Investigating Network Management/Monitoring Tools

Purpose:

Procedure:

Boot into Linux on the flash drive as mradmin, password still bluestone. You may stay on the orange network with a 153.106.* IP address.

Traceroute

I learned last year that, while everyone knows about ping, many students don't know about traceroute.

1. Install traceroute on your machine, if it isn't there already.

• To do this, just open a Terminal window and try running traceroute. It will probably give you an error and tell you how to install traceroute. Remember you have to use sudo to run apt-get.

1. Go to the web to figure out what traceroute is supposed to do. *** Q1. Put your answer in your lab report. ***
2. Run traceroute to 8.8.8.8 (google's DNS server machine). *** Q2. Copy 'n' paste the results into your lab report. ***
3. Run wireshark in one window (sudo wireshark). (You may have to install it.) You'll want to turn on some filtering in wireshark so that you are only seeing message to/from your host.
   
   To turn on the proper filtering, click on the Expression... button, then scroll down to find IPv4.
   Click on the triangle there, and select ip.addr. Then set the relation to == and put your machines IP address in the Value box. Now, click Apply on the main window.
   
   
4. Now, run traceroute 8.8.8.8 in another terminal.
   *** Q3. Report what you can figure out from the wireshark output about how traceroute works. This is hard, but do your best. Look for the values in the Time to live field in the IP header.
   
   You might also try doing traceroute 7.7.7.7 and see if what you get back helps you understand what is going on. ***
5. Do a traceroute to 44.0.0.1. Look at the names of the machines in the output. *** Q4. List some of the geographic locations (cities, areas) that the packet travels through to get to the destination. Some of this info is shown in the names of the machines. You might also go to http://iplocation.net to figure out or confirm some of the locations. ***

nmap

nmap is a very powerful tool that lets you discover all kinds of things about machines on a network.

1. Install nmap on your machine.
2. Run nmap --help to see how many many many command-line options there are... *shudder*
3. Investigate online to find some web pages that describe some of the most used options to nmap. Keep those web pages handy.
4. *** Q5. Give the command-line options used to find all open ports on your own machine. Put the output in the lab report, too. ***
5. *** Q6. Give the command-line options used to find all machines that are UP on the Computer Science network. The CS network can be specified this way: 153.106.116.0/23 . Put your output in your lab report. ***
6. *** Q7. Repeat the previous step on this part of the Calvin network: 153.106.4.*. Put the command line and results in the lab report. ***
7. *** Q8. What is the command line to make nmap list only open http ports (port 80) on machines on 153.106.116.* and 153.106.117.* and show what version of software is listening on those ports? *** (Answer: nmap --open -sV -p T:80 153.106.116.* 153.106.117.*

Clean up

Remove wireshark, traceroute, and nmap from the flash drive:

sudo apt-get purge wireshark traceroute nmap

Extra time? Try out mtr. It is cool!