pc15: exercises-network-metrics-and-analysis.txt

File exercises-network-metrics-and-analysis.txt, 45.0 KB (added by seun.ojedeji, 8 years ago)

configuration performed on PC

Line 
1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
2<html xmlns="http://www.w3.org/1999/xhtml">
3 
4 
5
6
7  <head>
8    <title>
9      exercises-network-metrics-and-analysis.txt on Agenda – Attachment
10     â€“ AfNOG 2011 Network Monitoring and Management Workshop (NM-E)
11    </title>
12    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
13        <link rel="search" href="/wiki/search" />
14        <link rel="help" href="/wiki/wiki/TracGuide" />
15        <link rel="alternate" href="/wiki/raw-attachment/wiki/Agenda/exercises-network-metrics-and-analysis.txt" type="text/plain; charset=iso-8859-15" title="Original Format" />
16        <link rel="up" href="/wiki/wiki/Agenda" title="Agenda" />
17        <link rel="start" href="/wiki/wiki" />
18        <link rel="stylesheet" href="/wiki/chrome/common/css/trac.css" type="text/css" /><link rel="stylesheet" href="/wiki/chrome/common/css/code.css" type="text/css" />
19        <link rel="shortcut icon" href="/wiki/chrome/site/favicon.ico" type="image/x-icon" />
20        <link rel="icon" href="/wiki/chrome/site/favicon.ico" type="image/x-icon" />
21    <script type="text/javascript" src="/wiki/chrome/common/js/jquery.js"></script><script type="text/javascript" src="/wiki/chrome/common/js/babel.js"></script><script type="text/javascript" src="/wiki/chrome/common/js/trac.js"></script><script type="text/javascript" src="/wiki/chrome/common/js/search.js"></script>
22    <!--[if lt IE 7]>
23    <script type="text/javascript" src="/wiki/chrome/common/js/ie_pre7_hacks.js"></script>
24    <![endif]-->
25      <script type="text/javascript" src="/wiki/chrome/common/js/folding.js"></script>
26      <script type="text/javascript">
27        jQuery(document).ready(function($) {
28          $('#preview table.code').enableCollapsibleColumns($('#preview table.code thead th.content'));
29        });
30      </script>
31  </head>
32  <body>
33    <div id="banner">
34      <div id="header">
35        <a id="logo" href="https://nsrc.org/workshops/2011/afnog-nm/"><img src="/wiki/chrome/site/afnog2011-nsrc.jpg" alt="AfNOG 2011 Network Monitoring and Management Workshop (NM-E)" height="60" width="397" /></a>
36      </div>
37      <form id="search" action="/wiki/search" method="get">
38      </form>
39      <div id="metanav" class="nav">
40    <ul>
41      <li class="first"><a href="/wiki/login">Login</a></li><li><a href="/wiki/prefs">Preferences</a></li><li><a href="/wiki/wiki/TracGuide">Help/Guide</a></li><li class="last"><a href="/wiki/about">About Trac</a></li>
42    </ul>
43  </div>
44    </div>
45    <div id="mainnav" class="nav">
46    <ul>
47      <li class="last first active"><a href="/wiki/wiki">Wiki</a></li>
48    </ul>
49  </div>
50    <div id="main">
51      <div id="ctxtnav" class="nav">
52        <h2>Context Navigation</h2>
53          <ul>
54              <li class="last first"><a href="/wiki/wiki/Agenda">Back to Agenda</a></li>
55          </ul>
56        <hr />
57      </div>
58    <div id="content" class="attachment">
59        <h1><a href="/wiki/wiki/Agenda">Agenda</a>: exercises-network-metrics-and-analysis.txt</h1>
60        <table id="info" summary="Description">
61          <tbody>
62            <tr>
63              <th scope="col">File exercises-network-metrics-and-analysis.txt,
64                <span title="14070 bytes">13.7 KB</span>
65                (added by hervey, <a class="timeline" href="/wiki/timeline?from=2011-05-30T08%3A30%3A32-04%3A00&amp;precision=second" title="2011-05-30T08:30:32-04:00 in Timeline">99 minutes</a> ago)</th>
66            </tr>
67            <tr>
68              <td class="message searchable">
69               
70              </td>
71            </tr>
72          </tbody>
73        </table>
74        <div id="preview" class="searchable">
75         
76  <table class="code"><thead><tr><th class="lineno" title="Line numbers">Line</th><th class="content"> </th></tr></thead><tbody><tr><th id="L1"><a href="#L1">1</a></th><td>Network Performance Definitions and Measurement Exercises</td></tr><tr><th id="L2"><a href="#L2">2</a></th><td>=========================================================</td></tr><tr><th id="L3"><a href="#L3">3</a></th><td></td></tr><tr><th id="L4"><a href="#L4">4</a></th><td>Notes:</td></tr><tr><th id="L5"><a href="#L5">5</a></th><td>------</td></tr><tr><th id="L6"><a href="#L6">6</a></th><td>* Commands preceded with "$" imply that you should execute the command as</td></tr><tr><th id="L7"><a href="#L7">7</a></th><td>  a general user - not as root.</td></tr><tr><th id="L8"><a href="#L8">8</a></th><td>* Commands preceded with "#" imply that you should be working as root.</td></tr><tr><th id="L9"><a href="#L9">9</a></th><td>* Commands with more specific command lines (e.g. "GW-RTR&gt;" or "mysql&gt;") </td></tr><tr><th id="L10"><a href="#L10">10</a></th><td>  imply that you are executing commands on remote equipment, or within </td></tr><tr><th id="L11"><a href="#L11">11</a></th><td>  another program.</td></tr><tr><th id="L12"><a href="#L12">12</a></th><td>* If a command line ends with "\" this indicates that the command continues</td></tr><tr><th id="L13"><a href="#L13">13</a></th><td>  on the next line and you should treat this as a single line.</td></tr><tr><th id="L14"><a href="#L14">14</a></th><td></td></tr><tr><th id="L15"><a href="#L15">15</a></th><td>Exercises Part I</td></tr><tr><th id="L16"><a href="#L16">16</a></th><td>================</td></tr><tr><th id="L17"><a href="#L17">17</a></th><td></td></tr><tr><th id="L18"><a href="#L18">18</a></th><td>0. Log in to your PC/VM or open a terminal window as the sysadm user.</td></tr><tr><th id="L19"><a href="#L19">19</a></th><td></td></tr><tr><th id="L20"><a href="#L20">20</a></th><td>NOTE: During these exercises if you find that the apt-get command complains</td></tr><tr><th id="L21"><a href="#L21">21</a></th><td>      that some archives cannot be found, then you may need to update your</td></tr><tr><th id="L22"><a href="#L22">22</a></th><td>      apt package database. To do this type:</td></tr><tr><th id="L23"><a href="#L23">23</a></th><td></td></tr><tr><th id="L24"><a href="#L24">24</a></th><td>      $ sudo apt-get update</td></tr><tr><th id="L25"><a href="#L25">25</a></th><td></td></tr><tr><th id="L26"><a href="#L26">26</a></th><td></td></tr><tr><th id="L27"><a href="#L27">27</a></th><td>Network Performance Metrics</td></tr><tr><th id="L28"><a href="#L28">28</a></th><td>---------------------------</td></tr><tr><th id="L29"><a href="#L29">29</a></th><td></td></tr><tr><th id="L30"><a href="#L30">30</a></th><td>1. ping</td></tr><tr><th id="L31"><a href="#L31">31</a></th><td>-------</td></tr><tr><th id="L32"><a href="#L32">32</a></th><td></td></tr><tr><th id="L33"><a href="#L33">33</a></th><td>ping is a program that sends ICMP echo request packets to target hosts and</td></tr><tr><th id="L34"><a href="#L34">34</a></th><td>waits for an ICMP response from the host. Depending on the operating system</td></tr><tr><th id="L35"><a href="#L35">35</a></th><td>on which you are using ping you may see the minimum, maximum, and the mean </td></tr><tr><th id="L36"><a href="#L36">36</a></th><td>round-trip times, and sometimes the standard deviation of the mean for the</td></tr><tr><th id="L37"><a href="#L37">37</a></th><td>ICMP responses from the target host. For more details see:</td></tr><tr><th id="L38"><a href="#L38">38</a></th><td></td></tr><tr><th id="L39"><a href="#L39">39</a></th><td>http://en.wikipedia.org/wiki/Ping</td></tr><tr><th id="L40"><a href="#L40">40</a></th><td></td></tr><tr><th id="L41"><a href="#L41">41</a></th><td>Blocking ping is generally a bad idea.</td></tr><tr><th id="L42"><a href="#L42">42</a></th><td></td></tr><tr><th id="L43"><a href="#L43">43</a></th><td>With all this in mind, try using ping in a few different ways:</td></tr><tr><th id="L44"><a href="#L44">44</a></th><td></td></tr><tr><th id="L45"><a href="#L45">45</a></th><td>    $ ping localhost</td></tr><tr><th id="L46"><a href="#L46">46</a></th><td></td></tr><tr><th id="L47"><a href="#L47">47</a></th><td>Press ctrl-c to stop the process. Here is typical output from the above</td></tr><tr><th id="L48"><a href="#L48">48</a></th><td>command:</td></tr><tr><th id="L49"><a href="#L49">49</a></th><td></td></tr><tr><th id="L50"><a href="#L50">50</a></th><td>    PING localhost (127.0.0.1) 56(84) bytes of data.</td></tr><tr><th id="L51"><a href="#L51">51</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.020 ms</td></tr><tr><th id="L52"><a href="#L52">52</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.006 ms</td></tr><tr><th id="L53"><a href="#L53">53</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.006 ms</td></tr><tr><th id="L54"><a href="#L54">54</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.006 ms</td></tr><tr><th id="L55"><a href="#L55">55</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=5 ttl=64 time=0.006 ms</td></tr><tr><th id="L56"><a href="#L56">56</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=6 ttl=64 time=0.009 ms</td></tr><tr><th id="L57"><a href="#L57">57</a></th><td>    64 bytes from localhost (127.0.0.1): icmp_seq=7 ttl=64 time=0.007 ms</td></tr><tr><th id="L58"><a href="#L58">58</a></th><td>    ^C</td></tr><tr><th id="L59"><a href="#L59">59</a></th><td>    --- localhost ping statistics ---</td></tr><tr><th id="L60"><a href="#L60">60</a></th><td>    7 packets transmitted, 7 received, 0% packet loss, time 5994ms</td></tr><tr><th id="L61"><a href="#L61">61</a></th><td>    rtt min/avg/max/mdev = 0.006/0.008/0.020/0.005 ms</td></tr><tr><th id="L62"><a href="#L62">62</a></th><td></td></tr><tr><th id="L63"><a href="#L63">63</a></th><td>Question: why did the first ICMP response take 20ms while the remaining</td></tr><tr><th id="L64"><a href="#L64">64</a></th><td>responses were much quicker? This is a type of delay. What kind is it?</td></tr><tr><th id="L65"><a href="#L65">65</a></th><td></td></tr><tr><th id="L66"><a href="#L66">66</a></th><td></td></tr><tr><th id="L67"><a href="#L67">67</a></th><td>2. traceroute</td></tr><tr><th id="L68"><a href="#L68">68</a></th><td>-------------</td></tr><tr><th id="L69"><a href="#L69">69</a></th><td></td></tr><tr><th id="L70"><a href="#L70">70</a></th><td>You may have used traceroute before, but have you really looked at what it is</td></tr><tr><th id="L71"><a href="#L71">71</a></th><td>doing? If not, read this:</td></tr><tr><th id="L72"><a href="#L72">72</a></th><td></td></tr><tr><th id="L73"><a href="#L73">73</a></th><td>http://en.wikipedia.org/wiki/Traceroute</td></tr><tr><th id="L74"><a href="#L74">74</a></th><td></td></tr><tr><th id="L75"><a href="#L75">75</a></th><td>You may need to install the traceroute command first. To do this do:</td></tr><tr><th id="L76"><a href="#L76">76</a></th><td></td></tr><tr><th id="L77"><a href="#L77">77</a></th><td>        $ sudo apt-get install traceroute</td></tr><tr><th id="L78"><a href="#L78">78</a></th><td></td></tr><tr><th id="L79"><a href="#L79">79</a></th><td>Once installed try:</td></tr><tr><th id="L80"><a href="#L80">80</a></th><td></td></tr><tr><th id="L81"><a href="#L81">81</a></th><td>        $ traceroute nsrc.org</td></tr><tr><th id="L82"><a href="#L82">82</a></th><td></td></tr><tr><th id="L83"><a href="#L83">83</a></th><td>Here's sample output from traceroute to nsrc.org (lines wrapped due to length):</td></tr><tr><th id="L84"><a href="#L84">84</a></th><td></td></tr><tr><th id="L85"><a href="#L85">85</a></th><td>        traceroute to nsrc.org (128.223.157.19), 64 hops max, 52 byte packets</td></tr><tr><th id="L86"><a href="#L86">86</a></th><td>         1  gw.ws.nsrc.org (10.10.0.254)  1.490 ms  1.069 ms  1.055 ms</td></tr><tr><th id="L87"><a href="#L87">87</a></th><td>         2  192.248.5.2 (192.248.5.2)  2.741 ms  2.450 ms  3.182 ms</td></tr><tr><th id="L88"><a href="#L88">88</a></th><td>         3  192.248.1.126 (192.248.1.126)  2.473 ms  2.497 ms  2.618 ms</td></tr><tr><th id="L89"><a href="#L89">89</a></th><td>         4  mb-t3-01-v4.bb.tein3.net (202.179.249.93)  26.324 ms  28.049 ms  27.403 ms</td></tr><tr><th id="L90"><a href="#L90">90</a></th><td>         5  sg-so-06-v4.bb.tein3.net (202.179.249.81)  103.321 ms  91.072 ms  91.674 ms</td></tr><tr><th id="L91"><a href="#L91">91</a></th><td>         6  jp-pop-sg-v4.bb.tein3.net (202.179.249.50)  168.948 ms  168.712 ms  168.903 ms</td></tr><tr><th id="L92"><a href="#L92">92</a></th><td>         7  tpr5-ge0-0-0-4.jp.apan.net (203.181.248.250)  172.789 ms  170.367 ms  188.689 ms</td></tr><tr><th id="L93"><a href="#L93">93</a></th><td>         8  losa-tokyo-tp2.transpac2.net (192.203.116.145)  579.586 ms  284.736 ms  284.202 ms</td></tr><tr><th id="L94"><a href="#L94">94</a></th><td>         9  abilene-1-lo-jmb-702.lsanca.pacificwave.net (207.231.240.131)  303.736 ms  </td></tr><tr><th id="L95"><a href="#L95">95</a></th><td>            284.884 ms  530.854 ms</td></tr><tr><th id="L96"><a href="#L96">96</a></th><td>        10  vl-101.xe-0-0-0.core0-gw.pdx.oregon-gigapop.net (198.32.165.65)  328.082 ms  </td></tr><tr><th id="L97"><a href="#L97">97</a></th><td>            305.800 ms  533.644 ms</td></tr><tr><th id="L98"><a href="#L98">98</a></th><td>        11  vl-105.uonet9-gw.eug.oregon-gigapop.net (198.32.165.92)  336.680 ms  617.267 ms  </td></tr><tr><th id="L99"><a href="#L99">99</a></th><td>            495.685 ms</td></tr><tr><th id="L100"><a href="#L100">100</a></th><td>        12  vl-3.uonet2-gw.uoregon.edu (128.223.3.2)  310.552 ms  421.638 ms  612.399 ms</td></tr><tr><th id="L101"><a href="#L101">101</a></th><td>        13  nsrc.org (128.223.157.19)  309.548 ms  612.151 ms  611.505 ms</td></tr><tr><th id="L102"><a href="#L102">102</a></th><td></td></tr><tr><th id="L103"><a href="#L103">103</a></th><td>Do you understand what each item means? If not, see the Wikipedia page and type:</td></tr><tr><th id="L104"><a href="#L104">104</a></th><td></td></tr><tr><th id="L105"><a href="#L105">105</a></th><td>    $ man traceroute</td></tr><tr><th id="L106"><a href="#L106">106</a></th><td></td></tr><tr><th id="L107"><a href="#L107">107</a></th><td>for more information. What does it mean if you see lines like this?</td></tr><tr><th id="L108"><a href="#L108">108</a></th><td></td></tr><tr><th id="L109"><a href="#L109">109</a></th><td>    15  * * *</td></tr><tr><th id="L110"><a href="#L110">110</a></th><td>    16  * * *</td></tr><tr><th id="L111"><a href="#L111">111</a></th><td>    17  * * *</td></tr><tr><th id="L112"><a href="#L112">112</a></th><td></td></tr><tr><th id="L113"><a href="#L113">113</a></th><td>When you see this it means that the remote device does not reply to icmp echo requests, or</td></tr><tr><th id="L114"><a href="#L114">114</a></th><td>it uses a private network address (RFC 1918).</td></tr><tr><th id="L115"><a href="#L115">115</a></th><td></td></tr><tr><th id="L116"><a href="#L116">116</a></th><td>As you can see traceroute can be used to determine where problems are taking place</td></tr><tr><th id="L117"><a href="#L117">117</a></th><td>between two endpoints on a network. </td></tr><tr><th id="L118"><a href="#L118">118</a></th><td></td></tr><tr><th id="L119"><a href="#L119">119</a></th><td>Try running traceroute again to the same host (nsrc.org). It will likely take considerably </td></tr><tr><th id="L120"><a href="#L120">120</a></th><td>less time.</td></tr><tr><th id="L121"><a href="#L121">121</a></th><td></td></tr><tr><th id="L122"><a href="#L122">122</a></th><td></td></tr><tr><th id="L123"><a href="#L123">123</a></th><td>3. mtr</td></tr><tr><th id="L124"><a href="#L124">124</a></th><td>------</td></tr><tr><th id="L125"><a href="#L125">125</a></th><td></td></tr><tr><th id="L126"><a href="#L126">126</a></th><td>The mtr tool combines ping and traceroute in to a single, dynamically updating display. </td></tr><tr><th id="L127"><a href="#L127">127</a></th><td>Before using mtr you may need to first install it:</td></tr><tr><th id="L128"><a href="#L128">128</a></th><td></td></tr><tr><th id="L129"><a href="#L129">129</a></th><td>        $ sudo apt-get install mtr-tiny</td></tr><tr><th id="L130"><a href="#L130">130</a></th><td></td></tr><tr><th id="L131"><a href="#L131">131</a></th><td>Now give it a try:</td></tr><tr><th id="L132"><a href="#L132">132</a></th><td></td></tr><tr><th id="L133"><a href="#L133">133</a></th><td>        $ mtr nsrc.org</td></tr><tr><th id="L134"><a href="#L134">134</a></th><td></td></tr><tr><th id="L135"><a href="#L135">135</a></th><td>The output of the command looks different on different Linux and UNIX flavors, but in</td></tr><tr><th id="L136"><a href="#L136">136</a></th><td>general you'll see a summary of packet loss to each node on the path to the remote</td></tr><tr><th id="L137"><a href="#L137">137</a></th><td>target host, number of ICMP echo request packets sent, last rtt (round-trip-time) to </td></tr><tr><th id="L138"><a href="#L138">138</a></th><td>the host, average, best and worst rtt as well as the standard deviation of rtt's.</td></tr><tr><th id="L139"><a href="#L139">139</a></th><td></td></tr><tr><th id="L140"><a href="#L140">140</a></th><td>By showing the percent loss of packets in this format it makes it much easier to see</td></tr><tr><th id="L141"><a href="#L141">141</a></th><td>where you may be having network issues.</td></tr><tr><th id="L142"><a href="#L142">142</a></th><td></td></tr><tr><th id="L143"><a href="#L143">143</a></th><td></td></tr><tr><th id="L144"><a href="#L144">144</a></th><td>4. ping with variable packet size</td></tr><tr><th id="L145"><a href="#L145">145</a></th><td>---------------------------------</td></tr><tr><th id="L146"><a href="#L146">146</a></th><td></td></tr><tr><th id="L147"><a href="#L147">147</a></th><td>By default, ping sends out IP datagrams of size 84 bytes:</td></tr><tr><th id="L148"><a href="#L148">148</a></th><td></td></tr><tr><th id="L149"><a href="#L149">149</a></th><td>* 20 bytes IP header</td></tr><tr><th id="L150"><a href="#L150">150</a></th><td>*  8 bytes ICMP header</td></tr><tr><th id="L151"><a href="#L151">151</a></th><td>* 56 bytes data padding</td></tr><tr><th id="L152"><a href="#L152">152</a></th><td></td></tr><tr><th id="L153"><a href="#L153">153</a></th><td>However, you can send out larger packets using the -s option. Using</td></tr><tr><th id="L154"><a href="#L154">154</a></th><td>`-s 1472` will give you a 1500-byte IP datagram, which is the maximum for</td></tr><tr><th id="L155"><a href="#L155">155</a></th><td>most networks before fragmentation takes place (MTU = Maximum Transmission</td></tr><tr><th id="L156"><a href="#L156">156</a></th><td>Unit)</td></tr><tr><th id="L157"><a href="#L157">157</a></th><td></td></tr><tr><th id="L158"><a href="#L158">158</a></th><td>This simple mechanism can be used to debug all sorts of problems, and even</td></tr><tr><th id="L159"><a href="#L159">159</a></th><td>distinguish between transmission delay and propagation delay.</td></tr><tr><th id="L160"><a href="#L160">160</a></th><td></td></tr><tr><th id="L161"><a href="#L161">161</a></th><td>Let's find a host that is a few hops away from us. First do:</td></tr><tr><th id="L162"><a href="#L162">162</a></th><td></td></tr><tr><th id="L163"><a href="#L163">163</a></th><td>        $ traceroute nsrc.org</td></tr><tr><th id="L164"><a href="#L164">164</a></th><td></td></tr><tr><th id="L165"><a href="#L165">165</a></th><td>Now look for a machine that is more than two hops away and make a note of </td></tr><tr><th id="L166"><a href="#L166">166</a></th><td>the IP address. Why? Because one hop is your virtual router and this exercise</td></tr><tr><th id="L167"><a href="#L167">167</a></th><td>will not work reliably using virtual hardware. The second hop is the gateway</td></tr><tr><th id="L168"><a href="#L168">168</a></th><td>router on our private network. It is too close and the difference in ping </td></tr><tr><th id="L169"><a href="#L169">169</a></th><td>times are likely to be too small to be useful. We'll refer to the machine </td></tr><tr><th id="L170"><a href="#L170">170</a></th><td>you choose to ping to as PING_MACHINE.</td></tr><tr><th id="L171"><a href="#L171">171</a></th><td></td></tr><tr><th id="L172"><a href="#L172">172</a></th><td>Send 20 standard pings to that address:</td></tr><tr><th id="L173"><a href="#L173">173</a></th><td></td></tr><tr><th id="L174"><a href="#L174">174</a></th><td>        $ ping -c20 PING_MACHINE</td></tr><tr><th id="L175"><a href="#L175">175</a></th><td></td></tr><tr><th id="L176"><a href="#L176">176</a></th><td>Make a note of the *average* round-trip time seen (t1).</td></tr><tr><th id="L177"><a href="#L177">177</a></th><td></td></tr><tr><th id="L178"><a href="#L178">178</a></th><td>Now send 20 maximum-sized pings:</td></tr><tr><th id="L179"><a href="#L179">179</a></th><td></td></tr><tr><th id="L180"><a href="#L180">180</a></th><td>        $ ping -c20 -s1472 PING_MACHINE</td></tr><tr><th id="L181"><a href="#L181">181</a></th><td></td></tr><tr><th id="L182"><a href="#L182">182</a></th><td>Again, make a note of the *average* round-trip time seen (t2).</td></tr><tr><th id="L183"><a href="#L183">183</a></th><td></td></tr><tr><th id="L184"><a href="#L184">184</a></th><td>The propagation delay is the same in both cases, so the larger round-trip</td></tr><tr><th id="L185"><a href="#L185">185</a></th><td>time must be due to transmission delay.</td></tr><tr><th id="L186"><a href="#L186">186</a></th><td></td></tr><tr><th id="L187"><a href="#L187">187</a></th><td>You can now estimate the transmission delay and hence the bandwidth of</td></tr><tr><th id="L188"><a href="#L188">188</a></th><td>the link between two points</td></tr><tr><th id="L189"><a href="#L189">189</a></th><td></td></tr><tr><th id="L190"><a href="#L190">190</a></th><td>    increase in transmission time   =  t2 - t1</td></tr><tr><th id="L191"><a href="#L191">191</a></th><td>    increase in bits sent           =  (1500-84) * 8 * 2  = 22656</td></tr><tr><th id="L192"><a href="#L192">192</a></th><td></td></tr><tr><th id="L193"><a href="#L193">193</a></th><td>(multiply by 2 because the round-trip time involves sending the packet twice)</td></tr><tr><th id="L194"><a href="#L194">194</a></th><td></td></tr><tr><th id="L195"><a href="#L195">195</a></th><td>Divide the bits by time to get an estimate of bits per second. Remember to</td></tr><tr><th id="L196"><a href="#L196">196</a></th><td>convert milliseconds to seconds first.</td></tr><tr><th id="L197"><a href="#L197">197</a></th><td></td></tr><tr><th id="L198"><a href="#L198">198</a></th><td>Example:</td></tr><tr><th id="L199"><a href="#L199">199</a></th><td>        </td></tr><tr><th id="L200"><a href="#L200">200</a></th><td>t2 = 1.71</td></tr><tr><th id="L201"><a href="#L201">201</a></th><td>t1 = 1.14</td></tr><tr><th id="L202"><a href="#L202">202</a></th><td></td></tr><tr><th id="L203"><a href="#L203">203</a></th><td>t2-t1 = 0.57</td></tr><tr><th id="L204"><a href="#L204">204</a></th><td></td></tr><tr><th id="L205"><a href="#L205">205</a></th><td>0.57 ms = 0.00057 sec</td></tr><tr><th id="L206"><a href="#L206">206</a></th><td></td></tr><tr><th id="L207"><a href="#L207">207</a></th><td>22656 bits / 0.00057 sec = 39747368.42 bps</td></tr><tr><th id="L208"><a href="#L208">208</a></th><td></td></tr><tr><th id="L209"><a href="#L209">209</a></th><td>You could then convert this to Kbps, Mbps, etc.</td></tr><tr><th id="L210"><a href="#L210">210</a></th><td></td></tr><tr><th id="L211"><a href="#L211">211</a></th><td>By doing this for subsequent hops, it's possible to estimate the bandwidth</td></tr><tr><th id="L212"><a href="#L212">212</a></th><td>on each hop, even those remote from you. There is a tool available which</td></tr><tr><th id="L213"><a href="#L213">213</a></th><td>does this automatically - it's called "pathchar" but you have to build it</td></tr><tr><th id="L214"><a href="#L214">214</a></th><td>from source. A few OS-specific binaries are available at:</td></tr><tr><th id="L215"><a href="#L215">215</a></th><td></td></tr><tr><th id="L216"><a href="#L216">216</a></th><td>ftp://ftp.ee.lbl.gov/pathchar/</td></tr><tr><th id="L217"><a href="#L217">217</a></th><td></td></tr><tr><th id="L218"><a href="#L218">218</a></th><td>The web page, including documentation is available here:</td></tr><tr><th id="L219"><a href="#L219">219</a></th><td></td></tr><tr><th id="L220"><a href="#L220">220</a></th><td>http://www.caida.org/tools/utilities/others/pathchar/</td></tr><tr><th id="L221"><a href="#L221">221</a></th><td></td></tr><tr><th id="L222"><a href="#L222">222</a></th><td></td></tr><tr><th id="L223"><a href="#L223">223</a></th><td>---------------------------------------------------------------------------</td></tr><tr><th id="L224"><a href="#L224">224</a></th><td></td></tr><tr><th id="L225"><a href="#L225">225</a></th><td></td></tr><tr><th id="L226"><a href="#L226">226</a></th><td>Exercises Part II</td></tr><tr><th id="L227"><a href="#L227">227</a></th><td>=================</td></tr><tr><th id="L228"><a href="#L228">228</a></th><td></td></tr><tr><th id="L229"><a href="#L229">229</a></th><td>Network Analysis</td></tr><tr><th id="L230"><a href="#L230">230</a></th><td>----------------</td></tr><tr><th id="L231"><a href="#L231">231</a></th><td></td></tr><tr><th id="L232"><a href="#L232">232</a></th><td>1. lsof and netstat</td></tr><tr><th id="L233"><a href="#L233">233</a></th><td>-------------------</td></tr><tr><th id="L234"><a href="#L234">234</a></th><td></td></tr><tr><th id="L235"><a href="#L235">235</a></th><td>See what services are running on your machine. You can use the</td></tr><tr><th id="L236"><a href="#L236">236</a></th><td>presentation as a reference.</td></tr><tr><th id="L237"><a href="#L237">237</a></th><td></td></tr><tr><th id="L238"><a href="#L238">238</a></th><td>Or, utilize "man lsof", "man netstat", "lsof -h" and "netstat -h" to see</td></tr><tr><th id="L239"><a href="#L239">239</a></th><td>the available options (there are a lot!). Remember to use</td></tr><tr><th id="L240"><a href="#L240">240</a></th><td>sudo when using lsof and netstat to give yourself necessary permissions</td></tr><tr><th id="L241"><a href="#L241">241</a></th><td>to view everything.</td></tr><tr><th id="L242"><a href="#L242">242</a></th><td></td></tr><tr><th id="L243"><a href="#L243">243</a></th><td>You may need to install lsof. To do this type:</td></tr><tr><th id="L244"><a href="#L244">244</a></th><td></td></tr><tr><th id="L245"><a href="#L245">245</a></th><td>        $ sudo apt-get install lsof</td></tr><tr><th id="L246"><a href="#L246">246</a></th><td></td></tr><tr><th id="L247"><a href="#L247">247</a></th><td>* Using lsof, what IPv4 services are listening on your machine?</td></tr><tr><th id="L248"><a href="#L248">248</a></th><td>* Using netstat, what IPv4 and IPv6 services are listening on your machine?</td></tr><tr><th id="L249"><a href="#L249">249</a></th><td></td></tr><tr><th id="L250"><a href="#L250">250</a></th><td>When you run lsof and netstat you should run them as root:</td></tr><tr><th id="L251"><a href="#L251">251</a></th><td></td></tr><tr><th id="L252"><a href="#L252">252</a></th><td>        $ sudo lsof </td></tr><tr><th id="L253"><a href="#L253">253</a></th><td>        $ sudo netstat</td></tr><tr><th id="L254"><a href="#L254">254</a></th><td></td></tr><tr><th id="L255"><a href="#L255">255</a></th><td>Remember - you will need to specify options to answer what IPv4 and IPv6 services</td></tr><tr><th id="L256"><a href="#L256">256</a></th><td>are running on your machine.</td></tr><tr><th id="L257"><a href="#L257">257</a></th><td></td></tr><tr><th id="L258"><a href="#L258">258</a></th><td></td></tr><tr><th id="L259"><a href="#L259">259</a></th><td>2. tcpdump and tshark</td></tr><tr><th id="L260"><a href="#L260">260</a></th><td>---------------------</td></tr><tr><th id="L261"><a href="#L261">261</a></th><td></td></tr><tr><th id="L262"><a href="#L262">262</a></th><td>First we need to install both these programs:</td></tr><tr><th id="L263"><a href="#L263">263</a></th><td></td></tr><tr><th id="L264"><a href="#L264">264</a></th><td>        $ sudo apt-get install tcpdump tshark</td></tr><tr><th id="L265"><a href="#L265">265</a></th><td></td></tr><tr><th id="L266"><a href="#L266">266</a></th><td>Use tcpdump like this:</td></tr><tr><th id="L267"><a href="#L267">267</a></th><td></td></tr><tr><th id="L268"><a href="#L268">268</a></th><td>        $ sudo tcpdump -i lo -A -s1500 -w /tmp/tcpdump.log</td></tr><tr><th id="L269"><a href="#L269">269</a></th><td></td></tr><tr><th id="L270"><a href="#L270">270</a></th><td>Now, generate some traffic on your lo interface in another terminal. That is</td></tr><tr><th id="L271"><a href="#L271">271</a></th><td>open another ssh session to your pc/vm.</td></tr><tr><th id="L272"><a href="#L272">272</a></th><td></td></tr><tr><th id="L273"><a href="#L273">273</a></th><td>For example:</td></tr><tr><th id="L274"><a href="#L274">274</a></th><td></td></tr><tr><th id="L275"><a href="#L275">275</a></th><td>        $ ping localhost</td></tr><tr><th id="L276"><a href="#L276">276</a></th><td>        $ ssh localhost</td></tr><tr><th id="L277"><a href="#L277">277</a></th><td> </td></tr><tr><th id="L278"><a href="#L278">278</a></th><td>etc. Afterwords press CTRL-C to terminate the tcpdump session.</td></tr><tr><th id="L279"><a href="#L279">279</a></th><td></td></tr><tr><th id="L280"><a href="#L280">280</a></th><td>Note: ssh generates much more "interesting" output. Now let's read the</td></tr><tr><th id="L281"><a href="#L281">281</a></th><td>output from tcpdump using tshark:</td></tr><tr><th id="L282"><a href="#L282">282</a></th><td></td></tr><tr><th id="L283"><a href="#L283">283</a></th><td>        $ sudo tshark -r /tmp/tcpdump.log | less</td></tr><tr><th id="L284"><a href="#L284">284</a></th><td></td></tr><tr><th id="L285"><a href="#L285">285</a></th><td>What do you see? Can you follow the SSH session you initiated earlier?</td></tr><tr><th id="L286"><a href="#L286">286</a></th><td></td></tr><tr><th id="L287"><a href="#L287">287</a></th><td>Next we'll use ftp. First we need to install an ftp client:</td></tr><tr><th id="L288"><a href="#L288">288</a></th><td></td></tr><tr><th id="L289"><a href="#L289">289</a></th><td>        $ sudo apt-get install ftp</td></tr><tr><th id="L290"><a href="#L290">290</a></th><td></td></tr><tr><th id="L291"><a href="#L291">291</a></th><td>Now try something like this:</td></tr><tr><th id="L292"><a href="#L292">292</a></th><td></td></tr><tr><th id="L293"><a href="#L293">293</a></th><td>        $ sudo rm /tmp/tcpdump.log</td></tr><tr><th id="L294"><a href="#L294">294</a></th><td>        $ sudo tcpdump -i eth0 -A -s1500 -w /tmp/tcpdump.log</td></tr><tr><th id="L295"><a href="#L295">295</a></th><td></td></tr><tr><th id="L296"><a href="#L296">296</a></th><td>In another terminal do:</td></tr><tr><th id="L297"><a href="#L297">297</a></th><td></td></tr><tr><th id="L298"><a href="#L298">298</a></th><td>        $ ftp limestone.uoregon.edu</td></tr><tr><th id="L299"><a href="#L299">299</a></th><td> </td></tr><tr><th id="L300"><a href="#L300">300</a></th><td>        Connected to limestone.uoregon.edu.</td></tr><tr><th id="L301"><a href="#L301">301</a></th><td>        220 FTP Server ready.</td></tr><tr><th id="L302"><a href="#L302">302</a></th><td>        Name (limestone.uoregon.edu:sysadmin): anonymous</td></tr><tr><th id="L303"><a href="#L303">303</a></th><td>        Password: &lt;anything you want&gt;</td></tr><tr><th id="L304"><a href="#L304">304</a></th><td>        ftp&gt; exit</td></tr><tr><th id="L305"><a href="#L305">305</a></th><td></td></tr><tr><th id="L306"><a href="#L306">306</a></th><td>End the tcpdump session in the other terminal (CTRL-C). Now view the </td></tr><tr><th id="L307"><a href="#L307">307</a></th><td>contents of the log file:</td></tr><tr><th id="L308"><a href="#L308">308</a></th><td></td></tr><tr><th id="L309"><a href="#L309">309</a></th><td>        $ sudo tshark -r /tmp/tcpdump.log | less</td></tr><tr><th id="L310"><a href="#L310">310</a></th><td></td></tr><tr><th id="L311"><a href="#L311">311</a></th><td>Can you see your password? If you have a lot of traffic on  your network, then</td></tr><tr><th id="L312"><a href="#L312">312</a></th><td>the tcpdump.log file may be fairly large. You can search for your FTP session</td></tr><tr><th id="L313"><a href="#L313">313</a></th><td>by typing:</td></tr><tr><th id="L314"><a href="#L314">314</a></th><td></td></tr><tr><th id="L315"><a href="#L315">315</a></th><td>        "/FTP"</td></tr><tr><th id="L316"><a href="#L316">316</a></th><td></td></tr><tr><th id="L317"><a href="#L317">317</a></th><td>in the output screen. Since you piped your shark command output to the "less"</td></tr><tr><th id="L318"><a href="#L318">318</a></th><td>command using the "/" to search for strings works. Now press the "n" key for </td></tr><tr><th id="L319"><a href="#L319">319</a></th><td>"n"ext to follow the FTP session. You should see a line with the string:</td></tr><tr><th id="L320"><a href="#L320">320</a></th><td></td></tr><tr><th id="L321"><a href="#L321">321</a></th><td>        "FTP Request: PASS PasswordYouTypedIn"</td></tr><tr><th id="L322"><a href="#L322">322</a></th><td></td></tr><tr><th id="L323"><a href="#L323">323</a></th><td>Sniffing unencrypted passwords on wireless lans is very easy with a tool like </td></tr><tr><th id="L324"><a href="#L324">324</a></th><td>this.</td></tr><tr><th id="L325"><a href="#L325">325</a></th><td></td></tr><tr><th id="L326"><a href="#L326">326</a></th><td>Rememer to clean up after yourself:</td></tr><tr><th id="L327"><a href="#L327">327</a></th><td></td></tr><tr><th id="L328"><a href="#L328">328</a></th><td>        $ rm /tmp/tcpdump.log</td></tr><tr><th id="L329"><a href="#L329">329</a></th><td></td></tr><tr><th id="L330"><a href="#L330">330</a></th><td></td></tr><tr><th id="L331"><a href="#L331">331</a></th><td>3. tcpdump part II</td></tr><tr><th id="L332"><a href="#L332">332</a></th><td>-------------------</td></tr><tr><th id="L333"><a href="#L333">333</a></th><td></td></tr><tr><th id="L334"><a href="#L334">334</a></th><td>You can use tcpdump as a forensic tool in real-time as well. To completely cover tcpdump would</td></tr><tr><th id="L335"><a href="#L335">335</a></th><td>take several hours of class time, but let's get started with another practical example.</td></tr><tr><th id="L336"><a href="#L336">336</a></th><td></td></tr><tr><th id="L337"><a href="#L337">337</a></th><td>Let's watch a dhcp request from your PC and the responses that it receives.</td></tr><tr><th id="L338"><a href="#L338">338</a></th><td></td></tr><tr><th id="L339"><a href="#L339">339</a></th><td>First connect to your PC image and become root:</td></tr><tr><th id="L340"><a href="#L340">340</a></th><td></td></tr><tr><th id="L341"><a href="#L341">341</a></th><td>    $ sudo bash</td></tr><tr><th id="L342"><a href="#L342">342</a></th><td>    </td></tr><tr><th id="L343"><a href="#L343">343</a></th><td>Next we are going to use a utility called screen:</td></tr><tr><th id="L344"><a href="#L344">344</a></th><td></td></tr><tr><th id="L345"><a href="#L345">345</a></th><td>    # apt-get install screen</td></tr><tr><th id="L346"><a href="#L346">346</a></th><td>    </td></tr><tr><th id="L347"><a href="#L347">347</a></th><td>Now run screen:</td></tr><tr><th id="L348"><a href="#L348">348</a></th><td></td></tr><tr><th id="L349"><a href="#L349">349</a></th><td>    # screen</td></tr><tr><th id="L350"><a href="#L350">350</a></th><td>    </td></tr><tr><th id="L351"><a href="#L351">351</a></th><td>At this point you can have multiple terminal sessions open in a single ssh window. Let's start</td></tr><tr><th id="L352"><a href="#L352">352</a></th><td>the tcpdump process listening for dhcp requests:</td></tr><tr><th id="L353"><a href="#L353">353</a></th><td></td></tr><tr><th id="L354"><a href="#L354">354</a></th><td>    # tcpdump -s0 -ni eth0 port 67 or port 68</td></tr><tr><th id="L355"><a href="#L355">355</a></th><td></td></tr><tr><th id="L356"><a href="#L356">356</a></th><td>Now use screen to open another "screen" in your ssh terminal window.</td></tr><tr><th id="L357"><a href="#L357">357</a></th><td></td></tr><tr><th id="L358"><a href="#L358">358</a></th><td>        Press ctrl-a c</td></tr><tr><th id="L359"><a href="#L359">359</a></th><td>    </td></tr><tr><th id="L360"><a href="#L360">360</a></th><td>To figure out what "-s0", "-n" and "-i" are doing you can read the tcpdump man page:</td></tr><tr><th id="L361"><a href="#L361">361</a></th><td></td></tr><tr><th id="L362"><a href="#L362">362</a></th><td>        # man tcpdump</td></tr><tr><th id="L363"><a href="#L363">363</a></th><td>        </td></tr><tr><th id="L364"><a href="#L364">364</a></th><td>Search for "-s" by typing a "/" and then "-s" and then press ENTER. Press "n" to see the next</td></tr><tr><th id="L365"><a href="#L365">365</a></th><td>occurrence of the string "-s".</td></tr><tr><th id="L366"><a href="#L366">366</a></th><td></td></tr><tr><th id="L367"><a href="#L367">367</a></th><td>Now make a dhcp request for a new address for eth0 on your machine:</td></tr><tr><th id="L368"><a href="#L368">368</a></th><td></td></tr><tr><th id="L369"><a href="#L369">369</a></th><td>        # dhcpclient</td></tr><tr><th id="L370"><a href="#L370">370</a></th><td>        </td></tr><tr><th id="L371"><a href="#L371">371</a></th><td>Return to the previous screen to see what tcpdump displays:</td></tr><tr><th id="L372"><a href="#L372">372</a></th><td></td></tr><tr><th id="L373"><a href="#L373">373</a></th><td>        Press "ctrl-a p"                ("p" for previous, "n" for next" to cycle through screens)</td></tr><tr><th id="L374"><a href="#L374">374</a></th><td></td></tr><tr><th id="L375"><a href="#L375">375</a></th><td>You should see some output like this:</td></tr><tr><th id="L376"><a href="#L376">376</a></th><td></td></tr><tr><th id="L377"><a href="#L377">377</a></th><td>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</td></tr><tr><th id="L378"><a href="#L378">378</a></th><td>listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes</td></tr><tr><th id="L379"><a href="#L379">379</a></th><td>18:03:05.003190 IP 0.0.0.0.68 &gt; 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:4a:5e:68:77, length 300</td></tr><tr><th id="L380"><a href="#L380">380</a></th><td>18:03:05.004349 IP 10.10.0.254.67 &gt; 10.10.0.250.68: BOOTP/DHCP, Reply, length 300</td></tr><tr><th id="L381"><a href="#L381">381</a></th><td></td></tr><tr><th id="L382"><a href="#L382">382</a></th><td>        To stop the tcpdump session type "ctrl-c"</td></tr><tr><th id="L383"><a href="#L383">383</a></th><td></td></tr><tr><th id="L384"><a href="#L384">384</a></th><td>Do you know what this means? Why did we specify to listen on ports 67 and 68? If you look in the</td></tr><tr><th id="L385"><a href="#L385">385</a></th><td>file /etc/services you will find the following defintions for ports 67 and 68</td></tr><tr><th id="L386"><a href="#L386">386</a></th><td></td></tr><tr><th id="L387"><a href="#L387">387</a></th><td>bootps           67/udp     # Bootstrap Protocol Server</td></tr><tr><th id="L388"><a href="#L388">388</a></th><td>bootps           67/tcp     # Bootstrap Protocol Server</td></tr><tr><th id="L389"><a href="#L389">389</a></th><td>bootpc           68/udp     # Bootstrap Protocol Client</td></tr><tr><th id="L390"><a href="#L390">390</a></th><td>bootpc           68/tcp     # Bootstrap Protocol Client</td></tr><tr><th id="L391"><a href="#L391">391</a></th><td></td></tr><tr><th id="L392"><a href="#L392">392</a></th><td>You can return the screen where you ran dhcpclient and exit from the screen if you wish:</td></tr><tr><th id="L393"><a href="#L393">393</a></th><td></td></tr><tr><th id="L394"><a href="#L394">394</a></th><td>        ctrl-a-n</td></tr><tr><th id="L395"><a href="#L395">395</a></th><td>        </td></tr><tr><th id="L396"><a href="#L396">396</a></th><td>Then type:</td></tr><tr><th id="L397"><a href="#L397">397</a></th><td></td></tr><tr><th id="L398"><a href="#L398">398</a></th><td>        # exit</td></tr><tr><th id="L399"><a href="#L399">399</a></th><td>        </td></tr><tr><th id="L400"><a href="#L400">400</a></th><td>If you are interested in the screen utility and how it works see:</td></tr><tr><th id="L401"><a href="#L401">401</a></th><td></td></tr><tr><th id="L402"><a href="#L402">402</a></th><td>        http://www.howtoforge.com/linux_screen</td></tr><tr><th id="L403"><a href="#L403">403</a></th><td></td></tr><tr><th id="L404"><a href="#L404">404</a></th><td>for more information or ask your instructor.</td></tr><tr><th id="L405"><a href="#L405">405</a></th><td></td></tr><tr><th id="L406"><a href="#L406">406</a></th><td></td></tr><tr><th id="L407"><a href="#L407">407</a></th><td>4. Using iperf</td></tr><tr><th id="L408"><a href="#L408">408</a></th><td>--------------</td></tr><tr><th id="L409"><a href="#L409">409</a></th><td></td></tr><tr><th id="L410"><a href="#L410">410</a></th><td>First we need to install iperf:</td></tr><tr><th id="L411"><a href="#L411">411</a></th><td></td></tr><tr><th id="L412"><a href="#L412">412</a></th><td>        $ sudo apt-get install iperf</td></tr><tr><th id="L413"><a href="#L413">413</a></th><td></td></tr><tr><th id="L414"><a href="#L414">414</a></th><td>Use "man iperf" or "iperf -h" for help.</td></tr><tr><th id="L415"><a href="#L415">415</a></th><td></td></tr><tr><th id="L416"><a href="#L416">416</a></th><td>Ask your neighbor to run:</td></tr><tr><th id="L417"><a href="#L417">417</a></th><td></td></tr><tr><th id="L418"><a href="#L418">418</a></th><td>        $ iperf -s</td></tr><tr><th id="L419"><a href="#L419">419</a></th><td></td></tr><tr><th id="L420"><a href="#L420">420</a></th><td>Connect to your neighbor's machine using:</td></tr><tr><th id="L421"><a href="#L421">421</a></th><td></td></tr><tr><th id="L422"><a href="#L422">422</a></th><td>        $ iperf -c ipNeighbor</td></tr><tr><th id="L423"><a href="#L423">423</a></th><td></td></tr><tr><th id="L424"><a href="#L424">424</a></th><td>If you don't know the IP address of your neighbor's machine ask them to</td></tr><tr><th id="L425"><a href="#L425">425</a></th><td>do:</td></tr><tr><th id="L426"><a href="#L426">426</a></th><td></td></tr><tr><th id="L427"><a href="#L427">427</a></th><td>        $ ifconfig eth0</td></tr><tr><th id="L428"><a href="#L428">428</a></th><td></td></tr><tr><th id="L429"><a href="#L429">429</a></th><td>and tell you what IP address their machine is using.</td></tr><tr><th id="L430"><a href="#L430">430</a></th><td></td></tr><tr><th id="L431"><a href="#L431">431</a></th><td>How much throughput is there between your machines? You can repeat this</td></tr><tr><th id="L432"><a href="#L432">432</a></th><td>exercise with any remote machine where iperf is installed and you have</td></tr><tr><th id="L433"><a href="#L433">433</a></th><td>an account. This is a quick way to see what bandwidth looks like between</td></tr><tr><th id="L434"><a href="#L434">434</a></th><td>two points.</td></tr><tr><th id="L435"><a href="#L435">435</a></th><td></td></tr><tr><th id="L436"><a href="#L436">436</a></th><td>To stop the iperf server where you ran "iperf -s" press CTRL-c.</td></tr><tr><th id="L437"><a href="#L437">437</a></th><td></td></tr><tr><th id="L438"><a href="#L438">438</a></th><td>If you have time continue playing with iperf options. If you have a</td></tr><tr><th id="L439"><a href="#L439">439</a></th><td>remote PC running UNIX or Linux you might want to try installing iperf</td></tr><tr><th id="L440"><a href="#L440">440</a></th><td>and testing your connection from the workshop lab to your remote </td></tr><tr><th id="L441"><a href="#L441">441</a></th><td>machine.</td></tr><tr><th id="L442"><a href="#L442">442</a></th><td></td></tr><tr><th id="L443"><a href="#L443">443</a></th><td>Some more things to try...</td></tr><tr><th id="L444"><a href="#L444">444</a></th><td></td></tr><tr><th id="L445"><a href="#L445">445</a></th><td>* Test TCP using various window sizes (-2).</td></tr><tr><th id="L446"><a href="#L446">446</a></th><td></td></tr><tr><th id="L447"><a href="#L447">447</a></th><td>* Verify TCP MSS (-m). How does this affect throughput? What is</td></tr><tr><th id="L448"><a href="#L448">448</a></th><td>  Path MTU discovery?</td></tr><tr><th id="L449"><a href="#L449">449</a></th><td></td></tr><tr><th id="L450"><a href="#L450">450</a></th><td>* Test with two parallel threads (-P) and compare the totals. Is</td></tr><tr><th id="L451"><a href="#L451">451</a></th><td>  there any difference? Why?</td></tr><tr><th id="L452"><a href="#L452">452</a></th><td></td></tr><tr><th id="L453"><a href="#L453">453</a></th><td>* Test with different packet sizes and the TCP_NODELAY (-N) option.</td></tr></tbody></table>
77
78        </div>
79    </div>
80    <div id="altlinks">
81      <h3>Download in other formats:</h3>
82      <ul>
83        <li class="last first">
84          <a rel="nofollow" href="/wiki/raw-attachment/wiki/Agenda/exercises-network-metrics-and-analysis.txt">Original Format</a>
85        </li>
86      </ul>
87    </div>
88    </div>
89    <div id="footer" lang="en" xml:lang="en"><hr />
90      <a id="tracpowered" href="http://trac.edgewall.org/"><img src="/wiki/chrome/common/trac_logo_mini.png" height="30" width="107" alt="Trac Powered" /></a>
91      <p class="left">Powered by <a href="/wiki/about"><strong>Trac 0.12.2</strong></a><br />
92        By <a href="http://www.edgewall.org/">Edgewall Software</a>.</p>
93      <p class="right">Questions or assistance send email to <br /><a href="mailto:nsrc@nsrc.org">nsrc@nsrc.org</a></p>
94    </div>
95  </body>
96</html>