This is the 14th post of a series for teaching cyber-security in a coding-club. Read [part 13].

Ping Pong on the World Wide Web

Connecting to the internet

In the first module you learnt many commands to interact with the shell with your computer.

To find the secret server, we will need to be on the Internet. Fortunately, it's easy. If your computer is online, the shell can go online. The first command we will learn is ping.

For that, we need a very very very brief introduction to the World Wide Web. The Internet is made of millions of computers networked together. Here's a map of how some of these computers are joined together:

source: www.opte.org/maps

Some of the computers in the network are on the World Wide Web. Those computers exchange information using a special language called HTTP (Hyper Text Transfer Protocol).

To find each other they need an address. Just like if I wanted to send you a postcard I would write send to: 344 Kublai Road, Ulaanbaatar, Mongolia. Computers need to know where to send their images, websites, data, etc.

The address for each computer is called and IP address (or Internet Protocol Address). It looks like this: 110.10.81.44 It's a bit like 344.KublaiRd.Ulaanbaatar.Mongolia, but for computers. Those 4 numbers let any computer find any other computer in the world. The School computers have one, Google's computers have one, and so do your computers at home.

Let's find our own IP address. Type in a shell:

ifconfig

The output should be something complicated like:

eth0      Link encap:Ethernet  HWaddr 7e:62:f0:17:39:e6
          inet addr:121.15.18.4  Bcast:10.5.255.255  Mask:255.255.0.0
          inet6 addr: fe21::7d74:f0df:fe17:44e4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3222 errors:0 dropped:0 overruns:0 frame:0
          TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:167095 (167.0 KB)  TX bytes:11075 (11.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65236  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:600 (600.0 B)  TX bytes:600 (600.0 B)

fortunately we have learnt pipes and grep, so let's use a command to just keep the part which is an address. We'll pass the output to grep and ask grep to only print the lines which have the words inet addr.

ifconfig | grep 'inet addr'

Watch out for the quotes! The output should be much cleaner and have only 2 lines.

Can you find a number which looks something like this: inet addr: 101.5.7.40? That's your IP address.

Playing Ping-Pong

So let's send something to the Internet from the shell. First we'll have to pick a computer to send it to. I know that google has a server with IP: 8.8.8.8, so let's send it there.

The most basic way to send information on the Web is a command called ping. It's the equivalent of saying Hello, anybody there?.

If it's online, the receiving computer answers with a pong. So let's send a ping to google, and see if we can play ping-pong.

ping command

ping <IP address>

The ping command sends a small signal to a server with a given IP. It can also be used with a URL (another name for an address on the Web). So we can also do:

ping twitter.com

To specify how many pings we send, use the option -c or count:

ping twitter.com -c 5

to send five pings to twitter.com

Ok, so let's ping Google five times:

ping 8.8.8.8 -c 5

What did you observe? Let's see what all that output means.

Ping → Internet → Pong

After sending 5 pings to google on 8.8.8.8, here's what my output looks like:

6 packets transmitted, 6 received, 0% packet loss, time 5020ms
rtt min/avg/max/mdev = 1.307/1.351/1.457/0.062 ms

I sent 6 packets, all were received by google, 0% were lost and it took 5020ms (about 5 seconds to do the ping pong back and forth). There is also the minimum time for a ping (1.307 miliseconds).

That's amazingly fast! The blink of a real eye takes about 300ms! So your computer could send 230 pings to google in that time!

Ok. In such case, it sounds like your host is really close to the google servers. Let's try something more challenging. Do the following:

ping lemonde.fr -c 5

How long did the ping take this time? I know .fr is in Europe, so it probably took a little longer. Did all packets arrive or were any of them lost along the way? Let's try a little further:

ping baidu.cn -c 5

Baidu is the Chinese version of Google. How long did it take to send the pings to China? Did all of them arrive?

Cybersecurity experts will use ping to find out if a computer is online, and to test if the connection is fast or slow.

Some people, however, use it for nefarious purposes. If you send too many pings in a row, the website can't handle the normal visitors and will collapse. This is called Ping of Death (PoD) or Denial of Service Attack (Dos).

What else can we find about a server? Let's find out in [Part 15].