SKR 3200

KOMUNIKASI DAN RANGKAIAN

KOMPUTER

GROUP 5

N E T W O R K TO O L S P R O J E C T

LECTURER: DR. ABDULLAH

GROUP NAME:
1. MUHAMMAD HALIL BIN ARIFIN 196606
2 . S I T I A I S YA H B I N T I Z A I M I 1 9 6 2 9 0
3. H EN O RY GE RLD J O HN W EEN 1 97 72 0
4. NURUL ANISHA BT MOHD ZAKI 196446
5 . N U R E L L I N A I Z Z AT I B I N T I N A S R U D D I N 1 9 7 7 2 5
TABLE OF CONTENT

N CONTENT M/S
O
1. Abstract
2. Introduction
3. Ping Plotter
4. DNS Query
5. Visual Route
6. TCP View
7. Conclusion
6. Reference
Abstract

In general, Computer networking tools help a lot in development, maintenance,

protection, website modification. This goal of the project aims to make us better understand
the function of network tools. Network output is obtained using network tools that our group
selects Ping plotter, TCP view, visual route and DNS data view.

Introduction

Computer networking is an engineering discipline that aims to study and analyze the
communication process among various computing devices or computer systems that are
linked, or networked, together to exchange information and share resources. Computer
networking depends on the theoretical application and practical implementation of fields like
computer engineering, computer sciences, information technology and telecommunication.
The computer networking tools that we make a research has 4 type which is TCP View, DNS
Data View, Ping Plotter and Visual Route. The type of tools has their own function and
different meanings.

Firstly, the tool is Ping plotter. The tool can help the user to find and fix the problem
fast where this tool can visualize network performance data across hundred of target with
tools built for monitoring both local and remote devices. Ping Plotter is easy to deploy and
access wherever we need, be it a local workstation, remote server and can also help to prove
the actual cause of issues for employees working at homes. User also can collected the data
easily like another tools.

Next, the tool is DNS Query. DNS Query is a request for information sent from a
DNS Client to a DNS server. Normally, a DNS query is a request sent from a DNS Client to a
DNS Server, asking for the IP Address related with a Fully Qualified Domain Name (FQDN).
When a DNS Client needs to find the IP Address of a computer known by its (FQDN), it
queries DNS servers to get the IP Address.
 Furthermore, the type of tool is Visual Route. Visual Route is an easy to use graphical
user interface that integrates various tools such as traceroute, ping, and Who is (the most
common commands taught in a networking course) to check Internet connectivity, and
displays the actual route of connections and IP address locations on a global map. Visual
Route provides the performance analysis, DNS analysis, TTL (Time to Live) for the packets
received from the destination host analysis, connection analysis, latency measurement and
packet loss measurement.

Finally, the tools of TCP View. Tools means that a window network monitoring
utility that shows a graphical representation of all currently active TCP and UDP endpoint on
system. Administrators can also view the process that owns the endpoint in Window Server
2008, Window XP, Window Vista and Window 7. TCP View enable to sorting by process
name address and state of the connection such as “listening” or “Established”. TCP View
allows users to manually close connections or kill processes from inside the application, in
addition to showing existing network connections. User can easily collect data by using these
tools. User have tried to collect data during the day and night by using different websites
which is “fbi.gov” and “malaysia.gov.my” by using these four types of tools.

Use Function & Important of Each Tools.

1. Ping Plotter
Now a days, many users such as play online games and sometimes they encountered
problem. For instance, an unacceptable lagging in an online games. So, since 1998
Ping Plotter was created and the main function of it is to troubleshoot such as
unacceptable lag in online game or when the Internet Service Provider (ISP) is slow.
It have much of features and capabilities. Todays, it was grown enough and it is the
most powerful network monitoring, troubleshooting and diagnostic tool. Futhermore,
it is also used by variety of users nowadays.
Ping plotter can help us to know when connectivity to one of our servers goes
down. So that, by using this tool we can get some evidence of where, when, and why
it down. For example when we ping the random website or any website that we want
to ping. There have interface that show us the Packet Loss (%), Hop, Count, Ip
 Address, DNS name, Average, Min, Currency and Round Trip (ms) on the data table.
Other than, we also can see the Latency Graph interface. For the data table, it shows
the details of each hop between us and our target. While, the Latency Graph is to
gives about the visual representation of the trace data for easy parsing.

Evidence & Analyses Output of Each Tools

1. Ping Plotter

Figure 1: Ping Test During Night

International website: fbi.gov

From the figure 1 above, we can see the the trace graph which is divided into two
section that is data table and latency graph. On the data table it shows the raw details
of each Hop which is from Hop 1 until Hop 8. Besides that, data table shows the
details of Count, Ip Address, DNS name, Average (Avg), Min, Currency (CUR),
Packet Loss (PL) in (%) and also the Round Trip (ms). While the Latency Graph
shows the symbols such as ;
 Average latency for the current focus period. This average ignores timeouts
and lost packets.

The range of latencies recorded for a specific hop during the

current focus period.

Means, a color-coded representation of latency, as defined by the

Graph Colour Legend in the Target Bar.

The response time for the last packet sent.

A cool connect-the-dots to help user visually track hop latency.

The percent of lost packets over the current focus period.

Figure 2 : Timeline Graph

The other interface is Timeline Graph which have Latency (1) it will show the
ping round-trip time to the selected hop. Next is Latency Scale (2) it used for a
reference to aid in evaluating hop latency. Lost Packet (3) is the indicator that
showing a packet sent in that trace interval. Futhermore, Packet Loss Scale (4) is the
percentage of packets lost within the displayed timeline segment. Besides that, it have
Focus Area (5) , this section of collected data currently being displayed in the Trace
Graph. The last one is Comment Indicator (6) which is an indicator showing a
comment made at a specific point in time on the Timeline Graph.
Interpreting Results From PingPlotter

By reffering figure 1 which our group decided to ping the fbi.gov website during
night. Final Destination (hop 8) shows 10.3% packet loss. So it means some data loss
was lost between user’s computer and the target. Hop 7 also shows 10.2% packet
loss.This packet loss is carried on through to the final destination which is hop 8. This
is huge indication of where the problem lies. Futhermore, hop 7 & hop 8 have
different domain names which sgw.equinix.com and fbi.gov respectively. Also the IP
addresses show in different ranges. So it can be the strong clue that cause the
problem.

When talking about the latency, it shows how long it takes data to travel to
user target and back. We can see at the figure 1 which is the latency is more than 1
milisecond (ms) that is 93.0 ms and it is still in good latency because not exceed 100
ms. However, the packet loss is over 5% which is not good for streaming video or
audio. Because for streaming audio or video must be in range between 5% - 10% of
packet loss.
 Figure 3: Ping Test During Daylight.
Local website: malaysia.gov.my

By referring to figure 3, our group decided to ping the malaysia.gov.my website

during daylight. However, we can see that, the Destination Address is Unreachable.
We need to know that, it is happened like that not because of the website is fully
down. But maybe, one of the routers between the computer running PingPlotter and
the destination is not passing through ICMP echo requests or not allowing ICMP
TTL expired packets to return. From figure 3 above, we can see that there is no
Avg, Min, and Cur shown. But the packet loss is 100% that means the Destination
Address Unreachable.

Packet loss 100% is the phenomenon that occurs whenever packets of data that
user send or receive never make it to their destination. 100% packet loss occurs
whenever no packet that you send makes it to the destination. As a result, there’s no
response from the server we pinged (or attempted to send the requests to).

Figure 4: Ping Test During Night

Local website: malaysia.gov.my

 By referring figure 4, we ping the local website which is malaysia.gov.my during
night. We can see the data from PingPlotter that Destination Address Unreachable.
The packet loss 100% which is very bad.

2. DNS Data View

Understanding DNS

DNS is a global system for translating IP address to human-readable domain names. When a
user tries to access a web address like “example.com”, their web browser or application
performs a DNS Query against a DNS server, supplying the hostname. The DNS server takes
the hostname and resolves it in to a numeric IP address, which the web browser can connect
to.

A component called a DNS Resolver is responsible for checking if the hostname is available
in local cache, and if not, contacts a series of DNS Name Servers until eventually it receives
the IP of the service the user is trying to reach, and returns it to the browser or application.
This usually takes less than a second.

Types of DNS Query

There are three types of DNS Query system which is Recursive Query, Iterative Query, Non-
Recursive Query.

1) Recursive Query
In a recursive query, a DNS client provides a hostname, and the DNS Resolver
“must” provide an answer—it responds with either a relevant resource record, or an
error message if it can't be found. The resolver starts a recursive query process,
starting from the DNS Root Server, until it finds the Authoritative Name Server (for
more on Authoritative Name Servers see DNS Server Types below) that holds the IP
address and other information for the requested hostname.

2) Iterative Query
In an iterative query, a DNS client provides a hostname, and the DNS Resolver
returns the best answer it can. If the DNS resolver has the relevant DNS records in its
 cache, it returns them. If not, it refers the DNS client to the Root Server, or another
Authoritative Name Server which is nearest to the required DNS zone. The DNS
client must then repeat the query directly against the DNS server it was referred to.

3) Non-Recursive Query
A non-recursive query is a query in which the DNS Resolver already knows the
answer. It either immediately returns a DNS record because it already stores it in local
cache, or queries a DNS Name Server which is authoritative for the record, meaning it
definitely holds the correct IP for that hostname. In both cases, there is no need for
additional rounds of queries (like in recursive or iterative queries). Rather, a response
is immediately returned to the client.

Description of The System

This utility is a GUI alternative to the NSLookup tool that comes with Windows operating
system. It allows to easily retrieve the DNS records (MX, NS, A, SOA) of the specified
domains. It can be use the default DNS server of your Internet connection, or use any other
DNS server that specify. After retrieving the DNS records for the desired domains, can save
them into text/xml/html/csv file.

System Requirements

Older versions of Windows are not supported. But, DNSDataView can work on:

 Windows XP
 Windows Server 2003
 Windows Vista
 Windows 7
 Windows Server 2008
 Windows 10
Using DNSDataView

DNSDataView doestn’t require any installation process or additional DLL files. In order to
start using it, simply run the executable file which is DNSDataView.exe. After running it,
type one or more domain that wish to view the DNS information, and click ‘Ok’. After very
short time, need to get all DNS records of the specified domains in the main window of
DNSDataView. If DNSDataView fails to retrieved the DNS records, try to manually type the
DNS server of the Internet provider.

Command-Line Option

The table below shows the Command-Line Option.

For example, it can be use like:

DNSDataView.exe /Domains "yahoo.com google.com" /scomma c:\temp\dns.csv

Evidence & Analyses Output of DNS Query

Figure 1: DNS Test During Daylight (malaysia.gov)

There are a few different record type which is NS, MX, A, AAAA, CNAME, SOA, SRV,
TEXT and PTR.

 IP Version 6 Address record (AAAA Record) - stores a hostname and its

corresponding IPv6 address.

 Canonical Name record (CNAME Record) - can be used to alias a hostname to

another hostname. When a DNS client requests a record that contains a CNAME,
which points to another hostname, the DNS resolution process is repeated with the
new hostname.

 Mail exchanger record (MX Record) - specifies an SMTP email server for the
domain, used to route outgoing emails to an email server.

 Name Server records (NS Record) - specifies that a DNS Zone, such as
“example.com” is delegated to a specific Authoritative Name Server, and provides the
address of the name server.

 Reverse-lookup Pointer records (PTR Record) - allows a DNS resolver to provide an

IP address and receive a hostname (reverse DNS lookup).

 Certificate record (CERT Record) - stores encryption certificates—PKIX, SPKI, PGP,

and so on.

 Service Location (SRV Record) - a service location record, like MX but for other
communication protocols.
  Text Record (TXT Record) - typically carries machine-readable data such as
opportunistic encryption, sender policy framework, DKIM, DMARC, etc.

 Start of Authority (SOA Record) - this record appears at the beginning of a DNS zone
file, and indicates the Authoritative Name Server for the current DNS zone, contact
details for the domain administrator, domain serial number, and information on how
frequently DNS information for this zone should be refreshed.

From the Figure 1, our group decide to test the DNS test using malaysia.gov.my website
during daylight. There are 14 record index where is the section are answer exclude record
index number 6, 7, and 9. The IP Address are shown for the record index which is answered.
The record type for record index 1 and 2 is NS. Record index for 3 and 4 is MX. For record
index 5, the record type is A and for the record index 6, the record type is AAAA. The record
index 7, the record type is CNAME. Next, record index 8 using SOA record type. Record
index 9, the record type is SRV. After that, record index 10 is TEXT record type. Lastly, for
record index 11 until 14 it using the record type PTR. There have an error for record index 6,
7, and 9.

Figure 2: DNS Test During night (malaysia.gov.my)

From the Figure 2, our group want to test the local network during night using website of
malaysia.gov.my. But, we found out that the test output is same with the daylight.

Figure 3: DNS Test During Night (fbi.gov)

From the figure 3 above, our group decide to test the network outside of the country during
night is using website of fbi.my. There are 22 index record. All this section has answered
exclude for record index 11, 13, 14, 21 and 22. From record index 1 until record index 4, the
record type is NS. For record index 5 and 6, the record type is MX. Next, for record index 7
and 8, the record type is A. After that, the record index 9 and 10, the record type is AAAA.
For the record index 11, the record type is CNAME. For the record index 12 is using SOA
record type. For the record index 13, the record type is SR. Next, the record index 14 is using
TEXT record type. Lastly, for the record index 15 until 22 are using the PTR record type.
There have an error for record index 11, 13, 14, 21 and 22.
3. VISUAL ROUTE

Visual Route is an easy to use graphical user interface that integrates various tools such as
traceroute, ping, and Whois (the most common commands taught in a networking course) to
check Internet connectivity, and displays the actual route of connections and IP address
locations on a global map. Visual Route provides the performance analysis, DNS analysis,
TTL (Time to Live) for the packets received from the destination host analysis, connection
analysis, latency measurement and packet loss measurement.

FBI (at night)

At night, our group decided to trace network information about Fbi.gov which is international
website to be accessed from our own home network. We make analysis on its internet
connectivity, and displays the actual route of connections and IP address locations stated on
each hops. By using Visual Route, we can identify the total number of hops encountered, the
average response time for each hops, the time it takes for a DNS lookup, the TTL value of
packets received, the exact place where a problem occurred, the type of Web Server running
at the destination site, the general idea of throughput achieved and so on.

By referring to traceroute information, we found that in general, this route offers a good
throughput which hops responding on average within 57 ms. However hops 3 in local
network is noticeably slower than others. According to the information retrieved, the times it
takes for a DNS look up is 877 ms. Packet loss is none which means by one or more packets
of data travelling across a computer success to reach to final destination. The route length for
this route is 12 hops. As we can see there are 12 hops on route graph pane below but two of
them have no response for that section of the route.

Local website (daylight)

During the daylight, our group decided to trace network information about local website
which is Malaysia.gov.my. By referring traceroute information, we found that in general, this
route offers a good throughput, with hops responding on average within 67 ms. However, hop
8 in network TMnet, Telekom Malaysia Berhad, is noticeably slower than others. The times it
takes for a DNS look up is 64 ms. Maximum average for packet loss is 0.0% out of the
100%. There are total 13 hops in this route length.
Local website (at night)

We use the same local website but at the night. By referring to traceroute information, in
general, this route offers a good throughput, with hops responding an average within 61 ms.
However, hop 3 in network which means local network, is noticeably slower than others. The
times it takes for a DNS look up is 14 ms which by took shorter time compare at daylight.
Maximum average for packet loss is 9.8% out of 100%. There are at least 14 hops in this
route length but two is not responding for that route section.
 4. TCP View

TCP View is a Window program that allows user to view detailed listing about UDP
and TCP directly on our device. The listing is include detail remote and local address and the
status of protocol which is UDP or TCP. This program is ideal for user who like to know
what happened running in the background on their device. User also can check and know
what actually happened when an address is typed when into a web browser or any application
are play. In this program user can use TCP View on, command line version where provide
same function with TCP View.

TCP View will show all active TCP and UDP endpoint, resolving all IP address to
their domain. TCP View will update every second but the use have option at the menu bar to
change refresh rate. User also have another option like process properties, end process, close
proses, who is and copy. Endpoints that shift status from one update to the next are marked
in yellow; removed endpoints are marked in red, and new endpoints are marked in green.

What is TCP and UDP

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are widely use as
TCP IP network. TCP is protocol oriented and the data packet can be sent bidirectional. UDP
is more simpler than TCP because it is connectionless oriented protocol. Using UDP multiple
message are sent as packets in chunks.

No Key TCP (Transmission Control Protocal) UDP(User Datagram

Protocol)1

1 Definition Is is a communication protocal where the Basically it same like TCP

data is transmitted between system over protocol but it doesn’t the
the network. The data is send into form of packet is received and data
packet and include other like error – recovery.
checking, make sure packet is receive and
preserve the order of the data packet.
2 Design Protocol Oriented Less protocol

3 Reliable Reliable and it provide error – checking Not reliable because UDP just
and also to ensure the transmission of data provide basic error- checking
to the destination router. which is check sum and the
transmission is not guarantee
receive by receiver.

4 Data transmission The packet is transmitted in particular The packed is transmitted with
sequence. no sequence and to implement
ordering it has to be manage by
application layer.

5 Performance Slower and less efficient in performance Efficient and more effiecient
for certain reasons such as security.

6 Retransmission Retransmission of the data packet is Retransmission of the data

possible. packet is possible.

Output TCP View

MORNING
International Website : fbi.gov (United States : 104.16.148.244 : 0900-1200)
Local website: Malaysia.gov.my (Malaysia: 104.16.149.244 : 0900-1200)
 TCP View is a Window program that allows user to view detailed listing about UDP
and TCP directly on our device. Figure 1 and figure 2 show both website are running in TCP
protocol. Ip address are using for communicate each other, IP address for international
website is 104.16.148.244 and local website is 104.16.149.244. After open the website we
can see the green colour is appear that means a new endpoint is connected and the states is
established but on my observation got abet different between fresh rate for both website.
International website i can see the information and the state is in established more than more
than 15 second but for local website the stated change from established to close wait around
less than 10 second and the information will disappear. Remote port for both website are
using https which is more secure than http.

NIGHT

International Website : fbi.gov (United States : 104.16.148.244 : 2100-0000)

Local website: Malaysia.gov.my( Malaysia : 104.16.149.244 : 2100-0000)

Figure 3 and figure 4 show both website are running in TCP protocol when I’m
testing using my own internet. Ip address are using for communicate each other, IP address
for international website is 104.16.148.244 and local website is 104.16.149.244. After open
the website we can see the green colour is appear that means a new endpoint is connected and
the states is established but on my observation got abet different between fresh rates for both
website. International website still appear longer detail information than local website.
Remote port for both website are using https which is more secure than http. Sent packet and
sent Bytes for local website is (17 sent packet / 32.847 sent Bytes) but for international
website is (31 sent packet / 2358 sent bytes). Received packet and send bytes for local
website is (80 received packet / 156306 received Bytes) but for international website is (31
received packet / 1 378,512 received bytes). We can see the different between received Bytes
international website is higher than local website and for the received packet international
website is higher than local website.
Conclusion

In conclusion, what we have learned from research of networking tools project is that
we can learn how to use the network tools and gain knowledge about feautures in this
network tools. Network tools can save time and energy of users when doing work. Therefore,
these network tools are very useful for users to solve problems related to network problems.

References

Version 5 Manual PingPlotter. Retrived from,

https://www.pingplotter.com/manual/interpretgraphsexampleone.html

Pingman Tools, LLC (1998, 2018). Ping Plotter Version 5 Manual.

WhatIsMyIPAddress. Retrived from, https://whatismyipaddress.com/isp

Getting Started Guide, The Trace Graph. Retrieved from,

https://www.pingplotter.com/fix-your-network/getting-started/the-trace-graph.html

Common Network Problem. Retrieved from,

https://www.pingplotter.com/wisdom/common-network-problems

(n.d). Visual Ware retrieved from http://www.visualroute.com/support/v14/traceres.html

(n.d). Visual Route And Virtual Network Computing Exercises For Computer Network
Courses Retrieved January 25, 2021, from https://peer.asee.org/visual-route-and-
virtual-network-computing-exercises-for-computer-network-courses.pdf

Contributors, T. T. (2020). What is TCP (Transmission Control Protocol)?

SearchNetworking.
https://searchnetworking.techtarget.com/definition/TCP#:~:text=TCP
%20(Transmission%20Control%20Protocol)%20is,of%20data%20to%20each%20other

Markruss. (2011) TCPView for Windows - Windows Sysinternals.

https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview#:~:text=from
%20Sysinternals%20Live.-,Introduction,process%20that%20owns%20the%20endpoint

TCPView. https://tcpview.en.softonic.com/