MAT 201B / CS 290I--Media Networks and Services
Homework Assignment #2
Due by 11:59pm on Friday, October 24, 2003
Assignment Overview
The goal of this assignment is to help you understand what is
going on in the network by examining exactly what flows across the
wire. This is something of a difficult task because network
protocol designers have worked so hard to provide so much abstraction
to the higher layer applications. Therefore, as a user at the highest
layer of the protocol stack, you should be able to see very little of
what happens in the network. Never fear though, there are tools
that we can use.
Assignment Details
The goal of the assignment is to examine real protocols in
use and understand the communication that takes place in a network by
examining the bits that flow across a network segment.
For this assignment you will use the application ethereal.
Ethereal lets the user capture packets from the network as well as save the
packets for viewing at a later time. When running Ethereal you should see
something like Figure 1. Ethereal is available for most platforms, including Windows from http://www.ethereal.com. It is
also available in the CSIL lab either in KDE under Internet, or by simply
typing ethereal

Figure 1. Ethereal
snapshot
One problem though: ethereal usually requires root privileges to run.
Of course, this is a good thing because it should be hard to capture packets on
the network! So, the capturing has been done for you, and a capture file has
been created. Take the hw2.ethereal-file.bin
file
(NOTE: Make sure you download this file, i.e. right click and select
``Save Link As''.)
and use it as the source file for ethereal (HINT: do a
man ethereal and look at how to use the -r option...
you can do this without having root. Or better yet, read the User's Guide).
You will also want to use the GUI in ethereal to more closely
investigate what is happening in this trace.
Some of the things going on in the trace will contain protocols
we have not gone over in class. You'll have to use one of the
class textbooks as a reference to answer them or Google to look them up. I
will also try to provide some in-class time to answer questions so be prepared
to ask questions when the time comes.
This assignment will be graded based on your ability
to communicate that you understand everything about the
packet trace. This implies, as usual, a clear, concise write-up!
To help get you started, below is a set of sample questions
that you will want to answer about the packet trace. However, these
questions only serve as examples of the kinds of things that
are important. They serve as a starting point and are
not exhaustive. They are only provided as a guide to help
you find the most interesting aspects of the trace. So, how should
you proceed? Start by considering the following questions:
- How many total packets are in the trace file?
- What protocols (at each layer of the Internet stack) are seen
at least once somewhere in the trace?
- What are the contents and function of each packet (you can summarize
series of packets that work to accomplish some high level function but
be sure to include a sufficient amount of detail for at least one
series of packets)?
- What DLL/MAC layer addresses can be seen in the trace?
- What IP addresses can be seen in the trace?
- What host names can be seen in the trace?
- What transport-layer port numbers do you see? Do any of them
have special significance? Which ones and what is the significance?
How are the others chosen?
- Can you deduce anything about the network topology on which
this trace was taken, i.e. who is taking the trace? How many hosts
are on the local network, which ones? Which ones are remote? etc.
- How far away are the remote hosts?
- What is the Ethernet packet type and what does it mean?
- What different IP packet types can be seen what does each mean?
- Does IP fragmentation occur?
- Why would some packets have the ``Don't fragment" bit set?
- What are the ranges of sequence numbers in each flow?
- What are the ranges of acknowledgment numbers in each flow?
- In any of the TCP connections, what is the window size?
Does it ever change between connections? How is it chosen?
- Why the difference in the TTL values? If there was suddenly a change
in the reported TTL, what would that be an indicator of?
- Are there any protocols that appear to be operating differently
than as described in class?
- This packet trace is full of surprises, especially for someone who
has never looked at a packet trace in detail before. List a few
observations that were surprising to you including details of the
observation and why it was particularly noteworthy.
Your write-up for this assignment can take any form
you like. One suggestion is to be creative (but do not assume that
creativity can be used as a substitute for technical thoroughness).
First answer the questions and understand what is going on in the trace.
You may not necessarily include these specific answers in your final write-up,
but knowing the answers is a critical first step.
Next, create a description of the session filling in the details
where appropriate. What happened? What does the network look like? Who
was sent traffic? Who responded? As a starting place, consider re-ordering
the questions to flow more logically; reduce redundancy (yes, there are some
redundant questions); and add questions that you think are important but
that have not included. Another nice idea would
be to guess what was typed at the command line to cause the traced packets to
occur. While not all the packets are from commands a user might type, most are
and that will give a very clear description of what was going on in the network
during the capture.
Next, try to understand the results in a way that
provides multiple levels of abstraction. For example, first describe the
session, then describe the flows, then describe the packets in the
flow.
Finally, determine a good, concise way of writing a report that clearly
presents all of this information. This will be one of the harder parts of
the assignment. Because there is so much information and it is hard to
decide what to present first, you will have to make some hard decisions and
use some creative solutions to clearly convey to a reader what is happening.
Assignment Turnin
First and foremost, be sure to put your name on your assignment!
This assignment will be turned in using the CS Department turnin program. From
any computer in CSIL type the following command to turnin your write-up for
this homework:
csil-machine>turnin hw2@cs290i hw2.ps
Be sure to use exactly hw2@cs290i for this assignment. However the last
argument is the name of the file containing your homework answers and can be
any name you choose.
This assignment should be turned in a suitable format.
Suitable formats include HTML, PostScript, PDF and plain text. Unfortunately,
Microsoft Word documents are not suitable, they are too prone to viruses.
However, that does not preclude you from using Microsoft Word to type out your
answers. Simply save the Word document as an HTML file or a PostScript file if
you know how. If you have any questions on a format ask the TA.