CS158a
Chris Pollett
Feb. 6, 2023
ping eniac.cs.sjsu.edu PING eniac.cs.sjsu.edu (130.65.86.56): 56 data bytes 64 bytes from 130.65.86.56: icmp_seq=0 ttl=254 time=1.277 ms 64 bytes from 130.65.86.56: icmp_seq=1 ttl=254 time=3.661 ms ... 30 packets transmitted, 30 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.277/3.474/5.481/0.907 ms s
traceroute csgate.Princeton.EDU 1 10.0.1.1 (10.0.1.1) 1.166 ms 0.797 ms 1.038 ms 2 router-86.cs.sjsu.edu (130.65.86.254) 1.348 ms 1.271 ms 1.368 ms 3 sjs-130-65-1-190.sjsu.edu (130.65.1.190) 1.321 ms 1.203 ms 2.468 ms ...
whois sjsu.edu This Registry database contains ONLY .EDU domains. The data in the EDUCAUSE Whois database is provided by EDUCAUSE for information purposes in order to ... Domain Name: SJSU.EDU Registrant: San Jose State University University Computing and Telecommunications ... Name Servers: SPARTA.SJSU.EDU 130.65.3.1 NS2.SJSU.EDU 130.65.120.1 ... Domain record activated: 20-Dec-1993 Domain record last updated: 11-Jul-2008 Domain expires: 31-Jul-2009
telnet whois.educause.edu 43 Trying 70.33.209.128... Connected to whois.101domain.com. Escape character is '^]'. sjsu.eduNotice the site can't answer every domain query, for example, it will give an NO MATCH on pollett.org
|MacBook-Pro:cpollett:120>finger cpollett Login: cpollett Name: Chris Pollett Directory: /Users/cpollett Shell: /bin/bash On since Sun Jan 29 14:55 (PST) on console, idle 7 days 17:52 (messages off) On since Mon Feb 6 08:21 (PST) on ttys000 On since Sun Feb 5 18:12 (PST) on ttys001 (messages off) On since Sun Feb 5 19:51 (PST) on ttys002 (messages off) Mail last read Thu Jan 5 20:30 2023 (PST) No Plan.It used to be available as a service on the internet (from 1977) on port 79 (RFC 742). It's almost always turned off now. It was exploited by the Morris Worm in 1988, one of the first computer worms.
|MacBook-Pro:123>dig pollett.org ; <<>> DiG 9.10.6 <<>> pollett.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17979 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;pollett.org. IN A ;; ANSWER SECTION: pollett.org. 1800 IN A 173.13.143.73 ;; Query time: 4 msec ;; SERVER: 100.64.0.2#53(100.64.0.2) ;; WHEN: Sun Feb 05 19:41:32 PST 2023 ;; MSG SIZE rcvd: 56DNS is typically done by sending UDP messages (binary so harder for humans to type) to port 53 of the DNS server, we'll see in a second how to look at.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 ...(next slide example will use interface en0 which is the wireless interface on my machine, and en1, the ethernet interface)lo - localloop; gif - generic tunnel interface, en - ethernet or wireless Mac/ eth0 -linux, fw -firewire, stf - ip 6 to 4 interface
ifconfig en0 down
ifconfig en0 10.4.72.99 netmask 255.255.255.0 up
brew install iproute2mac
# Info on all available devices ip link show # Info on a particular device ip link show dev [device] # Statistics about interfaces ip -s link # List of running interfaces ip link ls up # Bring an interface up ip link set [interface] up # Bring an interface down ip link set [interface] down
tcpdump -i en1 tcp portrange 80-80dumps packet info for tcp traffic that uses port 80. You could capture udp traffic using udp rather than tcp. You could also change the ports to look at different kinds of traffic. For example, to see DNS lookups, you could do:
>tcpdump -i en0 udp port 53 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes 08:32:50.536845 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.52354 > 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 40787+ A? www.apple.com. (31) 08:32:50.536985 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.56492 > 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 34934+ AAAA? 31-courier.push.apple.com. (43) 08:32:50.536990 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.58371 > 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 35736+ A? 31-courier.push.apple.com. (43) 08:32:50.559969 IP6 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain > 2603:3024:1554:1880:6126:ee01:ad81:c08b.52354: 40787 4/0/0 CNAME www.apple.com.edgekey.net., CNAME www.apple.com.edgekey.net.globalredir.akadns.net., CNAME e6858.dscx.akamaiedge.net., A 184.51.82.222 (181) 08:32:50.559971 IP6 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain > 2603:3024:1554:1880:6126:ee01:ad81:c08b.56492: 34934 2/1/0 CNAME 31.courier-push-apple.com.akadns.net., CNAME us-sw-courier-4.push-apple.com.akadns.net. (197) 08:32:50.559972 IP6 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain > 2603:3024:1554:1880:6126:ee01:ad81:c08b.58371: 35736 3/0/0 CNAME 31.courier-push-apple.com.akadns.net., CNAME us-sw-courier-4.push-apple.com.akadns.net., A 17.57.144.118 (150) 08:32:50.564311 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.60425 > 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 15959+ AAAA? us-sw-courier-4.push-apple.com.akadns.net. (59) 0And change interfaces say from en0 to en1 to look at ethernet rather wifi (on a Mac).
sudo tcpdump -i en1 dst 130.65.86.56 and tcp port 23
Which of the following is true?
Cable | Typical Bandwidths | Distance |
---|---|---|
Cat-5 Twisted Pair | 10-100Mbps | 100m |
Thin-net Coax | 10-100Mbps | 200m |
Thick-net Coax | 10-100Mbps | 500m |
Thick-net Coax | 10-100Mbps | 500m |
MoCA 3.0 (Multimedia over CoAX Alliance) | 10 GbPS | 100m |
G-FAST/XG-fast (COAX) | .1-10 GBPS | .1 (fast) - 1km (slow) |
Multimode Fiber | 100Mbps | 2km |
Single Mode Fiber | .1-10 Gbps | 40km |