CS 61c -- Summer 2005
Lab 15 -- ping and traceroute

End of Semester Survey -- Required for Checkoff
Please take the time to fill in this survey honestly and completely. Your answers are completely anonymous. You will be asked for your login, but this is only to record that you have done this part of the lab and may be checked off for it. Your login will not be associated with your answers to the other survey questions.

End of Semester Survey
Survey Checkoff Utility

Goals
The purpose of this lab is to give you an idea of how the nodes of the Internet are connected and what the typical delays are as a message (packet) goes from source to destination. You are also introduced to network protocols and how they relate to the contents of transmitted packets.

You will start by familiarizing yourself with two network measurement tools, ping and traceroute (both of these were initially written in Berkeley!). You will then use these tools to understand the network hierarchy of the campus network.
In the second part of the lab, you will use an open-source network analyzer named ethereal to explore previously generated traces of network traffic.

Reading
man pages for ping and traceroute

Exercise 1a
Ping is a program that sends an echo request packet once a second to a target computer. Upon receiving the echo request packet (also called a ping packet), the target
computer returns the packet to the sender. Ping displays information about the packet sent and how long it took to receive the packet . This length of time is called the round trip time (RTT) and is representative of network latency.

First ssh to another instructional machine (other than nova.cs, quasar.cs, or pulsar.cs). Then, try to ping the computer you’ve ssh’d from. To do this, give the command:

/usr/sbin/ping -s local_computer_name 56 5

Replace local_computer_name with the name of the computer you’ve connected from. For example, if you originally logged in on clara and ssh’d to po, you would type the following on po:

/usr/sbin/ping -s clara.cs.berkeley.edu 56 5

The “–s” says to send one ping request per second to the given site; the final 5 tells ping to send five packets before stopping and giving its summary. For more details about the various command line options, read the man pages.

Try pinging various sites and see what round trip times you get. Try some sites

For checkoff, determine if there is a significant difference between the average ping times to these different sites. A good question here would be “What is a ‘significant’ difference? After all, everything here seems to be measured in milliseconds! For now, you can approach the above question by just looking at the ratios of the ping times to different sites. Thus, a factor of two or more between ping times would be a significant difference.

Exercise 1b
Typically, on a local area network (LAN), every machine can directly contact every other machine. A larger network like the Internet is composed of many smaller networks, and it would be impossible for every machine to know how to reach every other machine. In order to connect two networks together, one might dedicate a computer (called a gateway) to routing traffic from one network to another. Suppose that a computer on the network A wanted to send a packet to a computer on the network B. Rather than storing the routing information for the network B, the computer on the network A would simply forward the packet to the gateway, and the gateway would forward it to its destination.

Traceroute is a program that displays the routers between your computer and a destination computer. It also displays the RTTs from each router to the local computer. Read the man pages for more information on the command.

For checkoff, use traceroute on the above sites and see how the route varies. The third and fourth sites are outside U.C. Berkeley. Find out in general how many hops it takes to get out of the U.C. Berkeley campus.


Exercise 2
Find the routes from the instructional machines to different machines within Berkeley. In particular, run traceroute to the following machines:
• Soda Hall machines
-- bmrc.berkeley.edu
- argus.cs.berkeley.edu
• Cory Hall machines
-- po.eecs.berkeley.edu
-- cory.eecs.berkeley.edu
• Servers for different departments within the College of Engineering
-- www.eecs.berkeley.edu
-- www.me.berkeley.edu
-- www.ce.berkeley.edu
-- www.ieor.berkeley.edu
-- www.millennium.berkeley.edu
• The different schools
-- haas.berkeley.edu
-- www.cchem.berkeley.edu
-- www-gse.berkeley.edu
-- www.cnr.berkeley.edu
• The residence halls
-- www.reshall.berkeley.edu
and I-House
-- ihouse.berkeley.edu


For checkoff, answer the following questions.
a. What is the network or IP address of your machine?
b. On which local subnet does your machine reside? (Hint: 128.32.local subnet.host)
c. Packets sent beyond your subnet must go through a gateway that links between your local area network and the network outside. Identify the IP address of the gateway for your machine.
d. After passing the gateway, packets are routed between the various departments and schools on campus. Identify one router address in the network that routes packets between the various departments and schools.
e. Draw a simple approximation of the Berkeley network hierarchy based on what you have obtained from your traceroute results.

Exercise 3
The directory ~cs61c/labs/lab15 contains four trace files (trace.1, trace.2, www.trace, and smtp.trace) of network traffic generated by the ethereal network analyzer. After copying these files to your directory, you can examine them by typing
ethereal tracefile
substituting the name of the trace file as the argument to ethereal. (If you’re close to your disk quota, be careful; three of the files are over 100K in size.)

For checkoff, answer the following questions:
a. What’s the IP address of the computer on which trace.1 and trace.2 were run?
b. What’s going on starting at frame 349 in trace.1?
c. The password of a user named “test” is sent in clear text in trace.2. What is it? (Hint: sort the frames by “protocol”.)
d. A user in trace.2 initiated a telnet connection at frame 872. At what frame was the connection terminated? (Hint: sort the frames by “source”.)
e. Find a file transfer (indicated by “continuation” in the traces) and estimate the relative percentages of header bytes transferred compared to actual data transferred.
f. www.trace was generated by one of the t.a.s doing some Web surfing. Where did he point his browser, and what page was he examining?


Further exploration
The various trace files contain a number of examples of different network protocols. They are fun to explore and perhaps imitate. For example, with the command
telnet www.google.com 80
and a command that was given in www.trace, you can connect to Google’s web site and fetch their home page. smtp.trace resulted from one of the t.a.s sending mail to
one of his other accounts; you might also try imitating that via the telnet program.