EXPERIMENT-1

OBJECTIVE: Running and using services/commands like

ping,traceroute,nslookup,arp,telnet,ftp.,etc

1.PING COMMAND:
Ping is a basic Internet Program that lets you verify that a particular IP address exists and
can accept requests .The verb “PING”means the act of using the ping utility or
command.Ping is used diagnostically to ensure that a host computer you are trying to reach
is actually operating.

The ping command operates by sending INTERNET CONTROL MESSAGE PROTOCOL (ICMP)
echo request messages to the destination computer and waiting for a response.How many
of these responses are returned,and how long it takes for them to return,are the two major
pieces of information that the ping command provides.

EXAMPLE 1: PING amazon.com

1.EVENING number of echo requests to send( n count is 5)

2.Afternoon

EXAMPLE 2:ping amazon.co.in

1.Evening number of echo requests to send( n count is 6)

2.Afternoon
3.Morning with buffer size 700

EXAMPLE 3:ping www.flipkart.com

1.Evening with buffer size 3000

2.Afternoon

EXAMPLE 4: ping www.mit.edu

1.Evening number of echo requests to send( n count is 7)

2.Afternoon

3.Morning with buffer size 1000

EXAMPLE 5:ping www.harvard.edu

1.Evening with buffer size 900

2.Afternoon

3.Morning number of echo requests to send( n count is 5)

EXAMPLE 6:ping www.aktu.ac.in

1.Evening with buffer size 4000

2.Afternoon
3.Morning

WORKING OF PING:
Step 1: Type "ping" followed by a space and an IP address, such as 75.186.129.75, or a
domain name, such as yahoo.com. Press "Enter." This will start the ping command and
attempt to ping the remote server. The ping command should be typed into a terminal
window on a Linux or Mac machine, or in a command window on a Windows machine. You
can access a command window by clicking "Start" then "Run" and typing "cmd" into the box.
Step 2: Read the first line to view the server's host name. This will confirm that you are
connected to the correct server. This is followed by the number of bytes that were sent to the
server, usually 32 bytes. But we can change the buffer size too.

Step 3: Read the following four lines to view the response time from the server. The bytes
entry shows how many bytes of data were sent back, the time entry shows how many
milliseconds the response took to return, and the TTL entry is the total routers the packet will
travel through before stopping. If this section reads "Request timed out" the packets could
not find the host, and there may be a connection problem.

Step 4: Read the "Ping statistics" section to see the total numbers for the ping process. The
packets line lists the number of packets sent and received, and the number and percentage
of packets that were lost. If there were any packets lost, there is likely a connection problem.

Step 5: Read the "Approximate round trip times" section to obtain a general idea of your
connection speed. The higher the average time in milliseconds, the slower the connection to
the server. Ping times to computers and servers on your local network will usually be much
faster than those on the Internet.

2.TRACE ROUTE COMMAND:

If someone would like to know how he goes from his house to his office he
could just tell the list of the crossroads where he passes .The same way we can
ask the data sent over from your computer to the web server which way does
it go ,through which devices ? we ask it by using the utility called traceroute,in
MS Window machines it is called tracert.
EXAMPLE 1:Tracing Route of amazon.co.in
EXAMPLE 2:Tracing route of www.flipkart.com

EXAMPLE 3:Tracing route of www.harvard.edu

EXAMPLE 4:Tracing route of www.mit.edu

EXAMPLE 5:Tracing route of www.aktu.ac.in

How a Traceroute works

Whenever a computer connects to a website, it must travel a path that consists of several points, a
little like connecting the dots between your computer and the website. The signal starts at your local
router in your home or business, then moves out to your ISP, then onto the main networks. From
there it may have several junctions until it gets off the Internet highway at the local network for the
website and then to the webserver itself.
A traceroute displays the path that the signal took as it traveled around the Internet to the website. It
also displays times which are the response times that occurred at each stop along the route. If there is
a connection problem or latency connecting to a site, it will show up in these times. You will be able to
identify which of the stops (also called 'hops') along the route is the culprit.

How to read a Traceroute

Once the traceroute is run, it generates the report as it goes along the route. Below is a sample
traceroute:
C:\Users\vishal_2> tracert www.flipkart.com

Tracing route to flipkart.com [163.53.78.128]

over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 172.16.10.2

2 * * * Request timed out.

3 2 ms 2 ms 2 ms vbchtmnas9k02-t0-4-0-1.coxfiber.net [216.54.0.29]

4 12 ms 13 ms 3 ms 68.10.8.229

5 7 ms 7 ms 7 ms chndbbr01-pos0202.rd.ph.cox.net [68.1.0.242]

6 10 ms 8 ms 9 ms ip10-167-150-2.at.at.cox.net [70.167.150.2]

7 10 ms 9 ms 10 ms 100ge7-1.core1.nyc4.he.net [184.105.223.166]

8 72 ms 84 ms 74 ms 10gr10-3.core1.lax1.he.net [72.52.92.226]

9 76 ms 76 ms 90 ms 10g1-3.core1.lax2.he.net [72.52.92.122]

10 81 ms 74 ms 74 ms 205.134.225.38

11 72 ms 71 ms 72 ms www.inmotionhosting.com [192.145.237.216]

As you can see, there are several rows divided into columns on the report. Each row represents a
"hop" along the route. Think of it as a check-in point where the signal gets its next set of directions.
Each row is divided into five columns. A sample row is below:

10 81 ms 74 ms 74 ms 205.134.225.38

Let's break this particular hop down into its parts.

Hop # RTT 1 RTT 2 RTT 3 Name/IP Address

10 81 ms 74 ms 74 ms 205.134.225.38

Hop Number - This is the first column and is simply the number of the hop along the route. In this
case, it is the tenth hop.
RTT Columns - The next three columns display the round trip time (RTT) for your packet to reach
that point and return to your computer. This is listed in milliseconds. There are three columns because
the traceroute sends three separate signal packets. This is to display consistency, or a lack thereof, in
the route.
Domain/IP column - The last column has the IP address of the router. If it is available, the domain
name will also be listed.
Checking the hop times
The times listed in the RTT columns are the main thing you want to look at when evaluating a traceroute.
Consistent times are what you are looking for. There may be specific hops with increased latency times but they
may not indicate that there is an issue. You need to look at a pattern over the whole report. Times above 150ms
are considered to be long for a trip within the continental United States. (Times over 150ms may be normal if
the signal crosses an ocean, however.) but issues may show up with very large numbers.

Increasing latency towards the target

If you see a sudden increase in a hop and it keeps increasing to the destination (if it even gets there), then this
indicates an issue starting at the hop with the increase. This may well cause packet loss where you will even see
asterisks (*) in the report.

1 10 ms 7 ms 9 ms 172.16.10.2

2 78 ms 100 ms 32 ms ip10-167-150-2.at.at.cox.net [70.167.150.2]

3 78 ms 84 ms 75 ms 100ge7-1.core1.nyc4.he.net [184.105.223.166]

4 782 ms 799 ms * ms 10gr10-3.core1.lax1.he.net [72.52.92.226]

5 * ms 899 ms 901 ms 10g1-3.core1.lax2.he.net [72.52.92.122]

6 987 ms 954 ms 976 ms 205.134.225.38

7 1002 ms 1011 ms 999 ms www.inmotionhosting.com [192.145.237.216]

High latency in the middle but not at beginning or end

If the hop immediately after a long one drops back down, it simply means that the router at the long hop set the
signal to a lower priority and does not have an issue. Patterns like this do not indicate an issue.

1 <1 ms <1 ms <1 ms 173.247.246.116

2 30 ms 7 ms 11 ms 10.10.0.2

3 200 ms 210 ms 189 ms 4.71.136.1

4 111 ms 98 ms 101 ms ip10-167-150-2.at.at.cox.net [70.167.150.2]

5 99 ms 100 ms 98 ms 205.134.225.38

High latency in the middle that remains consistent

If you see a hop jump but remain consistent throughout the rest of the report, this does not indicate an issue.

1 <1 ms <1 ms <1 ms 173.247.246.116

2 30 ms 7 ms 11 ms 10.10.0.2

3 93 ms 95 ms 92 ms 4.71.136.1
4 95 ms 99 ms 101 ms ip10-167-150-2.at.at.cox.net [70.167.150.2]

5 99 ms 100 ms 98 ms 100ge7-1.core1.nyc4.he.net [184.105.223.166]

6 95 ms 95 ms 95 ms 10g1-3.core1.lax2.he.net [72.52.92.122]

7 95 ms 96 ms 94 ms 205.134.225.38]

High latency in the beginning hops

Seeing reported latency in the first few hops indicates a possible issue on the local network level. You will want
to work with your local network administrator to verify and fix it.

Timeouts at the beginning of the report

If you have timeouts at the very beginning of the report, say within the first one or two hops, but the rest of the
report runs, do not worry. This is perfectly normal as the device responsible likely does not respond to
traceroute requests.

Timeouts at the very end of the report

Timeouts at the end may occur for a number of reasons. Not all of them indicate an issue, however.

 The target's firewall may be blocking requests. The target is still most probably reachable with a normal
HTTP request, however. This should not affect normal connection.
 The return path may have an issue from the destination point. This would mean the signal is still reaching,
but just not getting the return signal back to your computer. This should not affect normal connection.
 Possible connection problem at the target. This will affect the connection

3.nslookup Command:“nslookup” stands for “Name System Lookup” and is

very useful in obtaining Domain Name System (DNS) related information about a
domain or about an IP address (reverse DNS lookup).

nslookup is a network administration command-line tool available in many computer

operating systems for querying the Domain Name System (DNS) to obtain domain name
or IP address mapping,or other DNS records.
EXAMPLE 1: finding a record of domain amazon.co.in

EXAMPLE 2: finding a record of domain mit.edu

EXAMPLE 3: finding a record of domain flipkart.com

EXAMPLE 4: finding a record of domain harvard.edu

EXAMPLE 5:checking NS Record of the domain harvard.edu

EXAMPLE 6:Querry the SOA record of domain flipkart.com

EXAMPLE 7:Changing the timeout interval for a reply to the google.com

EXAMPLE 8:Enabling debug mode for aktu.ac.in

AUTHORITATIVE ANSWER:this is the answer that originates from the

DNS server which has the information about the zone file.
NON AUTHORITATIVE ANSWER:when a nameserver is not in the list for
the domain you did a look-up on.

DIFFERENT PORT:by default ,the DNS servers use port 53.

4.ARP Command:
The address resolution protocol(ARP) is a protocol used by the Internet
Protocol (IP),specially IPv4,to map IP network addresses to the hardware
addresses used by a data link protocol.The protocol operates below the
network layer as a part of the interface between the OSI network and OSI link
layer.
EXAMPLE 1: displaying the all arp entries in cache with -a

EXAMPLE 2: displaying the all arp entries in cache but with -g