flyingscorpio/efrei
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
efrei/network-protocols/tp2.tex

299 lines
11 KiB
TeX
Raw Blame History

\documentclass[a4paper,french,12pt]{article}
\title{Networks and Protocols --- Wireshark Lab}
\author{Alexandre Chen --- Tunui Franken}
\usepackage{../cours}
\begin{document}
\maketitle
\clearpage
\section{TCP}
\subsection{A first look at the captured trace}
\begin{enumerate}
\item What is the IP address and TCP port number used by your client computer (source) to transfer the file to \texttt{gaia.cs.umass.edu}?
The client's socket is \texttt{192.168.1.102:1161}.
\item What is the IP address of \texttt{gaia.cs.umass.edu}? On what port number is it sending and receiving TCP segments for this connection?
The server's socket is \texttt{128.119.245.12:80}.
\item \texttt{[Trace used]}
\end{enumerate}
\subsection{TCP Basics}
\begin{enumerate}\setcounter{enumi}{3}
\item What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and \texttt{gaia.cs.umass.edu}?
What is it in the segment that identifies the segment as a SYN segment?
The value of the sequence number is \texttt{232129012} (relative 0).
The flag that identifies it as a SYN segment is set to \texttt{0x002}.
\item What is the sequence number of the SYNACK segment sent by \texttt{gaia.cs.umass.edu} to the client computer in reply to the SYN\@?
What is the value of the Acknowledgement field in the SYNACK segment?
How did \texttt{gaia.cs.umass.edu} determine that value?
What is it in the segment that identifies the segment as a SYNACK segment?
The value of the sequence number is \texttt{883061785} (relative 0).
The value of the acknowledgement number is \texttt{232129013} (relative 1).
It is set to the sequence number of the received SYN segment, incremented by 1.
The flag that identifies it as a SYNACK segment is set to \texttt{0x012}.
\item What is the sequence number of the TCP segment containing the HTTP POST command?
The value of the sequence number is \texttt{232293053} (relative 164041).
\item Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection.
What are the sequence numbers of the first six segments in the TCP connection?
At what time was each segment sent?
When was the ACK for each segment received?
Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments?
What is the \texttt{EstimatedRTT} value after the receipt of each ACK\@?
\begin{enumerate}
\item Seq = 164041 sent at \texttt{Aug 21, 2004 15:44:25.867722000 CEST}
\item Seq = 1 sent at \texttt{Aug 21, 2004 15:44:25.959852000 CEST}
\item Seq = 1 sent at \texttt{Aug 21, 2004 15:44:26.018268000 CEST}
\item Seq = 1 sent at \texttt{Aug 21, 2004 15:44:26.026211000 CEST}
\item Seq = 1 sent at \texttt{Aug 21, 2004 15:44:26.031556000 CEST}
\item Seq = 164091 sent at \texttt{Aug 21, 2004 15:44:26.221522000 CEST}
\end{enumerate}
\item What is the length of each of the first six TCP segments?
\begin{enumerate}
\item 104 bytes
\item 60 bytes
\item 60 bytes
\item 60 bytes
\item 784 bytes
\item 54 bytes
\end{enumerate}
\item What is the minimum amount of available buffer space advertised at the received end for the entire trace?
Does the lack of receiver buffer space ever throttle the sender?
The window size is advertised as 17520, which is more that the length of each TCP segment, so none of them throttle the sender.
\item Are there any retransmitted segments in the trace file?
What did you check for (in the trace) in order to answer this question?
There are no retransmitted segments in the trace.
The value to check for is \texttt{analysis}, which will mention any retransmitted segments.
\item How much data does the receiver typically acknowledge in an ACK\@?
Can you identify cases where the receiver is ACKing every other received segment?
The ACK acknowledges the total amount of received data.
In the trace, the segments 14--17 are ACKing every other received segment.
\item What is the throughput (bytes transferred per unit time) for the TCP connection?
Explain how you calculated this value.
First calculate the total sum of transferred data (length).
Then divide that value by the \texttt{Time since first frame in this TCP stream} (field of the last TCP segment of the stream).
So it this case: $\frac{159388}{5.297257} = 30088.779910$ bytes/sec.
\end{enumerate}
\subsection{TCP congestion control in action}
\begin{enumerate}\setcounter{enumi}{12}
\item Can you identify where TCP's slowstart phase begins and ends, and where congestion avoidance takes over?
Comment on ways in which the measured data differs from the idealized behavior of TCP that we've studied in the text.
The slowstart phase begins at the beginning of the stream, and ends at frame 13.
Then the avoidance takes over and allows the sender to wait a certain amount of time before sending more packets.
\end{enumerate}
\section{UDP}
\begin{enumerate}
\item Select \emph{one} UDP packet from your trace.
From this packet, determine how many fields there are in the UDP header.
Name these fields.
\begin{enumerate}
\item Source Port
\item Destination Port
\item Length
\item Checksum
\item UDP payload
\end{enumerate}
\item By consulting the displayed information in Wireshark's packet content field for this packet, determine the length (in bytes) of each of the UDP header fields.
\begin{enumerate}
\item Source Port: 2 bytes
\item Destination Port: 2 bytes
\item Length: 2 bytes
\item Checksum: 2 bytes
\item UDP payload: 129 bytes
\end{enumerate}
\item The value in the Length field is the length of what?
It is the length of UDP segment (the encapsulated data + the UDP header).
\item What is the maximum number of bytes that can be included in a UDP payload?
129.
\item What is the largest possible source port number?
2 bytes so $2^{16} - 1 = 65535$.
\item What is the protocol number for UDP\@?
Give your answer in both hexadecimal and decimal notation.
\begin{itemize}
\item Decimal: 17
\item Hexadecimal: 11
\end{itemize}
\item Examine a pair of UDP packets in which your host sends the first UDP packet and the second UDP packet is a reply to this first UDP packet.
The source port and destination port are reversed.
\end{enumerate}
\section{IP}
\begin{enumerate}
\item What is the IP address of your computer?
The source IP address is \texttt{192.168.1.102}.
\item Within the IP packet header, what is the value in the upper layer protocol field?
The upper layer value is 1, which corresponds to ICMP\@.
\item How many bytes are in the IP header?
How many bytes are in the payload \emph{of the IP datagram}?
Explain how you determined the number of payload bytes.
The header has 20 bytes.
The payload has $98 - 20 = 78$ bytes.
\item Has this IP datagram been fragmented?
Explain how you determined whether or not the datagram has been fragmented.
The flag for \texttt{More fragments} is set to 0, so the packet has not been fragmented.
\item Which fields in the IP datagram \emph{always} change from one datagram to the next within this series of ICMP messages sent by your computer?
The \texttt{Time to live} always changes.
\item Which fields stay constant?
Which of the fields \emph{must} stay constant?
Which fields \emph{must} change?
Why?
The fields that stay constant are~:
Version, Header Length, DSF, Total Length, Flags, Protocol, Source Address and Destination Address.
The fields that \emph{must} stay the same are~:
Version, Protocol, Source and Destination Address.
The field that \emph{must} change is the TTL, because this is ICMP, and echo messages are based on the value for TTL\@.
\item Describe the pattern you see in the values in the Identification field of the IP datagram.
The Identification is incremented with each sent packet.
\item What is the value in the Identification field and the TTL field?
The Identification field's value is 40316, and the TTL is 255.
\item Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router?
Why?
The TTL doesn't change because the router being a first hop, the TTL is never decremented.
\item Find the first ICMP echo request message that was sent by your computer.
Has that message been fragmented across more than one IP datagram?
Yes it has been fragmented.
\item What information in the IP header indicates that the datagram has been fragmented?
What information in the IP header indicates whether this is the first fragment?
How long is this IP datagram?
The flag set to \texttt{0x20} indicates \texttt{More fragments}.
The \texttt{Fragment offset} field set to 0 indicates that it is the first fragment.
The IP datagram is $1514 + 562 = 2076$ bytes long.
\item What information in the IP header indicates that this is not the first datagram fragment?
Are there more fragments?
How can you tell?
The \texttt{Fragment offset} field set to 1480 indicates that it is not the first fragment.
There are no more fragments, as indicated by the \texttt{Flags} field, set to 0.
\item What fields change in the IP header between the first and second fragment?
\begin{itemize}
\item Total Length
\item Flags
\item Fragment Offset
\item Checksum
\end{itemize}
\item How many fragments were created from the original datagram?
3 fragments have been created.
\item What fields change in the IP header among the fragments?
The \texttt{Fragment Offset} and \texttt{Checksum} are the fields that change.
\end{enumerate}
\end{document}
Reference in a new issue View git blame Copy permalink