Network Tools
Ø
ttcp
Ø
lsof
Ø
tcpdump
Ø
arp
Ø
ping
File: /etc/resolv.conf contains the DNS of the
host.
% nslookup
www.cs.odu.edu
% nslookup odu.edu
% nslookup 128.82.224.112
·
host: (replaced nslookup)
sloth %
host cash
sloth %
host 128.82.4.7
·
dig:
% dig isis.cs.odu.edu
% dig cs.odu.edu
% dig odu.edu
% dig –x 128.82.4.2
à
FindCSfastHosts_sh: Discovering “logable”
hosts withen a domain.
timeoutcmd 1
ssh
128.82.4.$i date | grep EST
Use:
· sshLogin_csh: to avoid
typing your password in ssh.
· timeoutcmd.c: to shorten the timeout of commands like ssh.
à
CSlookup_sh:
Discovering
hosts at CS departments.
Examples:
% CSlookup
www unc
% CSlookup ftp virginia
à
DiscoverODUhosts_sh:
Discovering host names and alive hosts at ODU.
host 128.82.$j.$i
timeoutcmd 1
ping 128.82.$j.$i | grep
alive
Ø Sock
·
default: with no args it behaves as: tcp
client
·
important options:
-s act as server
&
-u use udp instead of tcp
Examples:
à
tcp
server and clients
% sock
-s 10203 // tcp
server
or
% sock
-s -F -v 10203
// tcp server: -F (fork) concurrent -v verbose
%
sock localhost 10203 // tcp client
à
tcp
server and clients
% sock
-s -u -v 10203 // udp
server
% sock -u localhost 10203
// udp client
% sock -u -v -i -n 10 -w 128 -p 2 localhost 10203
//udp client:
-i (source/sink) -n (sends 10 packets) -w
(128 byte) –p
(every 2 seconds).
à
destination address
% sock -s
-u -v -E 10203 // udp server, -E display destination address.
% sock -u localhost 10203
// udp client
% sock -u something
10203 // udp client
à
restricting ports and address
% sock
-s -u -v
-E -f 127.0.0.1.2222 10203 // udp
server, -f forien address.
% sock -u -b 2222 localhost 10203
// udp client –b bind to prot
% sock -u -b 2222 something 10203
// udp client
Ø Ttcp (test TCP and UDP
performance)
Examples:
-p port Port
number to send to or listen on (default 2000).
-f M Megabyts/sec
à
simple receiver and transmitter
vega % ttcp –r -f M
-p 10203 //tcp -r receiver
deneb % ttcp –t -f M
-p 10203 vega //tcp -t transmitter
à
sink and source
vega % ttcp –r –s //tcp
–r receiver -s sink
deneb % ttcp –t –s vega //tcp -t transmitter -s source
à
udp
–u Use UDP instead of TCP:
vega % ttcp –r
-u –s //udp
deneb % ttcp –t -u
–s vega
à
copy tar files
Copy directory hierarchies between systems:
-B
When receiving data, output only full blocks.
vega % ttcp –r –B –p 10203
| tar xvpf –
deneb % tar cf –
directory | ttcp –t -p 10203 vega
Intermediate hosts can be included by:
vega
% ttcp –r –B –p 10203
| tar xvpf –
deneb %
ttcp –r –p 10203 | ttcp –t -p 10203 vega
antares %
tar cf
– directory | ttcp –t -p 10203 deneb
netstat tells us which
ports are in use
but it
does not identify the processes.
Lsof
(list open files) reveals the process owning the ports
% sock -s 12345 &
% netstat -a | grep 12345
Local Address Remote Address State
*.12345 *.* LISTEN
% sudo lsof | grep 12345
Password:
COMMAND PID
USER NAME
sock 711 cs779 TCP *:12345 (LISTEN)
% sudo lsof | grep TCP
sshd
715 root TCP *:ssh (LISTEN)
sshd
12721 root TCP somethingmore.cs.odu.edu:ssh->dhcp-128.cs.odu.edu:3998 (ESTABLISHED)
sshd
12724 cs779 TCP somethingmore.cs.odu.edu:ssh->dhcp-128.cs.odu.edu:3998 (ESTABLISHED)
sock 12840
cs779 TCP *:12345 (LISTEN)
Reads
packets from a network and prints lot of information about the packets.
Examples: tcpdump runs only on
something.
Use
option –i
hme0 to monitor traffic among any other something hosts.
Ex1: Capture all traffic to/from a given host:
% sudo tcpdump host something
Ex2: Capture traffic between selected hosts:
% sudo tcpdump host something and \(somethingmore or somethingelse
\)
% sudo tcpdump host
something and not
somethingelse
% sudo tcpdump host
somethingelse
and somethingmore
Ex3: Capture traffic between two networks:
% sudo tcpdump net 128.82.4
Ex4: Capture SYN
and FIN packets:
% sudo tcpdump 'tcp[13:1]&3 !=0'
The TCP header: AND byte 14 with 011.
Ex5: Monitoring
long packets.
% sudo tcpdump 'ip[2:2]
> 200'
The IP header: Byte 3 and
4 (the packet length field).
Ex6:
Monitoring specific
protocols:
% sudo tcpdump icmp
% sudo tcpdump udp
% sudo tcpdump tcp
Ex7:
Monitoring specific port:
% sudo tcpdump tcp and port 80 &
Ex8:
Monitoring group multicast
protocol:
% sudo tcpdump igmp &
You
may use the mchat example to generate mcast traffic:
% cd
/home/cs779/public_html/mcast/mcast4
% mchat 22
Useful
Options:
-N
Don't print domain name
-t Don't print a
timestamp
Interesting Applications:
Simultaneous Open: SimulOpen.c
Most
networking applications are based on server/client model.
In
this model you run the server first and then the client. The client will
connect to the server and TCP connection is established where both can send
receive and any can close the connection whenever it wants.
This
is an unusual example, where both are clients where a simultaneous TCP connection
between the two clients is established.
à
runs at host h1 (e.g., somethingmore ).
Ø
create a client
socket,
Ø
bind it to port (h1,p1)
Ø
connect to
(h2, p2).
Ø
if connected, continuously send “Hussein” and recv “Wahab”
somethingmore % SimulOpen somethingmore 10111 somethingelse 10222
“Hussein”
à
runs at host h2 (e.g., somethingelse ).
Ø
create a client
socket,
Ø
bind it to port (h2,p2).
Ø
connect to (h1, p1).
Ø
if connected,
continuously send “Wahab” and recv “Hussein”
somethingelse % SimulOpen somethingelse
10222 somethingmore
10111 “Wahab”
à
The chances you
will get simultaneous open scenario is low.
To
increase the chances,
we use a shell script SimulOpen_sh to
repeatedly
run the two programs until the simultaneous
open occurs.
somethingmore % SimulOpen_sh SimulOpen somethingmore
10111 somethingelse 10222
“Hussein”
somethingelse % SimulOpen_sh SimulOpen somethingelse 10222
somethingmore
10111 “Wahab”
à
Use tcpdump to monitor tcp segemnets exchanged between the two programs,
If
there is a simultaneous open you will see the two messages exchanged,
and the tcpdump will show two independent SYN segments.
something %
sudo tcpdump -i hme0 –N port 10111 and port 10222 and 'tcp[13:1]&3
!=0'
20:42:58.307253 IP somethingmore.10111
> somethingelse.10222: [S] …..
20:42:58.931271 IP somethingelse.10222 >
somethingmore.10111: [S]…..
This
is traditional Server/Client programs, as soon as the TCP connection is established
both closes the connection and each uses netstat to check
for the state of the connection.
If
the client detects TIME_WAIT it waits to see if the server is also in the same
state.
If
the server is not the TIME_WAIT state, the client/server may repeat until this simultaneous
close state is reached.
ü
SimulCloseClient.c : runs at host h1.
Ø
create a client
socket s1,
Ø
connect to (h2, p2).
Ø
if connected, immediately close s1.
The program uses the grepTimeWait_sh to detect TIME_WAIT state.
ü
SimulCloseServer.c : runs at host h2.
Ø
create a server
socket,
Ø
accept a connection from simcloseClient to socket s2.
Ø
if accepted, immediately close s2.
ü
Use tcpdump to monitor the exchanged segments.
If
simulations close occurs, you will see two successive independent FIN
segments.
Also use netstat to find out that
both the client and server are in TIME_WAIT state.
somethingmore % SimulCloseServer
10111
somethingelse % SimulCloseClient somethingmore 10111
something %
sudo
tcpdump -i hme0 -N port
10111 and 'tcp[13:1]&3
!=0'
21:31:09.459720 IP somethingelse.36974 > somethingmore.10111: F 1:1(0) ack 1
21:31:09.460144 IP somethingmore.10111
> somethingelse.36974: F 1:1(0) ack 1
21:31:09.460204 IP somethingmore.10111
> somethingelse.36974: . ack 2
21:31:09.461639 IP somethingelse.36974 > somethingmore.10111: .
ack 2
Ø Arp
% arp
–a
Shows the current content of the ARP Cash.
% arp
-a | grep <h> //<h> is some new host name, e.g., deneb
If
it is not in the cash, type:
%
sudo tcpdump arp | grep <h>
go to
another window and type: % telnet
<h>
and you will
watch all the arp packets in the tcpdump
window.
% arp
–a | grep <h>
and you will
find it in the cash.
Ø Ping
echo
request & echo reply
% sudo tcpdump icmp
& go to another window and type:
% ping <any host>