CS-356 Computer Networks Lab

Lab Session-1

Basic Networking Commands in Linux

Following are some basic commands that users can use for simple network
configuration tasks in Linux.

1. ifconfig: The ifconfig command, short for "interface configuration," is used to

view and change the configuration of network interfaces on a Linux system.
Although it is being replaced by the ip command in modern Linux distributions, it
is still commonly used in some cases. Here are some examples of using ifconfig

1.1. You can view the IP address, MAC address and MTU (Maximum
Transmission Unit) with ifconfig command.

Syntax:
ifconfig

1.2. To get the details of the specific interface, just write the interface name after
the command.
1.3. Other Options with ifconfig:

Display a shortlist of active interfaces: Using the -s option prints a shortlist of all
interfaces, including those that are "down" (inactive)

ifconfig -s

Print a more detailed configuration for all interfaces: The -v option displays a
more detailed configuration for all interfaces.

ifconfig -v

Assign an IP address to a network interface: To assign an IP address to a

network interface, you can use the inet option followed by the IP address and
netmask. For example, to assign the IP address 192.168.1.1 with a netmask
255.255.255.0 to the eth0 interface, you would run:

ifconfig eth0 inet 192.168.1.1 netmask 255.255.255.0

but these settings will be disabled after system reboot.

1.4. Enable or Disable specific interface:

To enable specific interface,

ifup eth0
To disable specific interface,

ifdown eth0

1.5. Setting MTU size

By default MTU (Maximum Transmission Unit) size is 1500, you can change size
as per your wish.
 ifconfig eth0 mtu xxxx

Replace xxxx with size.

2. ip command: Linux IP command is the newer version of the ifconfig command. It

is a handy tool for configuring the network interfaces for Linux administrators. It
can be used to assign and remove addresses, take the interfaces up or down,
and much more useful tasks.

2.1.Listing the IP addresses: ip address show

2.2. Display the Ipv4 and Ipv6 Addresses

2.3. Display a Single Interface

2.4 Add an IP address to an Interface

The 'add' and 'dev' options are used to add an IP address to an interface. We
have to specify the IP address and interface to be added. For example, add the
IP address "192.168.7.22" to the 'wlp6s0' interface. To add this Ip address,
execute the command as follows:

sudo ip addr add 192.168.7.22 dev wlp2s0

The above command will add the given IP address to the specified interface. If it
is successfully added, it will not produce any output.

2.5. Deleting an IP Address

Deleting an IP address is the same as adding, except we have to replace the

'add' option with the 'del.' To delete an IP, execute the command as follows:

sudo ip addr del 192.168.7.22 dev wlp2s0

2.6. IP with Network Interfaces

We can use the link object for working and inspecting the network interfaces. To
display the installed interface on our system, execute the below command:

ip link show
2.7. Start or Stop a Network Interface

The 'set' option with up and down arguments is used to start and stop a network
interface. Consider the below command:

sudo ip link set wlp2s0 down

The above command will down the 'wlp2s0' interface. To display the status of the
interface, execute the below command:

ip addr show dev wlp2s0

To start the interface, execute the below command:

sudo ip link set wlp2s0 up

2.8 IP with Routes

The root object is used to inspect and manipulate routes. A route defines the
forwarding process of network traffic and applied network interface. In the case of
a shared network, the sending device can forward the packet directly. However, if
the destination device is not directly connected, the sending device sends the
packet to the default router. In this condition, the router deals with packets.

To display the defined routes of our system, execute the below command:
 ip route

3. traceroute command:

A network diagnostic tool used to trace the route that packets take from the
source to a specified destination. It helps you identify the network path and
measure the transit delays of packets across a network. This can be useful for
troubleshooting network connectivity issues, identifying bottlenecks, and
understanding the network topology between your computer and a target host.
Utility:
1. Network Path Analysis: traceroute shows the route that packets take,
listing all the intermediate routers (hops) between the source and the
destination.
2. Round-Trip Time (RTT) Measurement: It displays the time taken for
packets to travel from the source to each hop and back.
3. Identifying Network Issues: Helps in identifying network congestion,
packet loss, or other issues by examining the delay at each hop.

Usage:
traceroute [options] destination

Example: traceroute www.google.com

Options:
-n: Display IP addresses instead of hostnames, which can speed up the process
by avoiding DNS resolution delays.
-q (or --queries): Set the number of queries sent to each hop.
-m (or --max-hop): Set the maximum number of hops to reach the destination.

For example:
traceroute -n -q 3 -m 15 www.google.com

4. tracepath: The tracepath command is the same as the traceroute command, and it is
used to find network delays. Besides, it does not need root privileges. By default, it
comes pre-installed in Ubuntu. It traces the path to the destination and recognizes all
hops in it. It identifies the point at which the network is weak if our network is not strong
enough.

Syntax:
 tracepath <destination>

5. ping: It is short for Packet Internet Groper. The ping command is one of the widely
used commands for network troubleshooting. Basically, it inspects the network
connectivity between two different nodes.

Syntax:

ping <destination>

6. netstat: It is short for network statistics. It gives statistical figures of many interfaces,
which contain open sockets, connection information, and routing tables.

Syntax:

Netstat

7. ss: This command is the substitution for the netstat command. The ss command is
more informative and much faster than netstat. The ss command's faster response is
possible because it fetches every information from inside the kernel userspace.

Syntax:

ss

8. nslookup: The nslookup command is an older edition of the dig command. Also, it is
utilized for DNS related problems.

Syntax:

nslookup <domainname>

9. dig: dig is short for Domain Information Groper. The dig command is an improvised
edition of the nslookup command. It is utilized in DNS lookup to reserve the DNS name
server. Also, it is used to balance DNS related problems. Mainly, it is used to authorize
DNS mappings, host addresses, MX records, and every other DNS record for the best
DNS topography understanding.

Syntax:

dig <domainname>
10. route: The route command shows and employs the routing table available for our
system. Basically, a router is used to detect a better way to transfer the packets around
a destination.

Syntax:

route

11. host: The host command shows the IP address for a hostname and the domain
name for an IP address. Also, it is used to get DNS lookup for DNS related issues.

Syntax:

host -t <resourceName>

11. arp: The arp command is short for Address Resolution Protocol. This command is
used to see and include content in the ARP table of the kernel.

Syntax:

arp

12. curl and wget: These commands are used to download files from CLI from the
internet. curl must be specified with the "O" option to get the file, while wget is directly
used.

curl Syntax:

curl -O <fileLink>

wget Syntax:

wget <fileLink>

13. mtr: The mtr command is a mix of the traceroute and ping commands. It regularly
shows information related to the packets transferred using the ping time of all hops.
Also, it is used to see network problems.

Syntax:

mtr <path>

14. whois: The whois command fetches every website related information. We can get
every information of a website, such as an owner and the registration information.
Syntax:

whois <websiteName>

15. ifplugstatus: The ifplugstatus command checks whether a cable is currently

plugged into a network interface. It is not available in Ubuntu directly. We can install it
with the help of the below command:

sudo apt-get install ifplugd

Syntax:

ifplugstatus

16. iftop: The iftop command is utilized in traffic monitoring.

17. tcpdump: The tcpdump command is widely used in network analysis with other
commands of the Linux network. It analyses the traffic passing from the network
interface and shows it. When balancing the network, this type of packet access will be
crucial.

Syntax:

tcpdump -i <network_device>

Introduction to Wireshark
1. What is Wireshark?
● Open-source network protocol analyzer.
● Used for troubleshooting, analysis, development, and education.
2. Key Features:
● Packet Capture: Captures and displays packets on a network.
● Live Analysis: Real-time monitoring of network activities.
● Filtering: Powerful filters for isolating specific traffic.
3. Supported Protocols:
● Analyzes a wide range of protocols (TCP, UDP, HTTP, DNS, etc.).
● Provides detailed insights into packet content.
4. Platform Compatibility:
● Available for Windows, macOS, and Linux.
● Offers a consistent user experience across platforms.
5. User Interface:
● Intuitive GUI for ease of use.
● Tabbed interface for simultaneous analysis of multiple captures.
6. Packet Details:
● Displays detailed information about each packet.
 ● Includes source/destination addresses, protocols, and payload.
7. Color-coded Traffic:
● Colors packets for quick identification (e.g., green for TCP, blue for UDP).
8. Statistics and Reports:
● Generates detailed statistics on network traffic.
● Provides graphical representations for easy interpretation.
11. Customization:
● Customizable columns and display filters.
● Tailor the interface to suit specific analysis needs.
12. Security Analysis:
● Useful for detecting and analyzing security threats.
● Identifies suspicious patterns and behaviors.
13. Integration with Other Tools:
● Supports integration with third-party tools for extended functionality.
● Enhances capabilities for specialized tasks.

Hands-On Wireshark

Steps to Install Wireshark

Step 1: Update APT

Step 2: Download and Install Wireshark

Step 3: Run Wireshark

Interface and Working on Wireshark

Choose the interface whose traffic you want to capture

List of packets and their information

 ● Command Menu
● Listing of captured packets
● Details of selected packet header
● Packet contents in hexadecimal and ASCII

Color code to identify the types of packet

Optimizing Wireshark Searches with Filter Strategies

1. Protocol Filters:
○ tcp: Filters for TCP packets.
○ udp: Filters for UDP packets.
○ icmp: Filters for ICMP packets.
2. Address Filters:
○ ip.addr == 192.168.1.1: Filters packets with a specific IP address.
○ ip.src == 10.0.0.1: Filters packets with a specific source IP address.
○ ip.dst == 172.16.0.1: Filters packets with a specific destination IP
address.
3. Port Filters:
 ○ tcp.port == 80: Filters TCP packets on port 80 (HTTP).
○ udp.port == 53: Filters UDP packets on port 53 (DNS).
4. Combining Filters:
○ ip.addr == 192.168.1.1 && tcp.port == 80: Combines IP and port filters.
5. Display Filters:
○ http: Filters for HTTP packets.
○ dns: Filters for DNS packets.
○ ssl: Filters for SSL/TLS encrypted traffic.
6. Time Filters:
○ frame.time_relative > 5: Filters packets occurring more than 5
seconds after the start.
7. Conversation Filters:
○ ip.addr == 192.168.1.1 && ip.addr == 192.168.1.2: Filters packets
between two specific IP addresses.
8. Logical Operators:
○ == (equal), != (not equal), > (greater than), < (less than), && (logical
AND), || (logical OR).
9. Display Specific Fields:
○ http.request.method: Displays only HTTP request methods.
○ dns.qry.name: Displays only DNS query names.