CS244A Review Session Routing and DNSAnnouncementsWhat’s Covered TodayThe Layer ModelUseful tools #1a: netstatUseful tools #1b: ifconfigLayer TriviaProtocol QuizUseful tools #2a: tcpdumpUseful tools #2b: wiresharkView of wiresharkIP Fragmentation QuizUseful tools #3: tracerouteDomain Name Service (DNS)Slide 15Useful tools #4: hostRoot Name Servers (The Old Way)Slide 18Root Name Servers (Today)CS244A Review Session Routing and DNSJanuary 18, 2008Peter PawlowskiSlides derived from:Justin Pettit (2007)Matt Falkenhagen (2006)Yashar Ganjali (2005)Guido Appenzeller (2002)AnnouncementsPA #1 was due at noonProblem submitting? Send to TA.PS #1 due Tuesday at noonPA #2 live tonight at 11:59PMWhat’s Covered TodayThe three most important things learned so far: The Layer ModelIP and Routing BasicsThe Domain Name System (DNS)Some useful Network ToolsNetstat and ifconfigTracerouteTcpdump/WiresharkHostFTPASCII/BinaryIPTCPEthernetThe Layer ModelNetworkLinkTransportApplicationPresentationSessionTransportNetworkLinkPhysicalThe 7-layer OSI ModelThe 4-layer ModelApplicationWhat abstraction(s) does each layer expose?Useful tools #1a: netstatTells you about current network statusCurrent TCP sessions on the systemnetstat -t Current TCP listeners on the systemnetstat -ltnCurrent routing tablenetstat –rnetstat -rn (to display IP addresses instead of domain names)Current interfacesnetstat –iUseful tools #1b: ifconfigTells you about current network interfacesDisplays all interfaces, including their MTU, netmask, and IP addresses.ifconfig –aMust have root privileges to modify the network interfaces but anyone may view the current state[user@myth8 ~] ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:0F:1F:84:75:2E inet addr:171.64.15.186 Bcast:171.64.255.255 Mask:255.255.0.0 inet6 addr: fe80::20f:1fff:fe84:752e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2393901 errors:0 dropped:0 overruns:0 frame:0 TX packets:1958553 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1108847978 (1.0 GiB) TX bytes:1208671699 (1.1 GiB) Base address:0xdcc0 Memory:dfee0000-dff00000Layer TriviaIPTCPHTTPFTPWi-Fi/802.11BluetoothDHCPWhich layers are the following protocols:Network Layer Transport LayerApplication Layer, on top of TCPApplication Layer, on top of TCPLink LayerLink Layer plus some ApplicationBetween Link and NetworkProtocol QuizQ: How does a computer decide whether an incoming IP packet is UDP or TCP?A: Look at the protocol field.Q: How does a computer decide whether an incoming IP packet is HTTP or FTP?A: Look at the port number. But it doesn’t care, it just sends it to the application bound to that port.Q: You just fragged your friend with the AK-47 on Counter-Strike. What protocols did you use?A: Application layer protocol over UDP.Useful tools #2a: tcpdumpTool to capture and display network traffic on the local area networkRuns on Unix and WindowsOn Unix only the root user may listen on the interface[root@colorado user]# tcpdump -n -i eth0 -x -X -vvv -c 1 -s 200tcpdump: listening on eth011:17:47.738282 171.64.74.34.22 > 64.175.39.85.1221: P [tcp sum ok] 2168458766:2168458810(44) ack 1258905391 win 5840 (DF) [tos 0x10] (ttl 64, id 50841, len 84)0x0000 4510 0054 c699 4000 4006 1694 ab40 4a22 E..T..@.@....@J"0x0010 40af 2755 0016 04c5 8140 0e0e 4b09 5f2f @.'[email protected]._/Useful tools #2b: wiresharkGUI tool similar to tcpdump. Lets you view packets and translates a lot of the fields for youFormally called etherealRuns on Unix or WindowsOn Unix only the root user may listen on the interfaceBoth wireshark and tcpdump are available for the Myth systems in /usr/class/cs244a/binNo man page but has lots of documentation, including a user manual at http://www.wireshark.orgView of wiresharkPacketsTranslationPacket contentin hex formatIP Fragmentation QuizQ: What happens if a packet arrives that is too long for the link layer?A: It is split into several pieces.Q: Where in the network are packets fragmented?A: Can happen at any router or host!Q: Where are they re-assembled?A: Only at the destination!Q: What percentage of packets in the internet are fragmented?A: Almost noneUseful tools #3: tracerouteTraces how a packet gets from the local machine to the destinationSets TTL to n = 1...32Collects “timeout“ ICMP messages from hosts along the wayGood for finding out what is happening if the network is downAlso good for finding what the MTU on a path is or if packets get fragmentedtraceroute -F <host> <fragment size>Domain Name Service (DNS)Maps domain names (e.g. cs.stanford.edu) to IP addresses (e.g. 171.64.64.64)Top level name servers handle top level domains (e.g. “.edu”, “.de” etc.)Each domain has a DNS server that is responsible for the domain (e.g. DENIC for the “.de” domain)Each subdomains (e.g. google.de) has a DNS server that is responsible for the subdomainDomain Name Service (DNS)To find a mapping I work my way downwards Root Server(s) de fr com yahoo.de google.de mail.yahoo.deIn reality all this is done for me by my local DNS serverDENICKarlsruheGermanyYahoo’sDNS ServerUseful tools #4: hostTells you anything (almost) about DNS recordsMap a DNS name to an IP addresshost www.google.comMap an IP address to a DNS namehost 171.64.64.64Which DNS servers are responsible for a domainhost –t NS stanford.eduWhich hosts accept mail for a domainhost –t MX stanford.eduRoot Name Servers (The Old Way)There are 13 root name servers [Herndon, VA, USA] A.ROOT-SERVERS.NET (Verisign) [Marina del Rey, CA, USA] B.ROOT-SERVERS.NET (ISI) [Herndon, VA, USA] C.ROOT-SERVERS.NET (Cogent) [College Park, MD, USA] D.ROOT-SERVERS.NET (UM) [Mt View, CA, USA] E.ROOT-SERVERS.NET (NASA) [Palo Alto, CA, USA] F.ROOT-SERVERS.NET (ISC) [Columbus, OH, USA] G.ROOT-SERVERS.NET (DoD) [Aberdeen, MD, USA] H.ROOT-SERVERS.NET (US Army) [Stockholm, Sweden] I.ROOT-SERVERS.NET (Autonomica) [Dulles, VA, USA] J.ROOT-SERVERS.NET (Verisign) [London, UK] K.ROOT-SERVERS.NET (Reseaux) [Los Angeles, CA, USA] L.ROOT-SERVERS.NET (ICANN) [Tokyo, Japan] M.ROOT-SERVERS.NET (WIDE)Root Name Servers (The Old Way)Source: ICANNRoot Name Servers (Today)QuickTime™ and a decompressorare needed to see this picture.Source: