Team 3 Webpage Dalat's Webpage Team News and Announcements
Back to Team3 Homepage
CSC402/ECE470 Class Homepage
Member Pages Homework List Heartbeat List Team Presentations Project Team Pod Inventory Team Schedule for the Project

 

Homework 5

Name: Dalat Bui
Email: dnbui@unity.ncsu.edu
Team #: 3
Current Function: Team Lead
Homework #: 5
Class: ECE470
Date of Submission: 10/24/02

Table of Contents:
[TOOLS]
[PROTOCOLS] : [1][2][3][4][5][6][7]
[TRAFFIC] : [1]
[PERFORMANCE] : [1][2][3][4][5][6]

  • (TOOLS)

    1. Install and learn how to use a protocol header (packet) capture and analysis tool (e.g., tcpdump).
      >> Done.
    2. Install and learn how to use a packet analysis tool (e.g., Ethereal or Net-Xray)
      >> Done.
    3. Install and learn how to use a one-way traffic generation tool (e.g., iperf, ttcp)
      >> Done.
    4. Install and learn how to use a two-way communication tool (e.g., netcat)
      >> Done.
    5. Read RFC1739
      >> Done.
    6. Download or make available for YOUR on-line reading the Radcom Book of Protocols (see class Reading page.
      >> Done.


    [Back to TOC]

  • (PROTOCOLS)

    1. Log onto two of your team machines. Call them machine A and machine B. Let machine B the one with the packet capture and analysis tools. Ping machine B from machine A and monitor, at machine B, the headers and the content of the packets received and sent (you may wish to limit the capture solely to machine A packets - easier to analyze)

      1. ( 1 points) What is OS and type of machines A and B?

        Machine Type
        A RH Linux 8.0
        B Windows 2k Pro

      2. ( 1 points) How does ping work? That is, how and what does machine A send to machine B, and how does it get information back?

        >> First, machine A sends an ICMP echo message to machine B asking for machine B's reply. Machine B grab the package, then replies to machine A with an ICMP message saying that it is present.

      3. ( 1 points) Which layers are in a ping packet (e.g., ATM, IP, TCP, etc)?

        >> The layers in a ping paket are: Frame (Data Link), Ethernet II (Data Link), IP (Network), and ICMP (Network).

      4. ( 1 points) Which port, if any, are the ping packets being sent to?

        >> N/A

      5. ( 1 points) Which port, if any, are the ping packets being sent from?

        >> N/A

      6. ( 2points) List the structure and content of a ping packet (need actual measured/captured frame size, destination, source, type, TTL, etc., for all involved layers - according to book)

        >> The structure and contents of a ping packet is below:
        
Frame 5 (98 bytes on wire, 98 bytes captured)
    Arrival Time: Oct 25, 2002 17:16:17.201880000
    Time delta from previous packet: 1.004077000 seconds
    Time relative to first packet: 1.004427000 seconds
    Frame Number: 5
    Packet Length: 98 bytes
    Capture Length: 98 bytes
Ethernet II, Src: 00:50:04:e1:73:1d, Dst: 00:02:55:3b:f6:4d
    Destination: 00:02:55:3b:f6:4d (IBM_3b:f6:4d)
    Source: 00:50:04:e1:73:1d (3COM_e1:73:1d)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 10.3.1.1 (10.3.1.1), 
    Dst Addr: 10.3.4.1 (10.3.4.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 
        .... ...0 = ECN-CE: 
    Total Length: 84
    Identification: 0x0000
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: ICMP (0x01)
    Header checksum: 0x21a2 (correct)
    Source: 10.3.1.1 (10.3.1.1)
    Destination: 10.3.4.1 (10.3.4.1)
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0x865f (correct)
    Identifier: 0x2903
    Sequence number: 02:00
    Data (56 bytes)
      7. ( 2 points) List the structure and content of the corresponding reply packet (real values for frame size, destination, source, type, TTL, etc. for all involved layers - according to book)

        >> The structure and content of a reply packet is below: 
        Frame 6 (98 bytes on wire, 98 bytes captured)
    Arrival Time: Oct 25, 2002 17:16:17.201930000
    Time delta from previous packet: 0.000050000 seconds
    Time relative to first packet: 1.004477000 seconds
    Frame Number: 6
    Packet Length: 98 bytes
    Capture Length: 98 bytes
Ethernet II, Src: 00:02:55:3b:f6:4d, Dst: 00:50:04:e1:73:1d
    Destination: 00:50:04:e1:73:1d (3COM_e1:73:1d)
    Source: 00:02:55:3b:f6:4d (IBM_3b:f6:4d)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 10.3.4.1 (10.3.4.1), 
    Dst Addr: 10.3.1.1 (10.3.1.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 84
    Identification: 0x0ddc
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: ICMP (0x01)
    Header checksum: 0xd3c5 (correct)
    Source: 10.3.4.1 (10.3.4.1)
    Destination: 10.3.1.1 (10.3.1.1)
Internet Control Message Protocol
    Type: 0 (Echo (ping) reply)
    Code: 0
    Checksum: 0x8e5f (correct)
    Identifier: 0x2903
    Sequence number: 02:00
    Data (56 bytes)
    2. Ping machine B from machine A with tracing (ping -R or ping -r 9) and monitor, at machine B, the headers and content of the packets received and sent (you may wish to limit the capture solely to machine A packets - easier to analyze)
      1. ( 1 points) What is OS and type of machines A and B?

        Machine Type
        A RH Linux 8.0
        B Windows 2k Pro

      2. ( 2 points) Is there any difference in the ping packet structure and values now that the route option is used? Describe where the routing information is held. Can you find that/those field(s)?

        >> Yes, there are some differences. The packet length and captured length jumps from 98 bytes (without route option) to 138 bytes (with route option). Also, the header length goes from 20 bytes (without route option) to 60 bytes (with route option).

        >> The routing info is in the Options field (40 bytes) in the IP section. This is right before ICMP section.

    3. Traceroute from machine A to machine B and monitor, at machine B, the headers and content of the packets received/sent (you may wish to limit the capture solely to machine A packets - easier to analyze)
      1. ( 1 points) What is OS and type of machines A and B?

        Machine Type
        A RH Linux 8.0
        B Windows 2k Pro

      2. ( 3 points) How does the tracerouting work on the machine A? Describe what is being sent, received back, how ,etc.

        >> Machine A first sends three UDP packets to Machine B with the TTL = 1 and the destination port = 33435. Since Machine A and Machine B are only one hop away from each other, the packets reaches B. However, because the destination port 33435 is an invalid port, Machine B sends back three ICMP packages telling Machine A that the destination port is unreachable. With this info, Machine A knows that the UDP packet has reached the destination. Thus, it ends the routing job.


      3. ( 1 points) Is the described mechanism compatible with RFC1739 description?

        >> Yes.

      4. ( 1 points) Which layers are in the packet (e.g., ATM, IP, TCP, etc)?

        >> The layers in the UDP packet going from machine A to machine B are: Frame (Data Link), Ethernet II (Data Link), IP (Network), and UDP (Transport).
        >> The layers in the ICMP packet going from machine B to machine A are: Frame (Data Link), Ethernet II (Data Link), IP (Network), and ICMP (Network) Within the ICMP is the UDP (Transport).

      5. ( 1 points) Which port, if any, are the packets being sent to?

        >> Destination port is 33435.

      6. ( 1 points) Which port, if any, are the packets being sent from?

        >> Source port is 1026

      7. ( 2 points) List the structure and actual content of a traceroute packet (frame size, destination, source, type, TTL, etc. for all involved layers - according to book)

        >> The structure and actual content of a traceroue packet is below:
        Frame 3 (60 bytes on wire, 60 bytes captured)
    Arrival Time: Oct 25, 2002 17:24:41.944535000
    Time delta from previous packet: 0.011534000 seconds
    Time relative to first packet: 0.011586000 seconds
    Frame Number: 3
    Packet Length: 60 bytes
    Capture Length: 60 bytes
Ethernet II, Src: 00:50:04:e1:73:1d, Dst: 00:02:55:3b:f6:4d
    Destination: 00:02:55:3b:f6:4d (IBM_3b:f6:4d)
    Source: 00:50:04:e1:73:1d (3COM_e1:73:1d)
    Type: IP (0x0800)
    Trailer: 0808080808080808
Internet Protocol, Src Addr: 10.3.1.1 (10.3.1.1), 
                   Dst Addr: 10.3.4.1 (10.3.4.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 38
    Identification: 0x5fc0
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 1
    Protocol: UDP (0x11)
    Header checksum: 0x4100 (correct)
    Source: 10.3.1.1 (10.3.1.1)
    Destination: 10.3.4.1 (10.3.4.1)
User Datagram Protocol, Src Port: 1026 (1026), Dst Port: 33436 (33436)
    Source port: 1026 (1026)
    Destination port: 33436 (33436)
    Length: 18
    Checksum: 0x9484 (correct)
Data (10 bytes)
      8. ( 2 points) List the structure and actual content of the corresponding reply packet (frame size, destination, source, type, TTL, etc. for all involved layers - according to book)

        >> The structure and actual content of the corresponding reply packet is below:
        Frame 4 (70 bytes on wire, 70 bytes captured)
    Arrival Time: Oct 25, 2002 17:24:41.944550000
    Time delta from previous packet: 0.000015000 seconds
    Time relative to first packet: 0.011601000 seconds
    Frame Number: 4
    Packet Length: 70 bytes
    Capture Length: 70 bytes
Ethernet II, Src: 00:02:55:3b:f6:4d, Dst: 00:50:04:e1:73:1d
    Destination: 00:50:04:e1:73:1d (3COM_e1:73:1d)
    Source: 00:02:55:3b:f6:4d (IBM_3b:f6:4d)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 10.3.4.1 (10.3.4.1), 
                   Dst Addr: 10.3.1.1 (10.3.1.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 56
    Identification: 0x0deb
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: ICMP (0x01)
    Header checksum: 0x13d3 (correct)
    Source: 10.3.4.1 (10.3.4.1)
    Destination: 10.3.1.1 (10.3.1.1)
Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 3 (Port unreachable)
    Checksum: 0xe1c7 (correct)
    Internet Protocol, Src Addr: 10.3.1.1 (10.3.1.1), 
                       Dst Addr: 10.3.4.1 (10.3.4.1)
        Version: 4
        Header length: 20 bytes
        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
            0000 00.. = Differentiated Services Codepoint: Default (0x00)
            .... ..0. = ECN-Capable Transport (ECT): 0
            .... ...0 = ECN-CE: 0
        Total Length: 38
        Identification: 0x5fc0
        Flags: 0x00
            .0.. = Don't fragment: Not set
            ..0. = More fragments: Not set
        Fragment offset: 0
        Time to live: 1
        Protocol: UDP (0x11)
        Header checksum: 0x4100 (correct)
        Source: 10.3.1.1 (10.3.1.1)
        Destination: 10.3.4.1 (10.3.4.1)
    User Datagram Protocol, Src Port: 1026 (1026), Dst Port: 33436 (33436)
        Source port: 1026 (1026)
        Destination port: 33436 (33436)
        Length: 18
        Checksum: 0x9484
    4. Capture an ARP packet.
      1. ( 1 points) Which layers are in the packet (e.g., ATM, IP, TCP, etc)?

        >> The layers are: Frame (Data Link), Ethernet II (Data Link), IP (Network), and ICMP (Network).

      2. ( 1 points) Which port, if any, are the packets being sent to?

        >> N/A.

      3. ( 1 points) Which port, if any, are the packets being sent from?

        >> N/A

      4. ( 2 points) List the structure and actual content of an arp packet (frame size, destination, source, type, TTL, etc. for all involved layers - according to book)

        >> The structure and actual content of an apr packet is below:
        Frame 7 (98 bytes on wire, 98 bytes captured)
    Arrival Time: Oct 25, 2002 17:28:57.225120000
    Time delta from previous packet: 1.009842000 seconds
    Time relative to first packet: 2.016479000 seconds
    Frame Number: 7
    Packet Length: 98 bytes
    Capture Length: 98 bytes
Ethernet II, Src: 00:50:04:e1:73:1d, Dst: 00:02:55:3b:f6:4d
    Destination: 00:02:55:3b:f6:4d (IBM_3b:f6:4d)
    Source: 00:50:04:e1:73:1d (3COM_e1:73:1d)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 10.3.1.1 (10.3.1.1), 
Dst Addr: 10.3.4.1 (10.3.4.1)
Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 84
    Identification: 0x0000
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: ICMP (0x01)
    Header checksum: 0x21a2 (correct)
    Source: 10.3.1.1 (10.3.1.1)
    Destination: 10.3.4.1 (10.3.4.1)
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xf5fc (correct)
    Identifier: 0x2f03
    Sequence number: 03:00
    Data (56 bytes)
    5. Capture an SNMP query packet.
      1. ( 1 points) Which layers are in the packet (e.g., ATM, IP, TCP, etc)?

        >> The layers in the packet are: Frame (Data Link), Ethernet (Data Link), IP (Network), UDP (Transport), and SNMP (Network)

      2. ( 1 points) Which port, if any, are the packets being sent to?

        >> The destination port is 1027.

      3. ( 1 points) Which port, if any, are the packets being sent from?

        >> The source port is 161.

      4. ( 2 points) List the structure and content of a SNMP packet (frame size, destination, source, type, TTL, etc. for all involved layers - according to book)

        >> Below is the structure and content of a SNMP packet.
        Frame 4 (112 bytes on wire, 112 bytes captured)
    Arrival Time: Oct 25, 2002 17:32:03.039973000
    Time delta from previous packet: 0.025331000 seconds
    Time relative to first packet: 0.025714000 seconds
    Frame Number: 4
    Packet Length: 112 bytes
    Capture Length: 112 bytes
Ethernet II, Src: 00:c0:4f:be:b1:e2, Dst: 00:50:04:e1:73:1d
    Destination: 00:50:04:e1:73:1d (3COM_e1:73:1d)
    Source: 00:c0:4f:be:b1:e2 (Dell_be:b1:e2)
    Type: IP (0x0800)
Internet Protocol, Src Addr: 152.1.158.171 (152.1.158.171), 
	Dst Addr: 10.3.1.1 (10.3.1.1)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 98
    Identification: 0x2fb6
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 254
    Protocol: UDP (0x11)
    Header checksum: 0x4b24 (correct)
    Source: 152.1.158.171 (152.1.158.171)
    Destination: 10.3.1.1 (10.3.1.1)
User Datagram Protocol, Src Port: snmp (161), Dst Port: 1027 (1027)
    Source port: snmp (161)
    Destination port: 1027 (1027)
    Length: 78
    Checksum: 0xc234 (correct)
Simple Network Management Protocol
    Version: 1
    Community: dan359
    PDU type: RESPONSE
    Request Id: 0x1dee33cc
    Error Status: NO ERROR
    Error Index: 0
    Object identifier 1: 1.3.6.1.2.1.1.1.0
    Value: OCTET STRING: Cisco Systems Catalyst 1900
    6. Start netcat (port 5002, tcp, listening) on machine B. Telnet into port 5002 on machine B from machine A. Type in "your_first_name" on machine A (your actual name). Type in "your_last_name" on machine B. Close the connection on the machine A side. On machine B, monitor and capture the headers (using tcpdump) and the content of the packets (using tool such as Etherial) for the whole exchange.
      1. ( 1 points) What is OS and type of machines A and B?

        Machine Type
        A RH Linux 8.0
        B RH Linux 7.2

      2. ( 1 points) Attach the listing of the tcpdump sequence that corresponds to the whole exchange.

        [Attachment]

      3. ( 1 points) Which port, if any, are the packets being sent to?

        >> The destination port is 5002

      4. ( 1 points) Which port, if any, are the packets being sent from?

        >> The source port is 1029.

      5. ( 1 points) Which layers are in the first packet that B has received in this exchange (e.g., ATM, IP, TCP, etc)?

        >> The layers are: Frame (Data Link), Ethernet (Data Link), IP (Network), and TCP (Transport).

      6. ( 2 points) List the structure and actual content of the first ACK packet (frame size, destination, source, type, TTL, etc. for all involved layers - according to book)

        >> The structure and actual content of the first ACK packet is below:
        Frame 2 (74 on wire, 74 captured)
    Arrival Time: Oct 25, 2002 17:47:30.2160
    Time delta from previous packet: 0.000049 seconds
    Time relative to first packet: 0.000049 seconds
    Frame Number: 2
    Packet Length: 74 bytes
    Capture Length: 74 bytes
Ethernet II
    Destination: 00:50:04:e1:73:1d (3com_e1:73:1d)
    Source: 00:02:55:3b:f6:4d (IBM_3b:f6:4d)
    Type: IP (0x0800)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 60
    Identification: 0x0000
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x21b5 (correct)
    Source: 10.3.4.1 (10.3.4.1)
    Destination: 10.3.1.1 (10.3.1.1)
Transmission Control Protocol, Src Port: rfe (5002), Dst Port: 1029 (1029), 
	Seq: 2036211107, Ack: 994171256
    Source port: rfe (5002)
    Destination port: 1029 (1029)
    Sequence number: 2036211107
    Acknowledgement number: 994171256
    Header length: 40 bytes
    Flags: 0x0012 (SYN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
        .... ...0 = Fin: Not set
    Window size: 5792
    Checksum: 0xffae (correct)
    Options: (20 bytes)
        Maximum segment size: 1460 bytes
        SACK permitted
        Time stamp: tsval 43119, tsecr 437472
        NOP
        Window scale: 0 bytes
      7. ( 1 points) Which packets have SYN turned on?

        >> The first packet from machine A to machine B has SYN turned on.

    7. Start netcat (port 5003, tcp, listening) on machine B. This will "play" your httpd web server. Monitor the traffic. Start web-browser on machine A. Connect the browser to machine B "web-server" (i.e., type in http://machineB:5003/). On the "server" side type in 
      <h1> This is a Test </h1>
<p>
This is another line
<p>
<font color=red>More text</font>
      Close the connection on the netcat side.

      1. ( 2 points) Capture the netcat side of the exchange (the queries received from the browser, text, etc, not the packet dumps - attach the listing of the page/snapshot.

        >> Captured data: 
        			  
[root@Archie root]# nc -l -p 5003
GET / HTTP/1.1
Host: archie:5003
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.0.1) Gecko/20020830
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
	text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,
	text/css,*/*;q=0.1
Accept-Language: en-us, en;q=0.50
Accept-Encoding: gzip, deflate, compress;q=0.9
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Keep-Alive: 300
Connection: keep-alive
        >> Here's the snapshot:




      2. ( 2 points) Attach the listing of the tcpdump sequence that corresponds to the whole exchange.

        [Attachment]

      3. ( 1 points) Which port, if any, are the packets being sent to?

        >> The destination port is 5003.

      4. ( 1 points) Which port, if any, are the packets being sent from?

        >> The source port is 1034.

    [Back to TOC]

  • (TRAFFIC)

    1. Attach your traffic capture machine directly to either 152.1.158 or 152.14.16 network (depending on which lab you are in). Capture traffic summary information for at least 15 minutes (all packets you can get). Disconnect your sniffer.
      1. ( 5 points) Attach frequency table of the layers/protocols observed on the network (e.g., IP, TCP, UDP, ICMP, SNMP, NetBIOS, etc). Table should contain: Protocol name, number of bytes observed sent via this protocol, percent of total bytes observed in the traffic, number of packets containing that protocol, percent of these packets with respect to the total number of traffic packets observed. Explain the table (why and what is each protocol doing, and why is it in the traffic).

        Protocol Name
        Number of Bytes Observed
        Percent of Total Bytes Observed
        Number of Packets Containing the Protocol
        Percent of the Total Number of Packets Observed
        IP 76904 66.95 1133 66.36
        UDP 67530 58.79 1007 57.31
        Cisco Hot Standby Router Protocol 60326 52.52 973 55.38
        Bootstrap Protocol 4104 3.57 12 0.68
        Server Message Block Protocol (SMB) 1720 1.50 7 0.40
        SMB MailSlot Protocol 1720 1.50 7 0.40
        Microsoft Windows Browser Protocol 1720 1.50 7 0.40
        Protocol Independent Multicast 4964 4.32 82 4.67
        Internet Group Management Protocol 4410 3.84 77 4.38
        Logical-Link Control 34341 29.90 536 30.51
        Spanning Tree Protocol 28480 24.79 445 25.33
        Cisco Group Management Protocol 4080 3.55 68 3.87
        Address Resolution Protocol 2760 2.40 46 2.62
        Internet Protocol Version 6 550 0.48 5 0.28
        Internet Control Message Protocol v6 550 0.48 5 0.28



        >> As shown in the snapshot (and the table above), everything is transfered within an ethernet frame. The protocols are embedded in a hierarchy fashion in which some smaller protocols are embedded within a larger protocol. At the top of the hierarchy are the Internet Protocol, the Logical-Link Control, and the Internet Protocol Version 6. Within the Internet Protocols are the User Datagram Protocol and the Internet Group Management Protocol. The UDP is used in the transport layer. The IGMP operates at the Data Link layer (it's used to make forwarding decisions). Under UDP are the Cisco Hot Standby Router Protocol, the Bootstrap Protocol, the SMB MailSlot Protocol, and the Microsoft Windows Browser Protocol. The CHSRP allows hosts to appear to use a single router and that the connection will not fail even if the actual first hope router stop working. The Bootstrap Protocol allows a host to configure itself dynamically at boot time. The SMB MailSlot Protocol and the Microsoft Windows Browser Protocol are used for mailing and browsing. Also under IP is the Internet Group Management Protocol which provides a way for an Internet computer to report its multicast group membership to adjacent routers. Under the Logical-Link Control are the Spanning Tree Protocol and the Cisco Group Management Protocols. The STP provides path redundancy while preventing undesirable loops in the network and the CGMP is used to manage routers in a network. Lastly, the Internet Control Message Protocol v6 is used to control packages that are in the IPv6 format.


      2. ( 5 points) Attach frequnecy table of the packet sizes in the traffic (suggested size ranges are 0-64, 65-127, 128-255, 256-511, 512-1023, 1024-1518. Explain the distribution.

        Packet Size Range
        0-64
        65-127
        128-255
        256-511
        512-1023
        1024-1518
        Number of Packets Captured
        1757
        521
        15
        0
        0
        0

        >> As shown in the table above, most of the packets are small in size (around 0 to 64 bytes). Usually small packets are those generated by router and switches to control the network. Since there are no packets bigger than 256 bytes, very likely, this means that there were nobody in the 152.1.158.0 network was downloading any big data.

      3. ( 2 points) Given that the maximum Ethernet MTU is 1500, why would one see the 1518 byte packets at all?

        >> The Maximum Transfer Unit of any packet is 1500. At the network layer, if a packet is larger than 1500, it will be fragmented. The extra 18 bytes come from the extra info in the header.

    [Back to TOC]
  • (PERFORMANCE)

    1. On machine B, set-up ttcp (or iperf if ttcp does not work for you) to receive and sink one TCP packet over a 10 Mbps channel. Make the payload size (end-user data) 8192. On machine A, set-up ttcp (or iperf if you are using latter) to send one TCP packet to machine B. Make the payload size (end-user data) 8192. Monitor and capture the transaction at packet level. N.B. the number and size of buffers must be the same on both the sending and the receiving sides. Send the packet from A to B.
      1. ( 1 points) What is OS and type of machines A and B?

        Machine Type
        A RH Linux 8.0
        B RH Linux 7.2


      2. ( 2 points) Attach the capture of the header sequence associated with the transaction (tcpdump stuff).

        [tcpdumpAttachment]

      3. ( 1 points) What is the size of the payload in the packets (512?, 1024, 1500?)? Explain.

        >> The captured packet length including header is 1514 bytes. The data (payload) length is 1448 bytes. This means that the header takes up 1514-1448 = 66 bytes.

      4. ( 1 points) How many packets did it take to effect the transaction?

        >> It took at least 3 packets to start the transaction. These are the packets that did the three way handshake before data could be transfered.

      5. ( 2 points) What is the overhead (protocol related bytes) for a typical payload carying packet? Give some detail.

        >> The overhead for a typical payload carying packet is 66 bytes. That is, there are 14 bytes in the ethernet header, 20 bytes in the IP header, and 32 bytes in the TCP header. The total number of bytes, including header, in a captured packet is 1514 bytes. The data has a total of 1448 bytes.

    2. ( 10 points) On machine B, set-up ttcp (or iperf) to receive and sink a TCP stream that lasts at least 30 seconds over a 10 Mbps line. On machine A, set-up ttcp (or iperf) to send and sink a TCP stream that lasts at least 30 seconds over a 10 Mbps line. N.B. the number and size of buffers must be the same on both sending and receiving sides. Send the stream from A to B for 64, 1024 and 8192 byte payloads. Tabulate for each case the number of sent and received bytes, the time it took, loss (if any, in percent), throughput in bits per second for the end-to-end stream, and average per packet one-way delay time.

      Packet Payload
      (bytes)
      Sent Bytes
      (bytes)
      Received Bytes
      (bytes)
      Time It Took
      (sec)
      Loss
      (%)
      Throughput (Mbits/sec)
      Average Packet Delay Time (sec/packet)
      64
      1148842
      1148842
      54.410
      0
      0.167
      0.0538
      1024
      968446
      968446
      33.110
      0
      0.251
      0.0476
      8192
      637536
      637536
      25.384
      0
      0.198
      0.0340


    3. ( 10 points) Repeat the above experiment for UDP streams. Explain the the results and losses (if any).

      Packet Payload
      (bytes)
      Sent Bytes
      (bytes)
      Received Bytes
      (bytes)
      Time It Took
      (sec)
      Loss
      (%)
      Throughput (Mbits/sec)
      Average Packet Delay Time (sec/packet)
      64
      39668636
      39668636
      28.210
      0
      7.801
      0.000108
      1024
      27287836
      27287836
      35.201
      0
      9.777
      0.000871
      8192
      34000396
      34000396
      40.178
      0
      9.832
      0.001139

    4. ( 8 points) Interconnect two of your computers directly (using a cross-over) via 100 Mbps adapters. Measure the maximum TCP traffic rate (throughput) you can get between them for 4096 packets (list the number of bytes sent, time it took and the throughput).

      Max. traffic rate = 94.5 Mbits/sec
      Time it took = 36.2 seconds (A total of 402 MBytes were transfered)
      Throughput = 94.5 Mbits/sec


    5. ( 3 points) What is the minimum, maximum and average round-trip delay to www.yahoo.com for twenty 64 byte packets? What is the "delay map" between NC State and Netscape (using traceroute)? 
      > ping -c20 -l64 www.yahoo.com
Pinging www.yahoo.akadns.net [64.58.76.177] with 64 bytes of data:
Reply from 64.58.76.177: bytes=64 time=15ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time=16ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Reply from 64.58.76.177: bytes=64 time<10ms TTL=240
Ping statistics for 64.58.76.177:    
     Packets: Sent = 20, Received = 20, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:    
     Minimum = 0ms, Maximum =  16ms, Average =  1ms
----------------------------------
      >> The minimum RTT is 0ms, maximum RTT is 16ms, and Average RTT is 1ms. 
      > tracert www.yahoo.com >> Q5_Perform.txt
Tracing route to www.yahoo.akadns.net [64.58.76.177]
over a maximum of 30 hops:  
 1  <10 ms  <10 ms  <10 ms  10.3.3.1   
 2  <10 ms  <10 ms  <10 ms  poehub-6509msfc-2.ncstate.net [152.1.158.4]    
 3  <10 ms  <10 ms  <10 ms  ncsugw-gew3-1.ncstate.net [152.1.7.1]   
 4  <10 ms  <10 ms  <10 ms  ncsugsr-gw-to-ncsu-lan.ncni.net [128.109.23.65]   
 5  <10 ms  <10 ms  <10 ms  rtp1-gw-to-core-oc48.ncren.net [128.109.52.6]   
 6  <10 ms  <10 ms  <10 ms  gigabitethernet6-1-101.hsipaccess2.Raleigh1.Level3.net [64.158.228.1]
 7  <10 ms  <10 ms  <10 ms  ge-7-0-0.mpls2.Raleigh1.Level3.net [209.244.22.37]   
 8  <10 ms   15 ms  <10 ms  so-5-2-0.mp2.Washington1.Level3.net [209.247.11.130]   
 9  <10 ms   16 ms  <10 ms  gigabitethernet8-0.core1.Washington1.Level3.net [64.159.18.37]  
10  <10 ms   15 ms   16 ms  cw-level3-oc12.Washington1.Level3.net [209.244.219.150]  
11  <10 ms   16 ms   15 ms  agr4-loopback.Washington.cw.net [206.24.226.104]  
12  <10 ms   16 ms   16 ms  dcr2-so-6-3-0.Washington.cw.net [206.24.238.189]  
13  <10 ms   16 ms   15 ms  bhr1-pos-10-0.Sterling1dc2.cw.net [206.24.238.166]  
14  <10 ms   16 ms   15 ms  csr04-ve240.stng01.exodus.net [216.33.98.203]  
15  <10 ms   16 ms   16 ms  216.35.210.126  
16  <10 ms   15 ms   16 ms  www8.dcx.yahoo.com [64.58.76.177] 
Trace complete.
    6. ( 2 points) What is the minimum, maximum and average round-trip delay to www.yahoo.com for twenty 2048 byte packets. What is the "delay map" between NC State and Netscape (using traceroute)? Explain the differences between this and the previous measurement.

    >ping -n 20 -l 2048 www.yahoo.com
Pinging www.yahoo.akadns.net [64.58.76.177] with 2048 bytes of data:Reply from 64.58.76.177: bytes=2048 
time=31ms TTL=240Reply from 64.58.76.177: bytes=2048 time=15ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 
time=16ms TTL=240Reply from 64.58.76.177: bytes=2048 time=16ms TTL=240Ping statistics for 64.58.76.177:    
Packets: Sent = 20, Received = 20, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    
Minimum = 15ms, Maximum =  31ms, Average =  16ms

    ------------------------------------------------

    >> The minimum RTT is 15ms, maximum RTT is 31ms, and average RTT is 16ms.

    
Tracing route to www.yahoo.akadns.net [64.58.76.179]
over a maximum of 30 hops:
  1   <10 ms   <10 ms   <10 ms  10.3.3.1 
  2   <10 ms   <10 ms   <10 ms  poehub-6509msfc-2.ncstate.net [152.1.158.4] 
  3   <10 ms   <10 ms   <10 ms  ncsugw-gew3-1.ncstate.net [152.1.7.1] 
  4   <10 ms   <10 ms    16 ms  ncsugsr-gw-to-ncsu-lan.ncni.net [128.109.23.65] 
  5   <10 ms   <10 ms   <10 ms  rtp1-gw-to-core-oc48.ncren.net [128.109.52.6] 
  6   <10 ms   <10 ms   <10 ms  gigabitethernet6-1-101.hsipaccess2.Raleigh1.Level3.net [64.158.228.1] 
  7   <10 ms   <10 ms   <10 ms  unknown.Level3.net [209.244.22.45] 
  8   <10 ms    15 ms   <10 ms  so-3-0-0.mp2.Washington1.Level3.net [64.159.0.230] 
  9   <10 ms    15 ms   <10 ms  gigabitethernet8-0.core1.Washington1.Level3.net [64.159.18.37] 
 10   <10 ms    16 ms    16 ms  cw-level3-oc12.Washington1.Level3.net [209.244.219.150] 
 11   <10 ms    16 ms    15 ms  agr4-loopback.Washington.cw.net [206.24.226.104] 
 12   <10 ms    16 ms    15 ms  dcr2-so-6-3-0.Washington.cw.net [206.24.238.189] 
 13   <10 ms    16 ms    16 ms  bhr1-pos-10-0.Sterling1dc2.cw.net [206.24.238.166] 
 14   <10 ms    16 ms    15 ms  csr04-ve242.stng01.exodus.net [216.33.98.218] 
 15   <10 ms    16 ms    15 ms  216.35.210.126 
 16   <10 ms    15 ms    16 ms  www10.dcx.yahoo.com [64.58.76.179] 
Trace complete.

    >> From the statistics shown above, the minimum, maximum, and average RTT for the second one is much longer than the first one. There are many possible reasons to this. The most obvious one is that each packet in the second ping is much larger. Therefore, it takes more time (longer transmission delay) to go through the routers and switches out there. Another reason could be that the larger packets of the second ping were fragmented as they were routed through links that do not support large MTU. Because of the fragmentations, the processing delay increases. In addition, when a packet is fragmented, the total number of headers increases, there for the total transmission time also increases.

    [Back to TOC]

 

 

This page was last updated on:
Monday, October 28, 2002 21:53
Copyright © 2002 by Team 3, All Rights Reserved.
WebSite contact: K. Fritz Lehr, E-mail: kflehr@unity.ncsu.edu, Tel: (919) 593-0162