|
Classes
FinalExam
Troubleshooting
edit SideBar
|
HW04 Answers
- IP Basics
- IP/netmask 152.23.64.89/21, default router 152.23.64.1
- What is the IP address in hexadecimal?
- What is the gateway in hexadecimal?
- What is the netmask in dotted decimal?
- What is the netmask in binary? (hint: this is easy)
- easy because /21 means 21 1's (network bits) and the rest (32 - 21) 0's (host bits)
- 11111111 11111111 11111000 00000000
- What is the highest numbered potential neighbor?
- Would 152.23.64.89/21 with a default router of 152.23.65.1 work?
- yes, the gateway is still local
- What would happen if the default router were 152.23.65.1 for 152.23.64.89/24?
- no, in this case the gateway isn't local, so you can't reach it without going to a router, but since it's your default router, you'd be behind the 8-ball
- ARP
- duplicate the steps for talking to a non-local host in the DNS portion
- Basic Network Tools
- Look at a traceroute to google.com and a traceroute to cnn.com. Comment on the results. Your answer does not need to be long.
traceroute www.google.com
traceroute: Warning: www.google.com has multiple addresses; using 64.233.169.104
traceroute to www.l.google.com (64.233.169.104), 64 hops max, 40 byte packets
1 itsint-2-145.net.unc.edu (152.2.145.1) 1.254 ms 0.563 ms 0.496 ms
2 ckid-v5.net.unc.edu (152.2.255.254) 0.665 ms 0.526 ms 0.564 ms
3 unc7600.internet.unc.edu (128.109.36.254) 0.768 ms 0.879 ms 0.949 ms
4 rlgh7600-gw-to-unc7600-gw.ncren.net (128.109.70.29) 2.176 ms 2.534 ms 2.223 ms
5 rlgh1-gw-to-rlgh7600-gw.ncren.net (128.109.70.37) 2.279 ms 2.115 ms 2.818 ms
6 dca-edge-02.qwest.net (63.148.128.121) 19.405 ms 18.816 ms 18.975 ms
7 65.114.147.118 (65.114.147.118) 21.116 ms 20.911 ms 21.240 ms
8 209.85.130.12 (209.85.130.12) 21.543 ms 21.414 ms 22.837 ms
9 64.233.175.111 (64.233.175.111) 21.785 ms 22.077 ms 22.266 ms
10 72.14.232.25 (72.14.232.25) 24.395 ms 24.336 ms 25.623 ms
11 yo-in-f104.google.com (64.233.169.104) 31.580 ms 29.550 ms 25.035 ms
- and
traceroute www.cnn.com
traceroute: Warning: www.cnn.com has multiple addresses; using 64.236.91.23
traceroute to www.cnn.com (64.236.91.23), 64 hops max, 40 byte packets
1 itsint-2-145.net.unc.edu (152.2.145.1) 1.065 ms 0.556 ms 0.516 ms
2 ckid-v5.net.unc.edu (152.2.255.254) 0.601 ms 0.584 ms 0.495 ms
3 unc7600.internet.unc.edu (128.109.36.254) 0.874 ms 0.831 ms 0.802 ms
4 rtp7600-gw-to-unc7600-gw.ncren.net (128.109.70.33) 1.338 ms 1.171 ms 2.556 ms
5 rtp1-gw-to-rtp7600-gw.ncren.net (128.109.70.53) 1.245 ms 1.273 ms 1.083 ms
6 ge-6-2.car1.raleigh1.level3.net (64.158.236.1) 2.167 ms 1.972 ms 2.111 ms
7 ae-11-11.car2.raleigh1.level3.net (4.69.132.174) 2.137 ms 1.892 ms 2.198 ms
8 ae-6-6.ebr2.washington1.level3.net (4.69.132.178) 12.213 ms 15.365 ms 17.954 ms
9 ae-92-92.csw4.washington1.level3.net (4.69.134.158) 11.829 ms 15.730 ms 18.000 ms
10 ae-4-99.edge5.washington1.level3.net (4.68.17.201) 8.235 ms 8.406 ms 7.984 ms
11 pop2-vie-p15-0.atdn.net (66.185.139.85) 9.016 ms 9.267 ms 8.850 ms
12 dar2-mtc-s3-0-0.atdn.net (66.185.139.138) 10.033 ms 9.492 ms 11.426 ms
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
^C
ping www.cnn.com
PING www.cnn.com (64.236.91.23): 56 data bytes
^C
--- www.cnn.com ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
- Some routers on the far end of the path to CNN block ICMP. Since you also can't ping CNN, those might be their routers.
- Send a few pings to the campus webserver. Did you learn anything about the connection between you and the server?
- you'll need to ping www.unc.edu, an actual hostname, not unc.edu (even though that name works in a browser, a DNS challenge!)
- pings are blocked!
ping www.unc.edu
PING www.unc.edu (152.2.1.217): 56 data bytes
^C
--- www.unc.edu ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
traceroute www.unc.edu
traceroute to www.unc.edu (152.2.1.217), 64 hops max, 40 byte packets
1 itsint-2-145.net.unc.edu (152.2.145.1) 1.086 ms 0.665 ms 0.875 ms
2 mkid-v1627.net.unc.edu (152.19.255.217) 0.601 ms 0.600 ms 0.996 ms
3 manning-loco-v1600.net.unc.edu (152.19.255.253) 0.792 ms 0.702 ms 0.930 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
^C
- with
traceroute, you can tell if you're on campus (fast, few routers) or not; from home, you would be able to tell that UNC has a peering agreement with Time Warner (for RoadRunner users) and a few other local ISPs.
- New Network Tools
- Open a web browser to NDT, and run the tool. What did you learn about your network connectivity? (Paste in the results, and make a few comments.)
- Use Internic Whois to look up information about the last named domains seen in your traceroute results.
Domain Name: GOOGLE.COM
Registrar: MARKMONITOR INC.
Domain Name: ATDN.NET
Registrar: AMERICA ONLINE, INC. DBA AOL AND/OR COMPUSERVE-AOL
-
- whois is a classic tool, and now you've seen it
- Security
- What form of IPsec would you want to use for a P2P network, especially if you expect users to access this network from home (based on this reading)?
- Transport mode with encryption, because you need to be NAT-friendly.
- IPv6
- What can you tell me about these IPv6 addresses (based on this reading)?
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
- This is a loopback address, mainly used to test your NIC (messages to loopback never actually go out on the network).
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::201:23ff:fe45:6789%en2 prefixlen 64 scopeid 0x8
inet 10.37.129.2 netmask 0xffffff00 broadcast 10.37.129.255
ether 00:01:23:45:67:89
media: autoselect status: active
supported media: autoselect
- Read about 6to4 and Teredo.
- Could you use 6to4 with the IPv6 address you used above, or would you have to use Teredo?
- You can't rule out NAT based on my IPv6 addresses, so Teredo is the safe choice. If you see a 6to4 address, use what's already there.
- There's lots more IPv6 information out there! Read about to learn about some of the Unix tools.
- What would you use for ping? for traceroute?
- If you can scan 255 (2^8) IPv4 addresses in 3.228 seconds, how long would it take to sweep all 2^128 IPv6 addresses?
- 128 - 8 = 120; 3.228 * 2^120 = 4.29074797e36 seconds; 4.29074797e36 s * (1 min/60 sec) * (1 hr/60 min) * (1 day/24 hr) * (1 yr/365.25 day) = 1.35965599e29 years
- Brute-force scanning is not compatible with IPv6! How will Security hackers probe for weaknesses? Then again, how will crackers scan for vulnerable machines to infect? IPv6 changes everything for security, and not just because of IPsec.
- Thoughtful
- I think Cellheads maintain more state information in a central location, so they are prone to those problems. However, their plans are more mature than the Airheads.
- I think Netheads use cheaper technology (and less of it) than Bellheads. You don't have to add more intelligence (that costs money) in the core to support more connected users.
|
