Outline

• Some Network Tools: ping, traceroute, whois, ifconfig, ip, tcpdump
• Quiz
• Introduction to Direct Link Networks; Hardware
• Nodes
• Network Adapters

Network Tools

• Before we start a new book chapter -- Direct Link Networks -- we are going to spend some time by briefly looking at some common network tools...
• In testing these tools out, it is far easier if you turn off those things that tend to make the tools not work. I.e., Turn off your VPN while experimenting...

ICMP

• The Internet Control Message Protocol (ICMP) is one of the ways routers have to exchange messages regarding their state. For instance, in setting up their routing table using a link state protocol they might send small packets to their neighbors containing: a sequence number, who they are, who they are connected to, and a time-to-live (TTL) (number of hops). The neighbors forward these packets provided TTL > 0 on their outgoing lines, decrementing TTL in the process.
• Some ICMP messages can be sent from one machine targeting a specific other machine (echo request). If it arrives an (echo response) message is sent back.
• If the TTL goes to 0 before a packet gets where it's supposed to, a message from the last hop is usually sent back to the machine of origin.

ping

• ping - is a network utility (Unix, Linux, Mac, and PC) that uses ICMP echo messages to determine if a network host is reachable from a given machine. It also calculates various statistics about the round-trip-time.

  ping eniac.cs.sjsu.edu
  
  PING eniac.cs.sjsu.edu (130.65.86.56): 56 data bytes
  64 bytes from 130.65.86.56: icmp_seq=0 ttl=254 time=1.277 ms
  64 bytes from 130.65.86.56: icmp_seq=1 ttl=254 time=3.661 ms
  ...
  30 packets transmitted, 30 packets received, 0% packet loss
  round-trip min/avg/max/stddev = 1.277/3.474/5.481/0.907 ms
  s
  

traceroute

• traceroute (on Mac, Unix, Linux) or tracert (Windows) is a utility for determining the route taken by packets on an IP network.
• It sends out a series of datagram packets to a given target host with progressively longer TTLs (starting with 1). It then listens for the ICMP messages back which say the packet didn't get to target. From these, it can find the IP addresses of intermediate machines and timing statistics for each link.

  traceroute csgate.Princeton.EDU 
  
  1  10.0.1.1 (10.0.1.1)  1.166 ms  0.797 ms  1.038 ms
  2  router-86.cs.sjsu.edu (130.65.86.254)  1.348 ms  1.271 ms  1.368 ms
  3  sjs-130-65-1-190.sjsu.edu (130.65.1.190)  1.321 ms  1.203 ms  2.468 ms
  ...
  

• Three probes are sent at each TTL. The three times listed above for each ip correspond to each probe's RTT.
• Some hosts do not send "time exceeded" messages or send them back to small a TTL. If no response comes back in 5 sec's a * is printed.
• Also, a firewall might prevent ports 33434 to 33534 used by traceroute.

whois, finger, and dig

• whois is a utility and a protocol (RFC3912) (first implemented 1982) to find information about an entity on the web. This in theory could be about a user, but usually is for a domain. The protocol relies on the application knowing who are the various registrants for different domains. The typical use let's one find the registrant for a domain:

  whois sjsu.edu
  This Registry database contains ONLY .EDU domains.
  The data in the EDUCAUSE Whois database is provided
  by EDUCAUSE for information purposes in order to
  ...
  Domain Name: SJSU.EDU
  
  Registrant:
     San Jose State University
     University Computing and Telecommunications
  ...
  Name Servers:
     SPARTA.SJSU.EDU      130.65.3.1
     NS2.SJSU.EDU         130.65.120.1
  ...
  Domain record activated:    20-Dec-1993
  Domain record last updated: 11-Jul-2008
  Domain expires:             31-Jul-2009
  

• You can try this protocol yourself:

  telnet whois.educause.edu 43
  Trying 70.33.209.128...
  Connected to whois.101domain.com.
  Escape character is '^]'.
  sjsu.edu
  

  Notice the site can't answer every domain query, for example, it will give an NO MATCH on pollett.org
• finger (on single machines since 1971) is an older utility to look up information about a person (as opposed to who (also from 1971) that showed who was logged in):

  |MacBook-Pro:cpollett:120>finger cpollett
  Login: cpollett       			Name: Chris Pollett
  Directory: /Users/cpollett          	Shell: /bin/bash
  On since Sun Jan 29 14:55 (PST) on console, idle 7 days 17:52 (messages off)
  On since Mon Feb  6 08:21 (PST) on ttys000
  On since Sun Feb  5 18:12 (PST) on ttys001 (messages off)
  On since Sun Feb  5 19:51 (PST) on ttys002 (messages off)
  Mail last read Thu Jan  5 20:30 2023 (PST)
  No Plan.
  

  It used to be available as a service on the internet (from 1977) on port 79 (RFC 742). It's almost always turned off now. It was exploited by the Morris Worm in 1988, one of the first computer worms.
• dig is a utility to look up the DNS records associated with a domain.

  |MacBook-Pro:123>dig pollett.org
  
  ; <<>> DiG 9.10.6 <<>> pollett.org
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17979
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
  
  ;; QUESTION SECTION:
  ;pollett.org.			IN	A
  
  ;; ANSWER SECTION:
  pollett.org.		1800	IN	A	173.13.143.73
  
  ;; Query time: 4 msec
  ;; SERVER: 100.64.0.2#53(100.64.0.2)
  ;; WHEN: Sun Feb 05 19:41:32 PST 2023
  ;; MSG SIZE  rcvd: 56
  

  DNS is typically done by sending UDP messages (binary so harder for humans to type) to port 53 of the DNS server, we'll see in a second how to look at.

ifconfig and ip

• ifconfig is a Unix/Linux/Mac utility for seeing, configuring, and controlling the network interfaces of a machine. ipconfig is the Windows equivalent.
• Another tool popular on Linux systems is ip.
• For now, we will use it just to see what interfaces we have:

  lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
  	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
  	inet 127.0.0.1 netmask 0xff000000 
  	inet6 ::1 prefixlen 128 
  gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
  stf0: flags=0<> mtu 1280
  ...(next slide example will use interface en0 which is the wireless interface on my machine, and en1, the ethernet interface)
  

  lo - localloop; gif - generic tunnel interface, en - ethernet or wireless Mac/ eth0 -linux, fw -firewire, stf - ip 6 to 4 interface
• To take down an interface, you could use a command like:

  ifconfig en0 down
  

• To bring an interface up, you could use a command like:

  ifconfig en0 10.4.72.99 netmask 255.255.255.0 up
  

• For some of the commands I am listing you might need to be root or use sudo.
• To install ip (assuming you have installed brew) on a Mac you can do (it is pre-installed on Linux):

  brew install iproute2mac
  

• Some useful ip commands:

  # Info on all available devices
  ip link show
  # Info on a particular device
  ip link show dev [device]
  # Statistics about interfaces
  ip -s link
  # List of running interfaces
  ip link ls up
  # Bring an interface up
  ip link set [interface] up
  # Bring an interface down
  ip link set [interface] down
  

tcpdump

• tcpdump is a command line packet sniffer. For example,

  tcpdump -i en1 tcp portrange 80-80
  

  dumps packet info for tcp traffic that uses port 80. You could capture udp traffic using udp rather than tcp. You could also change the ports to look at different kinds of traffic. For example, to see DNS lookups, you could do:

  >tcpdump -i en0 udp port 53
  
  tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
  listening on en0, link-type EN10MB (Ethernet), snapshot length 524288 bytes
  08:32:50.536845 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.52354 > 
      2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 40787+ A? www.apple.com. (31)
  08:32:50.536985 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.56492 >
      2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 34934+ 
      AAAA? 31-courier.push.apple.com. (43)
  08:32:50.536990 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.58371 >
      2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 35736+ 
      A? 31-courier.push.apple.com. (43)
  08:32:50.559969 IP6 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain >
      2603:3024:1554:1880:6126:ee01:ad81:c08b.52354: 40787 4/0/0 
      CNAME www.apple.com.edgekey.net., 
      CNAME www.apple.com.edgekey.net.globalredir.akadns.net., 
      CNAME e6858.dscx.akamaiedge.net., A 184.51.82.222 (181)
  08:32:50.559971 IP6 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain >
      2603:3024:1554:1880:6126:ee01:ad81:c08b.56492: 34934 2/1/0 
      CNAME 31.courier-push-apple.com.akadns.net.,
      CNAME us-sw-courier-4.push-apple.com.akadns.net. (197)
  08:32:50.559972 IP6 2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain >
      2603:3024:1554:1880:6126:ee01:ad81:c08b.58371: 35736 3/0/0 
      CNAME 31.courier-push-apple.com.akadns.net., 
      CNAME us-sw-courier-4.push-apple.com.akadns.net.,
      A 17.57.144.118 (150)
  08:32:50.564311 IP6 2603:3024:1554:1880:6126:ee01:ad81:c08b.60425 >
      2603:3024:1554:1880:1691:82ff:fe72:ed5c.domain: 15959+ 
      AAAA? us-sw-courier-4.push-apple.com.akadns.net. (59)
  0
  

  And change interfaces say from en0 to en1 to look at ethernet rather wifi (on a Mac).
• You can also filter by src, dst ip address:

  sudo tcpdump  -i en1 dst 130.65.86.56 and tcp port 23
  

Quiz

Which of the following is true?

1. Optical fiber tends to have a lower error rate than copper wire.
2. Process-per-protocol rather than process-per-message is used in most modern operating systems to implement the network protocol stack.
3. In store and forward packet routing, the router always keeps a copy of each packet it forwards.

Introduction to Direct Link Networks; Hardware

• Over the next couple of days we are going to look at issues in having a network of two or more hosts connected directly by a physical medium.
• Things we will consider are: the medium itself, wire, optics, radiation (radio waves); as well as the area covered, small area (an office) or large area(continent).
• For these setting,s we will be interested in the encoding of bits, the framing of sequences of bits into messages, error detection, reliability, and access mediation when more than two people share the line.
• We will look at these issues for five network technologies: point-to-point links, carrier sense multiple access networks, token rings, and wireless networks.
• To begin we are going to look at the hardware for the building blocks of networks that we discussed previously: the hardware for nodes; and the hardware for links.

Nodes

• For our purpose, we will assume a node is some kind of general purpose computer, like your desktop or laptop computer.
• This computer can either serve as a host and run application programs, or it might be set up as a router or a switch. (Typically, a router or a switch uses customized hardware because it is faster but for now we'll keep our general computer model.)
• A typical computer has a CPU connected to a memory cache in turn connected to its memory. There would also usually be an I/O bus and a network adapter card which connects the machine to the network.
• Memory for the machine is finite (say 1KB (my good ol' ZX81) or 16GB) and this upper bounds our ability to buffer data.
• CPU speed is still roughly doubling every 18 months; but memory latency is only improving at 7% per year, so network software needs to be careful how it uses memory.

Network Adapters

• Network adapters connect the rest of the workstation to the link.
• It is an active intermediary with its own internal processor.
• Its purpose is to transmit data from workstation onto the link and receive data from the link, storing it for the workstation.
• It implements nearly all the functionality that makes it possible to convey data over the given medium (say wire, optics, radio, etc).
• So it breaks data into frames, detects errors, and follows fairness rules for the link.

Parts of a Network Adapter

• A network adapter consists of two main components: a bus interface that understands how to communicate with the host; and a link interface which understands how to use the link.
• There are a variety of different link interfaces because the link media can vary.
• Similarly, different I/O buses require different adapters; however, from the host perspective, the interfaces tend to be similar.
  • Typically, the adapter exports a control status register that is readable and writable from the CPU.
  • This is usually located at some address in memory.
  • Software on the host called a device driver writes to the CSR to instruct it to transmit/receive data. It can also read from the CSR to learn the current status of the adapter.
  • To notify the host of an asynchronous event such as the reception of a frame, the adapter interrupts the host.

DMA and PIO

• The two main mechanisms used for transferring bytes of data between adapter and host memory are: direct memory access and programmed I/O.
• With DMA, the adapter directly reads and writes the host's memory without any CPU involvement; the host simply gives the adapter a memory address and the adapter reads and writes from/to it.
• With PIO, the CPU is responsible for moving data between the adapter and host memory. To send a frame, for example, the CPU might execute a tight loop that first reads a word from memory and then writes it to the host adapter.

Links

• Network links are implemented on a variety of physical media: twisted pair, optical fiber, coaxial cable, or using radio, microwave, or infrared.
• Usually, the signal being sent is some kind of electromagnetic wave.
• One important property of such waves is their frequency -- the speed at which they oscillate.
• The inverse of the frequency -- the wavelength -- of the wave is the distance between adjacent maxima or minima of the wave. It is usually measured in meters.
• More precisely, frequency and wavelength are related by f λ=c.
• The next slide has a diagram illustrating common frequencies for different propagation media.

The EM Spectrum

From Waves to Bits and Channels

• So far we have described how a physical medium carries signals in the form of waves...
• We often want to transmit digital information like 0's and 1's. How we piggy-back binary data on waves is called an encoding.
• It has two layers:
  • A lower layer which is concerned about modulation -- varying the frequency, amplitude, or phase of the signal to effect transmission of information. For example, one might vary the power (amplitude) of a single wavelength between two values -- the "high" signal and the "low" signal.
  • An upper layer which is concerned with encoding bits using these two different signal values. (What we'll be interested in for this class.)
• Another issue about links is how many bit-streams can be encoded on a link at a given time. If only one, we have to have a mechanism for sharing access such as what we will describe for multiple-access links. For point-to-point links, if the answer is two, then one signal can be used to communicate from Host A to Host B and the other for the way back. This is called a full-duplex link. If the answer is one then Host A and B must take turns and the channel is called half-duplex.

Cables

• One way to connect two machines is to physically string a cable between the two.
• We next consider a couple of different cable types...

Twisted Pair

• Twisted pair wire consists of two insulated copper wires typically about 1mm thick which are twisted together.
• Other a single cable will consist of a group of four such pairs each twisted at a different twist rate.
• As a charge travels down a wire it gives off EM radiation, which is power lost.
• Twisting causes the waves that are radiated to cancel preventing the wires from radiating as effectively; the different twist rates of the four pairs minimize cross-talk between pairs.
• This basic set-up is called unshielded twisted pair (UTP), you can also have different kinds of shielded twisted pair wires (screen or foil).
• Old-school telephones were typically connected to the phone company by twisted pair wires.
• A signal can be sent down such a wire without amplification for several kilometers. For longer distances a repeater is necessary.
• The bandwidth of these wires is on the order of megabits/sec, and they are very cheap.
• The most common kind of twisted pair wires used in networks today is some flavor of Category 5 (Cat-5). More recently, Cat-5e might be used for gigabit networks and Cat-6 for gigabit and deca-gigabit networks. Channel-F/F_A/CAT 7 adds shielding to individual wire pairs and can potentially achieve even higher rates suach as 40Gbs. There are also CAT-8 cables in use in data centers.

Coaxial Cable

• This kind of wire has better shielding then twisted pair wires, so it can span wider distances at higher speeds.
• It is often called coax.
• There are two types of coax cables 50 and 75 ohm.
• 50 ohm was intended for digital transmission; whereas, 75 ohm was intended for both digital as well as analog tramsmission such as TV.
• Modern cables are capable of bandwidth around 1GHz.
• In addition to cable TV use, these cables used to be used by the phone company over long distances before fiber optics became more popular.

Fiber Optics

• This is the largest bandwidth transmission technology.
• Currently systems can operate at 10Gbps, with lab examples running at 100Gbps over a single fibre.
• Optical transmission has three components: the light source, the medium, and the detector.
• A pulse of light is used to indicate a 1, the absence of a pulse a 0.
• The transmission medium is an ultra-thin fibre of glass.
• A detector generates electrical pulses when light fall on it.
• Light does not leak out of the fiber because it get reflect off the sides of the fibre back into the fibre
• Angles of incident light at which this ricochet effect will work are called modes of the fiber.
• You can have single as well as multi-mode fiber.

A Table Comparing Common Cables and Fibers