Sungkyunkwan University Copyright 2000-2006 Networking Laboratory Ethereal Lab : TCP 2006-04-12...

Sungkyunkwan UniversitySungkyunkwan University

Copyright 2000-2006 Networking Laboratory

Ethereal Lab : TCPEthereal Lab : TCP

2006-04-12

Hyemee [email protected]

Networking Laboratory 2/34Ethereal Lab

ContentsContents

TCP 세그먼트 형식 TCP 전송 캡쳐 필터링 HTTP 를 제외하고 TCP 의 순서 번호를 보기 TCP 세션 연결하기 TCP 혼잡 제어


TCP TCP 세그먼트 형식 세그먼트 형식 (#1/5)(#1/5)

Header Data

Source port number16 bits

Destination port number16 bits

Sequence number32 bits

Acknowledgment number32 bits

HLEN4 bits

Reserved6 bits

FIN

SYN

RST

PSN

ACK

URG

Window size16 bits

Checksum16 bits

Urgent pointer16 bits

Options and Padding


TCP TCP 전송 캡쳐 전송 캡쳐 (#1/2)(#1/2) Browse 버튼을 사용하여 파일을 찾는다 Ethereal 로 패킷 캡쳐를 시작한다 . “Upload alice.txt file” 버튼을 누른다 .

“Congratulations!” 메시지가 뜰 때까지 기다린다 . Ethereal 의 패킷 캡쳐를 중단한다 .


TCP TCP 전송 캡쳐 전송 캡쳐 (#2/2)(#2/2)


필터링필터링

필터창에 “ tcp” 라고 입력한다 . 필터링 후에 남는 TCP 와 HTTP 메시지들

SYN 메시지를 포함하는 3- 단계 핸드셰이크 HTTP POST 메시지 “HTTP Continuation” 의 메시지 시리즈

이것은 하나의 HTTP 메시지를 전송하는데 사용된 여러 TCP 메시지를 표현하는 Ethereald 의 방법이다 .

TCP ACK 세그먼트들


HTTPHTTP 를 제외하고 를 제외하고 TCPTCP 의 순서 번호를 보기의 순서 번호를 보기 이번 장에서는 TCP 에 대해 공부하므로 HTTP 는 걸러낸다 . Ethereal 의 “ listing of captured packets” 을 변경한다 .

Select Analyze → Enabled Protocols HTTP 상자의 체크를 해제 OK 버튼으로 확인

TCP 의 순서 번호를 보기 위하여 Edit → Preferences → Protocols → TCP “relative sequence numbers” 의 체크를 해제


Filtered SegmentsFiltered Segments


Questions #1Questions #1

What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu? 10.24.22.23 4782 ( 호스트가 임의로 정한 값 )

What is the IP address and port number used by gaia.cs.umass.edu to receive the file. 128.119.245.12 80 (HTTP)



What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? 3446911215

What is it in the segment that identifies the segment as a SYN segment? SYN 플래그



What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? 2855197833

What is the value of the ACKnowledgment field in the SYNACK segment? 3446911216

How did gaia.cs.umass.edu determine that value? 3- 단계 핸드세이크의 두번째 단계로써 클라이언트의 ISN+1 을 응답

번호로 전송한다 .

What is it in the segment that identifies the segment as a SYNACK segment? ACK 플래그



What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Ethereal window, looking for a segment with a “POST” within its DATA field.

3446911216


Questions #5 (1/2)Questions #5 (1/2)

Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection.

What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)?

At what time was each segment sent? When was the ACK for each segment received?

순서번호 전송 시작시간 응답 도착시간 RTT 값 3446911216 4.397153 4.649773 0.25262 3446911818 4.402445 4.649934 0.247489 3446913198 4.649881 4.883355 0.233474 3446914578 4.649918 4.884136 0.234218 3446915958 4.649985 4.886161 0.236176 3446917338 4.650013 4.886553 0.23654



What is the minimum amount of available buffer space advertised at the received for the entire trace? 5480

Does the lack of receiver buffer space ever throttle the sender? No



Are there any retransmitted segments in the trace file? No

What did you check for (in the trace) in order to answer this question? Info 창에 표시가 되고 세그먼트의 Option 에 표시된다 .



What is the throughput (bytes transferred per unit time) for the TCP connection? 152368/5.4 = 약 28,216 bytes

Explain how you calculated this value. 패킷의 크기 / 전송시간


TCP TCP 혼잡 제어혼잡 제어 단위 시간동안 전송된 데이터량 측정

Ethereal 의 TCP 그래프 도구를 사용

데이터를 그려내기 한 TCP 세그먼트를 선택 메뉴에서 다음과 같이 선택

Statistics → TCP Stream Graph → Time-Sequence-Graph(Stevens)



Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server.

Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? 전송되는 데이터량이 작아서 슬로우스타트 구간을 일부분 밖에

확인하지 못한다 . 따라서 혼잡회피 단계로 들어서지 않는다 .

Note that in this “real-world” trace, not everything is quite as neat and clean as in Figure 3.51 (also note that the y-axis labels for the Time-Sequence-Graph (Stevens) plotting tool and Figure 3.51 are different).

Sungkyunkwan UniversitySungkyunkwan University

Copyright 2000-2006 Networking Laboratory

Ethereal Lab : IPEthereal Lab : IP


ContentsContents

Capturing packets from an execution of traceroute

A look at the captured trace Questions

Computer Networking: A Top-down Approach

Featuring the Internet, 3rd edition.

Version: July 2005© 2005 J.F. Kurose, K.W. Ross. All Rights Reserved


TracerouteTraceroute In order to generated a trace of IP datagrams,

We’ll use the traceroute program to send datagrams of differents sizes towards some destination, X.

Traceroute It operates by first sending one or more datagrams with the TTL field set to 1, 2, 3;

and so on. If the TTL reaches 0, the router returns an ICMP message to the sending host. The host executing traceroute can learn the identities of the routers between itself

and destination X.

Source Destination

TTL(1)

TTL(2)

TTL(3)

TTL(4)

TTL(5)

Echo request

TTL-exceeded reply


Send datagrams of various lengthsSend datagrams of various lengths

Windows http://www.pingplotter.com (shareware and freeware version) The size of the ICMP echo request message can be explicitly set in

pingplotter Edit Advanced Options Packet Options

The default packet size is 56 bytes.

Linux/Unix The size of the UDP datagram sent towards the destination can be

explicitly set by indicating the number of bytes in the datagram Traceroute monet.skku.ac.kr 2000


Do the following 1/3Do the following 1/3

Ethereal: Begin packet capture (Capture Start) Windows: pingplotter

Enter the name of a target destination Enter 3 in the “# of times to Trace” field Edit Options Packet Options Enter a value of 56 in the Packet Size field and then press OK Then press the Trace button, You should see a pingplotter window Edit Advanced Options Packet Options Enter a value of 2000 in the Packet Size field and then press OK Then press Resume button Stop Ethereal tracing


Do the following 2/3Do the following 2/3 Pingplotter window


Do the following 3/3Do the following 3/3

Unix: enter three traceroute commands A length of 56 bytes A length of 2000 bytes Stop ethereal tracing


A look at the captured traceA look at the captured trace

In your trace, you should be able to see S D: The series of ICMP Echo Request or UDP segment D S: ICMP TTL-exceeded messages

To print packet File Print Choose Selected packet only Choose Packet summary line Select the minimum amount of packet detail that you need


Questions 1/8Questions 1/8 Select the first ICMP Echo Request message sent by your computer What is the IP

address of your computer?

Within the IPPacket Header,What is the valuein the upperlayer protocolfield?

Source Address


Questions 2/8Questions 2/8 How many bytes are in the IP

header? How many bytes

are in the payload of the IP datagram?

Explain how you determined the number of payload bytes.

IP header length

Total length

56 – 20 = 36 bytespayload


Questions 3/8Questions 3/8 Has this IP datagram been fragmented? Explain how you

determined whether or not the datagram has been fragmented.

Fragment offset

Fragment’s position in original datagram

More Fragments

Fragmented or not


Questions 4/8Questions 4/8 Sort the packets according to IP source address Which fields in

the IP datagram always change from one datagram to the next within this series of ICMP message sent by your computer?Time to live

Increase TTL field


Questions 5/8Questions 5/8 Which fields stay constant? Which of the fields must stay constant?

Which fields must change?

Stay ConstantSource & Destination

Must ChangeTime-to-live


Questions 6/8Questions 6/8 Describe the pattern you see in the values in the Identification field of

the IP datagram

Identification fieldIncreased

Identification


Questions 7/8Questions 7/8 Find the series of ICMP TTL-exceeded replies sent to your computer b

y the nearest router What is the

value in the Identification field and the TTL field?

Do these values remain unchang-ed for all of the ICMP TTL-exceeded replies sent to your com-puter by the nea-rest (first hop) router? Why?

Identification field:Identification field:Used to identify the fragments of one datagram from those of another.The originating protocol module of an internet datagram sets the identification field to a value that must be unique for that source-destination pair and protocol for the time the datagram will be active in the internet system.


Questions 8/8Questions 8/8

Sort the packet listing according to time Find the first ICMP

Echo Request message that was sent after you changed the Packet Size to be 3500.

Fragment offset Last fragment or not

Identification

Payload (1480)H

1500

Payload (1480)H

1500

Payload (520)H

540

What information in the IP headerindicates whether this is first fragmentversus a latter fragment? Fragment OffsetHow long is this IP datagram? 3

Sungkyunkwan University Copyright 2000-2006 Networking Laboratory Ethereal Lab : TCP 2006-04-12...

Documents

Transcript of Sungkyunkwan University Copyright 2000-2006 Networking Laboratory Ethereal Lab : TCP 2006-04-12...