wireshark抓包实验之TCP陕师大.docx
《wireshark抓包实验之TCP陕师大.docx》由会员分享,可在线阅读,更多相关《wireshark抓包实验之TCP陕师大.docx(12页珍藏版)》请在冰豆网上搜索。
wireshark抓包实验之TCP陕师大
实验六WiresharkLab:
TCP
一、实验目的
1.通过wireshark抓包理解应用层TCP协议。
二、实验器材
1.PC机电脑一台。
2.Wireshark软件。
三、实验内容
1.依照WiresharkLab提供的实验步骤完成实验。
2.回答实验中的问题。
四、实验操作实践与步骤
2.Afirstlookatthecapturedtrace
1.WhatistheIPaddressandTCPportnumberusedbytheclientcomputer(source)thatistransferringthefiletogaia.cs.umass.edu?
Toanswerthisquestion,it’sprobablyeasiesttoselectanHTTPmessageandexplorethedetailsoftheTCPpacketusedtocarrythisHTTPmessage,usingthe“detailsoftheselectedpacketheaderwindow”
2.WhatistheIPaddressofgaia.cs.umass.edu?
OnwhatportnumberisitsendingandreceivingTCPsegmentsforthisconnection?
Ifyouhavebeenabletocreateyourowntrace,answerthefollowingquestion:
3.WhatistheIPaddressandTCPportnumberusedbyyourclientcomputer(source)totransferthefiletogaia.cs.umass.edu?
3.TCPBasics
4.
(1)WhatisthesequencenumberoftheTCPSYNsegmentthatisusedtoinitiatetheTCPconnectionbetweentheclientcomputerandgaia.cs.umass.edu?
(2)WhatisitinthesegmentthatidentifiesthesegmentasaSYNsegment?
(1)SYNsequencenumber=0
(2)WhatisintheredregionofthefigureaboveidentifiesthesegmentasaSYNsegment.
5.
(1)WhatisthesequencenumberoftheSYNACKsegmentsentbygaia.cs.umass.edutotheclientcomputerinreplytotheSYN?
(2)WhatisthevalueoftheACKnowledgementfieldintheSYNACKsegment?
Howdidgaia.cs.umass.edudeterminethatvalue?
WhatisitinthesegmentthatidentifiesthesegmentasaSYNACKsegment?
(1)SYNACKsequencenumber=0,ACKnowledgement=1
(2)ACKnowledgementvalue=initiatesequencenumberofthe
TCPSYNsegment+1
(3)WhatisintheredregionofthefigureaboveidentifiesthesegmentasaSYNsegment.
6.WhatisthesequencenumberoftheTCPsegmentcontainingtheHTTPPOSTcommand?
NotethatinordertofindthePOSTcommand,you’llneedtodigintothepacketcontentfieldatthebottomoftheWiresharkwindow,lookingforasegmentwitha“POST”withinitsDATAfield.
ThesequencenumberoftheTCPsegmentcontainingtheHTTPPOSTcommandis1.
7.ConsidertheTCPsegmentcontainingtheHTTPPOSTasthefirstsegmentintheTCPconnection.
(1)WhatarethesequencenumbersofthefirstsixsegmentsintheTCPconnection(includingthesegmentcontainingtheHTTPPOST)?
(2)Atwhattimewaseachsegmentsent?
WhenwastheACKforeachsegmentreceived?
(3)GiventhedifferencebetweenwheneachTCPsegmentwassent,andwhenitsacknowledgementwasreceived,whatistheRTTvalueforeachofthesixsegments?
(4)WhatistheEstimatedRTTvalue(seepage249intext)afterthereceiptofeachACK?
(5)AssumethatthevalueoftheEstimatedRTTisequaltothemeasuredRTTforthefirstsegment,andtheniscomputedusingtheEstimatedRTTequationonpage249forallsubsequentsegments.
Note:
WiresharkhasanicefeaturethatallowsyoutoplottheRTTfor
eachoftheTCPsegmentssent.SelectaTCPsegmentinthe“listingof
capturedpackets”windowthatisbeingsentfromtheclienttothe
gaia.cs.umass.eduserver.Thenselect:
Statistics->TCPStreamGraph-
>RoundTripTimeGraph
No.
Type
Seq.
ACKval.
4
Data
1
5
Data
566
6
ACK
566
7
Data
2026
8
Data
3486
9
ACK
2026
10
Data
4946
11
Data
6406
12
ACK
3468
14
ACK
4946
15
ACK
6406
16
ACK
7866
(1)ThefirstsixsegmentsaretheNo.4,5,7,8,10,and11segments.(circledinred)
Thesequencenumbersofthemrespectivelyare1,566,2026,3486,4946,6406,7866.
(2)Theywererespectivelysentatthetimecircledintthefigurebellow.
(3)ACKreceivedtimearegiveninthefigurebellow:
(4)RTTvalueforeachofthesixsegments
Senttime
ACKreceivedtime
RTTvalue
Segment1
0.026477
0.053937
0.02746
Segment2
0.041737
0.077294
0.035557
Segment3
0.054026
0.124085
0.070059
Segment4
0.054690
0.169118
0.11443
Segment5
0.077405
0.217299
0.13989
Segment6
0.078157
0.267802
0.18964
(5)EstimatedRTT=0.875*EstimatedRTT+0.125*SampleRTT
EstimatedRTTafterthereceiptoftheACKofsegment1:
EstimatedRTT=RTTforSegment1=0.02746second
segment2:
EstimatedRTT=0.875*0.02746+0.125*0.035557=0.0285
segment3:
EstimatedRTT=0.875*0.0285+0.125*0.070059=0.0337
segment4:
EstimatedRTT=0.875*0.0337+0.125*0.11443=0.0438
segment5:
EstimatedRTT=0.875*0.0438+0.125*0.13989=0.0558
segment6:
EstimatedRTT=0.875*0.0558+0.125*0.18964=0.0725
Figure:
RoundTripTimeGraph
8.WhatisthelengthofeachofthefirstsixTCPsegments?
ThelengthofthefirstTCPsegments(containingtheHTTPPOST)is566bytes.ThelengthofeachoftheotherfiveTCPsegmentsis1460bytes.
9.Whatistheminimumamountofavailablebufferspaceadvertisedatthereceivedfortheentiretrace?
Doesthelackofreceiverbufferspaceeverthrottlethesender?
Theminimumamountofavailablebufferspaceatadvertisedatgaia.cs.umass.edufortheentiretraceis5840bytes,whichshowsinthefirstacknowledgement(No.2segment)fromtheserver.Thisreceiverwindowgrowssteadilyuntilamaximumreceiverbuffersizeof62780bytes.Thesenderisneverthrottledduetolackingofreceiverbufferspacebyinspectingthistrace.
Figure:
Minimumreceivewindow(packetNo.2)
10.Arethereanyretransmittedsegmentsinthetracefile?
Whatdidyoucheckfor(inthetrace)inordertoanswerthequestion?
Thereisnoretransmittedsegmentsinthetracefile.
Inordertoanswerthequestion,IcheckedforthesequencenumbersoftheTCPsegmentsinthetracefile.IntheTime-
Sequence-Graph(Stevens)ofthistrace,allsequencenumbersfrom192.168.1.102to128.119.245.12areincreasinglinearandmonotonically.Ifthereisaretransmittedsegment,theTime-
Sequence-Graph(Stevens)shouldbedifferentfromwhatwesee.
11.
(1)HowmuchdatadoesthereceivertypicallyacknowledgeinanACK?
(2)CanyouidentifycaseswherethereceiverisACKingeveryotherreceivedsegment(seeTable3.2onpage257inthetext).
ThereceivertypicallyacknowledgedsequencenumbersoftheACKsarelistedinthefollowingtable.
Segmentnumber
Acknowledgedsequencenumber
Acknowledgeddata
ACK1
6
566
566
ACK2
9
2026
1460
ACK3
12
3486
1460
ACK4
14
4946
1460
ACK5
15
6406
1460
ACK6
16
7866
1460
ACK7
17
9013
1147
ACK8
24
10473
1460
ACK9
25
11933
1460
ACK10
26
13393
1460
ACK11
27
14853
1460
ACK12
28
16313
1460
12.Whatisthethroughput(bytestransferredperunittime)fortheTCPconnection?
Explainhowyoucalculatedthisvalue.
TheTCPconnectionstartedtotransmitdataatsegment4,andendinsegment202.Wecanseefromthefigurebellow:
data1=1bytet1=0.026477
data2=164091bytest2=5.455830
totaldata=164091-1=164090bytes
ittakestime:
totaltime=5.455830-0.026477=5.429353seconds
SothethroughputfortheTCPconnectioniscalculatedas
164090/5.4294353=30.222KByte/sec
13.UsetheTime-Sequence-Graph(Stevens)plottingtooltoviewthesequencenumberversustimeplotofsegmentsbeingsentfromtheclienttothegaia.cs.umass.eduserver.CanyouidentifywhereTCP’sslowstartphasebeginsandends,andwherecongestionavoidancetakesover?
CommentonwaysinwhichthemeasureddatadiffersfromtheidealizedbehaviorofTCPthatwe’vestudiedinthetext.
Wecanseefromthefigureabove(Time-Sequence-Graph(Stevens))thattheTCPSlowStartbeginsatthestartoftheconnection.TheidentificationoftheTCPslowstartphaseandcongestionavoidancephasedependsonthevalueofthecongestionwindowsizeofthisTCPsender.SoonceweknowthecongestionwindowsizeofthisTCPsender,wecantelleasilywhereTCP’sslowendsandwherecongestionavoidancetakesover.
Whenansweringthepreviousquestion,wecanknowthattheTCPwindowsizeislargerthan8192Bytes.Butthereisnodatasentmorethan8192Bytes.Itindicatesbeforetheendofthestartphase,theapplicationalreadystopstransmitting.Thatistosay,theTCP’sslowendsandcongestionavoidancehaven’ttakenplace.
五、实验结论
总的来说,这一次实验做的很痛苦,因为一开始问题回答不出来。
本以为TCP这一节的内容已经弄懂,但写实验报告的时候才知道学得并不扎实,连有些基本的概念都弄混淆了。
通过深入看课本理解,再结合实验的抓包进行分析,最后终于弄明白了TCP连接的三次握手和拥塞控制机制。
升级会员 