ECSE 489 Telecom.

Network Lab

Fall 2015

Experiment 1: Network Measurement Tools

1

Introduction

In this lab you will use the applications Ping, Traceroute, and Wireshark to measure network traffic
and performance characteristics.
At the end of this lab you should know how to:
1. Use Traceroute to measure the path taken by packets going to particular destination;
2. Use Ping to measure round trip times;
3. Use Wireshark to record and inspect packet traces;
4. Measure the performance (delay, loss, and throughput) of an application using these tools.
As always, read the instructions carefully!

Background

2.1
Find a lab partner
First things first, before proceeding to work on the lab you should identify a lab partner. You should
both be registered in the same section of the course (either Wednesday or Thursday). Once you have
chosen partner, register for a group number on myCourses.
2.2
Computer networks background knowledge
Since this is the first lab in the course and most of you are also taking ECSE 414 this semester, the
networking knowledge required as background to complete this lab is minimal. It will be helpful to
have a high-level understanding of:
1. The structure of the Internet (core, edge, access networks);
2. Delay, loss, and throughput in packet-switched networks;
3. The layered architecture of the Internet protocol stack;
4. Basics of the application layer and HTTP.
These topics are typically covered in the first 23 lectures of ECSE 414, and relevant material can also
be found in Kurose and Ross Sections 1.11.5 and Sections 2.12.2.
2.3
Working from the command line
Both Traceroute and Ping are applications invoked from the command line. If you are not already
familiar with using the command line (cmd.exe on Windows, or Terminal on Linux/OS X) the
following resources may be useful.
Windows: http://www.cs.princeton.edu/courses/archive/spr05/cos126/cmd-prompt.html
Linux/OS X: http://linuxcommand.org
In this lab you will are asked to use both Windows and Linux. The desktops in ENGTR 4180 are
running Windows, and you can log into one of the ECE Linux servers
tr5130gu-1.ece.mcgill.ca to tr5130gu-15.ece.mcgill.ca
using SSH.

Lab requirements

This lab is organized into three parts, around the three tools Traceroute, Ping, and Wireshark. Details
for each part, including the experiment to perform and what to include in the report, are given on the
pages that follow.

8 September 2015

1 of 5

ECSE 489 Telecom. Network Lab

Fall 2015

Part 1: Traceroute
Description of the tool
Traceroute is a tool used to measure the path taken by a packet from your machine to a target
destination. The destination can be provided either as an IP address (such as 132.206.71.37) or a
domain name (such as tr5130gu-7.ece.mcgill.ca). Traceroute is called from the command line. On
Windows, it is tracert and on Linux-based platforms it is traceroute.
Typical output looks like the following:
michaelrabbat ~$ traceroute www.mcgill.ca
traceroute to www.mcgill.ca (132.216.177.160), 64 hops max, 52 byte packets
1 142.157.104.3 (142.157.104.3) 2.853 ms 4.177 ms 8.596 ms
2 james-core-vlan417.gw.mcgill.ca (132.216.216.11) 1.815 ms 1.613 ms 1.814 ms
3 datacentre1-vlan414.gw.mcgill.ca (132.216.216.5) 1.996 ms 2.158 ms 1.603 ms
4 www.mcgill.ca (132.216.177.160) 1.735 ms 1.743 ms 1.696 ms

In this example, I provided the argument www.mcgill.ca, asking Traceroute to determine the path
from my laptop (while connected to the McGill wireless network) to the server www.mcgill.ca.
Packets must traverse through 4 hops to reach the destination. For each hop, Traceroute tries to
provide the domain name (if available) and the IP address of the device. It also measures the roundtrip time to that device three times and reports the results.
Traceroute has a number of optional parameters that can be used to customize its behavior. Enter
tracert /? at the Windows command line and man traceroute in a Linux terminal to
read more about these.
There are a number of issues that can affect Traceroute and the information it reports. For more on
this you may want to read A Practical Guide to (Correctly) Troubleshooting with Traceroute available online
at
https://www.nanog.org/meetings/nanog45/presentations/Sunday/RAS_traceroute_N45.pdf
before proceeding. Although it assumes knowledge of some topics that you wont be exposed to until
later in ECSE 414, you should still be able to get the big picture. You can always ask the course staff
if you have questions.
Experiments and Reporting
There are some fundamental differences in how Traceroute operates on Windows and Linux. Choose
a destination server which is not on the McGill campus and run Traceroute to this destination from
two computers on campus (one running Windows and the other running Linux).
1. Include the output in your report.
2. Explain the output from each and briefly discuss any differences in syntax and functionality.
A Looking Glass is a website that allows you to run simple network measurement tools like Traceroute
and Ping from a remote server. The website www.traceroute.org maintains a list (not completely upto-date) of such sites located around the world. Choose 6 servers from this list; 3 of these should be
located in North America, and the other 3 should be located on different continents, so that your
servers represent 4 different continents. Try to choose servers for which you can confidently determine
the city in which the server resides based on its name (or using a site like http://iplocation.net).
Perform Traceroutes to these six servers from a machine located on the McGill campus, and also
perform Traceroutes from the servers back to your machine on campus.
3. Draw a figure to summarize the results (e.g., as a directed graph), and include the Traceroute
output in an appendix of your report.
4. Are the paths from your machine on campus to a remote server asymmetrical? Do you observe
any cases where multiple routes are taken to the same destination? Do the traces always reach

8 September 2015

2 of 5

ECSE 489 Telecom. Network Lab

Fall 2015

the destination? How many routers do you encounter that are not responsive? Discuss these
points.
5. For the servers that are located on different continents, can you determine which hop or hops
carry the traffic across an ocean? Explain/justify your answer.
Repeat the measurements to the same 6 servers on a different day. Preferably, this will be on a different
day of the week and a different time of the day.
6. Have any of the routes changed? If so, how many routes, and to what extent did they change?
Make sure to include the name and location of the machines you used for this experiment, as well as
the times when the traces were collected, in your report.

Part 2: Ping
Description of the tool
Ping is a simple command line tool that measures the round-trip-time (RTT) to a given destination. It
is invoked using the command ping on all platforms. Typical output looks like the following:
michaelrabbat ~$ ping www.mcgill.ca
PING www.mcgill.ca (132.216.177.160): 56 data bytes
64 bytes from 132.216.177.160: icmp_seq=0 ttl=252 time=2.505
64 bytes from 132.216.177.160: icmp_seq=1 ttl=252 time=3.828
64 bytes from 132.216.177.160: icmp_seq=2 ttl=252 time=3.537
64 bytes from 132.216.177.160: icmp_seq=3 ttl=252 time=3.941
64 bytes from 132.216.177.160: icmp_seq=4 ttl=252 time=3.652
64 bytes from 132.216.177.160: icmp_seq=5 ttl=252 time=2.427
^C
--- www.mcgill.ca ping statistics --6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.427/3.315/3.941/0.614 ms

ms
ms
ms
ms
ms
ms

Each line of the output above corresponds to one packet that was transmitted to the remote host, and
one reply packet received. TTL stands for time to live and is related to the number of hops between
your machine and the remote host.
Ping also has a number of optional parameters that can be used to control its behavior. Type ping
/? on Windows or man ping on Linux for more.
Experiment and Reporting
Use Ping to measure the round-trip-time to each of the six servers you performed Traceroutes to in
the previous part. For each server gather at least 10 RTT measurements.
1. Calculate the min, mean, median, max, and standard deviation of the RTTs to each of the six
servers and include these in the report.
2. Comment on what these different statistics tell us about the different sources of delay along
each path (i.e., the transmission, propagation, queueing, and processing delays).
3. Do these RTT statistics correlate with the geographic distance between the two hosts? Include
figures to support your conclusions.
4. Do the TTL and RTT values measured using Ping match what you expected based on your
Traceroute measurements? Do TTLs correlate with geographic distance? Again, include
figures to support your conclusions.

8 September 2015

3 of 5

ECSE 489 Telecom. Network Lab

Fall 2015

Part 3: Wireshark
Description of the tool
Wireshark is a freely-available and widely-used program for packet capture and analysis; it is
sometimes also called a packet sniffer. You can download the latest version from
http://www.wireshark.org if you want to install it on your personal machine.
Getting started, and sniffing HTTP
To get familiar with Wireshark, complete the Getting Started lab in the supplemental document
posted on myCourses. This document, developed in conjunction with the Kurose and Ross textbook,
is based on a slightly older version of Wireshark, and if you use the latest version you will notice some
minor differences with the user interface. However, the basic functionality is exactly the same as
described in the document.
The Getting Started document finishes with a section called What to hand in. You dont need to
hand in any of this information or include it in your report. However, we recommend you that read
and think about the questions. They may be asked during the demo, and they also discuss some useful
features of Wireshark, like printing or copying certain sections of a packet. Although you dont need
to submit the answers in your report for this experiment, you may consider recording the answers for
your own benefit in a notebook (physical, or electronic, e.g., using screenshots marked up using a
program like Paint or Skitch), which you will be permitted to refer to during the demo session.
Next, read and complete the exercises in the HTTP Wireshark lab described in another
supplemental document posted on myCourses (also developed in conjunction with the Kurose and
Ross textbook). You should complete all portions of the lab through Section 4. (You may skip Section
5 on HTTP Authentication; nowadays any website requiring authentication should be using more
sophisticated mechanisms than this.) Again, you are not required to submit the answers to any of the
questions asked in this document. However, these questions may be asked during the demo, and you
are encouraged to take your own notes which you will be allowed to refer to.
Experiment and Reporting
Now that you understand some of the basics of Wireshark and its features for analyzing HTTP traffic,
lets see whats happening under the hood for a popular video streaming website. Start capturing traffic
using Wireshark, open a web browser, direct it to YouTube [http://www.youtube.com], and stream
a video. You should capture packets while watching at least 30 second of video (and preferably closer
to 1 minute). Address the following questions/discussion points in your report.
1. Identify the stream of packets carrying the audio/video data. Describe how you accomplish
this using Wireshark. Make sure to also take note of what web browser you are using and what
quality the video is being streamed at (e.g., 240p, 360p, 480p, etc.). You can find the quality
by clicking on the Settings wheel in the video pane.
2. How much data is contained in each packet? How frequently do streaming packets arrive at
your computer? Are all packets the same size, or do the sizes vary? How does the size of these
packets compare to maximum packet size you encountered in the HTTP experiment?
3. Over the period of time that you captured packets while streaming video, what is the average
throughput that video data is transmitted to your computer? [Hint: Youll need to look at the
packet sizes and timing information to perform this calculation. You may want to export data
from Wireshark in CSV format to load into Excel, Matlab, or your other favorite tool (e.g., a
Python script) for analysis.]
4. If you increase or decrease the quality of the video, what do you expect to change about the
streaming data traffic? Think about this first, discuss it with your lab partner, and include your
hypothesis in your lab report.

8 September 2015

4 of 5

ECSE 489 Telecom. Network Lab

Fall 2015

5. Now re-stream the same video but with a different quality. How do the packet sizes and interpacket timing change? Does this match what you expected?

Important dates and deliverables

4.1
Demo
The demo will take place in class on September 23 and 24 and will count for 10% of your final grade
in the course. For the demo, you should be prepared to answer questions about how Traceroute, Ping,
and Wireshark work; you should be able to conduct simple measurements using Traceroute and Ping,
and interpret the results; and you should be able to replicate portions of the Getting Started and
HTTP Wireshark experiments.
4.2
Report
The first lab report is due at 23:59 on October 1, and it will count for 15% of your final grade. In
addition to all of the information mentioned above, your report should include the names and McGill
ID numbers of both group members, as well as your groups section (Wed or Th) and number.
Additional guidelines for report preparation and marking will be posted in a separate document on
myCourses.

8 September 2015

5 of 5