Yu Cheng (Jade) ICS 351 Lab Report 1 September 14 [Exercise 1] No output was recorded for this exercise. [Exercise 2] No output was recorded for this exercise. [Exercise 3] We saved `ls -l / etc` to /etcfile_1. Then, we moved this file into /labdata. I realized later that there was a space between / and etc. We probably shouldn't have put a space there. Instead of getting a list of files in /etc, we got a list of files in /. [Exercise 4a] We did part 1 in exercise 3, so etcfile_1 is already included with this report. For part 2, we ran the command `df`, but we didn't save its output. The command listed out all of the file systems that were mounted, what type they were, how full they were, and where they were mounted to. [Excercise 4b] No output was recorded for this exercise. [Excercise 5] We viewed the contents of the following files with the `more` command: more /etc/sysconfig/network more /etc/sysconfig/network-scripts/ifcfg-lo more /etc/sysconfig/network-scripts/ifcfg-eth0 more /etc/sysconfig/network-scripts/ifcfg-eth1 more /etc/sysconfig/static-routes more /etc/hosts more /etc/sysctl.conf We saved the contents of network, ifcfg-lo, ifcfg-eth1, and hosts. The contents of these files were saved to configfiles. Question 1: To change the name of the linux PC, PC1, we would change the following line in /etc/sysconfig/network: HOSTNAME=PC1 --> HOSTNAME=machine1 Question 2: The line starting with FORWARD_IPV4 in /etc/sysconfig/network seems to determine whether or not the linux PC performs IP forwarding. [Excercise 6] We saved the output of `ping -c 5 10.0.1.12` from PC1 to pingfile1. We saved the output of `ping -c 5 10.0.1.11` from PC2 to pingfile2. We saved the output of `ping -c 5 127.0.0.1` from PC2 to pingfile3. Question 1: 127.0.0.1 is the IP address of localhost. The address is the same regardless of the network configuration. It is available even if no other network interfaces are. This makes pinging 127.0.0.1 smipler and more universal than pinging 10.0.1.11. [Excercise 7a] We saved the output of tcpdump from PC1 while pinging PC2 one time with the command `ping -c 1 10.0.1.12` as tcpdumpfile_1. Question 1: The output of tcpdump was difficult to understand. Each line contained information about a single bit of data transfered through the network interface. Each line started with the precise time when it occured followed by the protocol type. The first two lines follow exactly what it written on page 23 of the lab notebook: "Ping sends a short packet to an IP address and waits for a response from that IP address. The packets that are issued during the ping are ICMP Echo Request and ICMP Echo response messages." The third and fourth lines indicate something about ARP, which we haven't studied. 07:30:57.684181 IP 10.0.1.11 > 10.0.1.12: ICMP echo request, id 57121, seq 1, length 64 07:30:57.684423 IP 10.0.1.12 > 10.0.1.11: ICMP echo reply, id 57121, seq 1, length 64 07:31:02.683808 arp who-has 10.0.1.12 tell 10.0.1.11 07:31:02.683935 arp reply 10.0.1.12 is-at 00:02:a5:57:1b:8a [Excercise 7b] We ran the command `tcpdump -n` on PC1 while issuing the command `ping -c 1 111.111.111.111`. The tcpdump showed that the ICMP echo was requested, but there was no response from any of the other PCs. We saved the output of tcpdump while pinging the broadcast address, 10.0.1.255, to tcpdumpfile_2. Question 1: I don't know how many PCs responded to the ping to the broadcast address. We did not see any response so probably none of them did. [Excercise 8] We saved our captured wireshark traffic into the file wiresharkfile. Wireshark output and tcpdump output differ greatly. Wireshark provides more detailed information. It numbers each packet and it describes the protocols used in more detail.