from a previous lab etc.

Many of the steps in the lab require superuser access. To do this, log in using your normal ANU Username and password, then use the "sudo" command to either run the privileged commands as the superuser, or use "sudo su -" to start a shell as the superuser. Either way, enter your password again when prompted. "sudo" will cache the fact that the password is correct, so that you don't need to re-enter it too often

The ifconfig command

Start off by determining the IP number of your workstation:

/sbin/ifconfig -a

will produce a list of currently configured network interfaces with some useful information on each one. Determine what it all means (see the ifconfig(8) man page).

In particular, note the IP number (inet addr) for the eth0 interface. Also, note the MAC address (HWaddr) and the number of packets received and transmitted so far - why are these so high if the machine has just been booted?

The route command

/sbin/route -n

or

netstat -rn

will show the kernels routing tables. What is the -n for in each case? What happens if you leave it out and why?

What is the default gateway, currently? Make sure that you understand all the information displayed.

The ping command

The ping command sends out ICMP echo requests and displays the returned ICMP echo replies:

ping 150.203.24.3

Also, try it on your favourite (off-campus) web site (eg. www.whitepages.com.au).

What happens?

Try a ping to a broadcast address:

ping 192.168.X.255

(where X is the lab subnet number)

How many responses do you get, and why?

(Note: by default, Ubuntu machines no longer respond to broadcast ping requests. To allow your machine to respond use:

# echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

(use sudo sh -c "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts" from a normal shell).

now your machine should respond - if others have done the same to their machines you should see multiple echo responses.)

Another option to ping allows it to send larger packets (see the -s option in the manpage). Try sending 1400 byte ICMP echo requests.

Yet another option allows it to flood the network interface with ICMP requests (see the -f option in the manpage).

The arp command

If you have just done the broadcast ping, then your Address Resolution Protocol (ARP) cache should have plenty of entries. Use the arp command to examine it:

/usr/sbin/arp -a

How many different manufacturers can you see represented?

The traceroute command

Sometimes it is useful to know all the intermediate routers (and hence, links) between a source and destination. The traceroute command is good for this. The traceroute program is described in detail in Stevens, chapter 8.

traceroute library

will show all the routers between your lab machine and the ANU library's main server. How many are there? Attempt to draw a picture representing this.

Try and traceroute to an off-campus host (eg. your favourite web site). Again, you will notice that it eventually gets to the campus gateway and then is packet filtered.

Watching Packets with wireshark

We want to look at all the packets coming and going on the network. Because the labs are on a switched network, only broadcasts and packets directed to/from your own machine will be visible "on the wire" (why?). To watch network packets, use the wireshark (previously ethereal) command:

gksudo wireshark &

This will bring up the graphical ethernet packet watching tool. A similar text-based program in Linux is tcpdump(8).

Select "Capture" -> "Start". Make sure that the correct interface is selected (you want to main ethernet interface). Also, disable Name Resolution, as this will seriously slow down the generation of output (why?).

Then select "OK". A new window will appear that will tell you how many packets of each type have been captured. Wait until you get 50 - 60 or so and then select "Stop".

The top window will show a list of the packets captured with their types etc. The middle window will show the protocol headers for the packet selected in the top window. Each "+" button can be used to expand the information for a particular protocol layer. Check out all the details for the first packet you captured.The bottom window shows the raw data of the packet in hexadecimal. As you examine different protocols in the middle window, the relevant parts of the packet will be highlighted in the bottom window.

What are all the packets you captured?

Play with setting up the capture filter rules etc. to block the NFS traffic from being captured/displayed.

Can you see any traffic from other machines in the lab? Why/why not?

The dig command

Use the Domain Internet Groper (dig) command to examine the DNS entries for some sites you are familiar with. Use wireshark to capture the packets generated by dig as you are doing this and become familiar with the way that wireshark can display the contents of the Resource Records.

Use the dig command to find the version of the DNS server software running on default DNS server as well as on (eg.) ns1.anu.edu.au and any other DNS servers you choose to investigate.

Repeat the above, this time using Wireshark to capture the DNS query/response packets and see how Wireshark reports the contents of the DNS datagrams.

Use the -t AAAA option to find the IPv6 address for "cs.anu.edu.au".

Find the IPv6 reverse (using dig) of the IPv6 address for "cs.anu.edu.au" - what is it?

Configuring an Ethernet interface for IPv6

As root, add an IPv6 address to the eth0 interface using the ifconfig add command.

If you are in N113, your labs IPv6 network is: 2001:388:1034:290a::/64, and if you are in N114, the IPv6 network is 2001:388:1034:290b::/64. (In the instructions below, substitute either 'a' or 'b' for 'X', depending upon which lab you are in).

Assign an address within the appropriate network range, that is unique within your lab. By convention, set the last part of the address to the hexadecimal of the last octet of your machines IPv4 address (found above).

ifconfig eth0 add 2001:388:1034:290X::Y/64

Check your IPv6 address with the ifconfig command.

Now you need to add a route for this address out to the rest of the (IPv6) Internet using the "ip" command (man ip). The router you want to use has IPv6 address 2001:388:1034:290X::fd. The "default" route in IPv6 is 2000::/3 (cf. 0.0.0.0 in IPv4). What does this mean?

Wireshark again

Run wireshark again and look at what IPv6 traffic shows up on the eth0 interface. Look at the IPv6 header etc.

Surfing the IPv6 Internet

You can try connecting to an IPv6 web site with a browser. Because your Firefox browser is configured to work through the ANU web proxy, web requests to IPv6 sites outside of the ANU will still try and go through the proxy and it only "speaks" IPv4. So, instead, use a different web browser, such as Konqueror, for testing IPv6 without the proxy setup. Alternatively, temporarily modify your Firefox's proxy settings (but don't forget to change them back...). You should be able to connect to Google's IPv6 service at http://ipv6.google.com

Check the IPv6 headers using wireshark.

If you are really brave, you can simulate your machine having limited IPv4 by changing the default IPv4 route so that it only routes for a very limited set of IPv4 addresses (150.203.24.0/26 should be enough) and not for any other IPv4 addresses. Then take a look at the ANU's main web page, or even the cs.anu.edu.au web page.