COMP2322 Lab 6 TCP Steven Lee April 1, 2016

TCP Transmission Control Protocol Transport layer protocol User Datagram Protocol (UDP) is another one 2

TCP segment structure Bit Source portDestination port 32 Sequence number 64 Acknowledgement number 96 ACKACK SYNSYN FINFIN Window size 128 Checksum Options (variable length) Application data (variable length) 3

TCP Point-to-point One sender, one receiver 4

TCP segment structure 5 Bit Source portDestination port 32 Sequence number 64 Acknowledgement number 96 ACKACK SYNSYN FINFIN Window size 128 Checksum Options (variable length) Application data (variable length)

TCP Reliable All bytes sent are guaranteed to be received identically, and in the correct order 6

TCP segment structure 7 Bit Source portDestination port 32 Sequence number 64 Acknowledgement number 96 ACKACK SYNSYN FINFIN Window size 128 Checksum Options (variable length) Application data (variable length) Sequence number The accumulated sequence number of the first data byte of this segment for the current session Acknowledgement number The next sequence number the receiver expects The receiver acknowledges receipt of all prior bytes

Connection establishment 8 Three-way handshake Host A [SYN, ACK] Seq=B, Ack=A+1 [SYN] Seq=A [ACK] Seq=A+1, Ack=B+1 Host B

Data transfer 9 Host Seq=1, Ack=38, Len=0 Seq=1, Ack=1, Len=37 Server Seq=38, Ack=1, Len=12 Seq=1, Ack=50, Len=0

Connection termination 10 Four-way handshake Host A [ACK] [FIN] [ACK] Host B [FIN]

Practice 1 1.Visit 2.Click “the first digits of Pi” and download the text file 3.Start capturing packets 4.Click “Upload” and upload the downloaded text file 5.Stop capturing packets after receiving a response from the server 11

Practice 1 There may be packets that say [ETHERNET FRAME CHECK SEQUENCE INCORRECT]. To disable Ethernet checksum validation: Right-click on any Ethernet layer → Protocol Preferences → Uncheck Validate the Ethernet checksum if possible To reveal information of packets that say [TCP segment of a reassembled PDU]: Right-click on any TCP layer → Protocol Preferences → Uncheck Allow subdissector to reassemble TCP streams To reveal the application data contained in the TCP segments: Analyze → Enabled Protocols → Uncheck HTTP → OK 12

Practice 1 Question 1 (4 marks) a)What is the TCP port number used by your computer to transfer the file? b)What is the TCP port number used by the server to receive the file? Question 2 (4 marks) a)What is the sequence number of the TCP SYN segment that establishes the TCP connection between your computer and the server? b)What indicates that the segment is a SYN segment? 13

Practice 1 Question 3 (6 marks) a)What is the sequence number of the SYN/ACK segment that the server responds the SYN with? b)How about its acknowledgement number? How does the server determine this value? c)What indicates that the segment is a SYN/ACK segment? Question 4 (4 marks) a)What are the sequence numbers of the data- containing segments in the TCP connection related to the file transfer? b)What is the length of each of them? 14

Practice 1 One way to view the round-trip time (RTT) of the TCP segments: Right-click on any column’s header → Column Preferences → Click the add button → Enter tcp.analysis.ack_rtt into Field Name → OK Question 5 (2 marks) What is the RTT of each of the data-containing segments? 15

Practice 2 Download and open a modified packet capture from cking.pcap cking.pcap 16

Practice 2 The packet capture shows a partial interaction between a client and a TCP server. After a normal TCP three-way handshake, the client begins data transfer to the server. Instead of sending a pure TCP ACK to the client, the server sends the acknowledgement along with the data (the acknowledgement is piggy-backed on the data). This is known as piggybacking. Question 6 (6 marks) a)What is the payload size of the TCP data packet sent from the server? b)What is the TCP/IP overhead? c)Assume the sizes of the TCP and IP headers remain unchanged. How much more TCP/IP data would the server need to transmit if piggybacking is not used? 17

Practice 3 Download and open a modified packet capture from ap ap 18

Practice 3 The packet capture shows that the Great Firewall (GFW) injects a series of forged TCP Reset (RST) packets upon seeing a request with blacklisted keywords, i.e. “ falun ” Question 7 (6 marks) a)How many TCP RST packets are injected by the GFW? b)What is the difference of the sequence numbers between each subsequent TCP RST packet? What is special about this number in TCP? c)Why does the GFW inject TCP RST packets with these specific sequence numbers? 19