EX.

NO:1 Learn to use commands like tcpdump, netstat, ifconfig, nslookup and
traceroute. Capture ping and traceroute PDUs using a network protocol analyzer and
examine.

AIM: To Learn to use commands like tcpdump, netstat, ifconfig, nslookup and traceroute ping.

PRE LAB DISCUSSION:

1. Tcpdump:
The tcpdump utility allows you to capture packets that flow within your network to
assist in network troubleshooting. The following are several examples of using tcpdump with
different options. Traffic is captured based on a specified filter.
2. Netstat
Netstat is a common command line TCP/IP networking available in most versions of
Windows, Linux, UNIX and other operating systems.Netstat provides information and
statistics about protocols in use and current TCP/IP network connections.
3. Ifconfig Internet Protocol Configuration
ipconfig is a console application designed to run from the Windows command prompt.
This utility allows you to get the IP address information of a Windows computer.From the
command prompt, type ipconfig to run the utility with default options. The output of the
default command contains the IP address, network mask, and gateway for all physical and
virtual network adapter.
4. nslookup
The nslookup (which stands for name server lookup) command is a network utility
program used to obtain information about internet servers. It finds name server information
for domains by querying the Domain Name System.
5. Trace route:
Traceroute is a network diagnostic tool used to track the pathway taken by a packet on an
IP network from source to destination. Traceroute also records the time taken for each hop
the packet makes during its route to the destination
Commands:
1.Tcpdump:
Display traffic between 2 hosts:
To display all traffic between two hosts (represented by variables host1 and host2):
# tcpdump host host1 and host2
Display traffic from a source or destination host only:
 To display traffic from only a source (src) or destination
(dst)host: # tcpdump srchost
# tcpdump dsthost
Display traffic for a specific protocol
Provide the protocol as an argument to display only traffic for a specific protocol, for
example tcp, udp, icmp, arp

# tcpdump protocol
For example to display traffic only for the tcp traffic :
# tcpdump tcp
Filtering based on source or destination port
To filter based on a source or destination port:
# tcpdump src
port ftp #
tcpdump dst
port http

2.Netstat
Netstat is a common command line TCP/IP networking available in most versions of
Windows, Linux, UNIX and other operatingsystems.
Netstat provides information and statistics about protocols in use and current TCP/IP
network connections. The Windows help screen (analogous to a Linux or UNIX for netstat
reads as follows: displays protocol statistics and current TCP/IP network connections.
3. ipconfig/ifconfig
In Windows, ipconfig is a console application designed to run from the Windows command
prompt. This utility allows you to get the IP address information of a Windows computer.
Using ipconfig
From the command prompt, type ipconfig to run the utility with default options. The output
of the default command contains the IP address, network mask, and gateway for all physical
and virtual network adapter. Every device has an IP address with two pieces: the client or
host address and the server or network address
#ipconfig

Ifconfig:
 4.nslookup
The nslookup (which stands for name server lookup) command is a network utility program used to
obtain information about internet servers. It finds name server information for domains by querying the
Domain Name System.
The nslookup command is a powerful tool for diagnosing DNS problems. You know you're
experiencing a DNS problem when you can access a resource by specifying its IP address but not its
DNS name.
#nslookup

5.Traceroute:
Traceroute uses Internet Control Message Protocol (ICMP) echo packets with variable time to live
(TTL) values. The response time of each hop is calculated. To guarantee accuracy, each hop is queried
multiple times (usually three times) to better measure the response of that particular hop.
Traceroute is a network diagnostic tool used to track the pathway taken by a packet on an IP network
from source to destination. Traceroute also records the time taken for each hop the packet makes
during its route to the destination. Traceroute uses Internet Control Message Protocol (ICMP) echo
packets with variable time to live (TTL)values.
The response time of each hop is calculated. To guarantee accuracy, each hop is queried multiple times
(usually three times) to better measure the response of that particular hop. Traceroute sends packets
with TTL values that gradually increase from packet to packet, starting with TTL value of one. Routers
decrement TTL values of packets by one when routing and discard packets whoseTTL value has
reached zero, returning the ICMP error message ICMP TimeExceeded.
For the first set of packets, the first router receives the packet, decrements the TTL value and drops the
packet because it then has TTL value zero. The router sends an ICMP Time Exceeded message back to
the source. The next set of packets are given a TTL value of two, so the first router forwards the
packets, but the second router drops them and replies with ICMP Time Exceeded.
Proceeding in this way, traceroute uses the returned ICMP Time Exceeded messages to build a list of
routers that packets traverse, until the destination is reached and returns an ICMP Echo
Replymessage. With the tracert command shown above, we're asking tracert to show us the path from
the local computer all the way to the network device with the hostname
Output1:
Command: tracert mobiledevice IPAddress

Output2: tracert www.google.com.

OUTPUT3: Linux Command: traceroute IPADDRESS

Hop Number – This is the first column and is simply the number of the hop along the route. In this case, it
is the tenth hop.
RTT Columns – The next three columns display the round trip time (RTT) for your packet to reach that
point and return to your computer. This is listed in milliseconds. There are three columns because the
traceroute sends three separate signal packets. This is to display consistency, or a lack thereof, in the route.
Domain/IP column – The last column has the IP address of the router. If it is available, the domain name
will also be listed.

6. Ping:
The full form of PING is the Packet InterNet Groper. It is a computer network management system
software or utility software used to test the network communication between two devices.
The ping command sends an echo request to a host available on the network. Using this command, you
can check if your remote host is responding well or not. Tracking and isolating hardware and software
problems. Determining the status of the network and various foreign hosts. The ping command is
usually used as a simple way to verify that a computer can communicate over the network with another
computer or network device. The ping command operates by sending Internet Control Message
Protocol (ICMP) Echo Request messages to the destination computer and waiting for a response
Command: ping IPADDRESS
Ubuntu/Linux

Windows :

Working Principle of PING

 Ping works by sending an ICMP (Internet Control Message Protocol) echo demand packet to a
destination host and continues to retain an ICMP echo acknowledgement.
 The software overview of the analysis reveals errors, packet loss rate, and a numerical summary of
the analysis overview, typically consisting of low, maximum, and average round-trip times and
standard means variation.
  If the two systems are connected to the network to test the connections in an arrangement to produce
a response from the other system, a series of packets is guided from one device or another over the
network.
 The other device sends an acknowledgement to state that both systems via that network are
associated in connection with each other.
Time: milli seconds Round trip time This is the duration it takes for a signal to travel from a source to a
destination, and for an acknowledgment of that signal to be returned to the source
TTL: time to live: TTL means Time To Live(the life span of the ping packet).
TTL 63 means the ping packet sent from your computer can pass a maximum of 63 hops. Hop means a
router in a network.
TTL value set on a packet is a way that it reduces the value by one when reaching a new hop. Once the TTL
value becomes zero, the router will drop the ping packet from the network.
In other words, the 63rd router will discard the ping packet.
Then the sender will see an ICMP error message TTL expired in transit.
The TTL is determined by the remote host. The initial TTL is set by the OS. Linux uses 64, Windows 128
and Routers 255
Bytes: read from server
From: iP address of server host
VIVA(Pre &Post Lab) QUESTIONS:
1. Define network
2. Define network topology
3. What is OSI Layers.
4. What is the use of netstat command?
5. What is nslookup command?
6. What is the purpose of traceroute command?
7. What is ping command.
RESULT:
Thus the various networks commands like tcpdump, netstat, ipconfig, nslookup and
traceroute ping are executed successfully.