Exercises: Local Analysis Tools

Linux and Network Management Workshop
PacNOG5 - June 2009
Papeete, French Polynesia


See what services are running on your machine. You can use the
presentation as a reference:


Or, utilize "man lsof", "man netstat", "lsof -h" y "netstat -h" to see
the available options (there are a lot!). You should do these exercises
as root:

* Using lsof, what IPv4 services are listening on your machine?

* Using netstat, what IPv4 and IPv6 services are listening on your machine?


To use tcpdump you need to be root. To use wireshark you need to open
a terminal and use sudo as a normal user (i.e., userid netmanage):

* In a root terminal use tcpdump like this:

  # tcpdump -i lo -A -s1500 -w /tmp/tcpdump.log

  Now, generate some traffic on your lo interface in another terminal.
  For example:

  $ ping localhost
  $ ssh localhost
  etc. Afterwords press CTRL-C to terminate the tcpdump session.

* In another terminal as a normal user (i.e., like "netmanage") open
  wireshark like this:

  $ sudo wireshark -r /tmp/tcpdump.log

  Now you can play with the wireshark interface to start and
  understand how it works. Can you figure out how to follow packets
  by protocol? Session?

Use "man iperf" or "iperf -h" for help.

* Ask your neighbor to run "iperf -s". Connect to your neighbor's
  machine using "iperf -c ipNeighbor". How is the throughput
  between your machines?

* Test TCP using various window sizes (-2).

* Verify TCP MSS (-m). How does this affect throughput? What is
  Path MTU discovery?

* Test with two parallel threads (-P) and compare the totals. Is
  there any difference? Why?

* Test with different packet sizes and the TCP_NODELAY (-N) option.