Answer

advertisement
2011
Vietnamese-German University
Nguyen Dinh Thong
[COMPUTER NETWORKING]
[Type the abstract of the document here. The abstract is typically a short summary of the contents of the
document. Type the abstract of the document here. The abstract is typically a short summary of the contents of
the document.]
Table of Contents
Content .......................................................................................................... Error! Bookmark not defined.
Exercises ........................................................................................................................................................ 2
Chapter 01: Introduction .......................................................................................................................... 2
Chapter 02: Application Layer ............................................................................................................... 4
Problem 1: ............................................................................................................................................. 4
Problem 2: ............................................................................................................................................. 4
Problem 3: ............................................................................................................................................. 4
Problem 4: ............................................................................................................................................. 4
Problem 5: ............................................................................................................................................. 5
Problem 6: ............................................................................................................................................. 5
Chapter 3: Transport Layer ....................................................................................................................... 6
Chapter 4: Network Layer ......................................................................................................................... 7
Chapter 5: Link Layer ................................................................................................................................ 8
Wireshark Labs .............................................................................................................................................. 9
Wireshark HTTP......................................................................................................................................... 9
Wireshark DNS .................................................................................................................................... 15
Wireshark UDP .................................................................................................................................... 23
Wireshark TCP ..................................................................................................................................... 25
Wireshark IP ........................................................................................................................................ 27
Wireshark ICMP .................................................................................................................................. 28
Wireshark DHCP .................................................................................................................................. 29
Wireshark EthernetARP ...................................................................................................................... 30
Exercises
Chapter 01: Introduction
Problem 1: Design and describe an application-level protocol to be used between an Automatic Teller
Machine, and a bank's centralized computer. Your protocol should allow a user's card and password to be
verified, the account balance (which is maintained at the centralized computer) to be queried, and an account
withdrawal (i.e., when money is given to the user) to be made. Your protocol entities should be able to handle
the all-too-common case in which there is not enough money in the account to cover the withdrawal. Specify
your protocol by listing the messages exchanged, and the action taken by the Automatic Teller Machine or the
bank's centralized computer on transmission and receipt of messages. Sketch the operation of your protocol
for the case of a simple withdrawal with no errors, using some form of sequence diagram. Explicitly state the
assumptions made by your protocol about the underlying end-to-end transport service.
2. This elementary problem begins to explore propagation delay and transmission delay, two central concepts
in data networking. Consider two hosts, Hosts A and B, connected by a single link of rate R bps. Suppose that
the two hosts are separted by m meters, and suppose the propagation speed along the link is s meters/sec.
Host A is to send a packet of size L bits to Host B.
a. Express the propagation delay, dprop in terms of m and s.
b. Determine the transmission time of the packet, dtrans in terms of L and R.
c. Ignoring processing and queing delays, obtain an expression for the end-to-end delay.
d. Suppose Host A begins to transmit the packet at time t=0. At time t=dtrans, where is the last bit of
the packet?
e. Suppose dprop is greater than dtrans . At time t=dtrans, where is the first bit of the packet?
f. Suppose dprop is less than dtrans . At time t=dtrans, where is the first bit of the packet?
g. Suppose s=2.5*108, L=100 bits and R=28 kbps. Find the distance m so that dprop equals dtrans.
3. Consider an application that transmits data at a steady rate (e.g., the sender generates one packet of N bits
every k time units, where k is small and fixed). Also, when such an application starts, it will stay on for relatively
long period of time.
a. Would a packet-switched network or a circuit-switched network be more appropriate for this
application? Why?
b. Suppose that a packet-switched network is used and the only traffic in this network comes from such
applications as described above. Furthermore, assume that the sum of the application data rates is less
that the capacities of each and every link. Is some form of congestion control needed? Why or why
not?
4. Consider the queueing delay in a router buffer (preceding an outbound link). Suppose all packets are L bits,
the transmission rate is R bps and that N packets arrive to the buffer every LN/R seconds. Find the average
queueing delay of a packet.
5. Suppose two hosts, A and B are sparated be 10000 km and are connected by a direct link of R=1Mbps.
Suppose the propagation speed over the link ist 2.5x108 m/s
a. Calculate the bandwidth-delay product.
b. Consider sending a file of 400000 Bit from host A to host B. Suppose the file is
sent continuously as one big message. What is the maximum number of bits that
will be in the link at any given time?
c. Provide an interpretation of the delay-bandwidth product.
d. What is the width (in meter) of a bit in the link?
Chapter 02: Application Layer
1. Two HTTP request methods are GET and POST. Are there any other methods in HTTP/1.0 or in HTTP/1.1. If
yes, what are these methods used for?
2. Within the web browser, a link is clicked to obtain a web page. Suppose that a DNS look-up is necessary to
obtain the IP address, because the IP address for the associated URL is not cached. Suppose that n DNS servers
are visited before your host receives the IP address from DNS; the successive visits incur an RTT of RTT1, …,
RTTn. Further suppose that the Web page associated with the link contains exactly one object, consisting of a
small amount of HTML text. Let RTT0 denote the RTT between the local host and the server containing the
object. Assuming zero transmission time of the object, how much time elapses from when the client clicks on
the link until the client receives the object (according to Kurose, Ross, Problems, chapter)
3. Referring to question (2), suppose the page contains three very small objects. Neglecting transmission times,
how much time elapses with (a) nonpersistent HTTP with no parallel TCP connections, (b) nonpersistent HTTP
with arallel connections, (c) persistent HTTP with pipelining.
4. What are the well known port numbers for FTP (File transfer protocol), TFTP (trivial file transfer protocol)
and NTP (network time protocol)? Visit: http/www.iana.org for an answer. Give a second source to obtain an
answer to the question.
5. Consider an e-commerce site that wants to keep a purchase record for each of its customers. Describe how
this can be done with cookies 6. Is it possible that an organization's Web server and mail server have exactly
the same alias for a hostname (e.g., foo.com)? What would be the "type" for the RR that contains the
hostname of the mail server?
Problem 1:
Beside GET and POST, there are some other methods in HTTP/1.0 and HTTP 1.1 such as
HEAD: asks server to leave requested object out of response.
PUT: uploads file in entity body to path specified in URL field.
DELETE: deletes file specified in URL field.
Problem 2:
-Total amount of time to obtain the IP address is:
RTT1+ RTT2+…+ RTTn
-The object/file transmission time is
2RTT + Transmission time
-Since RTT0 = RTT, and Transmission time of the object is assumed zero. Therefore, the time elapses
from when the client clicks on the link until the client receives the object is:
2RTT0 + RTT1+RTT2+…+RTTn
Problem 3:
Problem 4:
- The well known port numbers for
-
o FTP: 21
o TFTP: 69
o NTP: 123
Second
source
for
list
of
TCP
and
UDP
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
port
numbers
Problem 5:
Problem 6:
-It is possible.
- Mail server: mail.hostname. Example hostname: foo.com -> mail server can be ‘mail.foo.com’.
:
Chapter 3: Transport Layer
1. Consider transferring an enormous file of L bytes from host A to host B. Assumme an MSS of 1460 bytes.
a. What us the maximum length of L such that TCP sequence numbers are not exhausted? Recall that
the TCP number field has four bytes.
b. For the L you obtain in (a), find how long it takes to transmit the file. Assme that a total of 66 bytes of
transport, network and data-link header are added to each segment before the resulting packet is sent
out over a 10 Mbps link. Ignore flow control and congestion control, so A can pump out the segments
back-to-back and continuously.?
2. Consider the following plot of TCP window size as a function of time.
Assuming TCP Reno is the protocol experiencing the behavior shown above, answer the following
questions. In all cases, you should provide a short discussion justifying your answer.
a. Identify the intervals of time when TCP slow start is operating.
b. Identify the intervals of time when TCP congestion avoidance is operating.
c. After 16th transmission round, is segment loss detected by a triple duplicate ACK or by a timeout?
d. After the 22nd transmission round, is segment loss detected by a triple duplicate ACK or by a
timeout?
e. What is the initial value of Threshold at the first transmission round?
f. What is the value of Threshold at the 18th transmission round?
g. What is the value of Threshold at the 24th transmission round?
h. During what transmission round is the 7th segment sent?
i. Assuming a packet loss is detected after the 26th round by the receipt of a triple duplicate ACK, what
will be the values of the congestion window size of Threshold?
3. Consider sending an object of size O=100 Kbytes from server to client. Let S=536 bytes and RTT=100 msec.
Suppose the transport protocol uses static windows with window size W.
a. For a transmission rate of 28 kbps, determine the minimum possible latency. Determine the
minimum window size that achieves this latency.
b. Repeat a) for 1 Mbps.
Chapter 4: Network Layer
1. What is the 32 Bit binary equivalent of the IP address 223.1.3.27?
2. Suppose an application generates chunks 40 bytes of data every 20 msec, and each chunk gets
encapsulated in a TCP segment and then an IP datagram. What percentage of each datagram will be
overhead and what percentage will be application data?
3. Consider sending a 3000 byte datagram into a link that has a MTU of 500 bytes. Suppose the original
datagram is stamped with the identification number 422. How many fragments are generated? What
are their characteristics?
4. Consider the topology shown in Figure 1. Denote the three subnets with hosts (starting clockwise at
12:00) as Networks A, B, and C. Denote the subnets without hosts as Networks D, E, and F.
a. Assign network addresses to each of these six subnets, with the following constraints: All
addresses must be allocated from 214.97.254/17; Subnet A should have enough addresses to
support 250 interfaces; Subnet B should have enough addresses to support 120 interfaces; and
Subnet C should have enough addresses to support 120 interfaces. Of course, subnets D, E and
F should each be able to support two interfaces. For each subnet, the assignment should take
the form a.b.c.d/x or a.b.c.d/x – e.f.g.h/y.
b. Using your answer to part (a), provide the forwarding tables (using longest prefix matching)
for each of the three routers.
5. Compare and contrast the IPv4 and the IPv6 header fields. Do they have any fields in common?
6. Consider a datagram network using 8-Bit host addresses. Suppose a router uses longest
prefix matching and has the following forwarding table:
Prefix match Interfaces
10
11 1
111 2
Otherwise (default) 3
For each of the four interfaces, give the associated range of destination host addresses and the number
of addresses in the range.
Chapter 5: Link Layer
1. Consider three LANs interconnected by two routers, as shown in the diagram below.
a. Redraw the diagram to include adapters.
b. Assign IP addresses to all of the interfaces. For LAN 1 use addresses of the form 111.111.111.xxx ;
for LAN 2 uses addresses of the form 122.222.222.xxx ; and for LAN 3 use addresses of the form
133.333.333.xxx .
c. Assign MAC addresses to all of the adapters.
d. Consider sending an IP datagram from host A to host F. Suppose all the ARP tables are up-to-date.
Enumerate all the steps as done for the single-router example in the lectures.
e. Repeat (d), now assuming that the ARP table in the sending host is empty (and the
other tables are up-to-date).
2. Suppose nodes A and B are on the same 10 Mbps Ethernet segment, and the propagation delay between the
two nodes is 225 bit times. Suppose node A begins transmitting a frame, and before it finishes station B begins
transmitting a frame. Can A finish transmitting before it detects that B has transmitted? Why or why not? If the
answer is yes, then A incorrectly believes that its frame was successfully transmitted without a collision. Hint:
Suppose at time t=0 bit times, A begins transmitting a frame. In the worst case, A transmits a minimum size
frame of 512+64 bit times. So A would finish transmitting the frame at t=512+64 bit times. Thus the answer is
no if B's signal reaches A before bit time t=512+64 bits. In the worst case, when does B's signal reach A?
3. Suppose nodes A and B are on the same 10 Mbps Ethernet segment, and the propagation delay between the
two nodes is 225 bit times. Suppose A and B send frames at the same time, the frames collide, and then A and
B choose different values of K in the CSMA/CD algorithm. Assuming no other nodes are active, can the
retransmissions from A and B collide? For our purposes, it suffices to work out the following example. Suppose
A and B begin transmission at t=0 bit times. They both detect collisions at t=225 bit times. They finish
transmitting jam signal at t= 225+48= 273 bit times. Suppose KA=0 and KB=1. At what time does B schedule its
retransmission? At what time does A begin transmission? (Note, the nodes must wait for an idle channel after
returning to Step 2-- see protocol.) At what time does A's signal reach B? Does B refrain from transmitting at its
scheduled time?
Wireshark Labs
Wireshark HTTP
1. The Basic HTTP GET/response interaction
1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
Answer:
-My browser verion: HTTP 1.1
-Version of HTTP the server running: HTTP 1.1
2. What languages (if any) does your browser indicate that it can accept to the server?
Answer:
Accept-Language: vi-vn,vi;q=0.8,en-us;q=0.5,en;q=0.3
3. What is the IP address of your computer? Of the gaia.cs.umass.edu server?
Answer:
-IP address of my computer: 192.168.1.177
-IP address of the gaia.cs.umass.edu server: 128.119.245.12
4. What is the status code returned from the server to your browser?
Answer:
- Status code: HTTP/1.1 200 OK\r\n
5. When was the HTML file that you are retrieving last modified at the server?
Answer:
Last-Modified: Tue, 26 Jul 2011 11:35:01 GMT\r\n
6. How many bytes of content are being returned to your browser?
Answer:
Content-Length: 128\r\n => 128 bytes
7. By inspecting the raw data in the packet content window, do you see any headers within the data that are
not displayed in the packet-listing window? If so, name one.
2. The HTTP CONDITIONAL GET/response interaction
8. Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an IFMODIFIED-SINCE” line in the HTTP GET?
Answer:
There is NO “If-Modified-Since” line from the first HTTP Get.
9. Inspect the contents of the server response. Did the server explicitly return the contents of the file? How
can you tell?
Answer:
Yes. The contents of the file is included in the “Line-based text data” field.
10. Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an
“IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?
Answer:
Yes. The content of the line is: If-Modified-Since: Tue, 26 Jul 2011 11:57:01 GMT\r\n
11. What is the HTTP status code and phrase returned from the server in response to this second HTTP GET?
Did the server explicitly return the contents of the file? Explain.
Answer:
- The HTTP status code and phrase returned form the server: HTTP/1.1 304 Not Modified\r\n
- The server did not explicitly return the contents of the file; the field “Line-based text data” did not
appear in the second HTTP Get. The content of the file was cached at the client browser.
3. Retrieving Long Documents
12. How many HTTP GET request messages were sent by your browser?
Answer:
There are four HTTP Get Request messages was sent by my browser. The URI of the first request is :
http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file3.html. And the URI of three other requests is
http://gaia.cs.umass.edu/favicon.ico .
13. How many data-containing TCP segments were needed to carry the single HTTP response?
Answer:
There are 4 data-containing TCP segments according to frame 6,7,9 and 10.
14. What is the status code and phrase associated with the response to the HTTP GET request?
Answer:
The status code and the phrase: HTTP/1.1 200 OK\r\n
15. Are there any HTTP status lines in the transmitted data associated with a TCP-induced Continuation”?
Answer:
No.
4. HTML Documents with Embedded Objects
16. How many HTTP GET request messages were sent by your browser? To which Internet addresses were
these GET requests sent?
Answer:
There are three (03) HTTP GET request messages were sent by my browser to the following internet
addresses:
- 128.119.245.12
- 128.119.240.90
- 165.193.140.14
17. Can you tell whether your browser downloaded the two images serially, or whether they were downloaded
from the two web sites in parallel? Explain.
5 HTTP Authentication
18. What is the server’s response (status code and phrase) in response to the initial HTTP GET message from
your browser?
Answer:
The server’s response: HTTP/1.1 401 Authorization Required\\r\\n
19. When your browser’s sends the HTTP GET message for the second time, what new field is included in the
HTTP GET message?
Answer:
The new field: Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n
Wireshark DNS
1. nslookup
1. Run nslookup to obtain the IP address of a Web server in Asia.
Answer:
I ran nslookup and obtained the IP addresses 180.148.142.99 and 180.148.141.1 . Those are address of
the Web Server in Vietnam, www.vietnamexpress.net, an electronic newspaper.
2. Run nslookup to determine the authoritative DNS servers for a university in Europe.
Answer:
I ran nsloolup to determine the authoritative DNS servers for the University Of Manchester.
3. Run nslookup so that one of the DNS servers obtained in Question 2 is queried for the mail servers for
Yahoo! mail.
Answer:
I used DNS server curlew.cs.man.ac.uk obtained in above to query for the Yahoo!mail.
2. ipconfig
-No question.
3. Tracing DNS with Wireshark
Part 3a:
4. Locate the DNS query and response messages. Are then sent over UDP or TCP?
Answer:
They are sent over UDP.
5. What is the destination port for the DNS query message? What is the source port of DNS response message?
Answer:
-The Destination port for the DNS query message: 53
-The source port of DNS response message: 53
6. To what IP address is the DNS query message sent? Use ipconfig to determine the IP address of your local
DNS server. Are these two IP addresses the same?
Answer:
- The DNS query message sent to IP address: 8.8.8.8
- There are two different IP address for the local DNS server: 8.8.8.8 and 208.67.222.222
7. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
- The “Type” of DNS query is Standar query.
- The query message does NOT contain any “answers”.
8. Examine the DNS response message. How many “answers” are provided? What do each of these answers
contain?
Answer:
-There is only one “answers”.
- The contain of the “answers”:
9. Consider the subsequent TCP SYN packet sent by your host. Does the destination IP address of the SYN
packet correspond to any of the IP addresses provided in the DNS response message?
Answer:
Yes, the destination IP address of the SYN packet correspond to the IP address (64.170.98.30)) provided
in the DNS response message.
10. This web page contains images. Before retrieving each image, does your host issue new DNS queries?
Answer:
No. My host does not issue new DNS queries before retrieving imanges.
Part 3b:
11. What is the destination port for the DNS query message? What is the source port of DNS response
message?
Answer:
Both destination port for the DNS query message and source port of the DNS response message are 53.
12. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
Answer:
-DNS query message sent to IP address: 208.77.222.222
-It (208.67.222.222) is my default local DNS server.
13. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
-The type of DNS query: standard query A.
- The query message does not contain any “answers”.
14. Examine the DNS response message. How many “answers” are provided? What do each of these answers
contain?
Answer:
- There is one “answers” in the DNS response message.
-The contain of the “answer”:
15. Provide a screenshot.
Part 3C
16. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server?
Answer:
-DNS query message sent to IP address: 208.77.222.222
-It (208.67.222.222) is my default local DNS server.
17. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
- Type of DNS query: NS
- The query message does NOT contain any “answer”.
18. Examine the DNS response message. What MIT nameservers does the response message provide? Does this
response message also provide the IP addresses of the MIT namesers?
Answer:
- The response message provice three nameserves:
W20NS.mit.edu, STRAB.mit.edu and
BITSY.mit.edu.
- The response message does not provide the IP address of the MIT nameservers.
19. Provide a screenshot.
20. To what IP address is the DNS query message sent? Is this the IP address of your default local DNS server? If
not, what does the IP address correspond to?
Answer:
-The DNS query message sent to IP address: 18.72.0.3
-It (18.72.0.3) is NOT my default local DNS server.
21. Examine the DNS query message. What “Type” of DNS query is it? Does the query message contain any
“answers”?
Answer:
- The DNS query type: Standard query A.
-The query message does NOT contain any “answers”.
22. Examine the DNS response message. How many “answers” are provided? What does each of these answers
contain?
Answer:
- There is only one “answers” is provided.
- The contain of the “answers”:
23. Provide a screenshot.
Answer:
Wireshark UDP
1. Select one packet. From this packet, determine how many fields there are in the UDP header. (Do not look in
the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields.
Answer:
-There are four fields in the UDP header: Source port, Destination port, Length and Checksum.
2. From the packet content field, determine the length (in bytes) of each of the UDP header fields.
Answer:
The length of each of the UDP header fields is 2 bytes length.
3. The value in the Length field is the length of what? Verify your claim with your captured UDP packet.
Answer:
The value in the Length field is the length of 8 header bytes and 28 bytes of data. In the figure above,
the Length is 36 = 8 + 28 (bytes).
4. What is the maximum number of bytes that can be included in a UDP payload.
Answer:
8 bytes are used for header so the maximum number of bytes that can be include in a UDP payload is:
216-8 =65528 bytes
5. What is the largest possible source port number?
Answer:
The largest possible source port number: 216-1 = 65535.
6. What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. (To
answer this question, you’ll need to look into the IP header.)
Answer:
-The IP protocol number of UDP: 17 in decimal is 0x11 in hexadecimal.
7. Search “UDP” in Google and determine the fields over which the UDP checksum is calculated.
Answer:
The method used to compute the checksum is defined in RFC 768:
Checksum is the 16-bit one's complement of the one's complement sum of a pseudo header of
information from the IP header, the UDP header, and the data, padded with zero octets at the end (if
necessary) to make a multiple of two octets.[5]
In other words, all 16-bit words are summed using one's complement arithmetic. The sum is then one's
complemented to yield the value of the UDP checksum field.
If the checksum calculation results in the value zero (all 16 bits 0) it should be sent as the one's
complement (all 1s).
Ref: http://en.wikipedia.org/wiki/User_Datagram_Protocol
8. Examine a pair of UDP packets in which the first packet is sent by your host and the second packet is a reply
to the first packet. Describe the relationship between the port numbers in the two packets.
Answer:
Extra Credit
1. Capture a small UDP packet. Manually verify the checksum in this packet. Show all work and explain all
steps.
Wireshark TCP
1. Capturing a bulk TCP transfer from your computer to a remote server
2. A first look at the captured trace
1. What is the IP address and TCP port number used by the client computer (source)that is transferring the file
to gaia.cs.umass.edu? To answer this question, it’s probably easiest to select an HTTP message and explore the
details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header
window” (refer to Figure 2 in the “Getting Started with Wireshark” Lab ifyou’re uncertain about the Wireshark
windows.
2. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments
for this connection?
3. What is the IP address and TCP port number used by you(source) to transfer the file to gaia.cs.umass.edu?
3. TCP Basics
4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between
the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN
segment?
5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in
reply to the SYN? What is the value of the ACKnowledgement field in the SYNACK segment? How did
gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK
segment?
6. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order
to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark
window, looking for a segment with a “POST” within its DATA field.
7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are
the sequence numbers of the first six segments in the TCP connection (including the segment containing the
HTTP POST)? At what time was each segment sent? When was the ACK for each segment received?
Given the difference between when each TCP segment was sent, and when its acknowledgement was received,
what is the RTT value for each of the six segments? What is the EstimatedRTT value (see page 249 in text) after
the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first
segment, and then is computed using the EstimatedRTT equation on page 249 for all subsequent segments.
Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent.
Select a TCP segment in the “listing of captured packets” window that is being sent from the client to
the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph.
8. What is the length of each of the first six TCP segments?
9. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does
the lack of receiver buffer space ever throttle the sender?
10. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to
answer this question?
11. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the
receiver is ACKing every other received segment (see Table 3.2 on page 257 in the text).
12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you
calculated this value.
4. TCP congestion control in action
13. Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of
segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart
phase begins and ends, and where congestion avoidance takes over? Comment on ways in
which the measured data differs from the idealized behavior of TCP that we’ve studied in the text.
14. Answer each of two questions above for the trace that you have gathered when you transferred a file from
your computer to gaia.cs.umass.edu
Wireshark IP
1. Capturing packets from an execution of traceroute
2. A look at the captured trace
1. Select the first ICMP Echo Request message sent by your computer, athe Internet Protocol part of the
packet in the packet details window. What is the IP address of your computer?
2. Within the IP packet header, what is the value in the upper layer protocol field?
3. How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how
you determined the number of payload bytes.
4. Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been
fragmented.
5. Which fields in the IP datagram always change from one datagram to the next within this series of ICMP
messages sent by your computer?
6. Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why?
7. Describe the pattern you see in the values in the Identification field of the IP datagram
8. What is the value in the Identification field and the TTL field?
9. Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the
nearest (first hop) router? Why?
Fragmentation
10. Find the first ICMP Echo Request message that was sent by your computer after you changed the Packet
Size in pingplotter to be 2000. Has that message been fragmented across more than one IP datagram? [Note: if
you find your packet has not been fragmented, you should download the zip file
http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip and extract the ip-ethereal-trace-1packet trace. If
your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.]
11. Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates
that the datagram been fragmented? What information in the IP header indicates whether this is the first
fragment versus a latter fragment?
How long is this IP datagram?
12. Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates
that this is not the first datagram fragment? Are the more fragments? How can you tell?
13. What fields change in the IP header between the first and second fragment?
14. How many fragments were created from the original datagram?
15. What fields change in the IP header among the fragments?
Wireshark ICMP
1. ICMP and Ping
1. What is the IP address of your host? What is the IP address of the destination host?
2. Why is it that an ICMP packet does not have source and destination port numbers?
3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and
identifier fields?
4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields
does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?
2. ICMP and Traceroute
5. What is the IP address of your host? What is the IP address of the target destination host?
6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe
packets? If not, what would it be?
7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the
first half of this lab? If yes, how so?
8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is
included in those fields?
9. Examine the last three ICMP packets received by the source host. How are these packets different from the
ICMP error packets? Why are they different?
10. Within the tracert measurements, is there a link whose delay is significantly longer than others? Refer to
the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the
router names, can you guess the location of the two routers on the end of this link?
Wireshark DHCP
DHCP Experiment
1. Are DHCP messages sent over UDP or TCP?
2. Draw a timing datagram illustrating the sequence of the first four-packet Discover/Offer/Request/ACK DHCP
exchange between the client and server. For each packet, indicated the source and destination port numbers.
Are the port numbers the same as in the example given in this lab assignment?
3. What is the link-layer (e.g., Ethernet) address of your host?
4. What values in the DHCP discover message differentiate this message from the DHCP request message?
5. What is the value of the Transaction-ID in each of the first four (Discover/Offer/Request/ACK) DHCP
messages? What are the values of the Transaction-ID in the second set (Request/ACK) set of DHCP messages?
What is the purpose of the Transaction-ID field?
6. A host uses DHCP to obtain an IP address, among other things. But a host’s IP address is not confirmed until
the end of the four-message exchange! If the IP address is not set until the end of the four-message exchange,
then what values are used in the IP datagrams in the four-message exchange? For each of the four DHCP
messages (Discover/Offer/Request/ACK DHCP), indicate the source and destination IP addresses that are
carried in the encapsulating IP datagram.
7. What is the IP address of your DHCP server?
8. What IP address is the DHCP server offering to your host in the DHCP Offer message? Indicate which DHCP
message contains the offered DHCP address.
9. In the example screenshot in this assignment, there is no relay agent between the host and the DHCP server.
What values in the trace indicate the absence of a relay agent? Is there a relay agent in your experiment? If so
what is the IP address of the agent?
10. Explain the purpose of the router and subnet mask lines in the DHCP offer message.
11. In the example screenshots in this assignment, the host requests the offered IP address in the DHCP
Request message. What happens in your own experiment?
12. Explain the purpose of the lease time. How long is the lease time in your experiment?
13. What is the purpose of the DHCP release message? Does the DHCP server issue an acknowledgment of
receipt of the client’s DHCP request? What would happen if the client’s DHCP release message is lost?
14. Clear the bootp filter from your Wireshark window. Were any ARP packets sent or received during the
DHCP packet-exchange period? If so, explain the purpose of those ARP packets.
Wireshark EthernetARP
1. Capturing and analyzing Ethernet frames
1. What is the 48-bit Ethernet address of your computer?
2. What is the 48-bit destination address in the Ethernet frame? Is this the Ethernet address of
gaia.cs.umass.edu? (Hint: the answer is no). What device has this as its Ethernet address? [Note: this is an
important question, and one that students sometimes get wrong. Re-read pages 468-469 in the text and make
sure you understand the answer here.]
3. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean
within the flag field?
4. How many bytes from the very start of the Ethernet frame does the ASCII “G” in “GET” appear in the
Ethernet frame?
5. What is the hexadecimal value of the CRC field in this Ethernet frame?
6. What is the value of the Ethernet source address? Is this the address of your computer, or of
gaia.cs.umass.edu (Hint: the answer is no). What device has this as its Ethernet address?
7. What is the destination address in the Ethernet frame? Is this the Ethernet address of your computer?
8. Give the hexadecimal value for the two-byte Frame type field. What do the bit(s) whose value is 1 mean
within the flag field?
9. How many bytes from the very start of the Ethernet frame does the ASCII “O” in “OK” (i.e., the HTTP
response code) appear in the Ethernet frame?
10. What is the hexadecimal value of the CRC field in this Ethernet frame?
2. The Address Resolution Protocol
11. Write down the contents of your computer’s ARP cache. What is the meaning of
each column value?
Observing ARP in action
12. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing
the ARP request message?
13. Give the hexadecimal value for the two-byte Ethernet Frame type field. What do the bit(s) whose value is 1
mean within the flag field?
14. Download the ARP specification from ftp://ftp.rfc-editor.org/in-notes/std/std37.txt. A readable, detailed
discussion of ARP is also at http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html.
a) How many bytes from the very beginning of the Ethernet frame does the
ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of the
Ethernet frame in which an ARP request is made?
c) Does the ARP message contain the IP address of the sender?
d) Where in the ARP request does the “question” appear – the Ethernet address of the machine whose
corresponding IP address is being queried?
15. Now find the ARP reply that was sent in response to the ARP request.
a) How many bytes from the very beginning of the Ethernet frame does the ARP opcode field begin?
b) What is the value of the opcode field within the ARP-payload part of the Ethernet frame in which an
ARP response is made?
c) Where in the ARP message does the “answer” to the earlier ARP request
appear – the IP address of the machine having the Ethernet address whose corresponding IP address is
being queried?
16. What are the hexadecimal values for the source and destination addresses in the Ethernet frame containing
the ARP reply message?
17. Open the ethernet-ethereal-trace-1 trace file in http://gaia.cs.umass.edu/wireshark-labs/wiresharktraces.zip. The first and second ARP packets in this trace correspond to an ARP request sent by the computer
running Wireshark, and the ARP reply sent to the computer running Wireshark by the computer with the ARPrequested Ethernet address. But there is yet another computer on this network, as indiated by packet 6 –
another ARP request. Why is there no ARP reply (sent in response to the ARP request in packet 6) in the packet
trace?
Extra Credit
EX-1. The arp command:
arp -s InetAddr EtherAddr
allows you to manually add an entry to the ARP cache that resolves the IP address InetAddr to the physical
address EtherAddr. What would happen if, when you manually added an entry, you entered the correct IP
address, but the wrong
Ethernet address for that remote interface?
EX-2. What is the default amount of time that an entry remains in your ARP cache before being removed. You
can determine this empirically (by monitoring the cache contents) or by looking this up in your operation
system documentation.
Indicate how/where you determined this value.
Download