CS 176B -- Network Computing
Homework Assignment #3
Due in class on Thursday, February 21, 2002
The goal of this assignment is to help you put what you have learned
in class into perspective with how the Internet actually works.
By examining exactly what bits are
flowing across a network segment, you can see the operation of the
various protocols at the various layers of the OSI stack.
Examining all of the packet headers is something of a difficult task
protocol designers have worked so hard to provide so much abstraction
to the higher layer applications. Therefore, as a user at the highest
layer of the protocol stack, it is hard to see any of the details of
what is going on in the network. Never fear though, there are tools
that we can use.
The goal of the assignment is to examine real protocols in
use and understand the communication that takes place in a network by
examining the bits that flow across a network segment.
For this assignment you will have use your CS UNIX account.
(The reason is that Windows does not have snoop capability, but most
UNIX operating systems do.) The command you will be using
is snoop. One problem though: snoop usually
requires root privileges to run. Of course, this is a good thing because
it should be hard to snoop packets on the network! To get around this
requiprement, the snooping has been done for you. The raw output has been
saved, and a snoop file has been
created. Download the hw3-snoop.bin.gz
snoop file (NOTE: Make sure you download this file, i.e. right
click and select ``Save Link As''.)
and use it as the source file for snoop (HINT: do a
man snoop and look at how to use the -i option.)
You can do this without having root access. You will also want to use
some of the other options that come with snoop to more closely
investigate what is happening in the trace. Snoop will give you
very detailed information--down to the bit level in most cases.
It is important to realize that while we have gone over a lot of
the protocols you will see, we will not necessarily have gone over
everything. You will have to use one of the class textbooks and
online sites as references to research the details of some of these
protocols. I will also try to
provide some in-class time to answer questions so be prepared to
ask questions when the time comes.
This assignment will be graded based on your ability
to communicate that you understand everything about the
packet trace. Imagine that your target audience will be someone
who knows something about networking but wants a full analysis of
this particular trace. This implies a clear, concise write-up!
To help get you started, you have been provided a set of sample questions
that you will want to answer about the packet trace. However, these
questions only serve as examples of the kinds of things that are
important. They serve as a starting point and are
not exhaustive. They are really only provided as a guide to help
you find the most interesting aspects of the trace.
The set of questions include the following:
Your write-up for this assignment can take any form you like.
An important suggestion is to be creative (but do not assume that
creativity can be used as a substitute for technical thoroughness).
First answer the questions and understand what is going on in the trace.
Next, create a description of the session, what it does, what commands
were probably executed by the target host during the trace. Using
this set of commands, create a timeline about the order of execution
and then fill in details about what happened in the trace and when.
In filling in the details, re-order the questions to better fit the
protocol stack and then use the questions to identify the important
information. Again, the questions are just for a guide and are really
only hints about things to look for in the trace. You might even need
to add questions that you think are important but that have not been
included. Try to present the results in a way that
provides multiple levels of abstraction. For example, first describe the
session, then describe the flows, then describe the packets in the
flow. It is also worthwhile to try and draw a network diagram
showing the overall relationship of the various machines included in
- How many total packets are in the trace file?
- What protocols (at each layer of the Internet stack) are seen
at least once somewhere in the trace?
- What are the contents and function of each packet (you can summarize
series of packets that work to accomplish some high level function but
be sure to include a sufficient amount of detail for at least one
series of packets)?
- What DLL/MAC layer addresses can be seen in the trace?
- What IP addresses can be seen in the trace?
- What host names can be seen in the trace?
- What transport-layer port numbers do you see? Are any of them
reserved? Which ones and what services are they reserved for?
How are the others chosen?
- Can you deduce anything about the network topology on which
this trace was taken, i.e. who is taking the trace? How many hosts
are on the local network, which ones? Which ones are remote? etc.
- How far away are the remote hosts? What in the packets can you
use to deduce this information?
- What information in the Ethernet frame tells you what kind of
data is encapsulated in the data field? What types appear in the
Ethernet frames in the trace?
- What different IP `next protocol' types can be seen what does
- Does IP fragmentation ever occur?
- Why would some packets have the ``Don't fragment" bit set?
- What are the ranges of sequence numbers in each TCP flow?
- What are the ranges of acknowledgment numbers in each TCP flow?
- In any of the TCP connections, what is the window size?
Does it ever change between connections? How is it chosen?
- Is there any information that tells you the TCP congestion window
for a particular flow?
- Why the difference in the TTL values? If there was suddenly a change
in the reported TTL, what would that be an indicator of?
- Are there any protocols that appear to be operating differently
than as described in class?
- This packet trace is full of surprises, especially for someone who
has never looked at a packet trace in detail before. Consider not
only the questions asked but look into the trace for things that
are suprising to you.
This assignment is to be done individually, though you may
discuss your thoughts and ideas with your classmates.
You only need to turn in a hard copy of your report (due in class),
but the assignment must be done entirely in some kind of digital
format. Since I will not see the source, you can use anything you
want, for example: HTML, Latex, Word, etc.
The points for this assignment will be broken down as follows:
Of particular note is the percentage of points reserved for
- 10 pts: Overall Session Description
- 15 pts: Data Link Layer Details
- 15 pts: Network Layer Details
- 15 pts: Transport Layer Details
- 15 pts: Application Layer Details
- 30 pts: Create and Concise Presentation