GROUP MEMBERS

1. 22/05611 Alvin Kipkoech

2. 22/04373 Christian meso
3. 22/05489 Kamitu Titus Muuo
4. 22/05861 Wachira Charles Wanjohi
5. 22/05237 wasike Joseph
6. 24/00102 Peter Mwangi
7. 22/06418 Dolla Jesse
8. 22/07049 macharia Sammy
Network Programming Ass 1
1. netstat
i). What is netstat and what is it used for?
From the command line netstat functions as a tool which displays information regarding network
connections together with routing tables and interface statistics as well as network protocol usage
data. The tool finds frequent usage for network troubleshooting combined with performance
monitoring.

ii). What parameters for netstat should you use to show all the TCP
connections established? Include a printout of this list for your machine. Be
sure to explain what all fields are.
To display all active TCP connections, use:
netstat -at or netstat -an | grep ESTABLISHED

Explanation of fields in netstat output:

A typical output might look like this:

Proto Local Address Foreign Address State

TCP 192.168.1.100:5000 93.184.216.34:443 ESTABLISHED

 Proto: Protocol used (TCP or UDP).

 Local Address: The IP address and port number of the local machine.
  Foreign Address: The IP address and port number of the remote machine.
 State: The state of the connection (e.g., ESTABLISHED, LISTENING, TIME_WAIT).

iii). How can use netstat to detect malicious software

 Checking for unexpected open ports: netstat -tulnp
 Finding suspicious foreign connections: netstat -an | grep -i "established"
 Identifying programs making connections: netstat -b

2. traceroute
i). Explain in detail how traceroute works.
traceroute operates as a diagnostic solution to display packet routes from source machines to
their intended destinations by tracking their intermediate stops.
It works by:

 IP packets with ICMP Echo Request protocol or UDP packets use TTL value starting
from 1 in their initial transmission.
 The Internet routers in succession subtract TTL values before they respond with an ICMP
Time Exceeded message when TTL hits zero.
 The destination information traceroute records includes IP addresses together with round-
trip time measurements and hop count data.

ii). Perform a traceroute from your machine to two different locations

 In Europe
 In US
Include a copy of the output and explain what happened including a
description of what each of the field’s means.
Run the following
traceroute google.fr # For a location in Europe
traceroute nyu.edu # For a location in the US
Explanations of fields in traceroute output:
1 192.168.1.1 1.123 ms 1.456 ms 1.789 ms
2 10.0.0.1 2.345 ms 2.678 ms 2.987 ms
3 203.0.113.1 30.123 ms 30.456 ms 30.789 ms
  Hop Number: The sequence number of the router.
 IP Address: The router’s IP.
 Round-Trip Time (RTT): The time in milliseconds taken for the packet to reach
the router and return.

iii). traceroute to www.kca.ac.ke, and identify each hop by using whois

command. Notethat whois takes IP addresses as parameter.
Run:
traceroute www.kca.ac.ke
Then for each hop:
whois <IP_ADDRESS>
This provides details about the owner of each router.