Q:What is the default directory when you open a new command window? What is your working directory? A:
Q:Is the Internet service daemon, xinetd, started in your system? Is inetd started in your system? Why?
A:xinetd(extended Internet daemon) is started in my system rather than inetd (internet service daemon). Both of them are super-server daemon started only under request. Because xinetd is more secure than inetd, more Unix- services now replace inetd with xinetd.
Q:Compare the file ser_more and ser_cp. Are these two files identical? A:Yes, they are identical.
Q:Display the file sizes using ls –l ser*. Save the output. What are the sizes of files A: ser_more, ser_cp, and ser_cat?
ser_cat 39870 bytes
ser_cp 19935 bytes
ser_more 19935 byte
Q:Submit the ls output you saved.
[guest@guchi guest]$ ls -l ser*
-rw-rw-r-- 1 guest guest 39870 Sep 17 05:38 ser_cat -rw-r--r-- 1 guest guest 19935 Sep 17 05:34 ser_cp -rw-rw-r-- 1 guest guest 19935 Sep 17 05:20 ser_more
arp arping ifconfig tcpdump
ping netstat route ethereal
Q:Explain the above commands briefly.
arp(address resolution protocol): Displays and modifies address resolution arping: Capture ARP packets on the remote machine.
ifconfig: Configures or displays network interface parameters for a network using TCP/IP. tcpdump: Capture and display packets on the LAN segment.
ping: Sends an echo request to a network host.
netstat: Work in conjunction with the ifconfig command to provide a status condition of the TCP/IP network interface. route: Manually manipulate the routing tables.
ethereal: Capture network packets and provide a user friendly graphical interface and support additional application layer protocols.
Q:Draw the format of the packet you saved, including the link, IP, and TCP headers, and identify the value of each field in these headers. A:
00:16:76:a9:81:ee(Destination Address)| 00:09:5b:0a:ea:03(Source Address)| 0x0800(Frame Type: IP)| N/A(Data)| N/A(CRC)|
Version: 4| Header length: 20 bytes| Differentiated Services Field: 0x10| Total Length: 52| Identification: 0xe535| Flags: 0x04| Fragment offset: 0| Time to live: 64| Protocol: TCP (0x06)| Header checksum: 0xcece (correct)| Source: 126.96.36.199|
Source port: 33510 (33510)| Destination port: telnet (23)| Sequence number: 3192985136|
Acknowledgement number: 1082427947|
Header length: (32 bytes)| Reserved(N/A)| Flags: 0x0011 (FIN, ACK)| Window size: 5840| TCP Checksum: 0x8151 (correct)| Urgent Pointer: N/A|
Optional(12 bytes): NOPNOP|
Q:What is the value of protocol field in the IP header of the packet you saved? What is the use of the protocol field?
The value of protocol field in the IP header is 0x06 which is TCP. The use of this is to show the upper layer protocol.
Q:What is the value of the frame type field in an Ethernet frame carrying an ARP request and in an Ethernet frame carrying an ARP reply, respectively? A: The frame type field in an Ethernet frame carrying an ARP request is 0x0806. The frame type field in an Ethernet frame carrying an ARP reply is 0x0806. Q:What is the value of the frame type field in an Ethernet frame carrying an IP datagram captured in the previous exercise?
A:Frame type field in an Ethernet frame carrying an IP is 0x0800.
Q:What is the use of the frame type field?
A:Indicate which protocol is encapsulated in the payload of an Ethernet Frame.
Q:Explain briefly the purposes of the following tcpdump expressions. A:
tcpdump udp port 520: Capture traffic of UDP 520...