Routing/Domain Name Service/Network Monitoring/Address Resolution Protocol

•  Overview
• TCP/IP Administration
•  Equipment/Supplies/Time
•  Routing
•  Routing Instructions
•  Domain Name Service
•  DNS Instructions
• Network Monitoring and Address Resolution Protocol
• Network Monitor Instructions
•  Turn In

Overview

The TCP/IP Administration consists of three related exercises, it will take less time overall if you can complete them as a unit.

There are several topics covered in the assignment. Static routing will be examined in the context of using a W2K server to route IP packets between two IP networks. Domain name service (DNS) will be implemented for the hosts on the two IP networks. Network monitoring of traffic will be performed using the Network Monitor. Address Resolution Protocol used to translate an IP address into a NIC address on a LAN will be examined using the monitor results.

Equipment/Supplies/Time

• One PC located in LF111 with two NICs labeled B438. It should the middle machine on a table with three PCs.
• Two PCs on one table in LF111 on either side of the B438 PC.
• Two 10base-T Ethernet cables with crossed wiring to eliminate the need for a connecting hub. These are labeled B438 Crossed Wires. These should be in the B438 cabinet or attached to the two adjacent computers.
• Your removable hard disk with W2K Server installed.
• Time
• Routing - About 45 minutes.
• DNS - About 10 minutes.
• Network Monitoring - About 60 minutes.

Routing

The general idea is to connect independent IP subnetworks into a single network. The connection point is a router. We will use static routing to construct a routing table by hand on the router (W2K server) that instructs the router where to send IP packets. Note that a router normally has two NICs in order to connect two IP subnets.

The following diagram illustrates how the IP subnets 149.160.24.xxx and 149.160.25.xxx can be joined by an IP router. The router has two NICs, one with IP 149.160.24.1 and 149.160.25.1 on the appropriate nets. The IP client NICs have been assigned the IP numbers of 149.160.24.2 and 149.160.25.2.

For IP routing, both the client and router need information about the network. The clients need to know the gateway router to send off net packets. The router needs to know where to send packets, for example that a packet arriving on NIC 149.160.24.1 for net 149.160.25.xxx should be routed through NIC 149.160.25.1. Note that this is an obvious routing example, where both the router and destination client are on 149.160.25.xxx. A more realistic example is at right where several routers must be crossed to reach a host. The A router must know that a packet arriving for new 149.160.26.xxx (it could only arrive on NIC 149.160.24.1) must be forwarded on NIC 149.160.25.2 to reach 149.160.26.2 host. Router B must also know that a packet for 149.160.26.xxx must be sent through NIC 149.160.26.1.

The assignment is to construct two networks and join them through a router. The networks are simple, a single client directly connected to your server using a cable with the wires crossed (similar to a null modem) to eliminate the need for multiple hubs. The server will be configured for routing IP packets, the clients must be configured to send packets to the router gateway.

Routing Instructions

The following provide certain details, though not all instructions, needed to construct two IP subnets and install the router. The first step is to configure the server NICs with static IP numbers and the Router services.

Server NIC

1. On server machine:
• Disconnect the LAN cable from the back of the machine.
• Connect server machine to two crossed wire cables.
2. Login on the server as Administrator.
3. Open Settings | Network and Dialup Connections and click on either connection icon as in the figure: 
4. Select Properties | TCP/IP from list as at right | Properties button: 
5. Change the properties for the NIC to the IP numbers you wish to use. The figure at right is host IP address 149.160.29.3 and uses itself as the Domain Name Server. The subnet mask should match that used by other hosts on the network. 
6. Click back through the OK buttons for the changes to take effect.
7. Do the same for the other NIC but use a different IP address, the DNS server can be the same.

Server Routing

1. Open Programs | Administrative Tools | Routing and Remote Access
2. Router Configuration - By default the server has IP routing should be enabled, you must define the route that packets must take to be delivered to another IP network.
• Right click on the computer name.
• Select Configure and Enable Routing and Remote Access
• Select Network Router and follow the wizard.
• Select IP Routing | Static Routes
• Right click, select New Static Route...
• Interface: Local Area Connection
• Destination: IP of destination LAN, for any IP starting with 169.254.98 use 169.254.98.0 but can use any IP when not connected to IUS LAN.
• Network mask: AND filter, to allow any 169.254.98.xxx IP to be routed use 255.255.255.0 as a mask. The mask is ANDed with the IP to define the valid IP numbers on the net. A net with 256 IP numbers could assign IPs from 149.160.25.0 through 149.160.25.255 using a mask of 255.255.255.0 while a net of 149.160.25.0 through 149.160.25.7 has a mask of 255.255.255.248 where the mask has 1's in all but the last three bits. ANDing the address 149.160.25.3 with the mask produces 149.160.25.0 which is part of the eight host net. You must choose a mask that matches the network IP.
• Default gateway: IP of NIC to serve as gateway for routing. The default gateway on the router can be the same as the NIC IP. On a client, the default gateway should be the router IP to which the client is connected. The 169.254.98.0 subnet must be physically connected by the crossed wire cable to the gateway.
• Metric: 3
• Repeat the above steps for the other NIC adapter. Use a different destination subnet.
• Action Refresh to have the changes take effect. The static routes should appear similar to below: 
• The routes and masks defined construct a routing table that will route a packet from host 169.254.47.56 to host 169.25.98.4 through the router. The router receives the packet with destination 169.25.98.4, AND's with the MASK 255.255.255.0 to determine the destination subnet of 169.254.98.0, the router sends the packet out gateway 149.160.29.2 to reach subnet 169.254.98.0 and host 169.25.98.4. 
• 1) Print - At a Command Prompt, capture the screen for a display of the current routing table: route print

Client NIC - The two client machines adjacent to the server must have static IPs installed and instructed where to send off net packets as was done for the server.

1. On each client machine:
• Disconnect the LAN cable from the back of the client machine.
• Connect each machine to the server using one of the crossed wire cables.
2. Login to the client machine by its name, not using ADS.
• The machine name will be SE....
• User: admin
• Password: cscib438
3. IP - Follow the instructions for the Server NIC but use an IP number in the network given in the Destination for the Routing and Remote Access. You will need to assign the default gateway.

Router Testing - The following is the basic test of an IP network, determining whether a path exists from one point to another using ping. The examples are using the IPs from the simple network diagram above, you'll need to use your network IPs.

• At the Command prompt on server:
• 2) Print - Use ping to verify that the router (server) can reach its own NIC IP addresses.
• 3) Print - Use ping to verify that router can reach each host.
• At the Command prompt on each host:
• 4) Print - Use ping to verify that each host can reach the router NIC.
• 5) Print - Use ping to verify that one host can reach the other.
• Problems
• Nothing works - Probably using the wrong IP in the ping.
• Router can ping itself but nothing else - Switch the LAN wires on the back of the server, the gateway and hosts should be on the same channel.
• Can't ping an IP across the router - Router configuration may not have refreshed. Click on Static Routing, View the Routing table. Each of the routes entered should appear in the table, if not try to refresh again. The refresh occurs by default every 60 seconds but the results are somewhat unpredictable.
• Manual route entry - The routing table can be examined and manually entered at the command prompt. route will display the help page. To manually enter the route for :
  • route add 169.254.98.0 mask 255.255.255.0 149.160.29.2 metric 3
  • route add 169.254.47.0 mask 255.255.255.0 149.160.29.3 metric 3

   

• 6) Print - If the router and hosts can ping each other, the browser on either host should be able to reach the server homepage. Connect from either host by entering the IP location of either server NIC. You should have a test.htm file that can be accessed via a browser. Assuming the server has an NIC with IP address 149.160.25.1 the following should display the page:
• http://149.160.25.1/test.htm

Finish - If you are done for the day, restore the cabling and TCP/IP configuration back by:

1. Reconnect NIC of the two machines to IUS LAN. Server connects via the built in NIC.
2. TCP/IP - Follow the instructions for the Server NIC setting to automatic configuration.
3. Put the crossed wires back in the B438 cabinet or leave attached.

Domain Name Service

The general idea of DNS is that it is easier to remember names than IP addresses and it is simpler to have name administration done centrally than each host maintain its own name database. DNS is a service that translates the name into an IP that is used for routing, etc. over the network. The names are used as indexes in a database of IP numbers. Hosts needing DNS must know the IP of the machine with the DNS database, usually the DNS machine is part of a heirarchy of name servers. For example, DNS requests for ius.indiana.edu would be forwarded to the DNS machine for edu which would forward to indiana.edu which would forward to the ius.indiana.edu DNS machine. Our test network is not connected to a DNS heirarchy so only those names defined by us will be translated into IP addresses.

DNS Instructions

DNS Server Instructions

• Reconnect the machines using the crossed wire and reconfigure the client hosts to the same IP addresses and gateways consistent with the router(server) configuration.
• Login on the W2K Server as Administrator.
• Programs | Administration Tools | DNS
• Click on the server icon | Action | New Zone | Accept the Wizard defaults
• Enter zone using your last name following the pattern: wisman.com
• Double click on Forward Lookup Zones | Click on zone name | New host
• Enter name and the assigned IP addresses for server and each of the two hosts (it may be helpful to name them www, left and right).
• Action | Update Server Data File

Testing - With the W2K Server running routing and DNS, and the clients using the server as a gateway and DNS server, you should be able to test using either raw IP or names.

1. 7) Print - At the Command prompt:
• On the left host ping the router.
• On the right host ping the router.
• On the right host ping the left host.
2. 8) Print - If the pings worked, try the browser on either host to reach the W2K server page test.htm using the server name.

Network Monitoring and Address Resolution Protocol

The general idea of a packet monitor is to selectively examine traffic on a network. W2K Server comes with a Network Monitor package that monitors the traffic to and from the server, much more powerful monitors are commerically available that monitor all traffic on a network. The network monitor can selectively monitor traffic for selected NIC address numbers, protocols (IP, IPX, etc.),  computer names, etc. combined using Boolean operators. The philosphy of Network Monitor is to capture traffic and then view the captured data.

The exercise is intended to provide some experience with traffic monitoring and specifically to examine Address Resolution Protocol (ARP). ARP is used by LAN stations to translate the destination IP number into the NIC number. The figure at right lists the ARP table generated when a ping of an IP address is made on a LAN. Since LAN traffic uses only NIC numbers for addressing with the IP packet carried in the frame data load, ARP is needed for IP address resolution to an NIC address before two LAN connected machines can communicate using the higher level IP protocol numbers of the ping command. The command arp -a  lists the current table of IP to NIC addresses. Using the Network Monitor the ARP interaction can be fully examined.

Network Monitor Instructions

Configuration

• Reconnect the machines using the crossed wire and reconfigure the client hosts to the same IP addresses and gateways consistent with the router(server) configuration.

Monitoring - With the W2K Server running routing and DNS, and the clients using the server as a gateway and DNS server, you should be able to test using either raw IP or names. To monitor traffic some traffic will need to be generated. You'll notice that the server generates some traffic by broadcasting service advertising packets, you will generate traffic using TCP/IP applications such as ping and a Web browser.

Server

1. At a Command Prompt, generate ping and ARP traffic by pinging each client host.
2. 9) Print - List the ARP table by:
• arp -a.
• Remember which IP address corresponds with an NIC address.
3. At a Command prompt clear the ARP table.
• At the server command enter: arp -a
• Remove each table entry, for example Internet Address of 149.160.29.92 by: arp -d 149.160.29.92
4. Start Network Monitor - Programs | Administrative Tools | Network Monitor
• Select either one of the two router NICs to monitor, listed by the corresponding NIC address.
• Capture | Start
5. At the server Command prompt, ping the client IP address on the NIC being monitored to generate ARP traffic.
6. View the captured data - Capture | Stop and View
• To examine the frame or packet in detail double click the frame in the Summary window. Two additional windows should open that provide detail down to the individual bytes of the frame.
• 10) Print - Windows similar to that below should be displayed. Select the ARP: Request.
• In the selected frame below the ARP: Request, Target IP: 149.160.29.92 is being broadcast onto the LAN to discover the NIC number that corresponds to the IP. This can be seen in the bottom HEX window where the destination NIC address is FF FF FF FF FF FF followed by the source NIC address of 00 0C F0 40 73 2E. The ARP request broadcasts the target IP, if the station with that IP is on the LAN it responds back with its NIC number. The requesting station stores the IP/NIC correspondence in its ARP table for use whenever an IP number to NIC translation is needed. Note that in the bottom pane is the Ethernet frame contents, the FF FF FF FF FF FF is a NIC broadcast destination address, the 00 C0 F0 40 73 2E is the NIC source of the ARP requestor.

• Select the ARP: Reply frame. The previous ARP broadcast by IP 149.160.24.1 of the IP 149.160.29.92 address has received a response from NIC 000CF040732E as seen in the Hdwr Addr: and in the HEX window.

• At the Command Prompt display the ARP table to verify that the table has been updated with the NIC address of a client.

Client - The client browser will be used to access the router Web server. This will generate communication of an ARP, DNS, TCP, and HTTP protocol interchange between the client and the server so that each protocol frame or packet can be examined in detail.

1. Client - Verify that a client browser can access the test.htm page on the server using the server DNS entry (e.g. http://www.wisman.com/test.htm).
2. Client - Restart the client machine to force it to forget the ARP and DNS lookup since we want to monitor the process.
3. Server - Start the Network Monitor and capture from the router NIC address connected to the client machine.
4. Client - Access the test.htm page on the server.
5. Server - Capture | Stop and View | Window | uncheck HEX | Window | Check HEX
• 11) Print - You should see a window similar to that below. Click on the frame to examine in the Summary window. The GET request from the browser on IP 149.160.29.92 is displayed, in the Hex window the data sent from the browser to the server can be viewed as:
• GET /test.htm HTTP/1.0

Performance Monitoring

W2K provides a tool for monitoring a rich set of factors affecting network performance. These include CPU, Web services, raw network byte count and many others. The following explores the use of the performance monitor tool of the Network Monitor to determine the approximate maximum number of bits that can be sent over the network between two machines.

Programs - Two programs are used to exercise the network: PERFserver and PERFclient. The server receives and displays bytes to the screen, the client sends bytes to the server over the network as TCP segments. The client has three parameters:

1. IP - the IP number of the PERFserver.
2. bytes - the number of data bytes to send in each TCP segment. Range is 0 to 2³¹.
3. packets - the number of packets (well really segments) to send. Range is 0 to 2³¹.

The server has one parameter: the number of bytes to allocate for the receive buffer. Generally the larger the faster it can process bytes received.

Performance - Performance is affected by many variables. In this exercise only a few variables can be controlled: the client and server parameters, whether the server displays received bytes to the screen or writes to a file (which is faster), and whether one client and or two clients are transmitting. As discussed in the text, utilization of a resource is higher for larger data transmissions so one would expect the maximum to be reached when the number of bytes transmitted at one time was large.

Monitoring - A counter monitors some performance factor such as the network card total byte count. Several counters can be defined to monitor and display in graph form several factors simultaneously. The following details running the Performance Monitor and placing a load on the network using the client and server programs.

1. Download to your server and both connected hosts the PERFserver and PERFclient programs. You'll need to run on both machines.
2. In the Network Monitor click Tools | Performance Monitor
3. Right click in right window | click on Add Counters
4. Select Performance Object: Network Interface. See figure at right.
5. Select Bytes Total/sec and click Add button. Do the same for Bytes Sent/sec and Bytes Received/sec.
6. Select Performance Object: Processor.
7. Select %Processor Time and click Add button.
8. Close.
9. The display should be updated each second. The figure at right is a graph of a network under load. 
10. Load the network with data.
1. Determine the IP of the machines using ipconfig /all.
2. On one host machine run the Command prompt run the PERFserver program using defaults by:

PERFserver

3. On the other host machine run the PERFclient using defaults by:

PERFclient <IP of PERFserver>

4. The graph should display similarly to that at right and give the maximum number of bytes for a counter. You can click on each counter to read the performance measures.
11. 12) Print - Determining maximum bits transferred. Try to increase the load on the network and processor to determine the maximum under different loads by the following:
1. Run both PERFserver and PERFclient simultaneously on each machine with PERFserver output to the screen.
2. Redirect the PERFserver output to a file instead of the display by:

PERFserver > x

3. Send a larger number of bytes from the client to the server. To send 50 segments of 10000 bytes in each segment to 149.160.29.92:

PERFclient 140.160.29.92 10000 50

Turn In

• Routing
• Screen shots.
• DNS
• Screen shots.
• Network Monitoring
• Screen shots.
• Additional screen shots of interesting captured packets and explanation of what is occurring (circle, highlight, etc. items to explain what the protocol (ARP, DNS, etc. is doing)  from:
1. ARP request and response. Point out and explain the ARP interaction.
2. DNS request and response. Point out and explain the DNS interaction.
3. Telnet from a client to Web server. Show just the frames generated by the connection. Print frames generated by the connection and explain the ports used.
4. Telnet from a client to Web server and request the test.htm page.
1. Point out and explain the acknowledgement and sequence numbers of the TCP segments. You will need to examine a TCP request and response interaction between the client and server. Note that clicking on the + TCP in the monitor display will expand the selection to view details. 
2. Locate the frame(s) with the client GET /test.htm HTTP/1.0 and the server response. Explain the reason for the obvious differences between client and server.
5. FTP from a client into the server as user Administrator.
1. Locate the server port used by FTP.
2. Determine and document with a printout any obvious security problems.
6. Download the simpleChat executable that passes datagrams (User Datagram Protocol) and monitor a short chat exchange. Find a frame that contains some of the chat, print, circle and comment upon those items that are understandable.

Execute the program on a client and the server. The program is executed at the Command prompt by:

simpleChat <IP address>

The simpleChat program requires that each chatter take a turn.

• Performance Monitoring
• Screen shots showing maximum and graph for Bytes total/sec. from tests. Discuss your observations regarding interaction of execution of PERFserver, PERFclient, network load and processor utilization.

Document last modified: