On your Ubuntu VM, we will identify the default network services that are exposed using a variety of tools

netstat

netstat is a common Linux utility for performing an inventory of network resources being used on a machine. Examine the man page for netstat to determine the 4 flags that you can pass the tool to list all TCP sockets in a LISTEN state on an IPv4 address and the program that is using it.

man netstat

Examine the "Local Address" field of the output. Servers such as ssh and nginx typically listen on "0.0.0.0" to accept connections from any interface on the machine (INADDR_ANY when specifying socket). Servers intended for local access listen only on the loopback interface "localhost..." (INADDR_LOOPBACK) (described via man 7 ip). Following the address, the port number that each socket is listening on is specified. The port is given either as a name for well-known services (e.g. http for port 80) or as a number.

Note that netstat should provide the same information as an external nmap scan from the previous lab unless malware has been installed to hide itself locally on the machine.

Login to linux.cs.pdx.edu

lsof

The lsof utility lists all file descriptors that are open on the machine across all of its processes. As network connections are accessed via file descriptors, they may also be listed using lsof. Back on the Ubuntu VM, find the number of open descriptors using the following command.

sudo lsof | wc -l

Examine the man page for lsof.

nc

netcat (nc) is a program that can connect to arbitrary ports on a server. Examine the man page for nc. Then, on the Ubuntu VM, use the command to connect up to the ssh port of linux.cs.pdx.edu.

In this lab, we'll look at TCP throughput to different parts of the world. From the web console on Google Cloud Platform, go to Compute Engine=>"VM instances".

Create 4 VMs: one in us-west1-b, one in the US East, one in Australia, and one in Europe. For each machine's configuration, use the following:

Then ssh into each one and install iperf:

sudo apt update -y
sudo apt install iperf -y

For the VMs in the US East, Australia, and Europe, start the iperf server on the HTTP port (80) by performing the following command and leaving it running and the window open:

sudo iperf -s -p 80

On your us-west1-b VM, run iperf against each of the VMs created above by pointing the tool to the VM's external IP address.

iperf -c <IP address> -p 80

Exit out of all of the Compute Engine VMs and delete them from the console:

On any Desktop machine, laptop, or your local Ubuntu VM, install Chrome. For Ubuntu, this may be done via:

sudo apt-get install -y gdebi
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo gdebi google-chrome-stable_current_amd64.deb

Bring up an Incognito window (Ctrl+Shift+N). Then, in the address bar, visit chrome://flags. If the option exists, find and enable QUIC (HTTP 3).

Open a new tab and then open up Chrome's Developer Tools by right clicking and selecting "Inspect" (Ctrl+Shift+I).

In the address bar, visit the URL http://google.com. (Note: Use the URL exactly as shown with http:// not https:// and google.com not www.google.com). You should see a listing of all of the requests that the browser makes to obtain this page with the first one all the way at the top of the screen. A snippet is shown below:

Click on the very first request to bring up the connection details of the request and answer the following questions in your lab notebook.

Click on the second request to bring up its connection details. Answer the following questions in your lab notebook.

Click on the third request to bring up its connection details. Answer the following questions in your lab notebook.

While still on the home page for google.com and with the developer tools still open, click on XHR.

Asynchronous HTTP requests initiated by JavaScript code running on a page will show up under the XHR subsection of the Network tab. This is one way to allow interactivity between the client and server without requiring a page reload. To see this in action, type "Portland State" in the search box of the web page.