Inthisassignment,youllinvestigatetheTCP/IPprotocols. The assignment consists of four parts.
Inthisassignment,youllinvestigatetheTCP/IPprotocols. The assignment consists of four parts.
Part I: NetworkLayer IP (10 Marks)
In this part, you will analyze a trace file of IP datagrams sent and received by the execution of a traceroute program. Youll investigate the various fields in the IP datagram in detail.
Wireshark file: Assignmenet_IP, can be downloaded from the Resources section in the interact2 subject site
When answering a question, you should include screenshots of the packets with annotations to explain your answers. Select the minimum amount of packet detail that you need to answer the questions ( 1 mark for each ofQ1-8, and 2 marks for Q9 ).
1. Select the first ICMP Echo Request message sent by the client, expand the Internet Protocol part of the packet in the packet details window, and provide the screenshots of this.
2. Within the IP packet header, what is the value in the upper layer protocol field?
3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes.
4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented.
Next, sort the traced packets according to the IP source address by clicking on the "Source" column header; a small downward pointing arrow should appear next to the word Source. If the arrow points up, click on the Source column header again. Select the first ICMP Echo Request message, and expand the Internet Protocol portion in the details of selected packet header window. In the listing of captured packets window, you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets ) below this first ICMP. Use the down arrow on your keyboard to move through the ICMP messages (Note: in the following, we are only interested in the messages with source addresses ).
5. Which fields in the IP datagrams always change from one datagram to the next within this series of ICMP messages sent by the client?
6. Which of the fields must stay constant? Which fields must change? Why?
7. Describe the pattern you see in the values in the Identification field of the IP datagram Next (with the packets still sorted by source address) find the series of ICMP TTL-exceeded replies sent to the client by the nearest (first hop) router.
8. What are the values in the Identification field and the TTL field?
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to the client by the nearest (first hop) router? Why?
Transport Layer TCP (3 +2+10 Marks)
In the TCP part of this assignment, youll conduct a preliminary investigation into the behavior of TCP.
Youll conduct this lab by analyzing a trace of the TCP segments sent and received in transferring a 150KB file (containing the text of Lewis CarrolsAlices Adventuresin Wonderland) from your computer to a remote server. Youll study TCPs use of sequence and acknowledgment numbers for providing reliable data transfer; youll also briefly consider TCP connection setup and youll investigate the performance (throughput and round-trip time) of the TCP connection between your computer and the server.
Part II: Capturing a bulk TCP transfer from your computer to a remote server (3 marks)
Before beginning your exploration of TCP, youll need to use Wireshark to obtain a packet trace of the TCP transfer of a file from your computer to a remote server. Youll do so by accessing a Web page that will allow you to enter the name of a file stored on your computer (which contains the ASCII text ofAliceinWonderland), and then transfer the file to a Web server using the HTTP POST method. Of course, youll be running Wireshark during this time to obtain the trace of the TCP segments sent and received from your computer. Do the following:
Start up your web browser. Gohttp://csusap.csu.edu.au/~xhuang/alice.txtand retrieve an ASCII copy ofAlicein Wonderland. Store this file somewhere on yourcomputer.
Next, go tohttp://csusap.csu.edu.au/~xhuang/TCP_A.htmlYour web browser should show a web page that permits you to upload a file. Use the Browse button in this form to enter the name of the file (full path name) on your computer containingAlicein Wonderland(or do so manually). Dont press the Upload alice.txt file buttonyet.
Now start Wireshark and begin packet capture (CaptureOptions).Selectthecorrectinterface (usually its the networkinterface card of your computer) and then press STARTonthe Wireshark PacketCapture Options screen. Before starting, its best to close thewebpagetabs other than the uploadpage.
Returning to your browser, press the Upload alice.txt file button to upload the file to the csusap.csu.edu.au server. During the upload, a short message may be displayed in the status bar of your browser window.
Stop Wireshark packet capture. In order to analyze the trace, you can filter the packets displayed in the Wireshark window by entering tcp (lowercase, no quotes, and press return after entering) into the display filter specification window towards the top of the Wireshark window. Then you should be able to see both TCP and HTTP packets, and should now see a Wireshark window which looks like Fig. 1.
Export and savethe trace file for further analysis.
Figure 1: Example trace
10. Did you successfully capture a packet trace of the TCP transfer of a file called alice.txt by following the above steps? your answer will be either A. Yes. I will answer the questions In Part III by using my own captured Wireshark file; or B. No. I will answer the question in Part III by using the Wireshark file provided.
Part III: A first look at the captured trace (2 marks)
(If you are unable to run Wireshark on a live network connection, you can download a packet trace file that was captured while following the steps above on the Resources
Wireshark file: Assignmenet_TCP, which can be downloaded from the Resources section of the interact2 subject site. Note that you will lose some of the marks by using this file rather than using your own captured file for this part of the assignment)
Whenever possible, when answering a question, you should include the screenshots of the packet(s) within the trace that you used. Annotate the screenshots to explain your answer. To capture the screenshots, select the minimum amount of packet detail that you need to answer the question ( 1 mark for each).
11. What are the IP address and TCP port number used by your client computer (source) to transfer the file to the server?
12. What is the IP address of the server? Which port number is it sending and receiving TCP segments for this connection?
Note: To answer these questions, its probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the details of the selected packet header window.
Since this assignment is about TCP rather than HTTP, change Wiresharks listing of captured packets window so that it shows information about the TCP segments containing the HTTP messages, rather than the HTTP messages. To have Wireshark do this, select AnalyzeEnabled Protocols. Then uncheck the HTTP box and select OK. You should now see a Wireshark window that looks like Fig. 2:
Figure 2: Example trace showing a series of TCP exchanges
ThisiswhatyourelookingforaseriesofTCPsegmentssentbetweenyourcomputerandcsusap.csu.edu.au.
Part IV: TCP (10 Marks)
Answer the following questions ( 2 marks for each ) for the TCP segments:
13. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and the server? What element of the segment identifies it as an SYN segment?
Wireshark uses relative sequence numbers by default. You can obtain absolute sequence numbers instead. You must use relative sequence numbers to answer all the questions.
14. What is the sequence number of the SYNACK segment sent by the server to the client computer in reply to the SYN? What is the acknowledgment number (Ack=?) in the SYNACK segment? How did the server determine that value? What element in the segment identifies it as an SYNACK segment?
15. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command; youll either need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a POST within its DATA field or prevent Wireshark from reassembling the packets and displaying them as one response, rather than as multiple continuation packets. This can be disabled by going to Edit Preferences Protocols HTTP and unchecking the Reassemble HTTP bodies spanning multiple TCP segments box.
16. What is the length of each of the first six TCP segments?
Note: Generally, the TCP segments will all be less than 1460 bytes. This is because most computers have an Ethernet card that limits the length of the maximum IP packet to 1500 bytes (40 bytes of TCP/IP header data and 1460 bytes of TCP payload). This 1500 byte value is the standard maximum length allowed by Ethernet. If your trace indicates a TCP length greater than 1500 bytes, and your computer is using an Ethernet connection, then Wireshark is reporting the wrong TCP segment length; it will likely also show only one large TCP segment rather than multiple smaller segments. Your computer is indeed probably sending multiple smaller segments, as indicated by the ACKs it receives. This inconsistency in reported segment lengths is due to the interaction between the Ethernet driver and the Wireshark software.
17. How much data does the receiver typically acknowledge in an ACK? Show an example.
What to hand in:Answers to questions 1-16. Also, provide evidence ( including annotated screenshots ) for how you arrived at all your answers.
