Exercises: Local Analysis Tools
Linux and Network Management Workshop
PacNOG5 - June 2009
Papeete, French Polynesia
1.) LSOF and NETSTAT
See what services are running on your machine. You can use the
presentation as a reference:
Or, utilize "man lsof", "man netstat", "lsof -h" y "netstat -h" to see
the available options (there are a lot!). You should do these exercises
* Using lsof, what IPv4 services are listening on your machine?
* Using netstat, what IPv4 and IPv6 services are listening on your machine?
2.) TCPDUMP and WIRESHARK
To use tcpdump you need to be root. To use wireshark you need to open
a terminal and use sudo as a normal user (i.e., userid netmanage):
* In a root terminal use tcpdump like this:
# tcpdump -i lo -A -s1500 -w /tmp/tcpdump.log
Now, generate some traffic on your lo interface in another terminal.
$ ping localhost
$ ssh localhost
etc. Afterwords press CTRL-C to terminate the tcpdump session.
* In another terminal as a normal user (i.e., like "netmanage") open
wireshark like this:
$ sudo wireshark -r /tmp/tcpdump.log
Now you can play with the wireshark interface to start and
understand how it works. Can you figure out how to follow packets
by protocol? Session?
3.) USING IPERF
Use "man iperf" or "iperf -h" for help.
* Ask your neighbor to run "iperf -s". Connect to your neighbor's
machine using "iperf -c ipNeighbor". How is the throughput
between your machines?
* Test TCP using various window sizes (-2).
* Verify TCP MSS (-m). How does this affect throughput? What is
Path MTU discovery?
* Test with two parallel threads (-P) and compare the totals. Is
there any difference? Why?
* Test with different packet sizes and the TCP_NODELAY (-N) option.