1

Jae Sook Lee

FA16 CSIT 340 – 01

Dr. Constantine Coutras

Lab #2

Wire Shark Lab1

TCP

Alice in Wonderland screenshot

2

Alice 3way hand shaking

22 20:42:23.232406 192.168.47.15 128.119.245.12 TCP 66 51905→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 128.119.245.12 Transmission Control Protocol, Src Port: 51905, Dst Port: 80, Seq: 0, Len: 0

23 20:42:23.254789 128.119.245.12 192.168.47.15 TCP 66 80→51905 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128 Frame 23: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c), Dst: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84) Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.47.15 Transmission Control Protocol, Src Port: 80, Dst Port: 51905, Seq: 0, Ack: 1, Len: 0

24 20:42:23.254850 192.168.47.15 128.119.245.12 TCP 54 51905→80 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 24: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 128.119.245.12 Transmission Control Protocol, Src Port: 51905, Dst Port: 80, Seq: 1, Ack: 1, Len: 0

Alice in Wonderland post

162 20:42:23.349502 192.168.47.15 128.119.245.12 HTTP 1077 POST /wireshark‐labs/lab3‐1‐reply.htm HTTP/1.1 (text/plain) Frame 162: 1077 bytes on wire (8616 bits), 1077 bytes captured (8616 bits) on interface 0 Ethernet II, Src: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 128.119.245.12 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not‐ECT) Total Length: 1063 Identification: 0x4564 (17764) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 192.168.47.15 Destination: 128.119.245.12 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: 51905, Dst Port: 80, Seq: 151841, Ack: 1, Len: 1023 [105 Reassembled TCP Segments (152863 bytes): #25(1460), #26(1460), #27(1460), #28(1460), #29(1460), #30(1460), #31(1460), #32(1460), #33(1460), #34(1460), #36(1460), #37(1460), #43(1460), #44(1460), #45(1460), #46(1460), #47(1460), #48(146] Hypertext Transfer Protocol MIME Multipart Media Encapsulation, Type: multipart/form‐data, Boundary: "‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐50112649827654" [Type: multipart/form‐data] First boundary: ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐50112649827654\r\n Encapsulated multipart part: (text/plain) Content‐Disposition: form‐data; name="file"; filename="AliceInWonderland.txt"\r\n Content‐Type: text/plain\r\n\r\n Line‐based text data: text/plain ALICE'S ADVENTURES IN WONDERLAND\r\n … THE END\r\n Last boundary: \r\n‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐50112649827654‐‐\r\n

3

Wireshark screenshot packet file

1. What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu? To answer this question, it’s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header window” (refer to Figure 2 in the “Getting Started with Wireshark” Lab if you’re uncertain about the Wireshark windows. Answer: Source port: 1161 which is 192.168.1.10 2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection? Answer gaia.cs.umass.edu IP: 128.119.245.12 Destination port: 80 which is gaia.cs.umass.edu

4

3. What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu?

Answer Source IP 192.168.1.102 transferred file to gaia.cs.umass.edu This is the address http://gaia.cs.umass.edu/ethereal-labs/lab3-1-reply.htm

5

The website source IP transferred: http://gaia.cs.umass.edu/ethereal-labs/lab3-1-reply.htm Captured 3way handshaking 55 21:19:01.474857 192.168.47.15 128.119.245.12 TCP 66 52042→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 Frame 55: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 128.119.245.12 Transmission Control Protocol, Src Port: 52042, Dst Port: 80, Seq: 0, Len: 0 Source Port: 52042 Destination Port: 80 [Stream index: 1] [TCP Segment Len: 0] Sequence number: 0 (relative sequence number) Acknowledgment number: 0 Header Length: 32 bytes Flags: 0x002 (SYN) Window size value: 8192 [Calculated window size: 8192] Checksum: 0x6562 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (12 bytes), Maximum segment size, No‐Operation (NOP), Window scale, No‐Operation (NOP), No‐Operation (NOP), SACK permitted

6

56 21:19:01.497089 128.119.245.12 192.168.47.15 TCP 66 80→52042 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=128 Frame 56: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Ethernet II, Src: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c), Dst: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84) Internet Protocol Version 4, Src: 128.119.245.12, Dst: 192.168.47.15 Transmission Control Protocol, Src Port: 80, Dst Port: 52042, Seq: 0, Ack: 1, Len: 0 Source Port: 80 Destination Port: 52042 [Stream index: 1] [TCP Segment Len: 0] Sequence number: 0 (relative sequence number) Acknowledgment number: 1 (relative ack number) Header Length: 32 bytes Flags: 0x012 (SYN, ACK) Window size value: 29200 [Calculated window size: 29200] Checksum: 0xd047 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (12 bytes), Maximum segment size, No‐Operation (NOP), No‐Operation (NOP), SACK permitted, No‐Operation (NOP), Window scale [SEQ/ACK analysis] 57 21:19:01.497152 192.168.47.15 128.119.245.12 TCP 54 52042→80 [ACK] Seq=1 Ack=1 Win=65536 Len=0 Frame 57: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Giga‐Byt_52:49:84 (40:8d:5c:52:49:84), Dst: Tp‐LinkT_e6:67:2c (10:fe:ed:e6:67:2c) Internet Protocol Version 4, Src: 192.168.47.15, Dst: 128.119.245.12 Transmission Control Protocol, Src Port: 52042, Dst Port: 80, Seq: 1, Ack: 1, Len: 0 Source Port: 52042 Destination Port: 80 [Stream index: 1] [TCP Segment Len: 0] Sequence number: 1 (relative sequence number) Acknowledgment number: 1 (relative ack number) Header Length: 20 bytes Flags: 0x010 (ACK) Window size value: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x6556 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis]

4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment? Answer TCP SYN sequence number is 0 ( relative sequence number) Maximum segment size: 1460 bytes, Kind: Maximum segment size(2) TCP SACK Permitted Option: True, Kind: Permitted(4)

7

5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment? Answer SYNACK Sequence number is 0 Acknowledgement number is 1 Maximum segment size is 1460 bytes, Kind: Maximum segment size (2) TCP SACK Permitted option: True, Kind permitted(4) 6. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field. Answer #4 segment: Source IP 192.168.1.102 (port 1161) to Destination IP 128.119.245.12 (port 80) Sequence number: 1, Sequence number of the TCP segment: 565, Data: 565 bytes

8

7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value (see Section 3.5.3, page 242 in text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page 242 for all subsequent segments. Answer Sequence of first six number (Starting from segment #4)

Segment # 6, 9, 12 = 1 Receiver) Segment sent time (under Frame -> [Time since reference or first frame]) RTT & Estimated RTT (Receiver can’t guaranteed because can’t expect when to send)

Sender Receiver Sender

No Segment Size Next

Segment Time No

Next Expected(ACK)

Time RTT Estimated RTT

4 1 565 566 0.593646 6 566 0.624318 0.030672 0.003834

5 566 1460 2026 0.612118 9 2026 0.647675 0.035557 0.00718875

7 2026 1460 3486 0.624407 12 3486 0.694466 0.070059 0.010734781

8 3486 1460 4946 0.625071 14 4946 0.739499 0.114428 0.018150309

10 4946 1460 6406 0.647786 15 6406 0.78768 0.139894 0.03018502

11 6406 1460 7866 0.648538 16 7866 0.838183 0.189645 0.043898643

13 7866 1147 9013 0.694566 17 9013 0.875188 0.180622 0.062116937

8. What is the length of each of the first six TCP segments? Answer

1) #4 segment: 619 bytes (4952 bits) 2) #5 segment: 1514 bytes (12112 bits) 3) #7 segment: 1514 bytes (12112 bits) 4) #8 segment: 1514 bytes (12112 bits) 5) #10 segment: 1514 bytes (12112 bits) 6) #11 segment: 1514 bytes (12112 bits)

9

9. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of receiver buffer space ever throttle the sender? Answer <Minimum>

<Maximum>

Receiver side which is 128.119.245.12 widening window size maximum 62780 and last sender’s window was 1460. In this case, receiver and sender both communicated well. Buffer space doesn’t have throttle. 10. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to answer this question? Answer The trace file does not have ARQ(Automatic Repeat reQuest) because 1) No error detection, 2) No receiver feedback (= NAK), 3) Receiver does not send back error to sender

10

11. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the receiver is ACKing every other received segment (see Table 3.2 on page 250 in the text). Answer

11

12

13

14

12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this value. Answer Average = connection time TCP connection average = Each of first and last number both ACK and ACK time Compute throughtput formula : F bit / T bit/sec #4 segment = (first ACK) 1, #4 time to start (First ACK time) = 0.026477000 #202 segment = (Last ACK) 164091, # 202 (Last ACK time) = 5.45583000 - 164091 – 1 = 164090 - 5.455830000 – 0.026477000 = 5.429353000 - 164090 / 5.429353 = 30222

13. Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slow start phase begins and ends, and where congestion avoidance takes over? Comment on ways in which the measured data differs from the idealized behavior of TCP that we’ve studied in the text. Answer

15

14. Answer each of two questions above for the trace that you have gathered when you transferred a file from your computer to gaia.cs.umass.edu

#1 segment SYN #3, #4 segments

SYN

#5 segments

#7 segments

#8 segments

#10 segments

#11 segments

#13 segments