国际交流学院
ITC212补作业名单
| Additional Assignment | ||||||
| Student ID | Last Name | First Name | Username | Current Grade | ||
| 11815039 | Zhou | Yucheng | yzhou92 | AA | 0318032202603 | 周玉澄 |
ITC212补作业要求
In this assignment, you’ll investigate the TCP/ IP protocols. The assignment consists of two parts.
Part I: Network Layer – IP (15 Marks)
In this part, you will analyze a trace file of IP datagrams sent and received by the execution of a traceroute program. You will investigate the various fields in the IP datagram in detail.
Wireshark file: Assignment_IP, can be downloaded from the “Resources” section in the interact2 subject site
When answering a question, please include screenshots of the packets with annotations to explain your answers. Select the minimum amount of packet detail needed to answer the questions ( 1.5 mark for each of Q1-8, and 3 marks for Q9 ).
1. Select the first ICMP Echo Request message sent by the client, expand the Internet Protocol part of the packet in the packet details window, and provide screenshots of this. (1.5 marks)
2. Within the IP packet header, what is the value in the upper layer protocol field? (1.5 marks)
3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. (1.5 marks)
4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. (1.5 marks)
Next, sort the traced packets according to the IP source address by clicking on the "Source" column header; a small downward pointing arrow should appear next to the word Source. If the arrow points up, click on the Source column header again. Select the first ICMP Echo Request message and expand the Internet Protocol portion in the “details of selected packet header” window. In the “listing of captured packets” window, you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets) below this first ICMP. Use the down arrow on your keyboard to move through the ICMP messages (Note: in the following, we are only interested in the messages with source addresses).
5. Which fields in the IP datagrams always change from one datagram to the next within this series of ICMP messages sent by the client? (1.5 marks)
6. Which of the fields must stay constant? Which fields must change? Why? (1.5 marks)
7. Describe the pattern you see in the values in the Identification field of the IP datagram Next (with the packets still sorted by source address) find the series of ICMP TTL-exceeded replies sent to the client by the nearest (first hop) router. (1.5 marks)
8. What are the values in the Identification field and the TTL field? (1.5 marks)
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to the client by the nearest (first hop) router? Why? (3 marks)
Part II: Transport Layer – TCP (2+3+10 Marks)
In the TCP part of this assignment, you’ll conduct a preliminary investigation into the behavior of TCP.
You’ll conduct this lab by analyzing a trace of the TCP segments sent and received in transferring a 530KB file (containing the text of The Holy Bible) from your computer to a remote server. You’ll study TCP’s use of sequence and acknowledgment numbers for providing reliable data transfer; you’ll also briefly consider TCP connection setup and you’ll investigate the performance (throughput and round-trip time) of the TCP connection between your computer and the server.
a. Capturing a bulk TCP transfer from your computer to a remote server (2 marks)
Before beginning your exploration of TCP, you’ll need to use Wireshark to obtain a packet trace of the TCP transfer of a file from your computer to a remote server. You’ll do so by accessing a Web page that will allow you to enter the name of a file stored on your computer (which contains the ASCII text of The Holy Bible), and then transfer the file to a Web server using the HTTP POST method. Of course, you’ll be running Wireshark during this time to obtain the trace of the TCP segments sent and received from your computer. Do the following:
· Start up your web browser. Go http://athene.csu.edu.au/~xhuang/theholybible.pdf and retrieve an ASCII copy of The Holy Bible. Store this file somewhere on your computer.
· Next, go to http://athene.csu.edu.au/~xhuang/TCP_A.html
· Your web browser should show a web page that permits you to upload a file. Use the Browse button in this form to enter the name of the file (full path name) on your computer containing the Holy Bible(or do so manually). Don’t press the “Upload theholybible file” button yet.
· Now start Wireshark and begin packet capture (Capture→Options). Select the correct interface (usually it’s the network interface card of your computer) and then press START on the Wireshark Packet Capture Options screen. Before starting, it’s best to close the webpage tabs other than the upload page.
· Returning to your browser, press the “Upload theholybible file” button to upload the file to the athene.csu.edu.au server. During the upload, a short message may be displayed in the status bar of your browser window.
· Stop Wireshark packet capture. In order to analyze the trace, you can filter the packets displayed in the Wireshark window by entering “tcp” (lowercase, no quotes, and press return after entering) into the display filter specification window towards the top of the Wireshark window. Then you should be able to see both TCP and HTTP packets, and should now see a Wireshark window that looks like Fig. 1.
· Export and save the trace file for further analysis.
Figure 1: Example trace
10. Did you successfully capture a packet trace of the TCP transfer of a file called theholybible.txt by following the above steps? your answer will be either A. Yes. I will answer the questions In Part III by using my own captured Wireshark file; or B. No. I will answer the question in Part III by using the Wireshark file provided.
b. A first look at the captured trace (3 marks)
(If you are unable to run Wireshark on a live network connection, you can download a packet trace file that was captured while following the steps above on the Resources
Wireshark file: Assignmenet_TCP, which can be downloaded from the “Resources” section of the interact2 subject site. Note that you will lose some of the marks by using this file rather than using your own captured file for this part of the assignment)
Whenever possible, when answering a question, you should include the screenshots of the packet(s) within the trace that you used. Annotate the screenshots to explain your answer. To capture the screenshots, select the minimum amount of packet detail that you need to answer the question
(1.5 marks for each).
11. What are the IP address and TCP port number used by your client computer (source) to transfer the file to the server?
12. What is the IP address of the server? Which port number is it sending and receiving TCP segments for this connection?
Note: To answer these questions, it’s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header window”.
Since this assignment is about TCP rather than HTTP, change Wireshark’s “listing of captured packets” window so that it shows information about the TCP segments containing the HTTP messages, rather than the HTTP messages. To have Wireshark do this, select Analyze→Enabled Protocols. Then uncheck the HTTP box and select OK. You should now see a Wireshark window that looks like Fig. 2:
Figure 2: Example trace showing a series of TCP exchanges
This is what you’re looking for – a series of TCP segments sent between your computer and csusap.csu.edu.au.
c. TCP (10 Marks)
Answer the following questions ( 2 marks for each ) for the TCP segments:
13. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and the server? What element of the segment identifies it as an SYN segment?
Wireshark uses relative sequence numbers by default. You can obtain absolute sequence numbers instead. You must use relative sequence numbers to answer all the questions.
14. What is the sequence number of the SYNACK segment sent by the server to the client computer in reply to the SYN? What is the acknowledgment number (Ack=?) in the SYNACK segment? How did the server determine that value? What element in the segment identifies it as an SYNACK segment?
15. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command; you’ll either need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field or prevent Wireshark from reassembling the packets and displaying them as one response, rather than as multiple continuation packets. This can be disabled by going to Edit→ Preferences → Protocols → HTTP and unchecking the “Reassemble HTTP bodies spanning multiple TCP segments” box.
16. What is the length of each of the first six TCP segments?
Note: Generally, the TCP segments will all be less than 1460 bytes. This is because most computers have an Ethernet card that limits the length of the maximum IP packet to 1500 bytes (40 bytes of TCP/IP header data and 1460 bytes of TCP payload). This 1500-byte value is the standard maximum length allowed by Ethernet. If your trace indicates a TCP length greater than 1500 bytes, and your computer is using an Ethernet connection, then Wireshark is reporting the wrong TCP segment length; it will likely also show only one large TCP segment rather than multiple smaller segments. Your computer is indeed probably sending multiple smaller segments, as indicated by the ACKs it receives. This inconsistency in reported segment lengths is due to the interaction between the Ethernet driver and the Wireshark software.
17. How much data does the receiver typically acknowledge in an ACK? Show an example.
What to hand in: Answers to questions 1-17. Also, provide evidence ( including annotated
screenshots ) for how you arrived at all your answers.
Criterion and weighting |
Pass (50%-100%) |
FL (0-49%) |
Apply knowledge of IP by analyzing a trace file of IP datagrams (20 marks) |
Demonstrated partially-developed knowledge to apply some of them correctly in IP. Analysed and (for a few parts) interpreted the communication data and information. Explained and justified at least half of the answers but in many cases used irrelevant or incorrect facts. |
Most of the provided answers are incorrect. Listed some facts and little reasons, stated some identifications and implications by giving simple observation and or reason that may or may not relate to IP. |
Apply knowledge of TCP by capturing and analyzing a trace file of TCP segments (10 marks) |
Demonstrated partially-developed knowledge to apply some of them correctly in TCP. Analysed and (for a few parts) interpreted the communication data and information. Explained and justified at least half of the answers but in many cases used irrelevant or incorrect facts. |
Most of the provided answers are incorrect. Listed some facts and little reasons, stated some identifications and implications by giving simple observation and or reason that may or may not relate to TCP. |
