comp416 lab 6 - hong kong polytechnic universitycomp416/lab6-tcp.pdf · 2013-11-11 · first two...

Ricky Mok

1

Analyze TCP traces to learn about capturing network path metrics and events.

Produce and analyze your own traces.

Warning! This lab is NOT easy. Ask questions if you get lost.

2

Reliable data transfer

3

Source: http://nmap.org/book/tcpip-ref.html

Download and unzip trace files from http://www.frog.im/trace.zip

You should see three pcap files ◦ trace[0-2].pcap ◦ Source: 158.132.255.18 ◦ Destination: 158.132.255.20

Turn off the “relative sequence number” in TCP protocol preference.

Make sure “View>Time Display Format> Seconds Since Beginning of Capture”

4

http://www.frog.im/trace.zip�

Round-trip time (RTT) ◦ The length of time a packet goes from one (local)

endpoint to another (remote) endpoint +the length of time the response packet from remote endpoint to local endpoint. ◦ t1+t2

5

Open trace0.pcap Look at the first two packets. ◦ First two steps in TCP three-way handshake ◦ 2nd packet is triggered by 1st packet. ◦ RTT = 0.020529 s / 20.529 ms ◦ Also known as “SYN,SYN/ACK Time”

Look at the 4th and 5th packet. ◦ The 5th packet acknowledges the 4th packet

(containing an HTTP request). ◦ RTT = 0.041339 – 0.020595

= 0.020744 s or 20.744 ms

6

Throughput, B ◦ Widely use in testing available bandwidth. ◦ B=(# of bits downloaded)/Time ◦ E.g. You use 10 second to download a 100 Kbytes file. Throughput, B=(100K x 8)/10 B = 80 kbps (kilo bits per second)

7

Open trace0.pcap Enter display filter

“ip.src_host==158.132.255.20 and tcp.len>0” 48 packets should be displayed. B = ((47x1448 + 1234) x 8)

/(0.182926-0.044578)≈ 4.01 Mbps

8

Packets travel out of order during the transmission.

Identified by the TCP sequence number Quantified by “Packet Reordering Rate” ◦ # of reordering events/ # of packet sent

9

time time At Source At Destination

Open trace1.pcap and apply the same display filter as in Example 2.

Look at the packets between #26 and #34. ◦ #26: Seq: 269544467 + 1448 bytes data ◦ Next expected sequence number: 269545915, but ◦ #28: Seq: 269550259 + 1448 bytes data ◦ #30: Seq: 269545915 + 1448 bytes data ◦ #32: Seq: 269547363 + 1448 bytes data ◦ #34: Seq: 269548811 + 1448 bytes data

#28 is actually reordered, and arrives earlier than #30, #32, #34.

10

Packet Reordering Rate (Server>Client) ◦ Totally 3 reordering events are observed. (#28, #48,

#84) ◦ Reordering rate = 3/50 = 6% ◦ Ground truth: 10% reordering rate is set.

11

Packet loss can occur everywhere in the network. ◦ Congested/Saturated links. ◦ Faulty network devices.

Packet loss can appear at both server>client and client>server path.

Identified by the TCP sequence number, again. Packet loss rate ◦ # of packet lost/ # of packets transmitted.

12

Open trace2.pcap, and apply the same display filter as in Example 2.

Look at packet #22 and #24 ◦ #22: Seq: 177470572 + 1448 bytes data ◦ Expected next sequence number: 177472020 ◦ #24: Seq: 177473468 + 1448 bytes data ◦ One packet is missing in between #22 and #24, and

it is being retransmitted until #44.

13

Packet Loss Rate (Server>Client) ◦ 3 loss events (#24, #38, #72) ◦ # of packet sent by server = 48 + 3 (lost packets) ◦ Packet Loss Rate = 3/51 = 5.88% ◦ Ground Truth: 10%

14

You are going to produce your own trace. A faulty router is placed in front of a web

server. IP of the web server: 158.132.255.67 You can access the web server with four

different ports. (25001-25004) You can observe no or different problems by

using the four ports.

15

Start the Wireshark Enter the capture filter

“host 158.132.255.67 and tcp port 25001” Start the IE and use hotkey “Ctrl+Shift+p” to

enter the InPrivate mode, and download the following image. ◦ http://158.132.255.67:25001/ipv4map.png

Close the browser, then Stop the capture. Check the HTTP Respond. Make sure it is a

HTTP 200 OK, instead of HTTP 304.

16

http://158.132.255.36:25001/ipv4map.png�





HTTP 200 OK, instead of HTTP 304.

17

http://158.132.255.36:25002/ipv4map.png�





HTTP 200 OK, instead of HTTP 304. 18

http://158.132.255.36:25001/ipv4map.png�





HTTP 200 OK, instead of HTTP 304. 19

http://158.132.255.36:25004/ipv4map.png�

a) Find two more pairs of packets which can be used to estimate the RTT, and what are the estimated RTTs. (Given the initial cwnd of the server is 3 packets.)

b) From #6 to #51, the client sends TCP ACKs to acknowleage every recieved data packets. But from #52, the client sends an ACK for every two data packets. What is this mechanism called? What is the purpose of this machenism?

20

a) What is the throughput of this trace? b) After applying the filter, press

“Summary>Statistic”. In the “displayed” column, there is an “Avg. Mbit/sec” statisitc. Does this statistic match with your answer in (a)? If not, explain why?

All the events in this trace are reordering. How can you distinguish them from packet loss? Suggest two ways to distinguish them and explain.

21

a) Expand the TCP header of packet #25. There is an extra TCP option called “SACK”. What is the usage of this field? How does this field helps improve the performace?

b) Can you observe the machenism mentioned in Q1b? If not, explain why not. What is the benfit of this decision?

c) Compare the client’s TCP receive window size throughout the whole download to trace0.pcap. Describe the window size changes. How the changes impact on the TCP performance?

22

a) What are the RTT estimates of the four traces? b) What are the throughput estimate of the traces? c) Analyze the four traces. Match one of the

network problem for each trace, and explain your choice. Calculate packet loss/reordering rate if you choose packet loss/reordering as the answer.

◦ No problem. ◦ Server>Client packet loss. ◦ Client>Server packet loss. ◦ Packet Reordering.

23

comp416 lab 6 - hong kong polytechnic universitycomp416/lab6-tcp.pdf · 2013-11-11 · first two...

Documents