2. 7 Summary

The Advanced Research projects Agency (ARpA) funded much of the early investigations into networking as a way to share computation resources among ARPA researchers. Later, ARpA shifted its focus to internetworking and started the Internet,which has been growing exponentially for many years.

Some of the tools used to probe the Internet are available to users. The ping program sends a message to a remote computer and reports whether the computer responds the traceroute program identifies intermediate computers along a path to a remote destination.

Ping and traceroute software is included in many operating systems ; source code for more advanced versions is as well. For example, one can find several versions for the Windows operating system on site http :// www. shareware. com/

To access traceroute via the Web, contact

http :// www. net. cmu. edu/cgi-bin/netops. cgi

Use the ping program to test whether you can reach computers on your local network.

If your version of ping reports the time required to obtain a response, experiment to find out if the network delays vary during the day.

Use ping to measure the round-trip times to destinations on the Internet (e. g., to Web sites). What is the maximum round-trip time you encounter?

Experiment with the packet size option in ping. How does packet size affect round-trip time?
Compare output from the ping program for a computer that is turned off with the output for a non-existent address (e. g., 10. 0. 0. 50). Do they ditftr?

Use the traceroute program to find the number of hops between your computer and remote destinations (e. g., to well-known web sites). Wnat is the maximum number of hops you can find?
Compare round-trip times reported by ping to the number of hops reported by traceroute to a set of destinations. Is there a correlation between a longer delay and a higher hop count?
Internet technology is documented in a series of reports known as Request For Comments (RFC). RFC 2151, which can be found on the CD-ROM that accompanies this text,describes tools available on the Internet. What tools does the RFC document describe that are not described in this chapter?

2. 6 Tracing A Route

Network administrators use another tool, traceroute, to determine the intermediate computers along the path to a remote destination. Like ping, traceroute takes an argument that specifies a remote computer name or address. For example, the following command will trace a path from the users computer to www. netbook. cs. purdue. Edu traceroute www. netbook. cs. purche. echr

Traceroute determines the intermediate computers along a path to the destinationt, and prints one line for each. For example, Figure 2. 6 shows the output from traceroute with the destination www. mit. edu.

traceroute to DANDELRQV-PATCH. MIT. EHJ (18. 181. 0. 31), 40 bwe packets
1 cisco1 (128. 10. 2. 250) 2 ms 1 ms 2 ms
2 cisco-te1-252. Teem. puJxine. Echl (128. 210. 252. 22) 2 ms 1 ms 1 ms
3 abilene. Team. purdue. Edu (192. 5. 40. 10) 6 ms 8 ms 7 ms
4 elev-ipls. Abilene. ucaid. Ecin (198. 32. 8. 26) 14 ms 14 ms
5 nyuLpclev. Abilene. ucaid. Ecin (198. 32. 8. 30) 24 ms 27 rns
6192. 5. 89. 45 (192. 5. 89. 45) 31 rns 34 ms 35 ms
7192. 5. 89. 10 (192. 5. 89. 10) 33 ms 33 ms 33 ms
8 -RTR-bODI. MIT. ED【J (18. 168. 0. 16) 59 ms 34 ms 33 ms
9 CX-EAMH. MIT. EHJ (18. 181. 0. 31) 62 ms * 79 ms

Figure 2. 6 Example output from traceroute run on the author’s workstation to destination www. mit. edu, which is dandelion-patch. Mit. Edu. An alias for computer nine lines of output for the path between the author’s workstation and the destination computer at MIT. One line corTesponds to each of eight intermediate computers, and nation is nine hops away from the source. traceroute determined that computer www at author’s computer. Interestingly, tfa+we will learn n chapter 17 that thp •12 ms 24 rns

Trace route cannot be used for all destinations because some network administrators choose to disable it to prevent outsiders from obtaining detailed information about their architecture.

2. 5 Interpreting A Ping Response

In Figure 2. 3, ping sends one request each second, and produces one line of output for each response received. The output tells the size of the packet received, the sequence number, and the round-trip time in milliseconds. When the user interrupts the program, ping produces a summary that specifies the number of packets sent and received, packet loss, and the minimum, mean, and maximum round-trip times. The output in the figure also shows another interesting feature. Although the author specified www. sears. com as the destination computer, ping lists the computers name as seors. com. Chapter 29 discusses computer names in detail. For now, it is sufficient to know that www. sears. com is merely an alias for computer sears. com.

The output in Figure 2. 3 shows an average round-trip time of 49 milliseconds, typical when the Internet S not congested. As a comparison, Figure 2. 4 shows the roundtrip time from the author’s workstation to a site on the west coast (the University of California at Befkeley), and Figure 2. 5 shows the round-trip time for a site on the east coast (MIT in Cambridge, Massachusetts), all taken on the same day at nearly the same time. When the measurement was taken, the path to MIT was experiencing congestion later produced a much which increased delays substantially ; measurements a few hours lower round-trip time to the same destination.

PING amber. Berkeley. EEU 56 data bwes
64 bRes frem amber. Berkeley. EHJ (128. 32. 25. 12)
64 bytes frem amber. Berkeley. EHJ (128. 32. 25. 12)
64 bwes £ram amber. Berkeley. EDTJ (128. 32. 25. 12)
64 bytes £ram amber. Berkeley. EDU (128. 32. 25. 12)
64 bwes £rcm amber. Berw1ey. EIU (128. 32. 25. 12)
—-amber. Berkeley. EEIU pJNG Statistics—-

5 packets tranEntitted, 5 packets receiM, O% packet loss
rounjj-trip (ms) min/avg/max-53/53/55

Figure 2. 4 Example output from the ping program for destination

www. berkeley. edu, which is located on the west coast. round trip times are only slightly higher than those reported in Figure 2. 3.

64 bwes fram DANEMICN-FATCH. MIT. EDU (18. 181. 0. 31) iatFSeFO. time=176. Ms
64 byttes frem CN-EAKH. MIT. ED0 (18. 181. 0. 31) iweq=1. Time=234. Ms
64 bwes £rcm DANDELIA-rAICH. MIT. EEU (18. 181. 0. 31) larFsW2. Time-302. Ms
64 bwes £ram DANEMICN-FAITCH. MIT. EHJ (18. 181. 0. 31) iatF_seq3. Time-165. Rns
64 bFes frem ICN-EATCH. MIT. EHJ (18. 181. 0. 31) iatFeqa. Time=208. Rns
—-a-EATCH. MIT. EDU PING Statistics—-

5 packets transmitted, 5 packets receivecl, O% packet loss
round-trip (ms) min/avg/max-165/217/302

Figure 2. 5 Example output from the ping program for destination
www. mit. edu, a location on the east coast. round-trip times are significantly higher than in previous examples.
It may seem that the ping program is too simplistic to be useful. Even with options turned on, the round-trip times provide little information to the average user. For example, ping cannot explain why the time required to reach MIT is higher than the time to reach other distant locations. More important, it appears ping has little to otftr as a tool to debug network failures because output occurs only when a computer responds successfully. When no response is received, ping cannot help determine the reason. The remote computer could be turned off, disconnected from the network, its network interface could have failed, or it could be running software that does not respond to ping. The local computer could be disconnected from the network, the network to which the remote computer attaches could have failed, or the problem could be caused by the failure of an intermediate computer or network. Finally, ping sometimes fails because the network has become so congested with traffic that delays are unreasonably long. ping has no way to determine the cause of the problem.
iarrs € wo. Time-53. Ms
iarrsq1. Time=53. Ms
iarF €₩ 2. Time=54. Ms
iarr_sq3. Time-53. Ms
iww¢. Time-55. Ms

Companies configure their site to reject ping packets. The motivation for disabling ping is tible to a deizia/-of-service of Jloodizg attack in which so many ping packets arTive that the company’s networks and computers cannot respond to legitimate requests. To avoid such attacks, the company mefely rejects ping packets befofe they enter. You may be surprised to leafn that despite its limitations, ping is heavily used as a diagnostic tool. In fact, network administrators often fun ping as soon as they learn of a determine which parts of the network are still operating -x.. XXX h pix.= I ””esul..'”p them pinpoint the failure quickly.

2. 4 Probing The Internet

How are the plots in Figures 2. 1 and 2. 2 obtained? In the early days when the Internet consisted of a dozen sites, the size could be determined manually. Now, an automated tool is required (I. e., a computer progran that sends messages to remote hosts and evaluates the responses). The program begins by walking through the Domain name system-the system that stores names for computers such as www. yahoo. Com along with the computer’s address-and then uses a program that tests to see whether the computer is curTently online. Tools used to probe the Internet are also available to users.

One of the simplest probing tools consists of a program known as ping. When a user invokes ping, the user must specify an argument that gives the name or the numeric address of a remote computer on the Internet. For example, a user might invoke ping with an argument that specifies computer www. netbook. cs. purdue. Edu ping www. netbook. cs. purche. ecin The ping program sends a message to the specified computer and then waits a short time for a response. If a response aiTives, ping reports to the user that the computer is alive ; otherwise, ping reports that the computer is not responding. For example, the following output may appear+leo. Eg. BucJmel1. Ecin is alive Some versions of ping provide options that allow the user to specify the size of the Packet sent, compute the round trip time (I. e., the time between sending a message and receiving a response), and repeatedly send one message per second until the program is stopped. Figure 2. 3 shows an example of ping output with the timing and repetition options turned on. The example was run from the author’s workstation to destination www. sears. com

PINS sears. ccM 56 data bwes
64 bwes frem 32. 97. 168. 129 iarGlswo. Tima=49. Ms
64 bNes £rcm 32. 97. 168. 129 icirF€₩1. Time = 50. Ms
64 bwes £rcm 32. 97. 168. 129 ia【FW2. Time-48. Ms
64 bwes frem 32. 97. 168. 129 icnFeF3. Time=50. Ms
64 es £rcm 32. 97. 168. 129 iarFw4. Time=48. Ms
–__secirs. cm pm statistics—-
5 packets transmitted, 5 packets receivecL, O% packet loss
romtrip (ms) min/avg/max-48/49/50

Figure 2. 3 Example output from the ping program run on the author’s workstation. the destination was www. sears. com, and the program was
manually intempted after five responses were received.