NAME Satyam Tiwari

UID 2021200119
Batch TE ETXC CA4
EXPERIMENT No. 1b

AIM: Identify and observe the behavior of networking command line tools
Objectives:
· To identify various network commands used for checking Network statistics.
· To identify one tool (for Linux and Windows) which performs FCAPS management.

1. ifconfig - The ifconfig command, short for "interface configuration," is a command-line tool
used in Unix and Unix-like operating systems (including Linux) to configure and display
information about network interfaces on a system. It allows users to view and modify
network interface parameters such as IP addresses, netmasks, broadcast addresses, and more.

enp1s0: This is the name of the first network interface.

lo: This is the loopback interface, used for local communication.

Flags:

 UP – indicates that the interface is currently active

 BROACAST – interface can send and receive broadcast packets
 RUNNING – Interface is currently operational
 MULTICAST – Interface can receive multicast packets

MTU (Maximum Transmission Unit) – The max size of packet that can be transmitted on the
interface. MTU is measured in bytes. Here, MTU is 1500 bytes.
 What is an IP address?

An IP address represents an Internet Protocol address. A unique address that identifies the
device over the network. An IP address helps the Internet to distinguish between different
routers, computers, and websites. It serves as a specific machine identifier in a specific
network and helps to improve visual communication between source and destination.
Total IP address range ranges from 0.0.0.0 to 255.255.255.255. It contains two parts namely:
Network ID (which is the left part of IP address) and Hosting ID (part of IP address not taken
by network ID). Currently there are 2 versions of IP addresses are in use i.e IPV4 and IPV6

i. IPV4 (Internet Protocol Version 4): The first version of Internet Protocol address.
The address size is 32-bit number. Internet Protocol Security (IPSec) with respect to
network security is optional. It is having 4,294,967,296 number of addresses.
Represented in dotted decimal format. (e.g. 192.168.0.1)
ii. IPV6 (Internet Protocol Version 6): Recent version of IP address. The address size
is 128-bit number. In this Internet Protocol Security (IPSec) with respect to network
security is mandatory. It allows 3.4 x 10^38 unique IP addresses. Represented in
hexadecimal format. (e.9. 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

IP address can be private or public. If it is accessible from internet, it is public, else it is private
and is used within internal networks. To generate individual IP addresses for their customers,
ISPs (internet service provider) typically use a technique called Dynamic Host Configuration
Protocol (DHCP). DHCP allows devices to have an IP address assigned automatically when they
connect to a network.

RFC 1918 name IP address range Largest CIDR block (subnet mask)
24-bit block 10.0.0.0 – 10.255.255.255 10.0.0.0/8 (255.0.0.0)
20-bit block 172.16.0.0 – 172.31.255.255 172.16.0.0/12 (255.240.0.0)
16-bit block 192.168.0.0 – 192.168.255.255 192.168.0.0/16 (255.255.0.0)

In the above image,

inet gives us the IPv4 address assigned to the interface which is 172.16.20.162. This is a private
IP address of 20-bit block. Subnet mask address is 255.255.255.0 and the Gateway address is
172.16.20.255. Whereas inet6 gives the IPv6 address of the interface.

Ether gives us the MAC (hardware) address of the interface a4:ae:12:27:ed:fc. RX packets
indicates the number of packets received by the interface and similar for TX packets. txqueuelen
gives us the maximum number of packets that can be queued for transmission on the interface.
The gateway converts the private IP into public IP address.

2. hostname - used to retrieve the hostname of the system.

3. ping - The ping command is a valuable tool used to test the reachability and responsiveness
of a host on a network.
Refer Below image: PING google.com (216.239.38.120) specifies the target host
(google.com) and its IP address (216.239.38.120).
56(84) bytes of data: This indicates the size of the data packets sent in each ping request. The
first number is the size of the header, and the second number is the total size with data. Now
coming to the response to the first ping request:

 64 bytes: This is the size of the data received in the response packet.
 any-in-2678.1e100.net: hostname or IP address of the device that responded to the ping.
 icmp_seq=1: This is the sequence number of the ping request.
 ttl=117: This is the Time to Live value, which indicates how many network hops the
packet can make before being discarded.
 time=1.35 ms: This is the round-trip time (RTT) for the ping request, which is the time it
took for the ping request to travel to the target host and back.

Here the ip address given by DNS is 216.239.38.120, this is address of google in this case
In windows, only 4 packets are transmitted by default and then it stops, whereas in Ubuntu, it
keeps sending packets till we press ctrl C. To control the number of packets sent, we have
another command called ping -c.
4. ping -c 4 – This command is same as ping but here we can specify the number of packets we
wish to receive (the number 4 here means that we want only 4 packets to be transmitted)

5. traceroute - also known as tracert on Windows, is a network diagnostic tool used to reveal
the path that data packets take when traveling from your computer to a specific destination.
Like a roadmap, it identifies the intermediate network devices (routers) involved in the
journey, providing valuable insights into network connectivity and potential issues. It has
various applications like: Identifying network path, Troubleshooting connectivity issues and
identifying geographical location.

Here IP address 27.109.1.149 corresponds to:

 Similarly, IP address 216.239.38.120 corresponds to:

 The number of hops (routers) displayed depends on the network complexity and distance
to the destination.
 traceroute can sometimes be blocked by firewalls or security measures. This is denoted

by asterisk (*) marks like in the above figure

The limitation of command is that it only gives information of the first 30 Hops.
In the first figure, there are 8 Hops, which describes the route. In the 1st fig, we can see that it
takes 60-byte packets for the trace. The IP address of the local gateway router is 172.16.20.1. The
time values given after that indicates the Round-trip times (RTT) for the three packets.
It refers to the time it took for three data packets sent by the traceroute command to travel from
our computer to the first hop (gateway) on the network and back.

6. netstat -r, -a, -e - The netstat command in Linux is a powerful networking tool used to
display a variety of information related to network connections, routing tables, interface
statistics, and more. It helps users diagnose network issues and gain insights into the current
state of network activities on a system.
 netstat -r
Destination: The network or host to which the route applies.

 default: This route matches any destination not explicitly listed in the table. Traffic for
unknown destinations will be sent to the gateway specified here.
 Gateway: The IP address of the next hop router that will be used to forward traffic to the
destination network. Here, the hostname of default gateway, which is likely a local router
is _gateway, sometimes the IP address is shown instead.
 Genmask: The subnet mask associated with the route, which defines the range of IP
addresses that belong to the destination network.

 Flags: U: The route is up and active.

G: The route uses a gateway (as opposed to being directly connected).
 MSS: The Maximum Segment Size (MSS) for TCP packets sent over this route. This
value is not shown in your image.
 Window: The TCP receive window size for this route.
 irtt: The Initial Round Trip Time (IRTT) for this route.
 Iface: The network interface through which traffic for this route will be sent.
 Enp1s0: This is the name of the network interface (likely an Ethernet adapter) that will be
used to send traffic to the destinations specified in the routes.

A default route to any destination not on the local network, which will send traffic to the gateway
router.
A specific route for all devices on the local network (link-local), which will send traffic directly
through the enp1s0 interface without needing a gateway.

netstat -a - used to display all active network connections on your computer. It provides valuable
insights into the processes using your network, the remote hosts they're connected to, and the
type of connection established.
  Protocol: The type of communication used (TCP, UDP, etc.)
TCP – Transmission control protocol, UDP – User datagram protocol
 Recv-Q: The number of bytes received and waiting to be read.
 Send-Q: The number of bytes waiting to be sent.
 Local Address: My computer's IP address and port number.
 Foreign Address: The remote host's IP address and port number.
 State: The current state of the connection (e.g., ESTABLISHED, LISTEN,
CLOSE_WAIT).
 PID/Program name: The process ID and name of the program associated with the
connection (if available).
The number after colon (:) in the address represents the SOCKET number.

netstat -e - provides insights into network interface statistics on your system. It offers detailed
information about various metrics related to data transfer, errors, and overall network activity.

7. arp -a, arp -e

arp -a – The arp -a command is used to display the contents of the Address Resolution
Protocol (ARP) cache on a computer. This cache stores information that maps IP addresses to
their corresponding hardware (MAC) addresses on a local network, enabling efficient
communication between devices.

In windows
 Here the 1st column shows the IP address of devices , 2nd column shows the MAC address of
the device’s network interface.

The
above fig is for the ubuntu, here the lface is also shown, which is the local network interface. It
could be the name of Ethernet adapter, Wi-Fi adapter, or any other network interface card
connected to the computer.
arp -e - used to remove entries from the Address Resolution Protocol (ARP) cache. This cache
stores the mappings between IP addresses and their corresponding hardware (MAC) addresses
for devices on your local network.

It deletes specified entries from the ARP cache and is useful for situations where entries are
outdated, incorrect, or causing network connectivity issues.
C Flag: Represents "Complete". Indicates that the ARP entry has a valid and resolved MAC
address associated with the listed IP address. This means the ARP cache has successfully learned
the physical address of the device.
M Flag: Represents "Manual". Indicates that the entry was manually added to the ARP cache
instead of being dynamically learned through regular network communication. This is typically
done for static routes or specific devices where the MAC address is known in advance.
These flags helps us understand which entries we might want to remove which is not important.
MAC address also called Hardware address,
IP address also called Logical add or physical add.

8. systeminfo – In windows, displays detailed information about your computer's hardware,

software, and system configuration
uname – The term “uname” stands for “Unix Name,” and the command itself is designed to
provide you with key details about your Linux system.
 uname -a - Displays all available information. It prints all the system information in the
following order: Kernel name, network node hostname, kernel release date, kernel version,
machine hardware name, hardware platform, operating system.
uname – n - Displays the network (domain) name of the machine.Displays the network
(domain) name of the machine.

9. FCAPS - (fault, configuration, accounting, performance and security) is a network

management framework created by the International Organization for Standardization (ISO).
The FCAPS model is also known as the ISO network management model or the OSI network
management model.

 Fault management level - Network faults can happen. This makes it critical to find
them early before they cause serious issues. Organizations can find and correct
network problems at this level.

 Configuration management - It helps network administrators track and manage

deployments and related upkeep in a centralized manner.

 Accounting management level - The accounting management level or the allocation

level is devoted to distributing resources optimally and fairly among network
subscribers. This makes the most effective use of the systems available, minimizing
the cost of operation. Sometimes called the administration level, the accounting level
is also responsible for ensuring users are billed appropriately. It also helps
administrators configure users and groups based on permissions granted to them
within the system.

 Performance management level - helps better manage the overall performance of

the network. It allows network administrators to monitor performance and
troubleshoot issues in real time, while remaining accessible and easy to use.

 Security management level - concentrates on limiting and controlling access to

digital assets located within the network. This is because organizations must protect
the network from hackers, unauthorized users, and physical or electronic sabotage at
the security management level.
 Tools for each level in windows and Linux respectively:

FCAPS Windows Tools Linux Tools

Fault Management Event Viewer, Performance syslog, dmesg, top, htop,
Monitor, Network Monitor, netstat, ip, tcpdump,
Resource Monitor, netstat, traceroute, lsof, mtr
ping, tracert, ipconfig

Configuration Management Registry Editor, Group Policy /etc/ files, network scripts,
Editor, Device Manager, systemctl, ifconfig, route, ip,
ipconfig, route, netsh nmcli, iwconfig

Accounting Management Performance Monitor, SNMP SNMP tools, netstat,

(Simple Network tcpdump, ntop, vnstat,
Management Protocol) tools bandwidthd

Performance Management Performance Monitor, top, htop, iotop, vmstat,

Resource Monitor, Task iostat, netstat, iftop, iptraf,
Manager, netstat, iperf nload, iperf

Security Management Windows Firewall, User iptables/nftables, firewalld,

Account Control, Windows UFW, SELinux, AppArmor,
Defender, antivirus/antimalware
antivirus/antimalware software
software

SUMMARY / CONCLUSION:

In this experiment I leant about the various basic commands in Linux (in lab) to navigate through
my system, and trace routes to reach to a particular destination. I learnt about the commands like
ping which delivers us the packets and also gives the tll time by which we can get an idea of the
strength of the connection between our device and destination. I also got to know about the
netstat command by which we get an idea of the network communication, arp command by
which we can get the MAC addresses. At the end I studies about the concept of FCAPS which is
also known as the OSI model, the various levels in it and their purpose and importance along
with the windows and Linux tools that support these particular levels.