On your Ubuntu VM, we will identify the default network services that are exposed using a variety of tools
netstat is a common Linux utility for performing an inventory of network resources being used on a machine. Examine the man page for
netstat to determine the 4 flags that you can pass the tool to list all
TCP sockets in a
LISTEN state on an
IPv4 address and the
program that is using it.
sudoand take a screenshot of the output to include in your lab notebook.
Examine the "Local Address" field of the output. Servers such as
nginx typically listen on "
0.0.0.0" to accept connections from any interface on the machine (
INADDR_ANY when specifying socket). Servers intended for local access listen only on the loopback interface "
INADDR_LOOPBACK) (described via
man 7 ip). Following the address, the port number that each socket is listening on is specified. The port is given either as a name for well-known services (e.g.
http for port 80) or as a number.
/etc/servicesand find the port number that corresponds to it. Include this mapping in your lab notebook.
Note that netstat should provide the same information as an external
nmap scan from the previous lab unless malware has been installed to hide itself locally on the machine.
netstatcommand again, but do not use
sudoas this is a machine managed by CAT. Include a screenshot of the output.
lsof utility lists all file descriptors that are open on the machine across all of its processes. As network connections are accessed via file descriptors, they may also be listed using
lsof. Back on the Ubuntu VM, find the number of open descriptors using the following command.
sudo lsof | wc -l
man page for
lsofto generate a listing that is equivalent to the one generated with
netstatpreviously and include it in your lab notebook
nc) is a program that can connect to arbitrary ports on a server. Examine the man page for
nc. Then, on the Ubuntu VM, use the command to connect up to the
ssh port of
In this lab, we'll look at TCP throughput to different parts of the world. From the web console on Google Cloud Platform, go to Compute Engine=>"VM instances".
Create 4 VMs: one in
us-west1-b, one in the US East, one in Australia, and one in Europe. For each machine's configuration, use the following:
ssh into each one and install
sudo apt update -y sudo apt install iperf -y
For the VMs in the US East, Australia, and Europe, start the
iperf server on the HTTP port (80) by performing the following command and leaving it running and the window open:
sudo iperf -s -p 80
us-west1-b VM, run
iperf against each of the VMs created above by pointing the tool to the VM's external IP address.
iperf -c <IP address> -p 80
Exit out of all of the Compute Engine VMs and delete them from the console:
On any Desktop machine, laptop, or your local Ubuntu VM, install Chrome. For Ubuntu, this may be done via:
sudo apt-get install -y gdebi wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb sudo gdebi google-chrome-stable_current_amd64.deb
Bring up an Incognito window (
Ctrl+Shift+N). Then, in the address bar, visit
chrome://flags. If the option exists, find and enable QUIC (HTTP 3).
Open a new tab and then open up Chrome's Developer Tools by right clicking and selecting "
In the address bar, visit the URL http://google.com. (Note: Use the URL exactly as shown with http:// not https:// and google.com not www.google.com). You should see a listing of all of the requests that the browser makes to obtain this page with the first one all the way at the top of the screen. A snippet is shown below:
Click on the very first request to bring up the connection details of the request and answer the following questions in your lab notebook.
Host: (HTTP 1.1) or
:authority:(HTTP 2.0) headers sent by the browser? What is the
User-Agent:HTTP header that is sent?
Click on the second request to bring up its connection details. Answer the following questions in your lab notebook.
Click on the third request to bring up its connection details. Answer the following questions in your lab notebook.
alt-svc:HTTP response header. Does the server believe the client can use HTTP3/QUIC?
While still on the home page for google.com and with the developer tools still open, click on XHR.
Portland State" in the search box of the web page.