1

Internet Tool Practice

한두균 (dkhan@mmlab.snu.ac.kr)송정환 (jhsong@mmlab.snu.ac.kr)

2012. 4. 30

2

Outline

• Internet Tools– ping– traceroute– nslookup– ifconfig– arp– netstat– synack– nmap– Iperf– crontab

• Homeworks

3

ping (1/3)

• Send an ICMP ECHO_REQUEST message to a host• Test whether another host is reachable• Measures the Round-Trip Time(RTT) to the host• Usage

– ping [-options value ] destination– Option type : -s (size), -c (count), -i (interval ), -t (TTL) etc.– Ex) ping –c 5 mmlab.snu.ac.kr

• Reference– In the UNIX-like system, man ping

• Because the options of ping are different according to OS, see man-page for details

• Applicable to all the commands introduced here

4

ping (2/3)

$ ping -c 3 -t 10 mmlab.snu.ac.krPING mmlab.snu.ac.kr (147.46.114.112) 56(84) bytes of data.64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=1 ttl=62 time=1.57 ms64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=2 ttl=62 time=0.387 ms64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=3 ttl=62 time=1.41 ms

--- mmlab.snu.ac.kr ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2005msrtt min/avg/max/mdev = 0.387/1.125/1.574/0.525 ms

5

ping (3/3)$ ping -c 3 -i 3 mmlab.snu.ac.krPING mmlab.snu.ac.kr (147.46.114.112) 56(84) bytes of data.64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=1 ttl=62 time=0.411 ms64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=2 ttl=62 time=0.550 ms64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=3 ttl=62 time=80.0 ms

--- mmlab.snu.ac.kr ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 6005msrtt min/avg/max/mdev = 0.411/27.002/80.045/37.507 ms

6

traceroute (1/2)

• Let us see the route that IP datagrams follow from one host to another– Although there are no guarantees that two consecutive

IP datagrams from the same source to the same destination follow the same route, most of the time they do.

• Usage – traceroute [-options value ] hostname– Ex) traceroute www.snu.ac.kr

7

traceroute (2/2)$ traceroute mmlab.snu.ac.krtraceroute to mmlab.snu.ac.kr (147.46.114.112), 30 hops max, 40 byte packets 1 147.46.240.1 (147.46.240.1) 0.411 ms 0.429 ms 1.357 ms 2 147.47.20.129 (147.47.20.129) 13.857 ms 0.463 ms 1.358 ms 3 mmlab (147.46.114.112) 0.330 ms 0.546 ms 1.359 ms

$ traceroute www.cs.berkeley.edutraceroute to hyperion.cs.berkeley.edu (169.229.60.105), 30 hops max, 38 byte packets 1 147.46.113.2 (147.46.113.2) 0.353 ms 0.281 ms 0.275 ms 2 147.46.200.25 (147.46.200.25) 0.264 ms 0.224 ms 0.222 ms 3 147.46.254.129 (147.46.254.129) 0.871 ms 1.017 ms 1.273 ms 4 147.46.254.26 (147.46.254.26) 1.641 ms 2.049 ms 1.854 ms 5 202.30.43.33 (202.30.43.33) 2.186 ms 1.664 ms 1.870 ms 6 seoulgsr.kreonet.net (134.75.12.6) 1.912 ms 1.925 ms 1.890 ms 7 baramgsr-seoulgsr.kreonet.net (134.75.1.1) 5.097 ms 6.110 ms 5.012 ms …….

17 hyperion.CS.Berkeley.EDU (169.229.60.105) 217.609 ms 217.629 ms 218.099 ms

8

nslookup (1/2) • Allow anyone to directly query a name server and

retrieve any of the information known to the DNS System

• Usage– nslookup [ - option ] [ name | - ] [ server ]– interactive mode– non-interactive mode

• Other programs– host google.co.kr – dig google.co.kr

9

nslookup (2/2)$ nslookup > mmlab.snu.ac.krServer: 147.46.80.1Address: 147.46.80.1#53

Name: mmlab.snu.ac.krAddress: 147.46.114.112> 147.46.114.112Server: 147.46.80.1Address: 147.46.80.1#53

112.114.46.147.in-addr.arpa name = mmlab.snu.ac.kr.

$ nslookup cse.snu.ac.krServer: 147.46.80.1Address: 147.46.80.1#53

Non-authoritative answer:Name: cse.snu.ac.krAddress: 147.46.240.39

10

ifconfig

• Check the network interface configuration• Usage

– ifconfig [interface]

$ /sbin/ifconfigeth0 Link encap:Ethernet HWaddr 00:B0:D0:68:B1:C6 inet addr:147.46.240.47 Bcast:147.46.240.255 Mask:255.255.255.0 inet6 addr: fe80::2b0:d0ff:fe68:b1c6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:69962395 errors:0 dropped:0 overruns:150 frame:150 TX packets:35559225 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3286312879 (3.0 GiB) TX bytes:48791130 (46.5 MiB)

……..

11

arp

• Manipulate the system ARP cache• Usage

– arp [option] hostname

$ arp -a? (147.46.114.1) at 00:00:0c:07:ac:00 on rl0 [ethernet]? (147.46.114.2) at 00:d0:02:cb:e3:fc on rl0 [ethernet]? (147.46.114.10) at 00:0a:5e:01:e2:ba on rl0 [ethernet]? (147.46.114.33) at 00:e0:98:b0:fa:7d on rl0 [ethernet]? (147.46.114.93) at 00:04:76:d0:0a:ab on rl0 [ethernet]csebrg1.snu.ac.kr (147.46.114.102) at 00:50:04:bf:c5:b9 on rl0 [ethernet]topaz.snu.ac.kr (147.46.114.113) at 00:0d:61:3b:8f:59 on rl0 [ethernet]garnet.snu.ac.kr (147.46.114.114) at 00:0e:35:0d:fe:96 on rl0 [ethernet]opal.snu.ac.kr (147.46.114.116) at 00:11:11:0f:2f:c0 on rl0 [ethernet]emerald.snu.ac.kr (147.46.114.118) at 00:4f:4e:0d:51:2d on rl0 [ethernet]smart1.snu.ac.kr (147.46.114.120) at 00:00:f0:91:0d:3a on rl0 [ethernet]? (147.46.114.193) at 00:50:da:91:0b:0d on rl0 [ethernet]…

12

netstat (1/2)

• Show network status• Usage

– netstat [option]

• Options– -a : show the state of all sockets. But normally sockets

used by server processes are not shown.– -i : show status and statistics for the physical interfaces– -n : show network addresses as numbers– -r : show the routing table

13

netstat (2/2)$ netstat –r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

localnet * 255.255.255.0 U 0 0 0 eth0

default 147.46.240.1 0.0.0.0 UG 0 0 0 eth0

$ netstat –rn

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

147.46.240.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

0.0.0.0 147.46.240.1 0.0.0.0 UG 0 0 0 eth0

14

synack (1/3)

• Description– Establishes a Client-Server connection by calling connect

which performs the 3-way Handshake of the TCP Protocol

– Measures the time taken for the connection to be established b/w the client & server

– Closes the connection once the RTT is measured by calling close which performs a 4-packet exchange

– Repeats the above process at regular intervals (defined by the user) after the connection is closed

– Performs statistical analysis on the RTT data obtained

• Reference– http://www-iepm.slac.stanford.edu/tools/synack/

15

synack (2/3)

• Usage– synack [-options] host

• Options– -p ##   port number to send to (default 22)– -k ##   no. of connections to be made– -i ##   Time interval between connections in secs

(default 1 sec)– -u ##  Time interval between connections in microsecs– -z ##   Percentile 1 (default 25)– -Z ##   Percentile 2 (default 75)– -S ##   Timout in secs (default 1 Sec)– -s ##   Timeout in millisecs

16

synack (3/3)$ ./synack -p 80 -k 10 www.snu.ac.kr

SYN-ACK to moose.snu.ac.kr (147.46.10.48), 10 Packets

connected to moose.snu.ac.kr : Seq = 0 , RTT = 0.685 msconnected to moose.snu.ac.kr : Seq = 1 , RTT = 0.612 msconnected to moose.snu.ac.kr : Seq = 2 , RTT = 1.754 msconnected to moose.snu.ac.kr : Seq = 3 , RTT = 0.718 msconnected to moose.snu.ac.kr : Seq = 4 , RTT = 0.711 msconnected to moose.snu.ac.kr : Seq = 5 , RTT = 0.667 msconnected to moose.snu.ac.kr : Seq = 6 , RTT = 1.775 msconnected to moose.snu.ac.kr : Seq = 7 , RTT = 0.673 msconnected to moose.snu.ac.kr : Seq = 8 , RTT = 1.782 msconnected to moose.snu.ac.kr : Seq = 9 , RTT = 0.638 ms

Waiting for outstanding packets (if any)..........

***** Round Trip Statistics of SYN-ACK to moose.snu.ac.kr (Port = 80) ******10 packets transmitted, 10 packets received, 0.00 percent packet lossround-trip (ms) min/avg/max = 0.612/1.001/1.782 (std = 0.531) (median = 0.698) (interquartile range = 1.087) (25 percentile = 0.667) (75 percentile = 1.754)

17

nmap (1/2)

• Network Mapper• Network exploration tool and security scanner• Scan large networks to determine which hosts are

up and what services are offering • Usage

– nmap [Scan Types] [ Options] <host>

• Reference– http://nmap.org – In the unix shell, man nmap

18

nmap (2/2)$ nmap mmlab.snu.ac.kr

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-03-18 16:39 KST

Interesting ports on mmlab.snu.ac.kr (147.46.114.112):Not shown: 1504 closed ports, 170 filtered portsPORT STATE SERVICE22/tcp open ssh25/tcp open smtp80/tcp open http110/tcp open pop3587/tcp open submission3306/tcp open mysql

Nmap finished: 1 IP address (1 host up) scanned in 9.968 seconds

19

iperf (1/2)

• A tool to measure maximum TCP bandwidth – allowing the tuning of various parameters and UDP

characteristics

• Reports bandwidth, delay jitter, datagram loss – for a TCP connection : throughput, bandwidth– for a UDP connection : throughput, jitter, lost/total

datagram

• Usage– iperf [-s|-c host] [options]

20

iperf (2/2)$ iperf -s------------------------------------------------------------Server listening on TCP port 5001TCP window size: 85.3 KByte (default)------------------------------------------------------------[ 4] local 147.46.240.47 port 5001 connected with 147.46.240.47 port 34169[ 4] 0.0-10.0 sec 1.25 GBytes 1.07 Gbits/sec

$ iperf –c martini.snu.ac.kr------------------------------------------------------------Client connecting to martini.snu.ac.kr, TCP port 5001TCP window size: 49.4 KByte (default)------------------------------------------------------------[ 3] local 147.46.240.47 port 34169 connected with 147.46.240.47 port 5001[ 3] 0.0-10.0 sec 1.25 GBytes 1.08 Gbits/sec

21

Crontab• crontab [ -u user ] { -l | -r | -e }

– -u user user 사용자에 대해서 crontab 작업을 수행한다 . 생략하면 crontab 명령을 실행하는 사용자에 대해서 crtontab 작업을 수행 .

– -l 현재 cron table 을 보여 준다 .– -r 현재 cron table 을 삭제한다 .– -e 현재 cron table 을 편집한다 .

• cron table 의 각 필드– minute(0~59) hour(0-23) day(1-31) month(1-12) weekday(1-7)

command– 요일 필드 : 1( 월 ), 2( 화 ), 3( 수 ), 4( 목 ), 5( 금 ), 6( 토 ), 7( 일 )– '*' : everytime– '-' : 범위 지정 , 예를 들어 시간 필드에 1-3 이면 1 시와 3 시 사이 즉 1 시 2

시 3 시– ',' : separator, 예를 들어 시간 필드에 1,3 이면 1 시와 3 시

– 사용 예 • 30 14 * * 1 ~/bin/log_cat

– 매주 월요일 오후 2 시 30 분에 ~/bin/log_cat 을 실행 • 30 2 1 * * ~/bin/log_report

– 매월 1 일 새벽 2 시 30 분에 ~/bin/log_report 를 실행