Network Tools; Hardware Building Blocks

CS158a

Chris Pollett

Feb. 7, 2011

Outline

Some Network Tools: ping, traceroute, whois, ifconfig, tcpdump
Quiz
Introduction to Direct Link Networks; Hardware
Nodes
Network Adapters

Network Tools

Before we start a new book chapter -- Direct Link Networks -- we are going to spend some time by briefly looking at some common network tools...

ICMP

The Internet Control Message Protocol (ICMP) is one of the ways routers have to exchange messages regarding their state. For instance, in setting up their routing table using a link state protocol they might send small packets to their neighbors containing: a sequence number, who they are, who they are connected to, and a time-to-live (TTL) (number of hops). The neighbors forward these packets provided TTL > 0 on their outgoing lines, decrementing TTL in the process.
Some ICMP messages can be sent from one machine targeting a specific other machine (echo request). If it arrives an (echo response) message is sent back.
If the TTL goes to 0 before a packet gets where it's supposed to, a message from the last hop is usually sent back to the machine of origin.

ping

ping - is a network utility (Unix, Linux, Mac, and PC) that uses ICMP echo messages to determine if a network host is reachable from a given machine. It also calculates various statistics about the round-trip-time.

ping eniac.cs.sjsu.edu

PING eniac.cs.sjsu.edu (130.65.86.56): 56 data bytes
64 bytes from 130.65.86.56: icmp_seq=0 ttl=254 time=1.277 ms
64 bytes from 130.65.86.56: icmp_seq=1 ttl=254 time=3.661 ms
...
30 packets transmitted, 30 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.277/3.474/5.481/0.907 ms
s

traceroute

traceroute (on Mac, Unix, Linux) or tracecert (Windows) is a utility for determining the route taken by packets on an IP network.
It sends out a series of datagram packets to a given target host with progressively longer TTLs (starting with 1). It then listens for the ICMP messages back which say the packet didn't get to target. From these, it can find the IP addresses of intermediate machines and timing statistics for each link.
```
traceroute csgate.Princeton.EDU 

1  10.0.1.1 (10.0.1.1)  1.166 ms  0.797 ms  1.038 ms
2  router-86.cs.sjsu.edu (130.65.86.254)  1.348 ms  1.271 ms  1.368 ms
3  sjs-130-65-1-190.sjsu.edu (130.65.1.190)  1.321 ms  1.203 ms  2.468 ms
...
```
Three probes are sent at each TTL. The three times listed above for each ip correspond to each probe's RTT.
Some hosts do not send "time exceeded" messages or send them back to small a TTL. If no response comes back in 5 sec's a * is printed.
Also, a firewall might prevent ports 33434 to 33534 used by traceroute.

whois

This is a utility to find a domain name corresponding to an organization:

whois sjsu.edu
This Registry database contains ONLY .EDU domains.
The data in the EDUCAUSE Whois database is provided
by EDUCAUSE for information purposes in order to
...
Domain Name: SJSU.EDU

Registrant:
   San Jose State University
   University Computing and Telecommunications
...
Name Servers:
   SPARTA.SJSU.EDU      130.65.3.1
   NS2.SJSU.EDU         130.65.120.1
...
Domain record activated:    20-Dec-1993
Domain record last updated: 11-Jul-2008
Domain expires:             31-Jul-2009

ifconfig

ifconfig is a Unix/Linux/Mac utility for seeing, configuring, and controlling the network interfaces of a machine. ipconfig is the Windows equivalent.

For now, we will use it just to see what interfaces we have:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
...(next slide example will use interface en1 which is the wireless interface on my machine)

lo - localloop; gif - generic tunnel interface, en - ethernet or wireless Mac/ eth0 -linux, fw -firewire, stf - ip 6 to 4 interface

To take down an interface, you could use a command like:
```
ifconfig en0 down
```
To bring an interface up, you could use a command like:
```
ifconfig en0 10.4.72.99 netmask 255.255.255.0 up
```
For some of the commands I am listing you might need to be root or use sudo.

tcpdump

tcpdump is a command line packet sniffer. For example,
```
tcpdump -i en1 tcp portrange 80-80
```
dumps packet info for tcp traffic that uses port 80. You could capture udp traffic using udp rather than tcp. You could also change the ports to look at different kinds of traffic. And change en1 to en0 to look at ethernet.

You can also filter by src, dst ip address:

sudo tcpdump  -i en1 dst 130.65.86.56 and tcp port 23

Quiz

Which of the following is true?

In store and forward packet routing, the router always keeps a copy of each packet it forwards.
Optical fiber tends to have a lower error rate than copper wire.
Process-per-protocol rather process-per-message is used in most modern operating systems to implement the network protocol stack.

Introduction to Direct Link Networks; Hardware

Over the next couple of days we are going to look at issues in having a network of two or more hosts connected directly by a physical medium.
Things we will consider are: the medium itself, wire, optics, radiation (radio waves); as well as the area covered, small area (an office) or large area(continent).
For these setting, we will be interested in the encoding of bits, the framing of sequences of bits into messages, error detection, reliability, and access mediation when more than two people share the line.
We will look at these issues for four network technologies: point-to-point links, carrier sense multiple access networks, token rings, and wireless networks.
To begin we are going to look at the hardware for the building blocks of network that we discussed previously: the hardware for nodes; and the hardware for links.

Nodes

For our purpose, we will assume a node is some kind of general purpose computer, like your desktop or laptop computer.
This computer can either serve as a host and run application programs, or it might be set up as a router or a switch. (Typically, a router or a switch uses customized hardware because it is faster but for now we'll keep our general computer model.)
A typical computer has a CPU connected to a memory cache in turn connected to its memory. There would also usually be an I/O bus and a network adapter card which connects the machine to the network.
Memory for the machine is finite (say 1KB (my good ol' ZX81) or 16GB) and this upper bounds our ability to buffer data.
CPU speed is still roughly doubling every 18 months; but memory latency is only improving at 7% per year, so network software needs to be careful how it uses memory.

Network Adaptors

Network adaptors connect the rest of the workstation to the link.
It is an active intermediary with its own internal processor.
Its purpose is to transmit data from workstation onto the link and receive data from the link, storing it for the workstation.
It implements nearly all the functionality that makes it possible to convey data over the given medium (say wire, optics, radio, etc).
So it breaks data into frames, detects errors, and follows fairness rules for the link.

Parts of a Network Adaptor

A network adapter consists of two main components: a bus interface that understands how to communicate with the host; and a link interface which understands how to use the link.
There are a variety of different link interfaces because the link media can vary.
Similarly, different I/O buses require different adaptors; however, from the host perspective, the interfaces tend to be similar.
- Typically, the adaptor exports a control status register that is readable and writable from the CPU.
- This is usually located at some address in memory.
- Software on the host called a device driver writes to the CSR to instruct it to transmit/receive data. It can also read from the CSR to learn the current status of the adaptor.
- To notify the host of an asynchronous event such as the reception of a frame, the adaptor interrupts the host.

DMA and PIO

The two main mechanisms used for transferring bytes of data between adaptor and host memory are: direct memory access and programmed I/O.
With DMA, the adaptor directly read and writes the host's memory without any CPU involvement; the host simply gives the adaptor a memory address and the adaptor reads and writes from/to it.
With PIO, the CPU is responsible for moving data between the adaptor and host memory. To send a frame, for example, the CPU might execute a tight loop that first reads a word from memory and then writes it to the host adaptor.

Links

Network links are implemented on a variety of physical media: twisted pair, optical fiber, coaxial cable, or using radio, microwave, or infrared.
Usually, the signal being sent is some kind of electromagnetic wave.
One important property of such waves is their frequency -- the speed at which they oscillate.
The inverse of the frequency -- the wavelength -- of the wave is the distance between adjacent maxima or minima of the wave. It is usually measured in meters.
More precisely, frequency and wavelength are related by f λ=c.
The next slide has a diagram illustrating common frequencies for different propagation media.

The EM Spectrum

A Diagram Illustrating the Eletromagnetic Spectrum

From Waves to Bits and Channels

So far we have described how a physical medium carries signals in the form of waves...
We often want to transmit digital information like 0's and 1's. How we piggy-back binary data on waves is called an encoding.
It has two layers:
- A lower layer which is concerned about modulation -- varying the frequency, amplitude, or phase of the signal to effect transmission of information. For example, one might vary the power (amplitude) of a single wavelength between two values -- the "high" signal and the "low" signal.
- An upper layer which is concerned with encoding bits using these two different signal values. (What we'll be interested in for this class.)
Another issue about links is how many bit-streams can be encoded on a link at a given time. If only one, we have to have a mechanism for sharing access such as what we will describe for multiple-access links. For point-to-point links, if the answer is two, then one signal can be used to communicate from Host A to Host B and the other for the way back. This is called a full-duplex link. If the answer is one then Host A and B must take turns and the channel is called half-duplex.