Practical Networking Notes | EduRev

: Practical Networking Notes | EduRev

 Page 1


Practical Networking
Introduction
? Interfaces, network connections
? Netstat tool
? Tcpdump: Popular network debugging tool
? Used to intercept and display packets
transmitted/received on a network
? Filters used to restrict analysis to packets of
interest
Page 2


Practical Networking
Introduction
? Interfaces, network connections
? Netstat tool
? Tcpdump: Popular network debugging tool
? Used to intercept and display packets
transmitted/received on a network
? Filters used to restrict analysis to packets of
interest
Network Interfaces
? Linux box:
? Show interfaces by “ifconfig”
? Look at routing table by running “netstat -r”
? IP addresses are 32 bits
? Network number, IP within the network
? Next hop determined by longest prefix match on
the IP address
Name Lookup
? Nslookup/dig/host: programs to perform name
lookup
? How does name lookup work?
? Name server is a local server; contacts a top-level
domain server to obtain IP addresses
Page 3


Practical Networking
Introduction
? Interfaces, network connections
? Netstat tool
? Tcpdump: Popular network debugging tool
? Used to intercept and display packets
transmitted/received on a network
? Filters used to restrict analysis to packets of
interest
Network Interfaces
? Linux box:
? Show interfaces by “ifconfig”
? Look at routing table by running “netstat -r”
? IP addresses are 32 bits
? Network number, IP within the network
? Next hop determined by longest prefix match on
the IP address
Name Lookup
? Nslookup/dig/host: programs to perform name
lookup
? How does name lookup work?
? Name server is a local server; contacts a top-level
domain server to obtain IP addresses
TCPDUMP
? Tool for examining packets on the ethernet/wireless
mediums
? Need superuser access on machine
? Allows you to examine packets -- all of them!
? Too much data, so you can employ filters
? Simplest case: just specify interface to snoop on
Example Dump
? 00:03:22.217560 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
. ack 67008 win 65535 <nop,nop,timestamp 1998816243 115836780>
? 00:03:22.222370 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
P 49:97(48) ack 67008 win 65535 <nop,nop,timestamp 1998816243 115836780>
? 00:03:22.222430 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
. ack 67888 win 65535 <nop,nop,timestamp 1998816243 115836783>
? 00:03:22.222450 IP danakil-1.dyn.cs.washington.edu.ssh > c-24-18-47-181.hsd1.wa.comcast.net.49735:
P 68720:69152(432) ack 97 win 3584 <nop,nop,timestamp 115836785 1998816243>
? 00:03:22.222720 IP danakil-1.dyn.cs.washington.edu.ssh > c-24-18-47-181.hsd1.wa.comcast.net.49735:
P 69152:69712(560) ack 97 win 3584 <nop,nop,timestamp 115836785 1998816243>
? Ran tcpdump on the machine danakil-1.dyn
? First few lines of the output:
Page 4


Practical Networking
Introduction
? Interfaces, network connections
? Netstat tool
? Tcpdump: Popular network debugging tool
? Used to intercept and display packets
transmitted/received on a network
? Filters used to restrict analysis to packets of
interest
Network Interfaces
? Linux box:
? Show interfaces by “ifconfig”
? Look at routing table by running “netstat -r”
? IP addresses are 32 bits
? Network number, IP within the network
? Next hop determined by longest prefix match on
the IP address
Name Lookup
? Nslookup/dig/host: programs to perform name
lookup
? How does name lookup work?
? Name server is a local server; contacts a top-level
domain server to obtain IP addresses
TCPDUMP
? Tool for examining packets on the ethernet/wireless
mediums
? Need superuser access on machine
? Allows you to examine packets -- all of them!
? Too much data, so you can employ filters
? Simplest case: just specify interface to snoop on
Example Dump
? 00:03:22.217560 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
. ack 67008 win 65535 <nop,nop,timestamp 1998816243 115836780>
? 00:03:22.222370 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
P 49:97(48) ack 67008 win 65535 <nop,nop,timestamp 1998816243 115836780>
? 00:03:22.222430 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
. ack 67888 win 65535 <nop,nop,timestamp 1998816243 115836783>
? 00:03:22.222450 IP danakil-1.dyn.cs.washington.edu.ssh > c-24-18-47-181.hsd1.wa.comcast.net.49735:
P 68720:69152(432) ack 97 win 3584 <nop,nop,timestamp 115836785 1998816243>
? 00:03:22.222720 IP danakil-1.dyn.cs.washington.edu.ssh > c-24-18-47-181.hsd1.wa.comcast.net.49735:
P 69152:69712(560) ack 97 win 3584 <nop,nop,timestamp 115836785 1998816243>
? Ran tcpdump on the machine danakil-1.dyn
? First few lines of the output:
Source host name
01:46:28.808262 IP danakil.cs.washington.edu.ssh >
adsl-69-228-230-7.dsl.pltn13.pacbell.net.2481: .
2513546054:2513547434(1380) ack 1268355216 win 12816
Timestamp This is an IP packet Source port number (22)
Destination host name
Destination port number
TCP specific information
? Different output formats for different packet types
What does a line convey?
Demo 1 – Basic Run
? Syntax:
tcpdump -n -i eth1 [filter expression]
Page 5


Practical Networking
Introduction
? Interfaces, network connections
? Netstat tool
? Tcpdump: Popular network debugging tool
? Used to intercept and display packets
transmitted/received on a network
? Filters used to restrict analysis to packets of
interest
Network Interfaces
? Linux box:
? Show interfaces by “ifconfig”
? Look at routing table by running “netstat -r”
? IP addresses are 32 bits
? Network number, IP within the network
? Next hop determined by longest prefix match on
the IP address
Name Lookup
? Nslookup/dig/host: programs to perform name
lookup
? How does name lookup work?
? Name server is a local server; contacts a top-level
domain server to obtain IP addresses
TCPDUMP
? Tool for examining packets on the ethernet/wireless
mediums
? Need superuser access on machine
? Allows you to examine packets -- all of them!
? Too much data, so you can employ filters
? Simplest case: just specify interface to snoop on
Example Dump
? 00:03:22.217560 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
. ack 67008 win 65535 <nop,nop,timestamp 1998816243 115836780>
? 00:03:22.222370 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
P 49:97(48) ack 67008 win 65535 <nop,nop,timestamp 1998816243 115836780>
? 00:03:22.222430 IP c-24-18-47-181.hsd1.wa.comcast.net.49735 > danakil-1.dyn.cs.washington.edu.ssh:
. ack 67888 win 65535 <nop,nop,timestamp 1998816243 115836783>
? 00:03:22.222450 IP danakil-1.dyn.cs.washington.edu.ssh > c-24-18-47-181.hsd1.wa.comcast.net.49735:
P 68720:69152(432) ack 97 win 3584 <nop,nop,timestamp 115836785 1998816243>
? 00:03:22.222720 IP danakil-1.dyn.cs.washington.edu.ssh > c-24-18-47-181.hsd1.wa.comcast.net.49735:
P 69152:69712(560) ack 97 win 3584 <nop,nop,timestamp 115836785 1998816243>
? Ran tcpdump on the machine danakil-1.dyn
? First few lines of the output:
Source host name
01:46:28.808262 IP danakil.cs.washington.edu.ssh >
adsl-69-228-230-7.dsl.pltn13.pacbell.net.2481: .
2513546054:2513547434(1380) ack 1268355216 win 12816
Timestamp This is an IP packet Source port number (22)
Destination host name
Destination port number
TCP specific information
? Different output formats for different packet types
What does a line convey?
Demo 1 – Basic Run
? Syntax:
tcpdump -n -i eth1 [filter expression]
Filters
? We are often not interested in all packets flowing
through the network
? Use filters to capture only packets of interest to us
Demo 2
1. Capture only udp packets
• tcpdump “udp”
2. Capture only tcp packets
• tcpdump “tcp”
Read More
Offer running on EduRev: Apply code STAYHOME200 to get INR 200 off on our premium plan EduRev Infinity!