Scribd
Upload
3 views

BSD2301_NETWORK_PROGRAMMING_ENGINEERING_ASSIGNMENT1_GROUPWORK

The document outlines an assignment for a network programming course, focusing on tools for network analysis including netstat, traceroute, and whois. It details the usage of netstat for monitoring TCP connections and detecting malicious software, as well as explaining how traceroute tracks packet paths across networks. The assignment requires group members to perform practical exercises using these tools and document their findings.

Uploaded by

s5kpv4twq4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

BSD2301_NETWORK_PROGRAMMING_ENGINEERING_ASSIGNMENT1_GROUPWORK

The document outlines an assignment for a network programming course, focusing on tools for network analysis including netstat, traceroute, and whois. It details the usage of netstat for monitoring TCP connections and detecting malicious software, as well as explaining how traceroute tracks packet paths across networks. The assignment requires group members to perform practical exercises using these tools and document their findings.

Uploaded by

s5kpv4twq4
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

2301 NETWORK PROGRAMMING

ASSIGNMENT 1
GROUP WORK
MEMBERS
Sadia Galm - 19/03455
Stephen Migwi - 24/00387
Anzal Ali - 20/02308
James Daniel - 21/04996
Venessa Obote - 21/03204
Ann Wambui - 20/04294
Giovane Henry - 17/04340
Zeyruq Abdullahi - 23/04126
Edna Wambui - 19/06197
Abass Kuku - 22/08714
You are supposed to explore the various tools that an end user can use to discover how a
machine is connected to the network and what the network looks like beyond the first hop. You
investigation will use the following tools:

1. netstat
2. traceroute
3. whois

All of these tools should be available on any machine running a UNIX-based operating system.

1. netstat
i). What is netstat and what is it used for?
The netstat command generates displays that show network status and protocol statistics
ii). What parameters for netstat should you use to show all the TCP connections
established? Include a printout of this list for your machine. Be sure to explain what all
fields are.
-a Display all active TCP and UDP connections and listening ports.
-t Display only TCP connections.
-u Display only UDP connections.

l- Show only sockets that are actively listening for incoming connections.
-p Display the Process ID (PID) and program name associated with each socket.
-n Display addresses and port numbers in numeric format without resolving names.
-r Display the kernel routing table.
-s provide summary statistics for each protocol
-c continuously update the output every second
-e display extended information, including timers and users IDs
FIELDS EXPLANATION

Proto - The type of protocol (TCP or UDP).

Recv-Q - The count of bytes not copied by the connected application.


Send-Q - The count of bytes not acknowledged by the remote host.

Local Address - The IP address and port number of the local end of the connection.

Foreign Address: The IP address and port number of the remote end of the connection. If the
port number is *, the connection is listening on all ports.

State: The state of the connection such as ESTABLISHED or LISTENING.

iii). How can use netstat to detect malicious software

1. List all active connections using netstat -tulnp

2. Find Foreign IP connections using netstat -antp


3. Filter for established external connections using netstat -an | grep ESTABLISHED

N|B Because we did not identify any malicious software, our program ends here, but
incase found, the process will continue with the remaining steps.

4. Identify programs using specific ports using netstat -tulpn | grep <port_number>
5. Monitor for rapid connection attempts using netstat -ntu

6. Check for LISTENING Ports using netstat -tulpn | grep LISTEN

7. Verify suspicious processes using ps -aux | grep <PID>

2. traceroute
i).Explain in detail how traceroute works.
A traceroute / trace route is a network diagnostic tool used to track the path that packets take
from one computer to another across a network, such as the Internet. It helps in identifying the
route taken by data packets to reach a specific destination and can be useful for troubleshooting
network issues.

How it works
1. Sending Packets - When you run a traceroute command, it sends a series of Internet Control
Message Protocol (ICMP) Echo Request packets to the target destination. Each packet has a
Time To Live (TTL) value that determines how many hops (routers) the packet can pass
through before being discarded.

2. TTL Value - The TTL value starts at one and is incremented with each subsequent packet
sent. For example, the first packet has a TTL of 1, which means it can only reach the first
router. When this packet reaches the first router, the router decrements the TTL value. If the
TTL reaches zero, the router discards the packet and sends back an ICMP Time Exceeded
message to the source.

3. Recording Hops - The source machine receives the ICMP message and records the IP
address of the router that sent it back. Then, the traceroute tool sends another packet with a TTL
of 2, which reaches the second router, and the process repeats. This continues until the packet
reaches the target destination or until a specified number of hops is reached.
4. Output - The output of a traceroute typically shows the list of routers (hops) between the
source and destination, along with the round-trip time (RTT) for each hop. This information can
help identify where delays or issues are occurring in the network.

Traceroute is a valuable tool for network administrators to diagnose routing problems, latency
issues, or to visualize the path data takes over the Internet.

ii). Perform a traceroute from your machine to two different locations


In Europe
In US

Include a copy of the output and explain what happened including a description of what
each of the field’s means.

Explanation of Each Field


1. Header Line
traceroute to [destination] ([IP address]), 64 hops max
This line shows the destination’s hostname, its resolved IP address, and the maximum number
of hops that will be probed.
2. Hop Number (Column 1)
Each line starts with a sequential number (e.g., 1, 2, 3, etc.) representing the hop count the
number of routers (or network segments) the packet has traversed from the source.
3. Router IP
The next field shows the IP address of the router at that particular hop.
4. Round-Trip Times (Columns 3, 4, 5)
These columns show the round-trip time for three probe packets sent to that hop, measured in
milliseconds.
If all three values are returned, it indicates consistent responses from that router.
If you see an asterisk (*), it means that the probe did not receive a response within the timeout
period.
5. Asterisks (*)
These indicate that no reply was received for that probe. This could be due to the router being
configured not to respond to ICMP messages or due to network issues.
iii). traceroute to www.kca.ac.ke, and identify each hop by using whois command.
Note that whois takes IP addresses as parameter.

You might also like