Internet Tool Practice. 이지민 장동현

Internet Tool Practice 이지민 (jmlee@mmlab.snu.ac.kr) 장동현 (dhjang@mmlab.snu.ac.kr) 2011. 11. 2 1

Outline Internet Tools ping traceroute nslookup ifconfig arp netstat synack nmap Iperf crontab Homeworks 2

ping (1/3) sends an ICMP ECHO_REQUEST message to a host tests whether another host is reachable measures the round-trip time to the host Usage ping [-options value ] destination Option type : -s (size), -c (count), -i (interval ), -t (TTL) etc. Ex) ping c 5 mmlab.snu.ac.kr Reference In the UNIX-like system, man ping Because the options of ping are different according to OS, see man-page for details Applicable to all the commands introduced here 3

ping (2/3) $ ping -c 3 -t 10 mmlab.snu.ac.kr PING mmlab.snu.ac.kr (147.46.114.112) 56(84) bytes of data. 64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=1 ttl=62 time=1.57 ms 64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=2 ttl=62 time=0.387 ms 64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=3 ttl=62 time=1.41 ms --- mmlab.snu.ac.kr ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 0.387/1.125/1.574/0.525 ms 4

ping (3/3) $ ping -c 3 -i 3 mmlab.snu.ac.kr PING mmlab.snu.ac.kr (147.46.114.112) 56(84) bytes of data. 64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=1 ttl=62 time=0.411 ms 64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=2 ttl=62 time=0.550 ms 64 bytes from mmlab.snu.ac.kr (147.46.114.112): icmp_seq=3 ttl=62 time=80.0 ms --- mmlab.snu.ac.kr ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 6005ms rtt min/avg/max/mdev = 0.411/27.002/80.045/37.507 ms 5

traceroute (1/2) let us see the route that IP datagrams follow from one host to another Although there are no guarantees that two consecutive IP datagrams from the same source to the same destination follow the same route, most of the time they do. Usage traceroute [-options value ] hostname Ex) traceroute www.snu.ac.kr 6

traceroute (2/2) $ traceroute mmlab.snu.ac.kr traceroute to mmlab.snu.ac.kr (147.46.114.112), 30 hops max, 40 byte packets 1 147.46.240.1 (147.46.240.1) 0.411 ms 0.429 ms 1.357 ms 2 147.47.20.129 (147.47.20.129) 13.857 ms 0.463 ms 1.358 ms 3 mmlab (147.46.114.112) 0.330 ms 0.546 ms 1.359 ms $ traceroute www.cs.berkeley.edu traceroute to hyperion.cs.berkeley.edu (169.229.60.105), 30 hops max, 38 byte packets 1 147.46.113.2 (147.46.113.2) 0.353 ms 0.281 ms 0.275 ms 2 147.46.200.25 (147.46.200.25) 0.264 ms 0.224 ms 0.222 ms 3 147.46.254.129 (147.46.254.129) 0.871 ms 1.017 ms 1.273 ms 4 147.46.254.26 (147.46.254.26) 1.641 ms 2.049 ms 1.854 ms 5 202.30.43.33 (202.30.43.33) 2.186 ms 1.664 ms 1.870 ms 6 seoulgsr.kreonet.net (134.75.12.6) 1.912 ms 1.925 ms 1.890 ms 7 baramgsr-seoulgsr.kreonet.net (134.75.1.1) 5.097 ms 6.110 ms 5.012 ms. 17 hyperion.cs.berkeley.edu (169.229.60.105) 217.609 ms 217.629 ms 218.099 ms 7

nslookup (1/2) Allow anyone to directly query a name server and retrieve any of the information known to the DNS System Usage nslookup [ - option ] [ name - ] [ server ] interactive mode non-interactive mode another program host google.co.kr dig google.co.kr 8

$ nslookup > mmlab.snu.ac.kr Server: 147.46.80.1 Address: 147.46.80.1#53 Name: mmlab.snu.ac.kr Address: 147.46.114.112 > 147.46.114.112 Server: 147.46.80.1 Address: 147.46.80.1#53 nslookup (2/2) 112.114.46.147.in-addr.arpa name = mmlab.snu.ac.kr. $ nslookup cse.snu.ac.kr Server: 147.46.80.1 Address: 147.46.80.1#53 Non-authoritative answer: Name: cse.snu.ac.kr Address: 147.46.240.39 9

ifconfig Check the network interface configuration Usage ifconfig [interface] $ /sbin/ifconfig eth0 Link encap:ethernet HWaddr 00:B0:D0:68:B1:C6 inet addr:147.46.240.47 Bcast:147.46.240.255 Mask:255.255.255.0 inet6 addr: fe80::2b0:d0ff:fe68:b1c6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:69962395 errors:0 dropped:0 overruns:150 frame:150 TX packets:35559225 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3286312879 (3.0 GiB) TX bytes:48791130 (46.5 MiB).. 10

arp manipulate the system ARP cache Usage arp [option] hostname $ arp -a? (147.46.114.1) at 00:00:0c:07:ac:00 on rl0 [ethernet]? (147.46.114.2) at 00:d0:02:cb:e3:fc on rl0 [ethernet]? (147.46.114.10) at 00:0a:5e:01:e2:ba on rl0 [ethernet]? (147.46.114.33) at 00:e0:98:b0:fa:7d on rl0 [ethernet]? (147.46.114.93) at 00:04:76:d0:0a:ab on rl0 [ethernet] csebrg1.snu.ac.kr (147.46.114.102) at 00:50:04:bf:c5:b9 on rl0 [ethernet] topaz.snu.ac.kr (147.46.114.113) at 00:0d:61:3b:8f:59 on rl0 [ethernet] garnet.snu.ac.kr (147.46.114.114) at 00:0e:35:0d:fe:96 on rl0 [ethernet] opal.snu.ac.kr (147.46.114.116) at 00:11:11:0f:2f:c0 on rl0 [ethernet] emerald.snu.ac.kr (147.46.114.118) at 00:4f:4e:0d:51:2d on rl0 [ethernet] smart1.snu.ac.kr (147.46.114.120) at 00:00:f0:91:0d:3a on rl0 [ethernet]? (147.46.114.193) at 00:50:da:91:0b:0d on rl0 [ethernet] 11

Show network status Usage netstat [option] Options netstat (1/2) -a : show the state of all sockets. But normally sockets used by server processes are not shown. -i : show status and statistics for the physical interfaces -n : show network addresses as numbers -r : show the routing table 12

netstat (2/2) $ netstat r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface localnet * 255.255.255.0 U 0 0 0 eth0 default 147.46.240.1 0.0.0.0 UG 0 0 0 eth0 $ netstat rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 147.46.240.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 147.46.240.1 0.0.0.0 UG 0 0 0 eth0 13

Description synack (1/3) Establishes a Client-Server connection by calling connect which performs the 3-way Handshake of the TCP Protocol Measures the time taken for the connection to be established b/w the client & server Closes the connection once the RTT is measured by calling close which performs a 4-packet exchange Repeats the above process at regular intervals (defined by the user) after the connection is closed Performs statistical analysis on the RTT data obtained Reference http://www-iepm.slac.stanford.edu/tools/synack/ 14

Usage synack [-options] host synack (2/3) Options -p ## port number to send to (default 22) -k ## no. of connections to be made -i ## Time interval between connections in secs (default 1 sec) -u ## Time interval between connections in microsecs -z ## Percentile 1 (default 25) -Z ## Percentile 2 (default 75) -S ## Timout in secs (default 1 Sec) -s ## Timeout in millisecs 15

$./synack -p 80 -k 10 www.snu.ac.kr synack (3/3) SYN-ACK to moose.snu.ac.kr (147.46.10.48), 10 Packets connected to moose.snu.ac.kr : Seq = 0, RTT = 0.685 ms connected to moose.snu.ac.kr : Seq = 1, RTT = 0.612 ms connected to moose.snu.ac.kr : Seq = 2, RTT = 1.754 ms connected to moose.snu.ac.kr : Seq = 3, RTT = 0.718 ms connected to moose.snu.ac.kr : Seq = 4, RTT = 0.711 ms connected to moose.snu.ac.kr : Seq = 5, RTT = 0.667 ms connected to moose.snu.ac.kr : Seq = 6, RTT = 1.775 ms connected to moose.snu.ac.kr : Seq = 7, RTT = 0.673 ms connected to moose.snu.ac.kr : Seq = 8, RTT = 1.782 ms connected to moose.snu.ac.kr : Seq = 9, RTT = 0.638 ms Waiting for outstanding packets (if any)... ***** Round Trip Statistics of SYN-ACK to moose.snu.ac.kr (Port = 80) ****** 10 packets transmitted, 10 packets received, 0.00 percent packet loss round-trip (ms) min/avg/max = 0.612/1.001/1.782 (std = 0.531) (median = 0.698) (interquartile range = 1.087) (25 percentile = 0.667) (75 percentile = 1.754) 16

Network Mapper nmap (1/2) Network exploration tool and security scanner Scan large networks to determine which hosts are up and what services are offering Usage nmap [Scan Types] [ Options] <host> Reference http://nmap.org In the unix shell, man nmap 17

nmap (2/2) $ nmap mmlab.snu.ac.kr Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-03-18 16:39 KST Interesting ports on mmlab.snu.ac.kr (147.46.114.112): Not shown: 1504 closed ports, 170 filtered ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 587/tcp open submission 3306/tcp open mysql Nmap finished: 1 IP address (1 host up) scanned in 9.968 seconds 18

iperf (1/2) is a tool to measure maximum TCP bandwidth allowing the tuning of various parameters and UDP characteristics reports bandwidth, delay jitter, datagram loss for a TCP connection : throughput, bandwidth for a UDP connection : throughput, jitter, lost/total datagram Usage iperf [-s -c host] [options] 19

iperf (2/2) $ iperf -s ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 147.46.240.47 port 5001 connected with 147.46.240.47 port 34169 [ 4] 0.0-10.0 sec 1.25 GBytes 1.07 Gbits/sec $ iperf c martini.snu.ac.kr ------------------------------------------------------------ Client connecting to martini.snu.ac.kr, TCP port 5001 TCP window size: 49.4 KByte (default) ------------------------------------------------------------ [ 3] local 147.46.240.47 port 34169 connected with 147.46.240.47 port 5001 [ 3] 0.0-10.0 sec 1.25 GBytes 1.08 Gbits/sec 20

Crontab crontab [ -u user ] { -l -r -e } -u user user 사용자에대해서 crontab 작업을수행한다. 생략하면 crontab 명령을실행하는사용자에대해서 crtontab 작업을수행. -l 현재 cron table 을보여준다. -r 현재 cron table 을삭제한다. -e 현재 cron table 을편집한다. cron table 의각필드 minute(0~59) hour(0-23) day(1-31) month(1-12) weekday(1-7) command 요일필드 : 1( 월 ), 2( 화 ), 3( 수 ), 4( 목 ), 5( 금 ), 6( 토 ), 7( 일 ) '*' : everytime '-' : 범위지정, 예를들어시간필드에 1-3 이면 1 시와 3 시사이즉 1 시 2 시 3 시 ',' : separator, 예를들어시간필드에 1,3 이면 1 시와 3 시 사용예 30 14 * * 1 ~/bin/log_cat 매주월요일오후 2 시 30 분에 ~/bin/log_cat 을실행 30 2 1 * * ~/bin/log_report 매월 1 일새벽 2 시 30 분에 ~/bin/log_report 를실행 21