The Network Management Applications - PowerPoint PPT Presentation

1 / 19

About This Presentation

Title:

The Network Management Applications

Description:

Number of Views:52

Avg rating:3.0/5.0

Slides: 20

Provided by: x7102

Category:

Tags: applications | critical | management | network

Transcript and Presenter's Notes

Title: The Network Management Applications

1
The Network Management Applications
2
The Basic Internet Applications

3
Network Management Applications

4
The Ping

The ping uses ICMP ECHO and REPLY requests
Usage
Ping lthostnamegt
Ping will continue to send out pings
(ECHO_REQUESTs) until it is stopped
To stop ping sending it's ECHO_REQUESTs Ctrl-C
should be pressed
Ping uses use ICMP ECHO Request and Echo Response
packets
If you can't ping it either, chances are the
router is blocking Echo Request packets, or maybe
all ICMP

5
Ping Usage
6
Traceroute

Its task
sending trace packets for determining information
traces the route of UDP packets for the local
host to a remote host
The program sends out packets with short
lifetimes in order to map the route to another
machine
Each packet is given a slightly different
lifetime
When a router expires the packet, it sends back a
notification
This allows a machine to find all the routers
between itself and some other machine on the
Internet
Mainly used for network troubleshooting as well
as educational purposes
Implemented in IP level in all hosts

7
How is it possible ?

Network Packet
Source Address
Destination Address
TTL
ICMP Request
8
Different implementations

Linux/Unix traceroute
Microsoft Windows tracert
The both accomplish the task of tracing network
paths
But they do it in slightly different ways
Both of these tools for tracing network routes
send out a packet with TTL set to 1
and report its destination
Then they send out a packet with TTL2
and report its destination
They continue until the packets reach their final
destination or the TTL limit is exceeded

9
The Microsoft Windows Tracert

10
Unix/Linux traceroute implementations

Unix traceroute uses UDP packets (in IP packets)
to a random high port number
around 33440 (above and below)
the starting port number are implementation
specific
linux starts at 33438
solaris starts at 33435
It uses time-exceeded ICMP packets
The TTL (time to live, which is actually number
of hops) field in IP header is increased each
time the sender receives an ICMP time-exceeded
error
It differentiates between destination port
unreachable and TTL exceeded

11
Consequences of the UDP in traceroute

UDP
It is transport layer protocol
A port number has to be specified, too
Possible situation
A packet has reached the destination and there is
a process, which has bind to this port number
Then
no ICMP error will be generated and
the sender program wont be intimated by a port
unreachable ICMP packet
This actually means that we found the intended
machine
To avoid this situation traceroute always sends
more than one packets for each TTL with different
port numbers
These port numbers are chosen such that it is
assumed that no process will accept packets send
to these port numbers

12
Advantages of the usage of UDP

It is very useful due to the amount of Internet
routers that give low priority or drop ICMP that
is destined for the routers IP address
There are routers that will also give low
priority or drop UDP
Although these are few and far between
Experiment
Using traceroute
in normal mode (with UDP) and
force traceroute to use ICMP instead of the
standard UDP
Result is in the following slides

13
Traceroute vs. tracert

The difference is critical when trying to
understand why traceroute sometimes fails
The firewall rulesets and the router Access
Control Lists (ACLs) between the sender and the
destination must be examined to determine if they
allow UDP high ports and/or ICMP
A router may not pass back the ICMP time exceeded
packets
Sometimes routers or host disable ICMP traffic
so no pings, echos etc.
In addition, the command line options for tracert
differ from the command line options for Linux
traceroute
However, such options also differ among Unix
versions

14
Experiment on traceroute with UDP

Command
traceroute www.chetnet.co.uk
Result
traceroute to www.demon.co.uk (194.159.80.39),
30 hops max, 38 byte packets1 10.149.127.254
(10.149.127.254) 8.805 ms 9.733 ms 40.537 ms2
swan-t2cam1-b-ge92.inet.ntl.com (80.0.254.129)
8.375 ms 8.542 ms 9.035 ms3 swa-t2core-b-ge-wan61
.inet.ntl.com (213.105.225.145) 11.439 ms 26.829
ms 9.881 ms4 win-bb-b-so-220-0.inet.ntl.com
(62.253.187.241) 19.776 ms 11.152 ms 11.264 ms5
pop-bb-a-so-000-0.inet.ntl.com (62.253.185.201)
15.819 ms 20.157 ms 14.017 ms6
tele-ic-2-so-000-0.inet.ntl.com (62.253.185.86)
54.334 ms7 linx-2.router.demon.net
(195.66.226.12) 15.051 ms 16.982 ms 28.337 ms8
tele-service-21-138.router.demon.net
(194.159.176.73) 14.775 ms 14.274 ms 22.983 ms9
anchor-service-1-WDM-600.router.demon.net
(194.159.241.66) 15.801 ms 14.945 ms 29.010 ms10
fifteenth.www.demon.net (194.159.80.39) 13.995 ms
23.934 ms 15.303 ms
The first line outputted as
with ping contains a DNS lookup if a DNS name was
used
No special options were used the maximum hops
before traceroute considers the host as
unreachable is 30
The size of the UDP datagrams being sent is 38
bytes
The rest of the output is the route taken to the
remote host, each line will give
the DNS address of the host
followed by the IP address and
the round trip time of the three packets sent to
that host

15
Experiment on traceroute with ICMP

16
How does it work?

Attempt to use online databases like NDS GeoBoy
If not, try to guess from hostname
Experimental RFC 1712 (DNS Encoding of
Geographical Location) and informational RFC 1876

17
Screenshots
18
Screenshots
19