CS242 Computer Networks Handout # 14 Randy Shull October 26, 2017 Wellesley College Problem Set 7 Due: Start of Class, November 2 Reading: Kurose & Ross, Sections 3.6, 3.7, 3.8 Wireshark Lab [26] In these exercises, we ll investigate the IP protocol, focusing on the IP datagram. We ll do so by analyzing a trace of IP datagrams sent and received by an execution of the traceroute program. We ll investigate the various fields in the IP datagram, and study IP fragmentation in detail. In order to generate a trace of IP datagrams for this lab, we ll use the traceroute program to send datagrams of different sizes towards some destination, X. Recall that traceroute operates by first sending one or more datagrams with the time-to-live (TTL) field in the IP header set to 1; it then sends a series of one or more datagrams towards the same destination with a TTL value of 2; it then sends a series of datagrams towards the same destination with a TTL value of 3; and so on. A router must decrement the TTL in each received datagram by 1 (actually, RFC 791 says that the router must decrement the TTL by at least one). If the TTL reaches 0, the router returns an ICMP message (type 11 - TTL-exceeded) to the sending host. As a result of this behavior, a datagram with a TTL of 1 (sent by the host executing traceroute) will cause the router one hop away from the sender to send an ICMP TTL-exceeded message back to the sender; the datagram sent with a TTL of 2 will cause the router two hops away to send an ICMP message back to the sender; the datagram sent with a TTL of 3 will cause the router three hops away to send an ICMP message back to the sender; and so on. In this manner, the host executing traceroute can learn the identities of the routers between itself and destination X by looking at the source IP addresses in the datagrams containing the ICMP TTL-exceeded messages. We ll want to run traceroute and have it send datagrams of various lengths. With the Unix/MacOS traceroute command, the size of the UDP datagram sent towards the destination can be explicitly set by indicating the number of bytes in the datagram; this value is entered in the traceroute command line immediately after the name or address of the 1
destination. For example, to send traceroute datagrams of 2000 bytes towards gaia.cs.umass.edu, the command would be: traceroute gaia.cs.umass.edu 2000 Start up Wireshark and begin packet capture (Capture ->Start) and then press OK on the Wireshark Packet Capture Options screen (we ll not need to select any options here). Enter three traceroute commands, one with a length of 56 bytes and one with a length of 2000 bytes. Stop Wireshark tracing. Exercise 1 [7]: Traceroute UDP packets Start with the 56 byte trace. You should be able to see the UDP segment sent by your computer and the ICMP TTL-exceeded messages returned to your computer by the intermediate routers. Whenever possible, when answering a question below you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. When you hand in your assignment, annotate the output so that it s clear where in the output you re getting the information for your answer (you may markup paper copies with a pen, or annotate electronic copies with text in a colored font). Follow the instructions in previous Wireshark labs to print your packets. Be sure to choose Selected packet only and select the minimum amount of packet detail that you need to answer the question. a [1]: IP addresses Select the first UDP message sent by traceroute and expand the Internet Protocol part of the packet in the packet details window. What is the IP address of your computer? b [2]: Upper layer protocol Within the IP packet header, what is the value in the upper layer protocol field? c [2]: IP header size How many bytes are in the IP header? How many bytes are in the payload of the IP datagram? Explain how you determined the number of payload bytes. d [2]: Fragmentation Has this IP datagram been fragmented? Explain how you determined whether or not the datagram has been fragmented. Exercise 2 [6]: IP datagram fields Sort the traced packets according to IP source address by clicking on the Source column header; a small upward pointing arrow should appear next to the word Source. If the arrow points 2
down, click on the Source column header again. Select the first ICMP Echo Request message sent by your computer, and expand the Internet Protocol portion in the details of selected packet header window. In the listing of captured packets window, you should see all of the subsequent ICMP messages (perhaps with additional interspersed packets sent by other protocols running on your computer) below this first ICMP. Use the down arrow to move through the ICMP messages sent by your computer. a [2]: Changing fields Which fields in the IP datagram always change from one datagram to the next within this series of ICMP messages sent by your computer? b [2]: Constant fields Which fields stay constant? Which of the fields must stay constant? Which fields must change? Why? c [2]: Identification field Describe the pattern you see in the values in the Identification field of the IP datagram Exercise 3 [5]: TTL-exceeded With the packets still sorted by source address find the series of ICMP TTL- exceeded replies sent to your computer by the nearest (first hop) router. a [2]: Identication field What is the value in the Identification field and the TTL field? What is the value in the Identification field and the TTL field? What is the upper level protocol and number of this packet? b [3]: TTL-exceeded replies Do these values remain unchanged for all of the ICMP TTL-exceeded replies sent to your computer by the nearest (first hop) router? What about other routers? Speculate on what s going on here. Exercise 4 [8]: Fragmentation Execute traceroute, with the Packet Size equal to 2000. By default the the packet listing should be sorted by increasing time. If not, click on the Time column and make sure the arrow is pointing up. Find the first traceroute UDP message that was sent by your computer after you increased the size to 2000. a [2] Has that message been fragmented across more than one IP datagram? (If your computer has an Ethernet interface, a packet size of 2000 should cause fragmentation.) 3
b [2] Print out the first fragment of the fragmented IP datagram. What information in the IP header indicates that the datagram been fragmented? What information in the IP header indicates whether this is the first fragment versus a latter fragment? How long is this IP datagram? c [2] Print out the second fragment of the fragmented IP datagram. What information in the IP header indicates that this is not the first datagram fragment? Are the more fragments? How can you tell? d [2] What fields change in the IP header between the first and second fragment? 4
Problems Problem 1 [9]: TCP Reno Consider the plot shown in Figure 3.58 of the text showing TCP window size as a function of time. Assuming TCP Reno is the protocol experiencing the behavior shown above, answer the following questions. In all cases, you should provide a short discussion justifying your answer. a [1] Identify the intervals of time when TCP slow start is operating. b [1] Identify the intervals of time when TCP congestion avoidance is operating. c [1] After the 16th transmission round, is segment loss detected by a triple duplicate ACK or by a timeout? d [1] After the 22nd transmission round is segment loss detected by a triple duplicate ACK or by a timeout? e [1] What is the initial value of Threshold at the first transmission round? f [1] What is the value of Threshold at the 18th transmission round? g [1] What is the value of Threshold at the 24th transmission round? h [1] During what transmission round is the 70th segment sent? i [1] Assuming a packet loss is detected after the 26th round by the receipt of a triple duplicate ACK, what will be the values of the congestion-window size and of Threshold? Problem 2 [4]: TCP additive increase/mult-decrease algorithm Refer to Figure 3.56, which illustrates the convergence of TCPs additive increase, multiplicative-decrease algorithm. Suppose that instead of a multiplicative decrease, TCP decreased the window size by a constant amount. Would the resulting additive-increase, additive-decrease converge to an equal share algorithm? Justify your answer using a diagram similar to Figure 3.56. 5
Figure 3.56. Throughput realized by TCP connections 1 and 2. Problem 3 [6]: Slow-start delays In this problem, we consider the delay introduced by the TCP slow-start phase. Consider a client and a Web server directly connected by one link of rate R. Suppose the client wants to retrieve an object whose size is exactly equal to 15 S, where S is the maximum segment size (MSS). Denote the round-trip time between client and server as RTT (assumed here, rather naively, to be a constant). Ignoring protocol headers, determine the time to retrieve the object (including TCP connection establishment) when a [2] 4S/R > S/R + RT T > 2S/R. b [2] S/R + RT T > 4S/R. c [2] S/R > RT T. Problem 4 [8]: Extra Credit General form of TCP latency: Generalize the arguments given in the previous problem to show that the TCP latency during slow start is given by expression: Latency = 2RT T + O K 1 R + k=1 [ S R + RT T S ] + 2k 1 R 6
where O is the size of the object in bytes, S is the segment size, R the transmission rate and K is equal to the number of congestion windows that cover the object. Problem 5 [8]: More Extra Credit Closed form of TCP latency: It is possible to given a closed form for the TCP latency under slow start. We do this in two steps. a [4]: Very large files Derive the formula ( Q = log 2 1 + RT T ) + 1 S/R giving the number of times the server would stall if the object contained an infinite number of segments. b [4]: Closed Form for Latency Use the identity P 2 k 1 = 2 P 1 k=1 and the previous problem to derive the formula Latency = 2RT T + O [ R + P RT T + S ] (2 P 1) S R R where P = min{q, K 1} is the actual number of stalls. Problem 6 [6]: More spoofing One question not addressed in class was the degree of end-point authentication provided by either UDP or TCP. a [2]: UDP Consider a server that receives a request within a UDP packet and responds to that request within a UDP packet. If a client with IP address X spoofs its address with address Y in the source field of the IP packet that encapsulates the UDP packet, where will the server send its response? b [4]: TCP Suppose a server receives a SYN with IP source address Y, and after responding with a SYNACK, receives an ACK with IP source address Y with the correct acknowledgment number. Assuming the server chooses a random initial sequence number and there is no woman-in-themiddle, can the server be certain that the client is indeed at Y (and not at some other address X that is spoofing Y)? 7