Yu Cheng (Jade)
ICS 351
Lab Report 1
September 14
[Exercise 1]
No output was recorded for this exercise.
[Exercise 2]
No output was recorded for this exercise.
[Exercise 3]
We saved `ls -l / etc` to /etcfile_1. Then, we moved this file into /labdata. I
realized later that there was a space between / and etc. We probably shouldn't
have put a space there. Instead of getting a list of files in /etc, we got a
list of files in /.
[Exercise 4a]
We did part 1 in exercise 3, so etcfile_1 is already included with this
report.
For part 2, we ran the command `df`, but we didn't save its output. The command
listed out all of the file systems that were mounted, what type they were, how
full they were, and where they were mounted to.
[Excercise 4b]
No output was recorded for this exercise.
[Excercise 5]
We viewed the contents of the following files with the `more` command:
more /etc/sysconfig/network
more /etc/sysconfig/network-scripts/ifcfg-lo
more /etc/sysconfig/network-scripts/ifcfg-eth0
more /etc/sysconfig/network-scripts/ifcfg-eth1
more /etc/sysconfig/static-routes
more /etc/hosts
more /etc/sysctl.conf
We saved the contents of network, ifcfg-lo, ifcfg-eth1, and hosts. The contents
of these files were saved to configfiles.
Question 1: To change the name of the linux PC, PC1, we would change the
following line in /etc/sysconfig/network:
HOSTNAME=PC1 --> HOSTNAME=machine1
Question 2: The line starting with FORWARD_IPV4 in /etc/sysconfig/network seems
to determine whether or not the linux PC performs IP forwarding.
[Excercise 6]
We saved the output of `ping -c 5 10.0.1.12` from PC1 to pingfile1.
We saved the output of `ping -c 5 10.0.1.11` from PC2 to pingfile2.
We saved the output of `ping -c 5 127.0.0.1` from PC2 to pingfile3.
Question 1: 127.0.0.1 is the IP address of localhost. The address is the same
regardless of the network configuration. It is available even if no other
network interfaces are. This makes pinging 127.0.0.1 smipler and more universal
than pinging 10.0.1.11.
[Excercise 7a]
We saved the output of tcpdump from PC1 while pinging PC2 one time with the
command `ping -c 1 10.0.1.12` as tcpdumpfile_1.
Question 1: The output of tcpdump was difficult to understand. Each line
contained information about a single bit of data transfered through the network
interface. Each line started with the precise time when it occured followed by
the protocol type. The first two lines follow exactly what it written on page
23 of the lab notebook: "Ping sends a short packet to an IP address and waits
for a response from that IP address. The packets that are issued during the
ping are ICMP Echo Request and ICMP Echo response messages." The third and
fourth lines indicate something about ARP, which we haven't studied.
07:30:57.684181 IP 10.0.1.11 > 10.0.1.12: ICMP echo request, id 57121,
seq 1, length 64
07:30:57.684423 IP 10.0.1.12 > 10.0.1.11: ICMP echo reply, id 57121,
seq 1, length 64
07:31:02.683808 arp who-has 10.0.1.12 tell 10.0.1.11
07:31:02.683935 arp reply 10.0.1.12 is-at 00:02:a5:57:1b:8a
[Excercise 7b]
We ran the command `tcpdump -n` on PC1 while issuing the command
`ping -c 1 111.111.111.111`. The tcpdump showed that the ICMP echo was
requested, but there was no response from any of the other PCs.
We saved the output of tcpdump while pinging the broadcast address, 10.0.1.255,
to tcpdumpfile_2.
Question 1: I don't know how many PCs responded to the ping to the broadcast
address. We did not see any response so probably none of them did.
[Excercise 8]
We saved our captured wireshark traffic into the file wiresharkfile.
Wireshark output and tcpdump output differ greatly. Wireshark provides more
detailed information. It numbers each packet and it describes the protocols
used in more detail.
