Network Tools
« ttcp
« lsof: list open files
« tcpdump: filtering
packets
« arp: addres resolution protocol
« ping: test
host aliveness
« Applications: TCP Simultanious
Open and Close
File: /etc/resolv.conf contains the DNS of the host.
% nslookup www.cs.odu.edu
% nslookup odu.edu
% nslookup yahoo.com
% nslookup 128.82.224.112
· host:
% host vega
% host odu.edu
% host 128.82.4.7
· dig:
% dig isis.cs.odu.edu
% dig cs.odu.edu
% dig odu.edu
% dig –x
128.82.4.2 ( -x
for resolving IP addresses)
ª FindCSfastHosts: Discovering “login” hosts at the CS department.
#! /bin/sh
sshLogin.csh #to
let you login without password
max=255
i=1
outputfile=CSFastHosts`date '+%m%d%y_%H%M%S'`
touch $outputfile
while test $i -le $max
do
echo "128.82.4.$i : "
host
128.82.4.$i | grep name > answer
if test $? -eq 0 # IP
is a valid host name
then
hostname=` cat
answer | cut -d" " -f5 | cut -d"." -f1`
timeoutcmd
1 TCPConnect $hostname 23 | grep
Connected
if test $? -eq 0 # is possibly fast host
then
os=`ssh $hostname uname`
echo "128.82.4.$i ($hostname): $os"
>> $outputfile
fi
fi
i=`expr $i +
1`
done
·
To avoid typing your password in ssh use:
sshLogin_csh
·
To test if a host runs ssh (port 22) we use:
TCPConnect.c
·
To shorten the timeout of commands like TCPConnect and ssh we use:
timeoutcmd.c
ª CSlookup_sh: Discovering hosts at “some” CS departments.
Examples:
% CSlookup www unc
% CSlookup
ftp Virginia
Outline:
Find the IP address of
a well-known host, e.g., if www.cs.odu.edu IP address is 128.82.4.2,
then find all hosts 128.82.4.$i
#!
/bin/sh
filename=cs.$2.Hosts`date '+%m%d%y_%H%M%S'`
rm -f $filename
touch $filename
if test $# -le 1
then
echo "Usage: cslookup.sh <ftp|www|...> <odu|unc|virginia|..>"
exit
fi
name=$1.cs.$2.edu
host $name > answer
if grep not
answer > /dev/null
then
echo "$name does not exist"
exit
fi
host $name | grep has > answer
if grep has answer >/dev/null
then
addr=` cat
answer | awk '{print $4}'`
echo $name "IP adress
is:" $addr
oldifs=$IFS
IFS='.'
set $addr
ip1=$1
ip2=$2
ip3=$3
prefix=$ip1.$ip2.$ip3
IFS=$oldifs
i=1
while test $i -le 255
do
addr=`echo $prefix'.'$i`
host $addr >
answer
if grep
not answer >/dev/null
then
echo "$addr does not exist"
else
name=` cat answer | awk '{print $5}'`
echo "$addr
($name)"
echo "$addr
($name)" >> $filename
fi
i=`expr $i + 1`
done
fi
ª DiscoverODUhosts_sh: Discovering host names and alive (using
ping) hosts at ODU.
host 128.82.$j.$i
timeoutcmd 1 ping 128.82.$j.$i | grep alive
The program loop through all ip addresses at odu (128.82.X.X)
It classifies the hosts and
save the results in several files:
·
PingableHosts: ODU hosts that are alive using ping command.
·
CSHosts: machines that belong to CS dept
e.g.:
128.82.10.2 (vpn.cs.odu.edu.)
·
IPDerivedHosts: ODU hosts names that are derived from IP addresses.
e.g.:
128.82.11.149 (sd11-149.sd.odu.edu.)
·
OtherHosts: ODU host names that are not derived from IP
addresses.
e.g.:
128.82.121.99 (vpn.vmasc.odu.edu.)
« sock (source code) &(man page)
· default: with no args it behaves as: tcp client
· important options:
-s act as server &
-u use udp instead of tcp
Examples:
ª TCP server and
clients
% sock -s 10203 // tcp server
or
% sock
-s -F -v
10203
// tcp server
-F (fork) concurrent
-v verbose
% sock localhost 10203 // tcp client
ª UDP server and
clients
% sock
-s -u -v 10203
// udp server
% sock -u localhost 10203 // udp client
% sock -u -v -i -n 10 -w 128 -p 2
localhost 10203 // udp client
-i source/sink
-n sends
10 packets
-w 128 byte
-p every 2 seconds
ª
Destination address
% sock -s -u -v
-E 10203
// udp server,
-E
display destination address.
% sock -u localhost 10203 // udp client
% sock -u something 10203 // udp client
ª Restricting ports and address
% sock -s -u
-v -E -f 127.0.0.1.2222 10203
// udp server,
-f
forien address.
% sock -u -b 2222 localhost
10203 // udp client
–b bind to prot
% sock -u -b 2222 something 10203 // udp client
|
|
« ttcp : To test TCP and UDP performance (source code)
Examples:
-p port Port number to send or listen (default 2000).
-f M Megabyts/sec
ª simple receiver
and transmitter
vega % ttcp –r -f M -p 10203 //tcp -r receiver
deneb % ttcp –t -f M -p 10203 vega //tcp -t transmitter
ª sink and source
vega % ttcp –r –s //tcp –r receiver -s sink
deneb % ttcp –t –s vega //tcp -t transmitter -s source
ª udp
–u Use UDP instead of TCP:
vega % ttcp –r -u –s //udp
deneb % ttcp –t -u –s vega
ª copy tar files
Copy directory hierarchies
between systems:
-B
When receiving data, output only full blocks.
vega % ttcp –r –B –p 10203 | tar xvpf –
deneb % tar cf – directory | ttcp –t -p 10203 vega
Intermediate hosts can be included by:
vega % ttcp –r –B –p 10203 | tar xvpf –
deneb
% ttcp –r –p 10203 | ttcp
–t -p 10203 vega
antares % tar cf – directory | ttcp –t -p 10203 deneb
|
|
« lsof list open files
ü
netstat tells us what ports
are in use
but it
does not identify the which processes owning them.
ü
lsof reveals
the process owning the ports
You have to ssh to one of the something machines to use lsof.
%
sock -s 12345 &
% netstat -a | grep 12345
Local
Address Remote
Address State
*.12345
*.*
LISTEN
% sudo lsof | grep 12345
Password:
COMMAND
PID
USER
NAME
sock
711 cs779
TCP *:12345 (LISTEN)
%
sudo lsof | grep TCP
Shows the owners of each TCP port.
|
|
Reads
packets from a network and prints lot of information about the packets.
Useful Options:
-N
Don't print domain name
-t
Don't print a timestamp
à Ex1: Capture all traffic to/from a given host:
% sudo tcpdump host something
à Ex2: Capture traffic between selected hosts:
% sudo tcpdump host something and \( somethingmore or somethingelse \)
% sudo tcpdump host something and not somethingelse
% sudo tcpdump host somethingelse and somethingmore
à Ex3: Capture traffic between two networks:
% sudo tcpdump net 128.82.4
à Ex4: Capture SYN and FIN packets:
% sudo tcpdump 'tcp [13:1] & 3 !=0'
The TCP
header: AND byte 14 with 011.
à Ex5: Monitoring long packets.
% sudo tcpdump 'ip [2:2] > 200'
The IP header: Byte 3 and 4 (the packet length field).
à Ex6: Monitoring specific protocols:
% sudo tcpdump icmp
% sudo tcpdump udp
% sudo tcpdump tcp
à Ex7: Monitoring specific port:
% sudo tcpdump tcp and port 80
à Ex8: Monitoring group multicast protocol:
% sudo tcpdump igmp
You may use the mcastChat
example to generate mcast traffic:
%
cd /home/cs779/public_html/mcastChat
%
mcastChat 224.0.0.1 10123
|
|
«
arp
%
arp –a
Shows the
current content of the ARP Cash.
%
arp -a | grep
<h>
<h> is some new host name, e.g., deneb
If it is not in the cash, type:
% sudo tcpdump arp | grep <h>
Go to
another window and type:
%
telnet <h>
You
will watch all the arp
packets in the tcpdump window.
%
arp –a | grep
<h>
You will find it in the cash.
|
|
«
ping
Produce
echo request & echo reply
%
sudo tcpdump icmp
Go to another window and type:
% ping <h>
ª
Simultaneous Open: SimulOpen.c
ª
Most
networking applications are based on server/client model:
o In this model you run the server first and then the
client.
o The client will connect
to the server and TCP connection is established where both can send /receive
and
o Any can close the connection whenever it wants.
The following is an unusual example, where both processes are clients and a simultaneous TCP connection between the two clients is established.
à runs at host h1 (e.g., somethingmore ).
Ø create a client socket,
Ø bind it to port (h1,p1)
Ø connect to (h2, p2).
Ø if connected, continuously send “Hussein” and recv “Wahab”
somethingmore % SimulOpen somethingmore
10111 somethingelse
10222 “Hussein”
à runs at host h2 (e.g., somethingelse ).
Ø create a client socket,
Ø bind it to port (h2,p2).
Ø connect to (h1, p1).
Ø if connected, continuously send “Wahab” and recv “Hussein”
somethingelse % SimulOpen somethingelse 10222 somethingmore 10111 “Wahab”
à The chances you will get simultaneous open scenario is
low.
To
increase the chances, we use a shell script SimulOpen_sh
to
repeatedly run the two programs until the simultaneous open occurs.
somethingmore % SimulOpen_sh SimulOpen
somethingmore 10111 somethingelse 10222 “Hussein”
somethingelse % SimulOpen_sh SimulOpen
somethingelse 10222 somethingmore 10111 “Wahab”
à Use tcpdump to monitor TCP segments exchanged between the two
programs.
If
there is a simultaneous open you will see the two messages exchanged,
and the tcpdump will show two independent SYN segments.
something % sudo tcpdump -i hme0 –N port 10111 and port 10222 and 'tcp[13:1]&3
!=0'
20:42:58.307253
IP somethingmore.10111 > somethingelse.10222: [S] …..
20:42:58.931271
IP somethingelse.10222 > somethingmore.10111: [S]…..
This
is traditional Server/Client programs.
As soon
as the TCP connection is established both closes the connection and
each uses
netstat to check for the state of the connection:
o If the client detects TIME_WAIT it waits to see if the
server is also in the same state.
o If the server is not in the TIME_WAIT state, the
client/server may repeat until this simultaneous close
state is reached.
à SimulCloseClient.c : runs at host h1.
o create a client socket s1,
o connect to (h2, p2).
o if connected, immediately close s1.
o The program uses the grepTimeWait_sh
to detect TIME_WAIT
state.
à SimulCloseServer.c : runs at host h2.
o create a server socket,
o accept a connection from simcloseClient at socket s2.
o
if accepted, immediately close s2.
à Use tcpdump to monitor the exchanged segments.
If simulations
close occurs, you will see two successive independent FIN segments.
Also use
netstat to
find out that both the
client and the server are in TIME_WAIT
state.
somethingmore % SimulCloseServer
10111
somethingelse % SimulCloseClient somethingmore 10111
something % sudo tcpdump -i hme0 -N port 10111 and 'tcp[13:1]&3
!=0'
21:31:09.459720
IP somethingelse.36974 > somethingmore.10111: F 1:1(0) ack 1
21:31:09.460144
IP somethingmore.10111 > somethingelse.36974: F 1:1(0) ack
1
21:31:09.460204
IP somethingmore.10111 > somethingelse.36974: . ack 2
21:31:09.461639
IP somethingelse.36974 > somethingmore.10111:
. ack 2
|
|