Presentation on theme: "2006-04-12 Hyemee Park firstname.lastname@example.org Ethereal Lab : TCP 2006-04-12 Hyemee Park email@example.com."— Presentation transcript:
1 2006-04-12 Hyemee Park firstname.lastname@example.org Ethereal Lab : TCPHyemee Park
2 Contents TCP 세그먼트 형식 TCP 전송 캡쳐 필터링 HTTP를 제외하고 TCP의 순서 번호를 보기
3 TCP 세그먼트 형식 (#1/5) Header Data Options and Padding Source port number 16 bitsDestination port number16 bitsSequence number32 bitsAcknowledgment number32 bitsHLEN4 bitsReserved6 bitsURGACKPSNRSTSYNFINWindow size16 bitsChecksum16 bitsUrgent pointer16 bitsOptions and Padding
4 TCP 전송 캡쳐 (#1/2) Browse 버튼을 사용하여 파일을 찾는다 Ethereal로 패킷 캡쳐를 시작한다. “Upload alice.txt file” 버튼을 누른다.“Congratulations!” 메시지가 뜰 때까지 기다린다.Ethereal의 패킷 캡쳐를 중단한다.
9 Questions #1What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu?4782 (호스트가 임의로 정한 값)What is the IP address and port number used by gaia.cs.umass.edu to receive the file.80 (HTTP)
10 Questions #2What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu?What is it in the segment that identifies the segment as a SYN segment?SYN 플래그
11 Questions #3What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN?What is the value of the ACKnowledgment field in the SYNACK segment?How did gaia.cs.umass.edu determine that value?3-단계 핸드세이크의 두번째 단계로써 클라이언트의 ISN+1을 응답 번호로 전송한다.What is it in the segment that identifies the segment as a SYNACK segment?ACK 플래그
12 Questions #4What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Ethereal window, looking for a segment with a “POST” within its DATA field.
13 Questions #5 (1/2)Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection.What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)?At what time was each segment sent?When was the ACK for each segment received?순서번호 전송 시작시간 응답 도착시간 RTT 값
14 Questions #7What is the minimum amount of available buffer space advertised at the received for the entire trace?5480Does the lack of receiver buffer space ever throttle the sender?No
15 Questions #8 Are there any retransmitted segments in the trace file? NoWhat did you check for (in the trace) in order to answer this question?Info창에 표시가 되고 세그먼트의 Option에 표시된다.
16 Questions #9What is the throughput (bytes transferred per unit time) for the TCP connection?152368/5.4 = 약 28,216 bytesExplain how you calculated this value.패킷의 크기 / 전송시간
17 TCP 혼잡 제어 단위 시간동안 전송된 데이터량 측정 데이터를 그려내기 Ethereal의 TCP 그래프 도구를 사용 메뉴에서 다음과 같이 선택Statistics → TCP Stream Graph → Time-Sequence-Graph(Stevens)
18 Questions #10Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server.Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over?전송되는 데이터량이 작아서 슬로우스타트 구간을 일부분 밖에 확인하지 못한다. 따라서 혼잡회피 단계로 들어서지 않는다.Note that in this “real-world” trace, not everything is quite as neat and clean as in Figure 3.51 (also note that the y-axis labels for the Time-Sequence-Graph (Stevens) plotting tool and Figure 3.51 are different).
21 Traceroute In order to generated a trace of IP datagrams, Traceroute We’ll use the traceroute program to send datagrams of differents sizes towards some destination, X.TracerouteIt operates by first sending one or more datagrams with the TTL field set to 1, 2, 3; and so on.If the TTL reaches 0, the router returns an ICMP message to the sending host.The host executing traceroute can learn the identities of the routers between itself and destination X.SourceDestinationTTL(1)Echo requestTTL-exceeded replyTTL(2)TTL(3)TTL(4)TTL(5)
22 Send datagrams of various lengths Windows(shareware and freeware version)The size of the ICMP echo request message can be explicitly set in pingplotterEdit Advanced Options Packet OptionsThe default packet size is 56 bytes.Linux/UnixThe size of the UDP datagram sent towards the destination can be explicitly set by indicating the number of bytes in the datagramTraceroute monet.skku.ac.kr 2000
23 Do the following 1/3 Ethereal: Begin packet capture (Capture Start) Windows: pingplotterEnter the name of a target destinationEnter 3 in the “# of times to Trace” fieldEdit Options Packet OptionsEnter a value of 56 in the Packet Size field and then press OKThen press the Trace button, You should see a pingplotter windowEdit Advanced Options Packet OptionsEnter a value of 2000 in the Packet Size field and then press OKThen press Resume buttonStop Ethereal tracing
25 Do the following 3/3 Unix: enter three traceroute commands A length of 56 bytesA length of 2000 bytesStop ethereal tracing
26 A look at the captured trace In your trace, you should be able to seeS D: The series of ICMP Echo Request or UDP segmentD S: ICMP TTL-exceeded messagesTo print packetFile PrintChoose Selected packet onlyChoose Packet summary lineSelect the minimum amount of packet detail that you need
27 Questions 1/8Select the first ICMP Echo Request message sent by your computerWhat is the IP address of your computer?Within the IP Packet Header, What is the value in the upper layer protocol field?Source Address
28 Questions 2/8 How many bytes are in the IP header? How many bytes are in the payload of the IP datagram?Explain how you determined the number of payload bytes.IP header lengthTotal length56 – 20 = 36 bytespayload
29 Questions 3/8 Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented.More FragmentsFragment offsetFragmented or notFragment’s position in original datagram
30 Questions 4/8 Sort the packets according to IP source address Which fields in the IP datagram always change from one datagram to the next within this series of ICMP message sent by your computer?Time to liveIncrease TTL field
31 Questions 5/8Which fields stay constant? Which of the fields must stay constant? Which fields must change?Must ChangeTime-to-liveStay ConstantSource & Destination
32 Questions 6/8Describe the pattern you see in the values in the Identification field of the IP datagramIdentificationIdentification fieldIncreased
33 Questions 7/8Find the series of ICMP TTL-exceeded replies sent to your computer by the nearest routerWhat is the value in the Identification field and the TTL field?Do these values remain unchang- ed for all of the ICMP TTL- exceeded replies sent to your com- puter by the nea- rest (first hop) router? Why?Identification field:Used to identify the fragments of one datagram from those of another.The originating protocol module of an internet datagram sets the identification field to a value that must be unique for that source-destination pair and protocol for the time the datagram will be active in the internet system.
34 Questions 8/8 Sort the packet listing according to time What information in the IP header indicates whether this is first fragment versus a latter fragment? Fragment OffsetHow long is this IP datagram? 3Sort the packet listing according to timeFind the first ICMP Echo Request message that was sent after you changed the Packet Size to beIdentificationLast fragment or notFragment offset15001500540Payload (1480)HPayload (1480)HHPayload (520)