COMP 3000 Lab 7 2011
A few guidelines:
- Submit your solutions for both Part A and Part B via WebCT by Sunday, November 27th at 11:30 PM.
- Please answer using a single text file (with a .txt extension). Do not submit doc, docx, pdf, or other formats. Also, please do not submit an archive (zip, tarball, rar) of multiple text files, just upload one. (Please don't just cut and paste your work into a text box on webct.) Anything other than a single text file will receive -1 points
- Show all your work. If you find an answer by browsing code, explain your search path (e.g., I searched for X, which led me to source file Y, where I found function Z.) Also, list any websites or individuals you consult.
- Do all of the following on a Linux system. Ubuntu Linux is guaranteed to work, but other Linux systems should work. Note that *BSD systems, including MacOS X, will produce different answers for several of the following questions.
- Note that the tools from Lab 2 in particular may be of use here...
Part A
- [3] Run ifconfig. For all configured interfaces except loopback, there should be an "inet" address, a "HWaddr" (hardware) address, and perhaps even an "inet6" address. Each of these addresses identifies the computer within a certain context. In what context are each of these addresses used? Specifically, for what protocol is the address used, and what other computers can access this one using this address? (Ignore NAT issues.)
- [2] What does MTU refer to in the output of ifconfig? Specifically, what does the acronym mean, and what does this value determine?
- [1] How could you use netcat (nc) to listen on port 9200 and write received data to the file /tmp/foo?
- [1] What does tracepath slashdot.org return?
- [1] How can you get netstat to return a list of all current TCP connections and open ports, listed using numeric IP addresses (rather than DNS hostnames)?
- [1] How could I use lsof to find all of the processes accessing the directory /home?
- [2] In /proc/<PID>/maps, each entry has four permission bits: r,w,x, & p. What do each of them indicate?
Part B
- [2] Why does tracepath return "no reply" sometimes?
- [3] nc uses very few system calls (three on Ubuntu 11.10) when actually receiving data on the network. (The other system calls are for setup and for ending the connection.) What are those few system calls, and what do each of them do?
- [2] What file does netstat access to find out about current TCP connections on Linux? And, what is the difference between this file and the output of netstat, in syntax and semantics? Be specific.
- [2] What does lsof sometimes get a "permission denied" error when run as a regular user? Specifically, what files is it trying to access, and why are these protected?
- [2] What kernel data structure stores the permissions listed in /proc/<PID>/maps?
Answers
Part A
- inet address is the IPv4 address of the host. The scope is usually either a subnet or global, the former meaning other computers on the same subnet can talk, and the latter meaning any computer with an access to the Internet can talk to this one. HWaddr is the MAC address of the network card. Computers on the same local network (ethernet/wifi etc) connected via a switch or a hub or some such device can talk to it without having to use the Network layer. inet6 address, or the IPv6 address is a newer replacement for the aging IPv4 address. If its scope is only link, that means it doesn't have a globally routable address. Routers drop packets that originate with a link-local address. A global scope means a globally routable ipv6 address.
- MTU, or the Maximum Transmission Unit, is the maximum frame size of whatever layer 2 protocol is under use, ( e.g Ethernet ). Some of you've answered that MTU is the maximum IP packet size - that is incorrect. You can verify it if you'd like by changing mtu of your eth0, running Wireshark, and looking at frame length ( which in my case seems to be upper-bounded by MTU + 14 bytes ). I'm unsure about what those additional 14 bytes are. Although, technically, you can limit the size of all egress IP packets from your NIC, typically IP layer dynamically figures out its MTUs - because they vary. See here and here for more info.
- nc -l 9200 > /tmp/foo
- From a lambda machine, I got this :
1: 134.117.27.129 0.118ms pmtu 1500 1: 134.117.27.1 5.051ms 1: 134.117.27.1 5.660ms 2: 10.50.254.10 5.377ms 3: 10.30.33.1 5.561ms 4: 10.30.53.1 5.711ms 5: 134.117.254.242 114.264ms asymm 4 6: 134.117.254.243 4.572ms asymm 4 7: 10.30.56.1 4.442ms asymm 6 8: no reply 9: 154.54.40.137 7.099ms asymm 8 10: 154.54.42.85 19.135ms asymm 9 11: 154.54.44.218 19.609ms asymm 10 12: no reply 13: 204.70.198.17 20.179ms asymm 12 14: 204.70.196.241 30.987ms asymm 11 15: no reply 16: no reply 17: 64.27.160.194 35.202ms asymm 12 18: 216.34.181.45 31.924ms reached
5. netstat -ant
6. lsof +D /home
7. Read, Write, Execute (self-explanatory) and Private. A page can either be shared ( meaning - "Updates to the mapping are visible to other processes that map this file, and are carried through to the underlying file." ), or private (Updates to the mapping are not visible to other processes mapping the same file, and are not carried through to the underlying file - using copy-on-write).
Part B
- Tracepath/Traceroute either use ICMP echo requests, or simply send a UDP packet to a big port number, and wait for ICMP destination unreachable packet. In either case, if a server doesn't receive an ICMP packet as response, tracepath says "no reply".
- I see the following system calls : poll, read and write. Poll waits for the file descriptor status to change, until it is ready to perform I/O. read reads a fixed number of bytes into a buffer from a file descriptor, and write writes a given number of bytes to a file descriptor.
- /proc/net/tcp. Syntactically, the ip addresses and port numbers in netstat are human-readable and not in hex. The state values have been translated from numbers to words. Further, if used with flags, ( like --program ), netstat retrieves the application name related to the connection, by looking up inode info from /proc/net/tcp.
- When lsof recurses through a directory, and encounters a file that it cannot open, it says "permission denied". This is because ordinary users don't have access to some protected files ( for e.g /etc/shadow )
- In include/linux/mm_types.h, the following are used to store permissions.
pgprot_t vm_page_prot; /* Access permissions of this VMA. */ unsigned long vm_flags; /* Flags, see mm.h. */