IP LAB EXPERIMENT – 2 - NANDITHA90/-IP-LAB2 GitHub Wiki

1) PING

a) Using ping on google.com and documenting the results based on the output received. [Finding the IP address, Time to live value, and round-trip time value].

b) By default, ping will send 4 packets to check the details, here you must send 8 packets to check the output over google.com.

Purpose of having many packets is advantageous.

Statistical Reliability: By sending multiple packets, we can calculate more reliable statistics, such as average round-trip time, packet loss rate, and standard deviation. With just a few packets, the results may have more possibility to get harmed (kind of risk) to fluctuations caused by temporary network issues.
Packet Loss Detection: Sending more packets allows us to identify potential packet loss issues. If some packets are lost during the process, it can indicate network congestion or connectivity problems.
Response Time Variability: The RTT (Round-Trip Time) values can vary from packet to packet due to network conditions. Collecting multiple RTT values helps us to understand the variability of response times.
Path Diversity: In some situations, network traffic might be routed differently for different packets. By sending more packets, we can know if the paths taken by different packets show any significant differences.
Network Fluctuations: Network conditions can change over time. By sending more packets, we can observe how the network performance evolves during the process of Ping command test.

c) Ping-ing your local host.

It helps to perform a basic test of the computer's networking capabilities and to ensure that the TCP/IP stack is functioning correctly.
Testing Network Stack: By pinging the local host, we are sending an ICMP (Internet Control Message Protocol) echo request packet to our own machine and waiting for the echo reply. This ensures that the networking stack is operational and capable of processing network packets.
Verifying TCP/IP Configuration: Pinging the local host is a way to verify that the computer's IP address and TCP/IP configuration are perfectly set up. If we successfully ping the loopback address, that indicates that the network configuration is functioning as expected.
Testing Network Interface: The loopback test confirms that the network interface (NIC or network adapter) is working correctly. If the loopback test fails, it could indicate an issue with the network adapter or its drivers.
Isolation of Network Issues: Pinging the local host helps to isolate networking problems. If we successfully ping the loopback address but have issues pinging external hosts, it informs that the problem lies outside the local machine.
Debugging and Troubleshooting: While troubleshooting network-related issues, pinging the local host can help to check basic connectivity. It allows us to ensure that the computer can communicate with itself and that network protocols are functioning as expected.

2) TRACERT

Hop-by-Hop Route Visualization: Tracert visualizes the route taken by packets as they traverse the network from the source to the destination. The command displays a list of HOPS (Intermediate Routers) along the way and provides valuable information about round-trip times to each hop. This helps in diagnosing connectivity issues and understanding the network path.
Round-Trip Time (RTT) Statistics: Tracert display the round-trip time (RTT) for each hop. RTT represents the time taken for an ICMP packet to travel from the source to a specific hop and back. This information allows us to assess network latency and identify potential bottlenecks. Higher RTT values may indicate network congestion or longer paths.
Diagnostic Information: The traceroute command sometimes provides other diagnostic information, such as the IP addresses and hostnames of HOPS (Intermediate routers). This data can be useful in identifying specific network devices involved in the routing process. Traceroute also shows the number of packets sent to each hop, packet loss percentage, and the maximum time allowed for a reply.

Screenshot (166) (Attaching [a]Try tracert over google.com [b]Type tracert -d google.com)

a) It starts the traceroute to "google.com" and display the hops and round-trip times. Number of hops the machine away from google.com : over a maximum of 30 hops.

(Performing the Operation again after some time for checking the results) Screenshot (167)

b) While performing the command again after some time, the results vary each time when we run it. Network conditions are dynamic. The routing path may change based on network congestion, traffic, and other factors. The number of hops and round-trip times may differ in subsequent runs due to changes in the network topology, load balancing, or routing policies.

3) NETSTAT

a) Use netstat to display information about the routing table.

b) Use netstat to display about ethernet statistics.

Using netstat -e

Using netstat -s

Screenshot (172) Screenshot (173) Screenshot (174)

4) NSLOOKUP

The 'nslookup' (Name Server Lookup) command is a network tool.
It is used to query Domain Name System (DNS) servers to obtain information about domain names or IP addresses.
Its main purpose is to help users and system administrators troubleshoot DNS-related issues, gather DNS information, and perform DNS-related tasks.
DNS Resolution: The most common use of nslookup is to resolve domain names to their corresponding IP addresses and vice versa.
Checking DNS Records: nslookup allows us to query DNS records of different types, such as A records (IPv4 address), AAAA records (IPv6 address), MX records (mail exchange servers), CNAME records (canonical name), and more. This is useful for verifying the DNS configuration and troubleshooting issues related to specific DNS records.
Testing DNS Servers: nslookup enables us to test the responsiveness and reliability of DNS servers by querying them directly.
Troubleshooting Network Issues: When we are facing network connectivity issues, nslookup can help us identify if the problem is related to DNS resolution. If the name resolution fails or returns unexpected results, it can indicate DNS misconfigurations or issues with the DNS infrastructure.
Analyzing DNS Propagation: When making changes to DNS records, such as updating the IP address of a website, nslookup can be used to check DNS propagation. This is helpful to see if the DNS changes have propagated across different DNS servers worldwide.
Reverse DNS Lookup: nslookup can perform reverse DNS lookups, where we input an IP address, and it provides the corresponding domain name if available. This is useful for verifying the ownership of IP addresses.

a) Use nslookup to find out the internet address of the domain amrita.edu

b) Mail exchanger for the domain google.com.

The mail exchanger (MX) records for the domain "google.com" indicate the mail servers responsible for handling incoming email messages for the domain. These MX records are used by other mail servers to determine where to deliver emails addressed to users at the "google.com" domain.

c) Name server for amrita.edu.

5) ARP and RARP

ARP (Address Resolution Protocol) and RARP (Reverse Address Resolution Protocol) are network protocols used in the TCP/IP protocol suite to map between IP addresses and MAC (Media Access Control) addresses in a local network.

- ARP

used to resolve or map an IP address to the corresponding MAC address on a local area network (LAN).
When a device wants to communicate with another device on the same LAN, it needs the MAC address of the target device to deliver the data at the link layer (data link layer) of the OSI model. ARP is used for this purpose.

- RARP

older and less commonly used protocol than ARP.
Its purpose is the reverse of ARP: RARP is used to resolve a MAC address to the corresponding IP address on a local network.

a) Using arp command to find the gateway address and host systems hardware address.

b) Finding the arp entries for a particular interface.

c) Deleting an arp entry.

d) Add and arp entry in arp cache.

6) TCPDUMP

a) Using tcpdump, getting the information about the general incoming network traffic with domain names.

b) Using tcpdump, get the information about the general incoming network traffic with ip address on specific interface

7) WIRESHARK

Using Evidence.pcapng as evidence file.

A) Analyzing the traffic file.

Capture Traffic: Using tool like Wireshark allows us to inspect the packets and understand the communication.
Filtering Relevant Packets: Applying filters in Wireshark to isolate the packets that are relevant to the PING activity and the unknown IP address. Here we are using PING, so using ICMP for the filtering process.

Filtering by ICMP