CS 176B - Network Computing
Homework Assignment #4
Due March 7 ( In Class )
(TA: Kamil Sarac - ksarac@cs)
This assignment will help you to learn to understand what is going
on in the network. This is something of a difficult task because network
protocol designers have worked hard to provide so much abstraction to the
higher layer protocols. Never fear though, there are tools that we can
The goal of the assignment is to examine real protocols in use and understand
the communication that takes place in a network by examining the bits that
flow across a network segment. The command is snoop; however,
it requires root privileges to run. This is a good thing because it should
be hard for anyone to look at any and all packets on the network! So, I've
done the snooping and created a dump file. Take the hw4-source
file and use it as the source file for snoop (HINT: do a
snoop and look at how to use the -i option... you can do this
without having root). You will also want to use some of the other options
that come with snoop. Pay attention to options which give you the most
information about packets. Some of the questions below will be about material
that we have not, and will not be covering in class. You'll have to use
Tanenbaum as a reference to answer them and be prepared to ask questions
in the discussion section.
A note about grading: a key to a good grade will be your ability
to communicate that you understand most everything about the packet
trace. This implies, as usual, a clear, concise write-up! The questions
below are designed to help you find the most interesting aspects of the
trace, but they are by no means exhaustive. There will be other interesting
results that you should find. Also the more you investigate and understand
the better you will do.
Your write-up for this assignment can take any form you
like. The most straightforward is to simply answer each question though
I would strongly recommend a more creative approach. The reason is that
the questions are purposely haphazard. My suggestion is to first answer
the questions, understand what is going on in the trace, and then create
a description of the session filling in the details as necessary.
Here are the sample questions:
What happens in this trace?
How many total packets are there in the trace file?
How many TCP connections are there in the trace? Can you give a similar
number for UDP sessions?
What protocols (at each layer of the Internet stack) are seen at least
once somewhere in the trace?
What is the Ethernet address and host name of the sender and receiver?
What is the IP address and host name of the sender and receiver?
How well does the Internet protocol stack adhere to the principles of layering
and abstraction? In other words, is there any information in a particular
layer of the protocol stack which is affected by the type of protocol above
or below it.
What is the Ethernet packet type and what does it mean?
What different IP packet types can be seen what does each mean?
Which packets are fragments and which are not?
Why would some packets have the ``Don't fragment" bit set?
How many checksums are there in each packet? What is the reason for this
Why the difference in the TTL values? If there was suddenly a change in
the reported TTL, what would that be an indicator of?
Is there any additional information about network agents other than the
source and destination? If yes, describe what information is available.
This packet trace is full of surprises, especially for someone who has
never looked at a packet trace in detail before. List a few observations
that were surprising to you including details of the observation and why
it was particularly noteworthy.
How many probe packets are used in the whole process? How many response
packets are received?
What source and destination port numbers do you see in probe packets?
How/why they are chosen in this particular way? Do you see any chance that
this port selection cause an undesirable effect? How?
How does the destination host interpret probe messages? Can
it understand that it was a traceroute probe message? How/Why?
What is the response of destination host for traceroute probe messages?
What TTL value does it use to send this response? What does it know about
the TTL value of the incoming probe message?
About HTTP session:
Briefly describe what happens in the http session.
Which packets are the packets that carry actual data (i.e. html file, image
file, etc)? Which of them are acknowledged by which packets? (Give their
ETHER packet numbers).
What are the ranges of sequence numbers?
What are the ranges of acknowledgment numbers?
What is the window size? Does it ever change? How is it chosen?
What Maximum Segment Size is used?
Which packets are used in connection establishment? (Give their ETHER packet
Which packets are used in connection tear down? (Give their ETHER packet