Department of Computer Science and Information Technology

TELECOM NETWORK MANAGMENT: CSIWZG582

Laboratory Work Sheet – I
S R Karthik
2021WB86748
1. Lab Exercise:
Problem Statement:

Open the linux terminal and execute the following basic networking tools and utilities.
Make your observations and record the output of each command.

> Lab usage evidences :

 Steps to be followed: Open the terminal in Linux and execute the following commands:

1. ifconfig
Observe the details that are displayed and record
o Number of interfaces that are shown.
o IP address and MAC address of the respective interfaces.
o Other statistical information.
o What is Subnet Mask of each interface and its significance.

 Output:
IP Address and MAC Address of the Respective Interfaces

 ens5:
o IP Address: 172.31.6.245
o MAC Address: 0a:7b:c0:f4:54:a3
 lo (Loopback):
o IP Address: 127.0.0.1
o MAC Address: Not applicable (loopback interface does not use MAC
addresses).

Other Statistical Information

 ens5:

o RX packets: 22,760
o RX bytes: 31,603,089 (31.6 MB)
o TX packets: 5,344
o TX bytes: 1,409,015 (1.4 MB)
o RX errors: 0
o TX errors: 0

 lo (Loopback):

o RX packets: 353
o RX bytes: 29,963 (29.9 KB)
o TX packets: 353
o TX bytes: 29,963 (29.9 KB)
o RX errors: 0
o TX errors: 0
Subnet Mask of Each Interface:
 ens5:

o Subnet Mask: 255.255.240.0

 Significance: This subnet mask indicates that the first 20 bits
(255.255.240.0) are used for the network part of the address,
allowing for a total of 4096 IP addresses in this range, which can
be useful for medium-sized networks.

 lo (Loopback):

o Subnet Mask: 255.0.0.0

 Significance: This subnet mask is typical for loopback interfaces,
indicating that the first 8 bits are used for the network part,
effectively allowing for 16,777,216 loopback addresses (though
normally only one is used: 127.0.0.1). It’s primarily used for local
communication within the host.
 2. ping x.x.x.x or ping <some_domain_name>
(x.x.x.x – represents some IP address of the node)
o What is the use of ping utility in computer networks?
o Observe the different details that are displayed like time for icmp echo
request and replies, number of bytes sent etc.
o Also try to ping an IP address or domain name that does not exist and record
your observations.

 Output:

 I tried to ping IP address of the en5 interface of the machine which is 172.31.6.245,
If we use the command ping 172.31.6.245 in our Linux terminal, we will be sending
ICMP Echo Request packets to the IP address of the node itself, which is the same
IP address assigned to the ens5 interface of your machine.
 The Ping utility is a command-line tool used to test the reachability of a host on an
Internet Protocol (IP) network. It operates by sending Internet Control Message
Protocol (ICMP) Echo Request messages to the target host and waiting for Echo
Reply.
  Observations:

 PING 172.31.6.245 (172.31.6.245):

o This indicates the IP address being pinged.

 Bytes Sent:

o 56(84) bytes of data indicates that each ICMP request packet sent is 56
bytes in size, but the total packet size is 84 bytes (which includes
additional headers).

 Reply Information:

o Each line showing 64 bytes from 172.31.6.245 indicates the size of

the reply received from the host you are pinging (64 bytes here is a
standard Echo Reply).

 icmp_seq=:

o This indicates the sequence number of the request. For

example, icmp_seq=1 indicates the first ping, icmp_seq=2 the second,
and so on.

 ttl=64:

o TTL stands for "Time to Live," which is the maximum number of hops
(routers) that the packet can traverse before being discarded. A TTL of
64 is common for many operating systems.

 time=0.021 ms:

o This shows the round-trip time from the sender to the receiver and
back. The response times here are quite low, indicating a fast local
connection.
 Pinging non-existent IP address :

 When pinging a valid address (like your own IP), you receive replies indicating
the connection is operational, along with timing and TTL data.
 When pinging an invalid IP or a non-existent domain, We don’t see any
outcome on the terminal as shown in the below screenshot the terminal does
not move ahead and while pining in non existent domain it says ‘ping:
nonexistent.domain: Name or service not known’.

> IP :

>domain:
 3. nslookup www.abc.com (or any other website)
o What is the purpose of nslookup utility in computer networks?
o Make a query to obtain the IP address of some website using nslookup utility
and record the same.
o Observe the type A, server, non-authoritative or other type information that
are displayed for the ip addresses and record the same.
 Output:

 The nslookup utility is a command-line tool used to query the

Domain Name System (DNS) for information about domain names
and IP addresses. The purposes of nslookup include:
 DNS Record Lookup: It allows administrators and users to retrieve
various DNS records for a domain, including A (Address), CNAME
(Canonical Name), MX (Mail Exchange), and others.
 Troubleshooting DNS Issues: nslookup can help identify DNS
resolution problems by checking if the domain name is resolving to
the correct IP address.
 Exploring DNS Hierarchy: It provides insights into DNS
configurations, including which servers are being used for the
lookups.
 I tried to query the website ‘www.dell.com’ and obtained the below IP
details (23.37.86.46):

 Observe the type A, server, non-authoritative or other type information that are
displayed for the ip addresses and record the same.

- Server Information:

This indicates the DNS server used for the query. Here, it is a local resolver
with the address 127.0.0.53.
 - Non-authoritative Answer:

 We can see Non-authoritative answer here, which means the information was
obtained from a DNS server's cache rather than directly from the authoritative DNS
server for the domain.

- Clonical Name and Type A Record:

 The below lines show a series of CNAME (Canonical Name) records,

indicating that www.dell.com is an alias for several other domains until it
finally resolves to the last canonical name.
Final A record:

 This describes the final resolved name and its associated type A record, which
points to the IP address 23.37.86.46. This specifies that the domain ultimately
resolves to an IPv4 address.
 4. dig www.abc.com (or any other website)
o What does “dig” stand for and why it being used in networking?
o Make a query for one website and record the output of the command such
as IP addresses, query time etc.
o Observe for any other additional details.

 Output:

 "DIG" stands for Domain Information Groper, this utility is used primarily for
querying the Domain Name System (DNS) to retrieve information about a domain
name, such as its associated IP addresses, mail servers, and other DNS records.
- Recorded details from the above command:

 Final IP Address: 23.37.86.46 (resolved from the CNAME chain).

 Query Time: 68 msec (time taken for the query to complete).
 Query Status: NOERROR (indicates a successful query).
 CNAME Records:
o www.dell.com → www1.dell-cidr.akadns.net
o www1.dell-cidr.akadns.net → cdn-www.dell.com-
v2.edgekey.net
o cdn-www.dell.com-v2.edgekey.net → cdn-www.dell.com-
v2.edgekey.net.globalredir.akadns.net
o cdn-www.dell.com-
v2.edgekey.net.globalredir.akadns.net → e13665.x.akamaiedge.
 - Additional details:

* Header Information:

 opcode: QUERY indicates that the request was a query.

 status: NOERROR means the request was processed without any errors.
 id: 48703 is a unique identifier for this specific query.

 Flags:

 qr indicates that this response is a query response.

 rd is set, indicating that the resolver supports recursive queries.
 ra is set, indicating that the DNS server supports recursion.

 OPT PSEUDOSECTION:

 Contains details regarding the extension mechanisms for DNS (EDNS). It includes:
o version: 0 referring to the EDNS version being used.
o udp: 65494, indicating the maximum UDP packet size for this query.

 Question Section:

 It shows the question asked, specifically looking for the A record of www.dell.com.

 Answer Section:

 It details the CNAME chain leading to the final A record, providing insight into how
DNS resolves the requested domain name.

 Server Information:

 The DNS server that answered the query was 127.0.0.53 (typically a local resolver
on the machine).

 Timestamp:

 The query was executed on: Sat Oct 26 17:45:03 UTC 2024.

 Message Size:

 The total size of the response message is 230 bytes, which gives an indication of the
overhead associated with DNS responses.
 5. host www.abc.com (or any other website)
o Observe the details that are displayed containing various ip addresses of the
server queried.
 Output:

1. CNAME Chains:

o The output shows a chain of CNAME (Canonical Name) records, which

are used to alias one domain name to another. Here’s how each alias
resolves:
 www.dell.com is an alias for www1.dell-cidr.akadns.net.
 www1.dell-cidr.akadns.net is an alias for cdn-www.dell.com-
v2.edgekey.net.
 cdn-www.dell.com-v2.edgekey.net is an alias for cdn-
www.dell.com-v2.edgekey.net.globalredir.akadns.net.
 cdn-www.dell.com-v2.edgekey.net.globalredir.akadns.net is
an alias for e13665.x.akamaiedge.net.

2. Final A Record:

o The final resolution from the CNAME chain

is e13665.x.akamaiedge.net, which has the IP address 23.37.86.46.
o This means that when you access www.dell.com, your request will
ultimately resolve to this IP address.

3. IP Address Information:

o Resolved IP Address: 23.37.86.46

o The IP address indicates the endpoint where the web traffic
for www.dell.com is directed. This address is hosted on Akamai's
content delivery network, which is indicated by the naming
convention akamaiedge.net.
 6. netstat
o Observe the details displayed like the list of open connections.

 Output:
  The output from the netstat command provides a snapshot of active internet
connections and UNIX domain sockets on a Linux terminal.

 Connections:

i. First Connection:
 Protocol: TCP
 Local Address: ip-172-31-6-245.ap-:679
 Foreign Address: ip-172-31-7-195.ap-:nfs
 State: ESTABLISHED

This indicates a connection from the local machine to another instance

(possibly another VM or service) using NFS on port 2049 (the default NFS
port).
 ii. Second Connection:
 Protocol: TCP6
 Local Address: ip-172-31:ms-wbt-server (presumably a
Windows Terminal Services connection)
 Foreign Address: ec2-3-7-172-124.a:40520
 State: ESTABLISHED

This indicates an established connection to a remote EC2 instance's service

running on port 40520. The use of TCP6 suggests that IPv6 is being utilized.
 7. netstat –i
o Observe the details of the networking interfaces.

 Output:
The command netstat -i focuses on network interfaces, providing relevant interface statistics
rather than detailed connection information.

Observed Connections:

1. TCP Connection:
o Local Address: ip-172-31-6-245.ap-:679
o Foreign Address: ip-172-31-7-195.ap-:nfs
o State: ESTABLISHED
o This indicates that a TCP connection to an NFS (Network File System) share is
active.
2. TCP6 Connection:
o Local Address: ip-172-31:ms-wbt-server
o Foreign Address: ec2-3-7-172-124.a:40520
o State: ESTABLISHED
o This suggests communication with a service over IPv6.

the output provides a snapshot of the active connections and inter-process

communication on the system:

 Active TCP Connections: Show interactions with remote servers, with details
about local and foreign addresses.
 Active UNIX Domain Sockets: Display a range of local communications used
by system services and applications.
 8. netstat –r
o Observe the details of the routing table

 Output:

Observation:

1. Destination: The destination network or IP address that the route applies to.
2. Gateway: The IP address of the gateway through which the destination can be
reached. If the gateway is 0.0.0.0, it means that the destination is directly reachable
on the local network.
3. Genmask: This is the subnet mask associated with the destination. It helps determine
the size of the network and which part of the address refers to the network and which
part refers to the host.
4. Flags: This indicates the status of the route:
o U: The route is up.
o G: The route is a gateway.
o H: The route is a host route (specific to a single IP).
5. MSS: Maximum Segment Size (MSS) for TCP connections using this route (not
specifically relevant here).
6. Window: TCP window size for the route (not used often in routing table reviews).
7. irtt: Initial round-trip time for connections using this route (also often not used).
8. Iface: The network interface associated with the route.

Analysis of Each Route:

1. Default Route:

o Destination: default
o Gateway: ip-172-31-0-1.a
o Genmask: 0.0.0.0 (indicating this is a default route)
o Flags: UG (up and is a gateway)
o Iface: ens5
o Meaning: This route is the default for all traffic not matching other routes. It
directs packets to the gateway ip-172-31-0-1.a via the ens5 network
interface. This is the route used when no more specific match is found.
2. Directly Connected Network:

o Destination: 172.31.0.0
o Gateway: 0.0.0.0
o Genmask: 255.255.240.0
o Flags: U (up)
o Iface: ens5
o Meaning: This indicates that the network 172.31.0.0 (with a subnet mask
of 255.255.240.0, which allows for a range of IP addresses) is directly
reachable via the ens5 interface.

3. Host Route for a Specific IP:

o Destination: ip-172-31-0-1.a
o Gateway: 0.0.0.0
o Genmask: 255.255.255.255 (indicating this is specific to a single host)
o Flags: UH (up and is a host route)
o Iface: ens5
o Meaning: This route is a specific path to the host ip-172-31-0-1.a. Since the
gateway is 0.0.0.0, it implies that it's reachable directly via the ens5 interface.
 9. arp –a
o What does “arp” stands for and what is the purpose of the arp utility?
o Observe the details on the entries in ARP table and record the same.
 Output:

 ARP stands for Address Resolution Protocol. It is a protocol used for mapping
an Internet Protocol (IP) address to a physical machine address that is recognized
in the local network, essentially translating IP addresses into MAC (Media Access
Control) addresses.
 The ARP utility is used to view and manage the ARP cache on a device. The ARP
cache stores IP-to-MAC address mappings, which enables a system to efficiently
send packets to the correct physical destination on a local network without
needing to broadcast ARP requests for every packet.

The primary functions of the ARP utility include:

 Displaying the ARP cache: It shows the current mappings between IP

addresses and MAC addresses on the local network.
 Setting static ARP entries: Users can manually add entries that won't be
changed or removed automatically.
 Deleting ARP entries: Users can remove entries in the cache to correct errors
or when devices are changed.

Observations:

 The observed entries indicate the local network hosts and their corresponding
MAC addresses, facilitating direct packet delivery in the network.

1. Entry for ip-172-31-7-195:

o Hostname: ip-172-31-7-195.ap-south-1.compute.internal
o IP Address: 172.31.7.195
o MAC Address: 0a:29:5d:b3:20:7a
o Type: Ethernet ([ether])
o Interface: ens5
o Meaning: This entry shows that the IP address 172.31.7.195 resolves
to the MAC address 0a:29:5d:b3:20:7a, and it is reachable through
the Ethernet interface ens5.
2. Entry for ip-172-31-0-1:
o Hostname: ip-172-31-0-1.ap-south-1.compute.internal
o IP Address: 172.31.0.1
o MAC Address: 0a:c3:3d:57:7e:46
o Type: Ethernet ([ether])
o Interface: ens5
o Meaning: This entry indicates that the IP
address 172.31.0.1 corresponds to the MAC
address 0a:c3:3d:57:7e:46, also reachable via the ens5 interface.
3. Entry for ip-172-31-0-2:
o Hostname: ip-172-31-0-2.ap-south-1.compute.internal
o IP Address: 172.31.0.2
o MAC Address: 0a:c3:3d:57:7e:46
o Type: Ethernet ([ether])
o Interface: ens5
o Meaning: This shows that the IP address 172.31.0.2 also maps to the
same MAC address 0a:c3:3d:57:7e:46 as 172.31.0.1, meaning both
IPs might belong to the same network device or virtual interface,
reachable through ens5.