计算机网络实验3：WiresharkLabTCP

Lab3WiresharkLab:TCPSTEPS?Startupyourwebbrowser.GotheandretrieveanASCIIcopyofAliceinWonderland.Storethisfilesomewhereonyourcomputer.?Nextgoto?UsetheBrowsebuttoninthisformtoenterthenameofthefile(fullpathname)onyourcomputercontainingAliceinWonderland(ordosomanually).Don’tyetpressthe“Uploadfile”button.?NowstartupWiresharkandbeginpacketcapture(Capture->Options)andthenpressOKontheWiresharkPacketCaptureOptionsscreen( we’llnotneedtoselectanyoptionshere).?Returningtoyourbrowser,pressthe“Uploadfile b”uttontouploadthefiletotheserver.Oncethefilehasbeenuploaded,ashortcongratulationsmessagewillbedisplayedinyourbrowserwindow.?StopWiresharkpacketcapture.?First,filterthepacketsdisplayedintheWiresharkwindowbyentering“tcp”(lowercase,noquotes,anddon’tforgettopressreturnafterentering!)intothedisplayfilterspecificationwindowtowardsthetopoftheWiresharkwindow.QUESTIONSWhatistheIPaddressandTCPportnumberusedbytheclientcomputer(source)thatistransferringthefiletoToanswerthisquestion,it ’sprobablyeasiesttoselectanHTTPmessageandexplorethedetailsoftheTCPpacketusedtocarrythisHTTPmessage,usingthe“detailsoftheselectedpacketheaderwindow”.TheIPaddressisTheTCPportnumberis1161.

EthernetII,5rc:ActionteJa^OAaC00:20：€0:8a:70:1a),Dst:Link5ysG_da:af:73(00:D(InternetProtocolversion4,Six:192.168.L1^^31奠，164L102),Ost;128,119,245.12iTrn-*nsr la-<riraLcgIhbfieIFIbtc十clcI Tel Flribi+h II1 dri"1 \ rhrf_*I- riimn1-nOA 产0门、 Lee. "1U浦启青中jeBrkWI1—L■IF V■/J4W■r.5'tAJF-L-vA,W1-->-: p -工'YF4=/♦，r¥♦一二、♦工VTran5Tiri55ioncontro-FrctccalfsrePort:LL61江阴11."tFort:80(S3),seq:164041,AdcPlOFn»mrrnmh.1Trnt^LELEffl^innn.tin：G「"・~〜『gC杏 #7^1rtlfinliWhatistheIPaddressofOnwhatportnumberisitsendingandreceivingTCPsegmentsforthisconnectionTheIPaddressisTheTCPportnumberis80.■ . ig. ■ InternetProtocolversion4,Ere;nTZbH%245.工上CL2),D5t:191-nnfiriLinn-■lJ icanLcwii*edCinJ-b-U-d-hlcILbtilncE-t-.OflifG/1、Ca 1-Fhonbh-T-■II"1U/ ，+十仁十、Lx.nil.n.jl.r■wrly=yr,imurin-a"—一・j■q-W"-s-■jfj &■< Y■工巴/■f-w5m■£&.j,V)』■ ■.TransmlssionControlProtocol,SrcPort:80(80),DsrPort:1161(1161),HypertextTransferProtceolWhatistheIPaddressandTCPportnumberusedbyyourclientcomputer(source)totransferthefiletoIPaddressisTheTCPportnumberis51458.Ethernet工工，Src:Wistrnn工ff:69:°2(纪：97: :后9:02〕,Dst:H3cTeinternetProroco"!version4,src:51(21),Ds"Fir、ritE"!勺.JicriifnnTmlDj™nirnrnT亏丁『0cLlr・ 4K耳注/17lft\n*sT口gilt-AJ二JL/上■J.OBSrcPort;口J二JL/上■J.OBSrcPort;口LF・工mJLLJL1/■JL△,口LJ

5L45S(5145S),|ds-WhatisthesequencenumberoftheTCPSYNsegmentthatisusedtoinitiatetheTCPconnectionbetweentheclientcomputerandWhatisitinthesegmentthatidentifiesthesegmentasaSYNsegmentThesequencenumberoftheTCPSYNsegmentis0.TheSYNflagissetto1identifiesthesegmentasaSYNsegment.sourceporr:1161Dest1nationport:8C(且0)[Stred.mtndex;Q][丁匚「 Len:Q]G噂qu噂mucrumbw:0 1afisequencenumber>Acknov/1edgmenrnumberj0Hea.derLength;28bytes

OOO, .__ — ■■"V OOO, .__ — ■■"V Q・• • ■ ・ ・ O. 1 rfI —一 —・・・・ ・・・・ tJ ・ ・ ・ C一 ,='m口n仁旧:Not5et=congesT：tonwindoivReduced—ECN-EChO：NOT5et=urgent:not二由七=Atzknow-lecdgment:MotS-et=Push；NQt5-Resex；NQt3gtEye:serL-4 -hif^:一WhatisthesequencenumberoftheSYNAC标gmentsentbytotheclientcomputerinreplytotheSYNWhatisthevalueoftheACKnowledgementfieldintheSYNACKsegmentHowdiddeterminethatvalueWhatisitinthesegmentthatidentifiesthesegmentasaSYNACKsegmentThesequencenumberoftheSYNACKsegmentsentbyis0.ThevalueoftheAcknowledgementfieldintheSYNACKegmentis1.Thevalueisadding1totheinitialsequencenumberofSYNsegment.TheSYNflagandAcknowledgementflaginthesegmentaresetto1identifiesthesegmentasaSYNACKsegment.DeatirationPort:1161(1L61)[Strearnindex:o][tip5明meitL&n;gequercerubber:0(relativesequencerunber)工或nowl配鲫2mnumbai1(「口小川自adrumKr)HeaderLength:18bytest・..门0但D=Flans:1x01?fSYN.由「C000 =R.sserved:Notset...0 =Nonce::wotser0.., =congesciorwindowReducedCcwr);Not5ET 0 -ECN-Echa:Norser一:...(J, =urqtet:muxset 1=Acknowledoment:5et 0...=Push:Nutset *.*0,,=Resex;nqtserI L.=:用门; 0 =Fin:hiotsetiirfcHrwi?<3下口a1iiglaR4lHWhatisthesequencenumberoftheTCPsegmentcontainingtheHTTPPOSTcommandNotethatinordertofindthePOSTcommand,you'llneedtodigintothepacketcontentfieldatthebottomoftheWiresharkwindow,lookingforasegmentwitha“POSTwithinitsDATAfield.

ThesequencenumberoftheTCPsegmentcontainingtheHTTPPOSTcommandis1.21U4：2O.S93&46192,168,1,10212£.119,245.12TCP541161-421:44:20.59695902126,119.245.12TCP619llCl-521:44：20.ClL2U8022TCP15141161-621:44:20.62431821^02TCP60EOTl?21:44:20.624407192,168.1.102128.119.245+12TCP15141161-821:44:20,6250^1192.1(X2128.119.245+12TCP1514nei-9a：44：20.6476752192,168.1.102TCP60fiO-11[streamindex:0：[TCPsementj_enj_565]seqtenctnumber:1(relaclvesecjuenLenurrber)[\extsequencenunber:S66(relativesequencenumber)]Acknowledgmentnunber：1(relativeacknimb^r)HeaderLength:20bytes王，.，.GOOD00011000-Flags:0x018(p5HtACK]Mindowsizevalue:17520[calculatedwindowsize:17520]00。010020030。打050。石。070QS300。010020030。打050。石。070QS30900a。ObOOcOOd。OeO肝口0006025dfiOc4/722dH然6155312e*OdRd70€5722e73722fw3b莫3SCafif25chaf730020le214000SO0604If6165312e2d3520202920410050Oddebd00cc504f6c可fc6162F6c792e6BodOa48Sf73755d617M7341专;65能74302028575769Ce646f656e2d55532047EE的6b4e65747563636i657074Al7070firfiQ07s5Lf&3CD-eD22&_R07163227swzz333775心o8do15Gb5eooff485625656332332206343-49393013e4fo€17356o€723327fiSld5241di74ao7sf00766rj607475-3337fias>u--T18T—5ffe6of59La3^261-676*647326_fi0040>coo词d4o225447CTV-2&22&4&-273677a754fda5ce3ofco18ef52€3fi-2€--72-2-72fi0213344€9-7bf1ayelar-rj『UlT—F;23-6-^.13663fi■!■x'b■■^■ ■।P■■■E.1.].!@ A.vt.… T.jP.Dp..，05T/宜卜8redl-Tabs/abJ-1-reply.hrmhttp/1.1..host;gala,+.ustr-Ag^nt;r^llla5.0indws;u;Hind。wsnt5.1;en-U5；rv:l,0,2)GeekO/200302OflNetSCape/7.02..Accept：xext/Kml.^nnlir^rinrxConsidertheTCPsegmentcontainingtheHTTPPOSTasthefirstsegmentintheTCPconnection.WhatarethesequencenumbersofthefirstsixsegmentsintheTCPconnection(includingthesegmentcontainingtheHTTPPOST)AtwhattimewaseachsegmentsentWhenwastheACKforeachsegmentreceivedGiventhedifferencebetweenwheneachTCPsegmentwassent,andwhenitsacknowledgementwasreceived,whatistheRTTvalueforeachofthesixsegmentsWhatistheEstimatedRTTvalue(seepage249intext)afterthereceiptofeachACKAssumethatthevalueoftheEstimatedRTTisequaltothemeasuredRTTforthefirstsegment,andtheniscomputedusingtheEstimatedRTTequationonpage249forallsubsequentsegments.Note:WiresharkhasanicefeaturethatallowsyoutoplottheRTTforeachoftheTCPsegmentssent.SelectaTCPsegmentinthealistingofcapturedpackets

windowthatisbeingsentfromtheclienttotheserver.Thenselect:windowthatisbeingsentfromtheclienttotheserver.Thenselect:Statistics->TCPStreamGraph->RoundTripTimeGraph.Wecangettable1:Table1NumberTime(s)SeqNoACKNo4155666566720268348692026104946116406123486137866144946

156406167866Then,wecangettable2formtable1.Table2NOSendTime(s)AckTime(s)RII(s)123456EstimatedRTTafterthereceiptoftheACKofsegment1:EstimatedRTT=sEstimatedRTTafterthereceiptoftheACKofsegment2:EstimatedRTT=*+*=sEstimatedRTTafterthereceiptoftheACKofsegment3:EstimatedRTT=*+*=sEstimatedRTTafterthereceiptoftheACKofsegment4:EstimatedRTT=*+*=sEstimatedRTTafterthereceiptoftheACKofsegment5:EstimatedRTT=*+*=sEstimatedRTTafterthereceiptoftheACKofsegment6:EstimatedRTT=*+*=sWhatisthelengthofeachofthefirstsixTCPsegmentsAccordingtoTable1,wecangetthatthefirstTCPsegment'slengthis565bytes.Theother5is1460bytes.WhatistheminimumamountofavailablebufferspaceadvertisedatthereceivedfortheentiretraceDoesthelackofreceiverbufferspaceeverthrottlethesenderTheminimumamountofavailablebufferspaceadvertisedatthereceivedfortheentiretraceis5840bytes.Wecanseethatthesenderisneverthrottlebecauseofthelackofreceiverbufferspace.FLIrLFHICIHH'EIIIILIIU11IIU1Cl~~-XUI4」■WfLk_IKIILJIIILJEIJHeaderLength:28bytes国000000010010=Flags:0x012(SYNsACK)Windowsizevalue:584Q[calculatedwindowsize:?840}+checksum:0x774d[validaxlondisabled]Urgentpolnter:。*ioptlons:(8byTes).Maximumseqmcntsize,Mo-op€ratlon(卜

ArethereanyretransmittedsegmentsinthetracefileWhatdidyoucheckfor(inthetrace)inordertoanswerthisquestionttwodotsinthesameTherearen'tanyretransmittedsegmentsinthetracefile.WecancheckthettwodotsinthesameTime-Sequence-Graph(Stevens).Inthegraph,thereareny-line.TCPGruph2:t<pcttieicjlLiacc1192.16ai,102;1161—128.119,245,12:00150OM-1»OM-500^0-Tmgnumt*er'B]Tirr-E/SeqigenceGrac-Sle'-ensaTCPGruph2:t<pcttieicjlLiacc1192.16ai,102;1161—128.119,245,12:00150OM-1»OM-500^0-Tmgnumt*er'B]Tirr-E/SeqigenceGrac-Sle'-ensaHowmuchdatadoesthereceivertypicallyacknowledgeinanACKCanyouidentifycaseswherethereceiverisACKingeveryotherreceivedsegment(seeTableonpage257inthetext).thand77thand77thtwosegment.80thisACKingeveryotherreceivedsegment.Itacks76

761.S652H1直1M.L102128.119J45.12TCP1514116140[KK]5e^55BBAtk=lkin=U520Len=14(11L6M1511*1砥LM2 128,U3J45tl?KP 耻116hE0[PSH]岫网引23Adf-1:向752。Le731/55227126.U9J45.12 19M6S,1.102 KP 制如1161 [<K] Seq=l4k・52网wirHJIO Lfn=0791. 1址115.245.12 1勉16MLi心 KP 608ali61 [«K] sq=lMe礴涮 l®M80L930880121119J45.12 NLLMLIW KP 60E04161 [«u]兜帆Ack颈£»iM27船 LerM)S1UJ1055W2,1«L1.1D212B.1B,24L12KP1514116h8O[«K]seq-SSlSSA：k-1win-17520l^14(Whatisthethroughput(bytestransferredperunittime)fortheTCPconnectionExplainhowyoucalculatedthisvalue.bytes.ThewholetimeisThelastsegment'ssequencenumberis164091.Sothetotaldatais164091-1=164090bytes.Thewholetimeis=s.Sothethroughputis164090/=KB/sec.40.0S4H152.1M,1.W%,1RH5.12 KPSWUM；P5H,K©整同mMMENDL酢565M5.(55430四刖刘皿阪阑L皿IPtoM61［阑新1版国邮1片体制的0STEPS?SelectaTCPsegmentintheWireshark'slistingofcaptured-packets "window.Thenselectthemenu:Statistics->TCPStreamGraph->Time-Sequence-Graph(Stevens).Youshouldseeaplotthatlookssimilartothefollowingplot,whichwascreatedfromthecapturedpacketsinthepackettracetcp-etherealtrace-1inQUESTIONSUsetheTime-Sequence-Graph(Stevens)plottingtooltoviewthesequencenumberversustimeplotofsegmentsbeingsentfromtheclienttotheserver.CanyouidentifywhereTCPsslowstartphasebeginsandends,andwherecongestionavoidancetakesoverCommentonwaysinwhichthemeasureddatadiffersfromtheidealizedbehaviorofTCPthatwe 'vestudiedinthetext.TCPslowstartbeginsatthestartoftheconnection.SowhentheHTTPPOSTsegmentissentout,theslowstartbegins.Butifwewanttoidentifyw hereTCP'sslowstartphaseendsandwherecongestionavoidancetakesover,wehavetoknowthevalueofcongestionwindow sizeofthissender.Sadly,wecan'tgetthevaluedirectly.Allwecandoistoestimateitbytheamountofdatawithoutacknowledgement.Because

weknowthatLastByteSend-LastbyteAcked<=min{CongWin,RcvWin}andtheRcvWinislargeenough.ButevenwegetthelowerboundoftheTCPwindowsize,itisstill'tequalhardtoidentifywhereTCPsslowstartphaseendsandwherecongestionavoidancetakesover.Afterall,theamountofdatawithoutacknowledgementdoesn'tequaltothevalueofcongestionwindowsize.TheidealizedbehaviorofTCPthatwevestudiedinthetext:TCPsenderwillTheidealizedbehaviorofTCPthatwevestudiedinthetext:TCPsenderwilltrytosendmoredata.WhenitgetanACK,itwillsendmoredata.Butoncecongestionhappened,theCongwinwilldropdowntoahalf.Butinpractice,TCPbehavioralsodependsontheapplication.Forexample,insomewebapplications,thewebobject'ssizeisverysmall.Sobeforetheendofslowstart,thetransmissionisover.Thenwewillgetalongdelayandasmallthroughput.TCPGraph2:tcp-ettiereal-trace-1192.16B.1.102:1161-2:00number[B]15QTOD-Tme[s]Answereachoftwoquestio