COMPUTER NETWORKS

LAB NUMBER - 1
Week 1
TITLE: BASIC NETWORKING TOOLS

NAME: MUJASEEM D SRN:PES1UG22CS363

SECTION: F
Study and understand the basic networking tools - Wireshark, Tcpdump, Ping,
Traceroute.

Learn and Understand Network Tools

1. Wireshark

 Perform and analyze Ping PDU capture

 Examine HTTP packet capture
 Analyze HTTP packet capture using filter
2. Tcpdump

 Capture packets
3. Ping

 Test the connectivity between 2 systems

4. Traceroute

 Perform traceroute checks

5. Nmap

 Explore an entire network

IMPORTANT INSTRUCTIONS:
• This manual is written for Ubuntu Linux OS only. You can also execute these experiments on
VirtualBox or VMWare platform.

• For few tasks, you may need to create 2 VMs for experimental setup.
• Perform sudo apt-get update before installing any tool or utility.
• Install any tool or utility using the command sudo apt-get install name_of_the_tool
Take screenshots wherever necessary and upload it as a single PDF file. (The PDF must
contain: Lab Number and Title, SRN and Name of the student, Section)
 • To define an IP address for your machine (e.g., Section – ‘a’ & Serial number is 1, then your IP address
should be 10.0.1.1. Section – ‘h’ & & Serial number is 23, then your IP address should be 10.0.8.23) –
applicable only for relevant tasks (which doesn’t requires internet connectivity to execute the tasks).

Task 1: Linux Interface Configuration (ifconfig / IP command)

Step 1: To display status of all active network interfaces.
ifconfig (or) ip addr show

Analyze and fill the following

table:

ip address table:
Interface IP address (IPv4 / IPv6) MAC address
name

enp0s3 10.0.2.15/fe80::7b27:891f:6fc8:fb9b 08:00:27:c9:77:18

lo 127.0.0.1/::1 00.00.00.00.00.00

enp0s3 08:00:27:c9:77:18
10.0.6.54/24/fe80::7b27:891f:6fc8:fb9b/64

Step 2: To assign an IP address to an interface, use the following command. sudo

ifconfig interface_name 10.0.your_section.your_sno netmask 255.255.255.0 (or) sudo
ip addr add 10.0.your_section.your_sno /24 dev interface_name
 inet 10.0.6.54/24 scope global enp0s3

Step 3: To activate / deactivate a network interface, type.

Deactivating enp0s3
sudo ifconfig interface_name down

Activating enp0s3
sudo ifconfig interface_name up
 enp0s3 has been reactivated

Step 4: To show the current neighbor table in kernel, type

ip neigh

Task 2: Ping PDU (Packet Data Units or Packets) Capture

Step 1: Assign an IP address to the system (Host).
Note: IP address of your system should be 10.0.your_section.your_sno.

Step 2: Launch Wireshark and select ‘any’ interface

Step 3: In terminal, type ping 10.0.your_section.your_sno
ping 10.0.6.54

Observations to be made

Step 4: Analyze the following in Terminal

• TTL = 64
• Protocol used by ping = ICMP
• Time = order of 10-2ms

Step 5: Analyze the following in Wireshark

Request packet
Response packet
On Packet List Pane, select the first echo packet on the list. On Packet Details Pane, click on
each of the four “+” to expand the information. Analyze the frames with the first echo request
and echo reply and complete the table below.

Details First Echo Request First Echo Reply

Frame Number 1 2
Source IP address 10.0.6.54 10.0.6.54
Destination IP address 10.0.6.54 10.0.6.54
ICMP Type Value 8 0
ICMP Code Value 0 0
Source Ethernet Address 00:00:00:00:00:00 00:00:00:00:00:00
Destination Ethernet Address 00:00:00:00:00:00 00:00:00:00:00:00
Internet Protocol Version IPv4 IPv4
 Time To Live (TTL) Value 64 64

Task 3: HTTP PDU Capture

Using Wireshark’s Filter feature

Step 1: Launch Wireshark and select ‘any’ interface. On the Filter toolbar, type-in ‘http’ and
press enter
Step 2: Open Firefox browser, and browse www.flipkart.com

Echo request and reply:

Request Packet
 Response packet

Observations to be made
Step 3: Analyze the first (interaction of host to the web server) and second frame (response
of server to the client). By analyzing the filtered frames, complete the table below:

Details First Echo Request First Echo Reply

Frame Number 20 22
Source Port 41464 80
Destination Port 80 41464
Source IP address 10.0.2.15 34.107.221.82
Destination IP address 34.107.221.82 10.0.2.15
Source Ethernet Address 08:00:27:c9:77:18 52:54:00:12:35:02
Destination Ethernet Address 52:54:00:12:35:02 08:00:27:c9:77:18

Connection details
 Step 4: Analyze the HTTP request and response and complete the table below.

HTTP Request HTTP Response

Get GET /HTTP/1.1\ Server nginx
r\n
Host Content-Type text/html
www.flipkart.com

User-Agent Date Thu,11 Jan. 2024

Mozilla/5.0 (X11; 15:41:28GMT\r\n
Ubuntu; Linux
x86_64; rv:80.0)
Gecko/20100101
Firefox/80.0
Accept-Language en-US ,en;q=0.5 Location
https://www.flipkart.com/
Accept-Encoding gzip, deflate Content-Length 90
Connection keep-alive Connection keep-alive

Following TCP stream:

Using Wireshark’s Follow TCP Stream

Step 1: Make sure the filter is blank. Right-click any packet inside the Packet List Pane, then
select ‘Follow TCP Stream’. For demo purpose, a packet containing the HTTP GET request
“GET / HTTP / 1.1” can be selected.
Step 2: Upon following a TCP stream, screenshot the whole window.
Task 4: Capturing packets with tcpdump
Step 1: Use the command tcpdump -D to see which interfaces are available for capture.
sudo tcpdump -D

Step 2: Capture all packets in any interface by running this command:

sudo tcpdump -i any
Note: Perform some pinging operation while giving above command. Also type
www.google.com in browser.
Observation
Step 3: Understand the output format.
Step 4: To filter packets based on protocol, specifying the protocol in the command line. For
example, capture ICMP packets only by using this command:
sudo tcpdump -i any -c5 icmp
Step 5: Check the packet content. For example, inspect the HTTP content of a web request
like this:
sudo tcpdump -i any -c10 -nn -A port 80

Step 6: To save packets to a file instead of displaying them on screen, use the option -w:
sudo tcpdump -i any -c10 -nn -w webserver.pcap port 80
Task 5: Perform Traceroute checks
Step 1: Run the traceroute using the following command.
 sudo traceroute www.google.com

Step 2: Analyze destination address of google.com and no. of hops

Step 3: To speed up the process, you can disable the mapping of IP addresses with hostnames
by using the -n option sudo traceroute -n www.google.com
Step 4: The -I option is necessary so that the traceroute uses ICMP.
sudo traceroute -I www.google.com

Step 5: By default, traceroute uses icmp (ping) packets. If you’d rather test a TCP connection
to gather data more relevant to web server, you can use the -T flag.
sudo traceroute -T www.google.com
Task 6: Explore an entire network for information (Nmap)

Step 1: You can scan a host using its host name or IP address, for instance.
nmap www.pes.edu

Step 2: Alternatively, use an IP address to scan.

nmap 163.53.78.128

Step 3: Scan multiple IP address or subnet (IPv4)

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Submission:
Students are expected to take the screenshot of results - after execution of every command in
every task.
They are expected to write the Task and 2-3 lines of their observation followed by screenshots.
Submissions will be through google forms.

Questions on above observations: (Optional)

 1) Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the
server?
Ans:
The Firefox browser utilizes HTTP version 1.1, as evident from the request header
where the method (e.g., GET) is followed by the HTTP version. Concurrently, the
web server also operates on HTTP version 1.1, discernible in the response header it
sends back to the browser.

2) When was the HTML file that you are retrieving last modified at the server?
Ans:
We can find the last modified time of the HTML file at the server by observing the
Last-Modified field of the HTTP response object. The Last-Modified field stores a
timestamp of the last modification time.

3) How to tell ping to exit after a specified number of ECHO_REQUEST packets?

Ans:
Ping continues to send ICMP packages until it receives an interrupt signal. To
specify the number of ECHO_REQUEST packages after which ping will exit, we can use
the -c option followed by the number of packages.
ping -c 10 www.pes.edu

4) How will you identify remote host apps and OS?

Ans:* We can obtain the remote host app and OS of the server by observing the Server
files of the HTTP response object. The Server field stores the remote host app or server
on which it is hosted and the OS too.
* We can use nmap to find the OS too. It will scan the network to find information
about the remote host apps and OS.
Comment: nmap -O -v www.flipkart.com