Department of Computer Science and

Information Technology
TELECOM NETWORK MANAGMENT: CSIWZG582
Laboratory Work Sheet – I
1. Lab Exercise:

NOTE : REFRAIN FROM USING SAME SCREENSHOTS,

SHARED for REFERENCES ONLY!!
Problem Statement:

Open the linux terminal and execute the following basic networking
tools and utilities. Make your observations and record the output of
each command.

Steps to be followed: Open the terminal in Linux and

execute the following commands:

1. ifconfig
Observe the details that are displayed and record
o Number of interfaces that are shown.
o IP address and MAC address of the respective interfaces.
o Other statistical information.
o What is Subnet Mask of each interface and its significance.

 Output:
IP Address and MAC Address of the Respective
Interfaces
 ens5:
o IP Address: 172.31.6.245
o MAC Address: 0a:7b:c0:f4:54:a3
 lo (Loopback):
o IP Address: 127.0.0.1
o MAC Address: Not applicable (loopback interface does not
use MAC addresses).

Other Statistical Information

 ens5:

o RX packets: 22,760
o RX bytes: 31,603,089 (31.6 MB)
o TX packets: 5,344
o TX bytes: 1,409,015 (1.4 MB)
o RX errors: 0
o TX errors: 0

 lo (Loopback):
 o RX packets: 353
o RX bytes: 29,963 (29.9 KB)
o TX packets: 353
o TX bytes: 29,963 (29.9 KB)
o RX errors: 0
o TX errors: 0

Subnet Mask of Each Interface and Its Significance

 ens5:

o Subnet Mask: 255.255.240.0

 Significance: This subnet mask indicates that the first
20 bits (255.255.240.0) are used for the network part of
the address, allowing for a total of 4096 IP addresses in
this range, which can be useful for medium-sized
networks.
 lo (Loopback):

o Subnet Mask: 255.0.0.0

 Significance: This subnet mask is typical for loopback
interfaces, indicating that the first 8 bits are used for the
network part, effectively allowing for 16,777,216
loopback addresses (though normally only one is used:
127.0.0.1). It’s primarily used for local communication
within the host.

2. ping x.x.x.x or ping <some_domain_name>

(x.x.x.x – represents some IP address of the node)
o What is the use of ping utility in computer networks?
o Observe the different details that are displayed like time
for icmp echo request and replies, number of bytes sent
etc.
o Also try to ping an IP address or domain name that does
not exist and record your observations.

 Output:
  I tried to ping IP address of the en5 interface of the machine
which is 172.31.6.245, If we use the command ping 172.31.6.245
in our Linux terminal, we will be sending ICMP Echo Request
packets to the IP address of the node itself, which is the same IP
address assigned to the ens5 interface of your machine.
 The Ping utility is a command-line tool used to test the reachability of
a host on an Internet Protocol (IP) network. It operates by sending
Internet Control Message Protocol (ICMP) Echo Request messages to
the target host and waiting for Echo Reply.

 Observations:

 PING 172.31.6.245 (172.31.6.245):

o This indicates the IP address being pinged.

 Bytes Sent:

o56(84) bytes of data indicates that each ICMP request packet

sent is 56 bytes in size, but the total packet size is 84 bytes
(which includes additional headers).
 Reply Information:
 o Each line showing 64 bytes from 172.31.6.245 indicates the
size of the reply received from the host you are pinging (64
bytes here is a standard Echo Reply).
 icmp_seq=:

o This indicates the sequence number of the request. For

example, icmp_seq=1 indicates the first ping, icmp_seq=2 the
second, and so on.
 ttl=64:

o TTL stands for "Time to Live," which is the maximum number

of hops (routers) that the packet can traverse before being
discarded. A TTL of 64 is common for many operating
systems.
 time=0.021 ms:

o This shows the round-trip time from the sender to the receiver
and back. The response times here are quite low, indicating a
fast local connection.

 Pinging non-existent IP address :

 When pinging a valid address (like your own IP), you receive replies
indicating the connection is operational, along with timing and TTL
data.
 When pinging an invalid IP or a non-existent domain, We don’t see
any outcome on the terminal as shown in the below screenshot the
terminal does not move ahead and while pining in non existent
domain it says ‘ping: nonexistent.domain: Name or service not
known’.

> IP :
>domain:

3. nslookup www.abc.com (or any other website)

o What is the purpose of nslookup utility in computer
networks?
o Make a query to obtain the IP address of some website
using nslookup utility and record the same.
o Observe the type A, server, non-authoritative or other type
information that are displayed for the ip addresses and
record the same.
 Output:

 The nslookup utility is a command-line tool used to query

the Domain Name System (DNS) for information about
domain names and IP addresses. The purposes of nslookup
include:
 DNS Record Lookup: It allows administrators and users to
retrieve various DNS records for a domain, including A
(Address), CNAME (Canonical Name), MX (Mail Exchange),
and others.
 Troubleshooting DNS Issues: nslookup can help identify
DNS resolution problems by checking if the domain name is
resolving to the correct IP address.
 Exploring DNS Hierarchy: It provides insights into DNS
configurations, including which servers are being used for
the lookups.

 I tried to query the website ‘www.dell.com’ and obtained the

below IP details (23.37.86.46):
 Observe the type A, server, non-authoritative or other type
information that are displayed for the ip addresses and record
the same.

- Server Information:

This indicates the DNS server used for the query. Here, it is a local
resolver with the address 127.0.0.53.

- Non-authoritative Answer:
  We can see Non-authoritative answer here, which means the
information was obtained from a DNS server's cache rather than
directly from the authoritative DNS server for the domain.

- Clonical Name and Type A Record:

 The below lines show a series of CNAME (Canonical

Name) records, indicating that www.dell.com is an alias for
several other domains until it finally resolves to the last canonical
name.

Final A record:

 This describes the final resolved name and its associated type A
record, which points to the IP address 23.37.86.46. This specifies
that the domain ultimately resolves to an IPv4 address.
4. dig www.abc.com (or any other website)
o What does “dig” stand for and why it being used in
networking?
o Make a query for one website and record the output of the
command such as IP addresses, query time etc.
o Observe for any other additional details.
  Output:

 "DIG" stands for Domain Information Groper, this utility is used

primarily for querying the Domain Name System (DNS) to retrieve
information about a domain name, such as its associated IP addresses,
mail servers, and other DNS records.
- Recorded details from the above command:

 Final IP Address: 23.37.86.46 (resolved from the CNAME

chain).
 Query Time: 68 msec (time taken for the query to complete).
 Query Status: NOERROR (indicates a successful query).
 CNAME Records:
o www.dell.com → www1.dell-cidr.akadns.net
o www1.dell-cidr.akadns.net → cdn-www.dell.com-
v2.edgekey.net
o cdn-www.dell.com-v2.edgekey.net → cdn-
www.dell.com-
v2.edgekey.net.globalredir.akadns.net
o cdn-www.dell.com-
v2.edgekey.net.globalredir.akadns.net → e13665.x.a
kamaiedge.

- Additional details:

* Header Information:

 opcode: QUERY indicates that the request was a query.

  status: NOERROR means the request was processed without any errors.
 id: 48703 is a unique identifier for this specific query.

 Flags:

 qr indicates that this response is a query response.

 rd is set, indicating that the resolver supports recursive queries.
 ra is set, indicating that the DNS server supports recursion.

 OPT PSEUDOSECTION:

 Contains details regarding the extension mechanisms for DNS (EDNS). It includes:
o version: 0 referring to the EDNS version being used.
o udp: 65494, indicating the maximum UDP packet size for this query.

 Question Section:

 It shows the question asked, specifically looking for the A record of www.dell.com.

 Answer Section:

 It details the CNAME chain leading to the final A record, providing insight into how
DNS resolves the requested domain name.

 Server Information:

 The DNS server that answered the query was 127.0.0.53 (typically a local resolver
on the machine).

 Timestamp:

 The query was executed on: Sat Oct 26 17:45:03 UTC 2024.

 Message Size:

 The total size of the response message is 230 bytes, which gives an indication of
the overhead associated with DNS responses.

5. host www.abc.com (or any other website)

o Observe the details that are displayed containing various ip
addresses of the server queried.
 Output:

1. CNAME Chains:

o The output shows a chain of CNAME (Canonical

Name) records, which are used to alias one domain name to
another. Here’s how each alias resolves:
 www.dell.com is an alias for www1.dell-cidr.akadns.net.
 www1.dell-cidr.akadns.net is an alias for cdn-
www.dell.com-v2.edgekey.net.
 cdn-www.dell.com-v2.edgekey.net is an alias for cdn-
www.dell.com-v2.edgekey.net.globalredir.akadns.net.
 cdn-www.dell.com-
v2.edgekey.net.globalredir.akadns.net is an alias
for e13665.x.akamaiedge.net.

2. Final A Record:

o The final resolution from the CNAME chain

is e13665.x.akamaiedge.net, which has the IP
address 23.37.86.46.
o This means that when you access www.dell.com, your request
will ultimately resolve to this IP address.

3. IP Address Information:

o Resolved IP Address: 23.37.86.46

o The IP address indicates the endpoint where the web traffic
for www.dell.com is directed. This address is hosted on
Akamai's content delivery network, which is indicated by the
naming convention akamaiedge.net.

6. netstat
o Observe the details displayed like the list of open
connections.

 Output:
  The output from the netstat command provides a snapshot of active
internet connections and UNIX domain sockets on a Linux terminal.

 Connections:

i. First Connection:
 Protocol: TCP
 Local Address: ip-172-31-6-245.ap-:679
 Foreign Address: ip-172-31-7-195.ap-:nfs
 State: ESTABLISHED

This indicates a connection from the local machine to another

instance (possibly another VM or service) using NFS on port 2049
(the default NFS port).

ii. Second Connection:

 Protocol: TCP6
 Local Address: ip-172-31:ms-wbt-server (presumably a
Windows Terminal Services connection)
 Foreign Address: ec2-3-7-172-124.a:40520
 State: ESTABLISHED

This indicates an established connection to a remote EC2 instance's

service running on port 40520. The use of TCP6 suggests that IPv6 is
being utilized.
 7. netstat –i
o Observe the details of the networking interfaces.

 Output:
The command netstat -i focuses on network interfaces, providing relevant
interface statistics rather than detailed connection information.

Observed Connections:

1. TCP Connection:
o Local Address: ip-172-31-6-245.ap-:679
o Foreign Address: ip-172-31-7-195.ap-:nfs
o State: ESTABLISHED
o This indicates that a TCP connection to an NFS (Network File
System) share is active.
2. TCP6 Connection:
o Local Address: ip-172-31:ms-wbt-server
o Foreign Address: ec2-3-7-172-124.a:40520
o State: ESTABLISHED
o This suggests communication with a service over IPv6.

the output provides a snapshot of the active connections and inter-

process communication on the system:

 Active TCP Connections: Show interactions with remote servers,

with details about local and foreign addresses.
 Active UNIX Domain Sockets: Display a range of local
communications used by system services and applications.
 8. netstat –r
o Observe the details of the routing table

 Output:

Observation:

1. Destination: The destination network or IP address that the route applies

to.
2. Gateway: The IP address of the gateway through which the destination
can be reached. If the gateway is 0.0.0.0, it means that the destination is
directly reachable on the local network.
3. Genmask: This is the subnet mask associated with the destination. It
helps determine the size of the network and which part of the address
refers to the network and which part refers to the host.
4. Flags: This indicates the status of the route:
o U: The route is up.
o G: The route is a gateway.
o H: The route is a host route (specific to a single IP).
5. MSS: Maximum Segment Size (MSS) for TCP connections using this route
(not specifically relevant here).
 6. Window: TCP window size for the route (not used often in routing table
reviews).
7. irtt: Initial round-trip time for connections using this route (also often not
used).
8. Iface: The network interface associated with the route.

Analysis of Each Route:

1. Default Route:
o Destination: default
o Gateway: ip-172-31-0-1.a
o Genmask: 0.0.0.0 (indicating this is a default route)
o Flags: UG (up and is a gateway)
o Iface: ens5
o Meaning: This route is the default for all traffic not matching other
routes. It directs packets to the gateway ip-172-31-0-1.a via
the ens5 network interface. This is the route used when no more
specific match is found.

2. Directly Connected Network:

o Destination: 172.31.0.0
o Gateway: 0.0.0.0
o Genmask: 255.255.240.0
o Flags: U (up)
o Iface: ens5
o Meaning: This indicates that the network 172.31.0.0 (with a subnet
mask of 255.255.240.0, which allows for a range of IP addresses) is
directly reachable via the ens5 interface.

3. Host Route for a Specific IP:

o Destination: ip-172-31-0-1.a
o Gateway: 0.0.0.0
o Genmask: 255.255.255.255 (indicating this is specific to a single
host)
o Flags: UH (up and is a host route)
o Iface: ens5
o Meaning: This route is a specific path to the host ip-172-31-0-1.a.
Since the gateway is 0.0.0.0, it implies that it's reachable directly
via the ens5 interface.
 9. arp –a
o What does “arp” stands for and what is the purpose of the
arp utility?
o Observe the details on the entries in ARP table and record
the same.
 Output:

 ARP stands for Address Resolution Protocol. It is a protocol used for

mapping an Internet Protocol (IP) address to a physical machine
address that is recognized in the local network, essentially translating
IP addresses into MAC (Media Access Control) addresses.
 The ARP utility is used to view and manage the ARP cache on a device.
The ARP cache stores IP-to-MAC address mappings, which enables a
system to efficiently send packets to the correct physical destination
on a local network without needing to broadcast ARP requests for every
packet.

The primary functions of the ARP utility include:

 Displaying the ARP cache: It shows the current mappings

between IP addresses and MAC addresses on the local network.
 Setting static ARP entries: Users can manually add entries that
won't be changed or removed automatically.
 Deleting ARP entries: Users can remove entries in the cache to
correct errors or when devices are changed.

Observations:
 The observed entries indicate the local network hosts and their
corresponding MAC addresses, facilitating direct packet delivery in
the network.

1. Entry for ip-172-31-7-195:

o Hostname: ip-172-31-7-195.ap-south-1.compute.internal
o IP Address: 172.31.7.195
o MAC Address: 0a:29:5d:b3:20:7a
o Type: Ethernet ([ether])
o Interface: ens5
o Meaning: This entry shows that the IP
address 172.31.7.195 resolves to the MAC
address 0a:29:5d:b3:20:7a, and it is reachable through the
Ethernet interface ens5.
2. Entry for ip-172-31-0-1:
o Hostname: ip-172-31-0-1.ap-south-1.compute.internal
o IP Address: 172.31.0.1
o MAC Address: 0a:c3:3d:57:7e:46
o Type: Ethernet ([ether])
o Interface: ens5
o Meaning: This entry indicates that the IP
address 172.31.0.1 corresponds to the MAC
address 0a:c3:3d:57:7e:46, also reachable via
the ens5 interface.
3. Entry for ip-172-31-0-2:
o Hostname: ip-172-31-0-2.ap-south-1.compute.internal
o IP Address: 172.31.0.2
o MAC Address: 0a:c3:3d:57:7e:46
o Type: Ethernet ([ether])
o Interface: ens5
o Meaning: This shows that the IP address 172.31.0.2 also
maps to the same MAC
address 0a:c3:3d:57:7e:46 as 172.31.0.1, meaning both IPs
might belong to the same network device or virtual interface,
reachable through ens5.