Exercises: Local Network Analysis Tools

Unix/IP Preparation Course
AfNOG 2010 - May 23, 2010
Kigali, Rwanda


1.) LSOF and NETSTAT

See what services are running on your machine. You can use the
presentation as a reference:

    http://www.ws.afnog.org/afnog2010/unix-intro/presosperformance-definitions-analysis.pdf

Or, utilize "man lsof", "man netstat", "lsof -h" y "netstat -h" to see
the available options (there are a lot!). Remember to use
sudo when using lsof and netstat.

First you need to install lsof. To do this do:

  $ sudo pkg_add -r lsof-\*

* Using lsof, what IPv4 services are listening on your machine?

* Using netstat, what IPv4 and IPv6 services are listening on your machine?


2.) TCPDUMP and WIRESHARK

To use tcpdump you need to use sudo. To use wireshark you need to open
a terminal and use sudo as a normal user (i.e., userid
"afnog"):

* Use tcpdump like this:

  $ sudo tcpdump -i lo -A -s1500 -w /tmp/tcpdump.log

  Now, generate some traffic on your lo interface in another terminal.
  For example:

  $ ping localhost
  $ ssh localhost
 
  etc. Afterwords press CTRL-C to terminate the tcpdump session.

  Note: ssh generates much more "interesting" output.

* Now install wireshark:

  $ sudo portinstall wireshark

  If that does not work:

  $ pkg_add -r wireshark-1\*

* Once installed, in another terminal as a normal user ("sysadmin") open
  wireshark like this:

  $ sudo wireshark -r /tmp/tcpdump.log

  Now you can play with the wireshark interface to start and
  understand how it works. Can you figure out how to follow packets
  by protocol? Session?

  Now try something like this (note the "eth1"):

  $ sudo rm /tmp/tcpdump.log
  $ sudo tcpdump -i eth1 -A -s1500 -w /tmp/tcpdump.log

  In another terminal do:

  $ ftp limestone.uoregon.edu
 
  Connected to limestone.uoregon.edu.
  220 FTP Server ready.
  Name (limestone.uoregon.edu:sysadmin): anonymous
  Password: anything you want
  ftp> exit

  And, end the tcpdump session in the other terminal (CTRL-C). Now
  view the contents of the log file:

  $ sudo wireshark -r /tmp/tcpdump.log

  Can you see your password? Sniffing passwords on wireless lans is
  very easy with a tool like this.


3.) USING IPERF
    
Use "man iperf" or "iperf -h" for help.

* First install iperf:

  $ sudo pkg_add -r iperf-2\*

* Ask your neighbor to run "iperf -s". Connect to your neighbor's
  machine using "iperf -c ipNeighbor". How is the throughput
  between your machines?

* Consider connecting both your laptops to a switch, configuring
  your eth0 interface with an IP address and doing the previous
  step again with this faster connection. How does it look?

* Test TCP using various window sizes (-2).

* Verify TCP MSS (-m). How does this affect throughput? What is
  Path MTU discovery?

* Test with two parallel threads (-P) and compare the totals. Is
  there any difference? Why?

* Test with different packet sizes and the TCP_NODELAY (-N) option.