Presentation is loading. Please wait.

Presentation is loading. Please wait.

2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr Ethereal Lab : TCP 2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr.

Similar presentations


Presentation on theme: "2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr Ethereal Lab : TCP 2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr."— Presentation transcript:

1 2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr
Ethereal Lab : TCP Hyemee Park

2 Contents TCP 세그먼트 형식 TCP 전송 캡쳐 필터링 HTTP를 제외하고 TCP의 순서 번호를 보기

3 TCP 세그먼트 형식 (#1/5) Header Data Options and Padding Source port number
16 bits Destination port number 16 bits Sequence number 32 bits Acknowledgment number 32 bits HLEN 4 bits Reserved 6 bits URG ACK PSN RST SYN FIN Window size 16 bits Checksum 16 bits Urgent pointer 16 bits Options and Padding

4 TCP 전송 캡쳐 (#1/2) Browse 버튼을 사용하여 파일을 찾는다 Ethereal로 패킷 캡쳐를 시작한다.
“Upload alice.txt file” 버튼을 누른다. “Congratulations!” 메시지가 뜰 때까지 기다린다. Ethereal의 패킷 캡쳐를 중단한다.

5 TCP 전송 캡쳐 (#2/2)

6 필터링 필터창에 “tcp”라고 입력한다. 필터링 후에 남는 TCP와 HTTP 메시지들
SYN 메시지를 포함하는 3-단계 핸드셰이크 HTTP POST 메시지 “HTTP Continuation” 의 메시지 시리즈 이것은 하나의 HTTP 메시지를 전송하는데 사용된 여러 TCP 메시지를 표현하는 Ethereald의 방법이다. TCP ACK 세그먼트들

7 HTTP를 제외하고 TCP의 순서 번호를 보기
Ethereal의 “listing of captured packets”을 변경한다. Select Analyze → Enabled Protocols HTTP 상자의 체크를 해제 OK 버튼으로 확인 TCP의 순서 번호를 보기 위하여 Edit → Preferences → Protocols → TCP “relative sequence numbers”의 체크를 해제

8 Filtered Segments

9 Questions #1 What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu? 4782 (호스트가 임의로 정한 값) What is the IP address and port number used by gaia.cs.umass.edu to receive the file. 80 (HTTP)

10 Questions #2 What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment? SYN 플래그

11 Questions #3 What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the ACKnowledgment field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? 3-단계 핸드세이크의 두번째 단계로써 클라이언트의 ISN+1을 응답 번호로 전송한다. What is it in the segment that identifies the segment as a SYNACK segment? ACK 플래그

12 Questions #4 What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Ethereal window, looking for a segment with a “POST” within its DATA field.

13 Questions #5 (1/2) Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? 순서번호 전송 시작시간 응답 도착시간 RTT 값

14 Questions #7 What is the minimum amount of available buffer space advertised at the received for the entire trace? 5480 Does the lack of receiver buffer space ever throttle the sender? No

15 Questions #8 Are there any retransmitted segments in the trace file?
No What did you check for (in the trace) in order to answer this question? Info창에 표시가 되고 세그먼트의 Option에 표시된다.

16 Questions #9 What is the throughput (bytes transferred per unit time) for the TCP connection? 152368/5.4 = 약 28,216 bytes Explain how you calculated this value. 패킷의 크기 / 전송시간

17 TCP 혼잡 제어 단위 시간동안 전송된 데이터량 측정 데이터를 그려내기 Ethereal의 TCP 그래프 도구를 사용
메뉴에서 다음과 같이 선택 Statistics → TCP Stream Graph → Time-Sequence-Graph(Stevens)

18 Questions #10 Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? 전송되는 데이터량이 작아서 슬로우스타트 구간을 일부분 밖에 확인하지 못한다. 따라서 혼잡회피 단계로 들어서지 않는다. Note that in this “real-world” trace, not everything is quite as neat and clean as in Figure 3.51 (also note that the y-axis labels for the Time-Sequence-Graph (Stevens) plotting tool and Figure 3.51 are different).

19 Ethereal Lab : IP

20 © 2005 J.F. Kurose, K.W. Ross. All Rights Reserved
Contents Capturing packets from an execution of traceroute A look at the captured trace Questions Computer Networking: A Top-down Approach Featuring the Internet, 3rd edition. Version: July 2005 © 2005 J.F. Kurose, K.W. Ross. All Rights Reserved

21 Traceroute In order to generated a trace of IP datagrams, Traceroute
We’ll use the traceroute program to send datagrams of differents sizes towards some destination, X. Traceroute It operates by first sending one or more datagrams with the TTL field set to 1, 2, 3; and so on. If the TTL reaches 0, the router returns an ICMP message to the sending host. The host executing traceroute can learn the identities of the routers between itself and destination X. Source Destination TTL(1) Echo request TTL-exceeded reply TTL(2) TTL(3) TTL(4) TTL(5)

22 Send datagrams of various lengths
Windows (shareware and freeware version) The size of the ICMP echo request message can be explicitly set in pingplotter Edit  Advanced Options  Packet Options The default packet size is 56 bytes. Linux/Unix The size of the UDP datagram sent towards the destination can be explicitly set by indicating the number of bytes in the datagram Traceroute monet.skku.ac.kr 2000

23 Do the following 1/3 Ethereal: Begin packet capture (Capture  Start)
Windows: pingplotter Enter the name of a target destination Enter 3 in the “# of times to Trace” field Edit  Options  Packet Options Enter a value of 56 in the Packet Size field and then press OK Then press the Trace button, You should see a pingplotter window Edit  Advanced Options  Packet Options Enter a value of 2000 in the Packet Size field and then press OK Then press Resume button Stop Ethereal tracing

24 Do the following 2/3 Pingplotter window

25 Do the following 3/3 Unix: enter three traceroute commands
A length of 56 bytes A length of 2000 bytes Stop ethereal tracing

26 A look at the captured trace
In your trace, you should be able to see S  D: The series of ICMP Echo Request or UDP segment D  S: ICMP TTL-exceeded messages To print packet File  Print Choose Selected packet only Choose Packet summary line Select the minimum amount of packet detail that you need

27 Questions 1/8 Select the first ICMP Echo Request message sent by your computer What is the IP address of your computer? Within the IP Packet Header, What is the value in the upper layer protocol field? Source Address

28 Questions 2/8 How many bytes are in the IP header?
How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. IP header length Total length 56 – 20 = 36 bytes payload

29 Questions 3/8 Has this IP datagram been fragmented?
Explain how you determined whether or not the datagram has been fragmented. More Fragments Fragment offset Fragmented or not Fragment’s position in original datagram

30 Questions 4/8 Sort the packets according to IP source address
Which fields in the IP datagram always change from one datagram to the next within this series of ICMP message sent by your computer? Time to live Increase TTL field

31 Questions 5/8 Which fields stay constant? Which of the fields must stay constant? Which fields must change? Must Change Time-to-live Stay Constant Source & Destination

32 Questions 6/8 Describe the pattern you see in the values in the Identification field of the IP datagram Identification Identification field Increased

33 Questions 7/8 Find the series of ICMP TTL-exceeded replies sent to your computer by the nearest router What is the value in the Identification field and the TTL field? Do these values remain unchang- ed for all of the ICMP TTL- exceeded replies sent to your com- puter by the nea- rest (first hop) router? Why? Identification field: Used to identify the fragments of one datagram from those of another. The originating protocol module of an internet datagram sets the identification field to a value that must be unique for that source-destination pair and protocol for the time the datagram will be active in the internet system.

34 Questions 8/8 Sort the packet listing according to time
What information in the IP header indicates whether this is first fragment versus a latter fragment? Fragment Offset How long is this IP datagram? 3 Sort the packet listing according to time Find the first ICMP Echo Request message that was sent after you changed the Packet Size to be Identification Last fragment or not Fragment offset 1500 1500 540 Payload (1480) H Payload (1480) H H Payload (520)


Download ppt "2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr Ethereal Lab : TCP 2006-04-12 Hyemee Park hyemee@ece.skku.ac.kr."

Similar presentations


Ads by Google