Crash Course in System Security (CSCI 1005), Winter 2025

pete > courses > Crash Course in System Security (CSCI 1005), Winter 2025 > Day 10

Day 10: IP and ICMP

New(ish) Vocabulary

interface
Internet Protocol (IP)
packet
route
time to live (TTL)
traceroute
Internet Control Message protocol (ICMP)

New(ish) Tools

ifconfig
route
ping
mtr
Wireshark (Arch Wiki page)
bash (Advanced Bash Scripting Guide)

NOTE: Because it’s snarfing all packets that arrive or depart, Wireshark requires special privileges and therefore some configuration. Refer to the Arch Wiki page for information. Also, you have the option of installing three different user interfaces for Wireshark; I strongly recommend wireshark-qt for usability and stability.

NOTE 2: While the ip program is installed by default, the ifconfig and route programs are not. For the latter, you must install the net-tools package.

NOTE 3: The ping program comes in the iputils package.

NOTE 4: We haven’t talked about hostnames yet, but you’ll start to see them this afternoon. These are the word-ish names by which we (humans) usually identify computers on the Internet (eg, www.middlebury.edu). Many tools will perform the reverse translation for you—ie, convert from IP address to the associated name. These tools often take an option (usually -n) that will suppress this conversion, which makes them run faster (and, potentially more importantly, does not incur additional network traffic).

Exercises

Know your machine

Use ip and/or ifconfig to find the IP and MAC addresses of your computer.

Find out the IP and MAC addresses on your other machines—on a Mac, use ifconfig; on Windows, use ipconfig /all.

Note that the addresses will be quite different: the Dell loaner machines are on the CSCI_Class network, whereas your personal devices are likely on the MiddleburyCollege network, which use different rules for assigning IP addresses. We’ll learn more about this next week.

Use the route command to find the IP address of your "default router"—ie, the machine that acts as gateway to the rest of the Internet.

"Automatic" traceroute

Install mtr, a tool that performs tracerouting. Use it to find the route to 72.14.176.147. Use wireshark to observe the packets. Find the TTL field in the binary data.

Manual traceroute

Write a bash program that uses ping(8) to perform traceroute. It should take a single command-line argument—the destination IP address—and output the sequence of hops between the source and destination.

The point is to get used to Wireshark, doing networky stuff, and composing various tools using shell scripting.

Mapping

Use either mtr or your traceroute program to begin building a map of the Internet. Pick random(ish) hostnames (eg, google.com, amazon.com, steampowered.com) and find the routes to them from Middlebury. Notice where they deviate. Draw inferences about the connectivity of the networks involved. Draw a picture that reflects these infereces.

If you enable name resolution (which is the default), you’ll get some hints as to who owns which routers, and therefore some insight into the administrative domains through which your network data travels.