The goal of this assignment is to help you understand what is
going on in the network by examining exactly what flows across the
wire. This is something of a difficult task because network
protocol designers have worked so hard to provide so much abstraction
to the higher layer applications. Never fear though, there are tools
that we can use.
The goal of the assignment is to examine real protocols in
use and understand the communication that takes place in a network by
examining the bits that flow across a network segment.
For this assignment you will have use your CS UNIX account.
(The reason is that Windows does not have snoop capability, but most
UNIX operating systems do.) The command is snoop; however,
it requires root privileges to run. This is a good thing because it
should be hard to snoop packets on the network! So, the snooping has
been done for you, and a snoop file has been created.
Take the hw4.snoop-file.bin.gz
(NOTE: Make sure you download this file, i.e. right click and select
``Save Link As''.)
and use it as the source file for snoop (HINT: do a
man snoop and look at how to use the -i option...
you can do this without having root). You will also want to use some
some of the other options that come with snoop to more closely
investigate what is happening in this trace.
Some of the things going on in the trace will contain protocols
we have not gone over in class. You'll have to use one of the
class textbooks as a reference to answer them. I will also try to
provide some in-class time to answer questions so be prepared to
ask questions when the time comes.
This assignment will be graded based on your ability
to communicate that you understand everything about the
packet trace. This implies, as usual, a clear, concise write-up!
To help get you started, I have provided a set of sample questions
that you will want to answer about the packet trace. However, these
questions only serve as examples of the kinds of things I think
are important. They serve as a starting point and are
not exhaustive. They are only provided as a guide to help
you find the most interesting aspects of the trace. So, how should
you proceed? Start by considering the following questions:
Your write-up for this assignment can take any form
you like. My suggestion is to be creative (but do not assume that
creativity can be used as a substitute for technical thoroughness).
First answer the questions and understand what is going on in the trace.
Next, create a description of the session filling in the details
where appropriate. At a minimum, you should re-order the questions
to flow more logically; reduce redundancy (yes, there are some redundant
questions); and add questions that you think are important but
that I have not included. Try to present the results in a way that
provides multiple levels of abstraction. For example, first describe the
session, then describe the flows, then describe the packets in the
flow. It is also worthwhile to try and draw a network diagram
showing the overall relationship of the various hosts.
- How many total packets are in the trace file?
- What protocols (at each layer of the Internet stack) are seen
at least once somewhere in the trace?
- What are the contents and function of each packet (you can summarize
series of packets that work to accomplish some high level function but
be sure to include a sufficient amount of detail for at least one
series of packets)?
- What DLL/MAC layer addresses can be seen in the trace?
- What IP addresses can be seen in the trace?
- What host names can be seen in the trace?
- What transport-layer port numbers do you see? Do any of them
have special significance? Which ones and what is the significance?
How are the others chosen?
- Can you deduce anything about the network topology on which
this trace was taken, i.e. who is taking the trace? How many hosts
are on the local network, which ones? Which ones are remote? etc.
- How far away are the remote hosts?
- What is the Ethernet packet type and what does it mean?
- What different IP packet types can be seen what does each mean?
- Does IP fragmentation occur?
- Why would some packets have the ``Don't fragment" bit set?
- What are the ranges of sequence numbers in each flow?
- What are the ranges of acknowledgment numbers in each flow?
- In any of the TCP connections, what is the window size?
Does it ever change between connections? How is it chosen?
- Why the difference in the TTL values? If there was suddenly a change
in the reported TTL, what would that be an indicator of?
- This packet trace is full of surprises, especially for someone who
has never looked at a packet trace in detail before. List a few
observations that were surprising to you including details of the
observation and why it was particularly noteworthy.
This assignment is to be done individually, though you may
discuss your thoughts and ideas with your classmates.
You only need to turn in a hard copy of your report (due in class),
but the assignment must be done entirely in some kind of digital
format. Since I will not see the source, you can use anything you
want, for example: HTML, Latex, Word, etc.