Presentation on theme: "Sungkyunkwan University Copyright 2000-2006 Networking Laboratory Ethereal Lab : TCP 2006-04-12 Hyemee Park"— Presentation transcript:
Sungkyunkwan University Copyright 2000-2006 Networking Laboratory Ethereal Lab : TCP 2006-04-12 Hyemee Park firstname.lastname@example.org
Ethereal Lab Networking Laboratory 2/34 Contents TCP 세그먼트 형식 TCP 전송 캡쳐 필터링 HTTP 를 제외하고 TCP 의 순서 번호를 보기 TCP 세션 연결하기 TCP 혼잡 제어
Ethereal Lab Networking Laboratory 3/34 TCP 세그먼트 형식 (#1/5) HeaderData Source port number 16 bits Destination port number 16 bits Sequence number 32 bits Acknowledgment number 32 bits HLEN 4 bits Reserved 6 bits FINFIN SYNSYN RSTRST PSNPSN ACKACK URGURG Window size 16 bits Checksum 16 bits Urgent pointer 16 bits Options and Padding
Ethereal Lab Networking Laboratory 4/34 TCP 전송 캡쳐 (#1/2) Browse 버튼을 사용하여 파일을 찾는다 Ethereal 로 패킷 캡쳐를 시작한다. “Upload alice.txt file” 버튼을 누른다. “Congratulations!” 메시지가 뜰 때까지 기다린다. Ethereal 의 패킷 캡쳐를 중단한다.
Ethereal Lab Networking Laboratory 5/34 TCP 전송 캡쳐 (#2/2)
Ethereal Lab Networking Laboratory 6/34 필터링 필터창에 “tcp” 라고 입력한다. 필터링 후에 남는 TCP 와 HTTP 메시지들 SYN 메시지를 포함하는 3- 단계 핸드셰이크 HTTP POST 메시지 “HTTP Continuation” 의 메시지 시리즈 이것은 하나의 HTTP 메시지를 전송하는데 사용된 여러 TCP 메시지를 표현하는 Ethereald 의 방법이다. TCP ACK 세그먼트들
Ethereal Lab Networking Laboratory 7/34 HTTP 를 제외하고 TCP 의 순서 번호를 보기 이번 장에서는 TCP 에 대해 공부하므로 HTTP 는 걸러낸다. Ethereal 의 “listing of captured packets” 을 변경한다. Select Analyze → Enabled Protocols HTTP 상자의 체크를 해제 OK 버튼으로 확인 TCP 의 순서 번호를 보기 위하여 Edit → Preferences → Protocols → TCP “relative sequence numbers” 의 체크를 해제
Ethereal Lab Networking Laboratory 9/34 Questions #1 What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu? 10.24.22.23 4782 ( 호스트가 임의로 정한 값 ) What is the IP address and port number used by gaia.cs.umass.edu to receive the file. 188.8.131.52 80 (HTTP)
Ethereal Lab Networking Laboratory 10/34 Questions #2 What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? 3446911215 What is it in the segment that identifies the segment as a SYN segment? SYN 플래그
Ethereal Lab Networking Laboratory 11/34 Questions #3 What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? 2855197833 What is the value of the ACKnowledgment field in the SYNACK segment? 3446911216 How did gaia.cs.umass.edu determine that value? 3- 단계 핸드세이크의 두번째 단계로써 클라이언트의 ISN+1 을 응답 번호로 전송한다. What is it in the segment that identifies the segment as a SYNACK segment? ACK 플래그
Ethereal Lab Networking Laboratory 12/34 Questions #4 What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Ethereal window, looking for a segment with a “POST” within its DATA field. 3446911216
Ethereal Lab Networking Laboratory 13/34 Questions #5 (1/2) Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? 순서번호전송 시작시간응답 도착시간 RTT 값 34469112164.3971534.6497730.25262 34469118184.4024454.6499340.247489 34469131984.6498814.8833550.233474 34469145784.6499184.8841360.234218 34469159584.6499854.8861610.236176 34469173384.6500134.8865530.23654
Ethereal Lab Networking Laboratory 14/34 Questions #7 What is the minimum amount of available buffer space advertised at the received for the entire trace? 5480 Does the lack of receiver buffer space ever throttle the sender? No
Ethereal Lab Networking Laboratory 15/34 Questions #8 Are there any retransmitted segments in the trace file? No What did you check for (in the trace) in order to answer this question? Info 창에 표시가 되고 세그먼트의 Option 에 표시된다.
Ethereal Lab Networking Laboratory 16/34 Questions #9 What is the throughput (bytes transferred per unit time) for the TCP connection? 152368/5.4 = 약 28,216 bytes Explain how you calculated this value. 패킷의 크기 / 전송시간
Ethereal Lab Networking Laboratory 17/34 TCP 혼잡 제어 단위 시간동안 전송된 데이터량 측정 Ethereal 의 TCP 그래프 도구를 사용 데이터를 그려내기 한 TCP 세그먼트를 선택 메뉴에서 다음과 같이 선택 Statistics → TCP Stream Graph → Time-Sequence-Graph(Stevens)
Ethereal Lab Networking Laboratory 18/34 Questions #10 Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? 전송되는 데이터량이 작아서 슬로우스타트 구간을 일부분 밖에 확 인하지 못한다. 따라서 혼잡회피 단계로 들어서지 않는다. Note that in this “real-world” trace, not everything is quite as neat and clean as in Figure 3.51 (also note that the y- axis labels for the Time-Sequence-Graph (Stevens) plotting tool and Figure 3.51 are different).
Sungkyunkwan University Copyright 2000-2006 Networking Laboratory Ethereal Lab : IP
Ethereal Lab Networking Laboratory 21/34 Traceroute In order to generated a trace of IP datagrams, We ’ ll use the traceroute program to send datagrams of differents sizes towards some destination, X. Traceroute It operates by first sending one or more datagrams with the TTL field set to 1, 2, 3; and so on. If the TTL reaches 0, the router returns an ICMP message to the sending host. The host executing traceroute can learn the identities of the routers between itself and destination X. SourceDestination TTL(1) TTL(2) TTL(3) TTL(4) TTL(5) Echo request TTL-exceeded reply
Ethereal Lab Networking Laboratory 22/34 Send datagrams of various lengths Windows http://www.pingplotter.com (shareware and freeware version) http://www.pingplotter.com The size of the ICMP echo request message can be explicitly set in pingplotter Edit Advanced Options Packet Options The default packet size is 56 bytes. Linux/Unix The size of the UDP datagram sent towards the destination can be explicitly set by indicating the number of bytes in the datagram Traceroute monet.skku.ac.kr 2000
Ethereal Lab Networking Laboratory 23/34 Do the following 1/3 Ethereal: Begin packet capture (Capture Start) Windows: pingplotter Enter the name of a target destination Enter 3 in the “# of times to Trace” field Edit Options Packet Options Enter a value of 56 in the Packet Size field and then press OK Then press the Trace button, You should see a pingplotter window Edit Advanced Options Packet Options Enter a value of 2000 in the Packet Size field and then press OK Then press Resume button Stop Ethereal tracing
Ethereal Lab Networking Laboratory 24/34 Do the following 2/3 Pingplotter window
Ethereal Lab Networking Laboratory 25/34 Do the following 3/3 Unix: enter three traceroute commands A length of 56 bytes A length of 2000 bytes Stop ethereal tracing
Ethereal Lab Networking Laboratory 26/34 A look at the captured trace In your trace, you should be able to see S D: The series of ICMP Echo Request or UDP segment D S: ICMP TTL-exceeded messages To print packet File Print Choose Selected packet only Choose Packet summary line Select the minimum amount of packet detail that you need
Ethereal Lab Networking Laboratory 27/34 Questions 1/8 Select the first ICMP Echo Request message sent by your computer What is the IP address of your computer? Within the IP Packet Header, What is the value in the upper layer protocol field? Source Address
Ethereal Lab Networking Laboratory 28/34 Questions 2/8 How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. IP header length Total length 56 – 20 = 36 bytes payload
Ethereal Lab Networking Laboratory 29/34 Questions 3/8 Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. Fragment offset Fragment’s position in original datagram More Fragments Fragmented or not
Ethereal Lab Networking Laboratory 30/34 Questions 4/8 Sort the packets according to IP source address Which fields in the IP datagram always change from one datagram to the next within this series of ICMP message sent by your computer? Time to live Increase TTL field
Ethereal Lab Networking Laboratory 31/34 Questions 5/8 Which fields stay constant? Which of the fields must stay constant? Which fields must change? Stay Constant Source & Destination Must Change Time-to-live
Ethereal Lab Networking Laboratory 32/34 Questions 6/8 Describe the pattern you see in the values in the Identification field of the IP datagram Identification field Increased Identification
Ethereal Lab Networking Laboratory 33/34 Questions 7/8 Find the series of ICMP TTL-exceeded replies sent to your computer by the nearest router What is the value in the Identification field and the TTL field? Do these values remain unchang- ed for all of the ICMP TTL- exceeded replies sent to your com- puter by the nea- rest (first hop) router? Why? Identification field: Used to identify the fragments of one datagram from those of another. The originating protocol module of an internet datagram sets the identification field to a value that must be unique for that source-destination pair and protocol for the time the datagram will be active in the internet system.
Ethereal Lab Networking Laboratory 34/34 Questions 8/8 Sort the packet listing according to time Find the first ICMP Echo Request message that was sent after you changed the Packet Size to be 3500. Fragment offset Last fragment or not Identification Payload (1480)H 1500 Payload (1480)H 1500 Payload (520)H 540 What information in the IP header indicates whether this is first fragment versus a latter fragment? Fragment Offset How long is this IP datagram? 3