CS244A Review Session Routing and DNSAnnouncementsWhat’s Covered TodayThe Layer ModelUseful tools #1a: netstatUseful tools #1b: ifconfigLayer TriviaProtocol QuizUseful tools #2a: tcpdumpUseful tools #2b: wiresharkView of wiresharkIP Fragmentation QuizUseful tools #3: tracerouteDomain Name Service (DNS)Slide 15Useful tools #4: hostRoot Name Servers (The Old Way)Slide 18Root Name Servers (Today)CS244A Review Session Routing and DNSJanuary 18, 2008Peter PawlowskiSlides derived from:Justin Pettit (2007)Matt Falkenhagen (2006)Yashar Ganjali (2005)Guido Appenzeller (2002)AnnouncementsPA #1 was due at noonProblem submitting? Send to TA.PS #1 due Tuesday at noonPA #2 live tonight at 11:59PMWhat’s Covered TodayThe three most important things learned so far: The Layer ModelIP and Routing BasicsThe Domain Name System (DNS)Some useful Network ToolsNetstat and ifconfigTracerouteTcpdump/WiresharkHostFTPASCII/BinaryIPTCPEthernetThe Layer ModelNetworkLinkTransportApplicationPresentationSessionTransportNetworkLinkPhysicalThe 7-layer OSI ModelThe 4-layer ModelApplicationWhat abstraction(s) does each layer expose?Useful tools #1a: netstatTells you about current network statusCurrent TCP sessions on the systemnetstat -t Current TCP listeners on the systemnetstat -ltnCurrent routing tablenetstat –rnetstat -rn (to display IP addresses instead of domain names)Current interfacesnetstat –iUseful tools #1b: ifconfigTells you about current network interfacesDisplays all interfaces, including their MTU, netmask, and IP addresses.ifconfig –aMust have root privileges to modify the network interfaces but anyone may view the current state[user@myth8 ~] ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:0F:1F:84:75:2E inet addr:171.64.15.186 Bcast:171.64.255.255 Mask:255.255.0.0 inet6 addr: fe80::20f:1fff:fe84:752e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2393901 errors:0 dropped:0 overruns:0 frame:0 TX packets:1958553 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1108847978 (1.0 GiB) TX bytes:1208671699 (1.1 GiB) Base address:0xdcc0 Memory:dfee0000-dff00000Layer TriviaIPTCPHTTPFTPWi-Fi/802.11BluetoothDHCPWhich layers are the following protocols:Network Layer Transport LayerApplication Layer, on top of TCPApplication Layer, on top of TCPLink LayerLink Layer plus some ApplicationBetween Link and NetworkProtocol QuizQ: How does a computer decide whether an incoming IP packet is UDP or TCP?A: Look at the protocol field.Q: How does a computer decide whether an incoming IP packet is HTTP or FTP?A: Look at the port number. But it doesn’t care, it just sends it to the application bound to that port.Q: You just fragged your friend with the AK-47 on Counter-Strike. What protocols did you use?A: Application layer protocol over UDP.Useful tools #2a: tcpdumpTool to capture and display network traffic on the local area networkRuns on Unix and WindowsOn Unix only the root user may listen on the interface[root@colorado user]# tcpdump -n -i eth0 -x -X -vvv -c 1 -s 200tcpdump: listening on eth011:17:47.738282 171.64.74.34.22 > 64.175.39.85.1221: P [tcp sum ok] 2168458766:2168458810(44) ack 1258905391 win 5840 (DF) [tos 0x10] (ttl 64, id 50841, len 84)0x0000 4510 0054 c699 4000 4006 1694 ab40 4a22 E..T..@.@....@J"0x0010 40af 2755 0016 04c5 8140 0e0e 4b09 5f2f @.'[email protected]._/Useful tools #2b: wiresharkGUI tool similar to tcpdump. Lets you view packets and translates a lot of the fields for youFormally called etherealRuns on Unix or WindowsOn Unix only the root user may listen on the interfaceBoth wireshark and tcpdump are available for the Myth systems in /usr/class/cs244a/binNo man page but has lots of documentation, including a user manual at http://www.wireshark.orgView of wiresharkPacketsTranslationPacket contentin hex formatIP Fragmentation QuizQ: What happens if a packet arrives that is too long for the link layer?A: It is split into several pieces.Q: Where in the network are packets fragmented?A: Can happen at any router or host!Q: Where are they re-assembled?A: Only at the destination!Q: What percentage of packets in the internet are fragmented?A: Almost noneUseful tools #3: tracerouteTraces how a packet gets from the local machine to the destinationSets TTL to n = 1...32Collects “timeout“ ICMP messages from hosts along the wayGood for finding out what is happening if the network is downAlso good for finding what the MTU on a path is or if packets get fragmentedtraceroute -F <host> <fragment size>Domain Name Service (DNS)Maps domain names (e.g. cs.stanford.edu) to IP addresses (e.g. 171.64.64.64)Top level name servers handle top level domains (e.g. “.edu”, “.de” etc.)Each domain has a DNS server that is responsible for the domain (e.g. DENIC for the “.de” domain)Each subdomains (e.g. google.de) has a DNS server that is responsible for the subdomainDomain Name Service (DNS)To find a mapping I work my way downwards Root Server(s) de fr com yahoo.de google.de mail.yahoo.deIn reality all this is done for me by my local DNS serverDENICKarlsruheGermanyYahoo’sDNS ServerUseful tools #4: hostTells you anything (almost) about DNS recordsMap a DNS name to an IP addresshost www.google.comMap an IP address to a DNS namehost 171.64.64.64Which DNS servers are responsible for a domainhost –t NS stanford.eduWhich hosts accept mail for a domainhost –t MX stanford.eduRoot Name Servers (The Old Way)There are 13 root name servers [Herndon, VA, USA] A.ROOT-SERVERS.NET (Verisign) [Marina del Rey, CA, USA] B.ROOT-SERVERS.NET (ISI) [Herndon, VA, USA] C.ROOT-SERVERS.NET (Cogent) [College Park, MD, USA] D.ROOT-SERVERS.NET (UM) [Mt View, CA, USA] E.ROOT-SERVERS.NET (NASA) [Palo Alto, CA, USA] F.ROOT-SERVERS.NET (ISC) [Columbus, OH, USA] G.ROOT-SERVERS.NET (DoD) [Aberdeen, MD, USA] H.ROOT-SERVERS.NET (US Army) [Stockholm, Sweden] I.ROOT-SERVERS.NET (Autonomica) [Dulles, VA, USA] J.ROOT-SERVERS.NET (Verisign) [London, UK] K.ROOT-SERVERS.NET (Reseaux) [Los Angeles, CA, USA] L.ROOT-SERVERS.NET (ICANN) [Tokyo, Japan] M.ROOT-SERVERS.NET (WIDE)Root Name Servers (The Old Way)Source: ICANNRoot Name Servers (Today)QuickTime™ and a decompressorare needed to see this picture.Source:
View Full Document