This assignment is due Tuesday, 20 November.
This homework is an extension of Homework 2. In Homework 2, you filled in the TCP headers for a few packets. In this homework, you'll fill in the Ethernet, TCP, and UDP headers.
The section of the assignment will show the output of several network utilities run on burnsville.cs.unca.edu and tryon.cs.unca.edu. Because burnsville runs Linux and tryon runs Compaq Tru64 Unix, you'll notice some minor differences between the output of programs run on this two computers.
Our first data is several TCP packets captured at tryon. These packets are part of a TCP session between a client and server following the protocol used in Homework 3.
The leftmost column shows the time, in microseconds, at which the packet was received at tryon. The middle column shows the packet as interpreted by traceroute. The rightmost column shows the TCP data transmitted with the packet.
Some minor editing has been done to simply this output. In particular, all packets except for the first and last five have been removed, all TCP options have been removed, and the TCP data was largely fabricated. Hopefully, this editing is consistent with the data.
| 14:46:17.579009 | burnsville.cs.unca.edu.32793 > tryon.cs.unca.edu.3630: S 512625434:512625434(0) win 5840 (DF) (ttl 63, id 51964) | |
| 14:46:17.579987 | tryon.cs.unca.edu.3630 > burnsville.cs.unca.edu.32793: S 534126835:534126835(0) ack 512625435 win 33580 (ttl 60, id 6423) | |
| 14:46:17.580965 | burnsville.cs.unca.edu.32793 > tryon.cs.unca.edu.3630: . ack 1 win 5840 (DF) (ttl 63, id 51965) | |
| 14:46:17.603449 | tryon.cs.unca.edu.3630 > burnsville.cs.unca.edu.32793: P 1:3(2) ack 1 win 33580 (ttl 60, id 6427) | Na |
| 14:46:17.603449 | burnsville.cs.unca.edu.32793 > tryon.cs.unca.edu.3630: . ack 2 win 5840 (DF) (ttl 63, id 51966) | |
| 14:46:26.692081 | burnsville.cs.unca.edu.32793 > tryon.cs.unca.edu.3630: P 23:30(7) ack 24 win 5840 (DF) (ttl 63, id 51977) | 363363\n\r |
| 14:46:26.693056 | tryon.cs.unca.edu.3630 > burnsville.cs.unca.edu.32793: P 24:30(6) ack 30 win 33580 (ttl 60, id 6440) | good\n\r |
| 14:46:26.693056 | tryon.cs.unca.edu.3630 > burnsville.cs.unca.edu.32793: F 30:30(0) ack 30 win 33580 (ttl 60, id 6441) | |
| 14:46:26.695983 | burnsville.cs.unca.edu.32793 > tryon.cs.unca.edu.3630: F 30:30(0) ack 31 win 5840 (DF) (ttl 63, id 51978) | |
| 14:46:26.696959 | tryon.cs.unca.edu.3630 > burnsville.cs.unca.edu.32793: . ack 31 win 33580 (ttl 60, id 6442) |
The following lines show the output of the ifconfig -a command run on tryon.
ln0: flags=c63<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,SIMPLEX>
inet 152.18.19.6 netmask fffff000 broadcast 152.18.31.255 ipmtu 1500
lo0: flags=100c89<UP,LOOPBACK,NOARP,MULTICAST,SIMPLEX,NOCHECKSUM>
inet 127.0.0.1 netmask ff000000 ipmtu 4096
sl0: flags=10>POINTOPOINT<
Also, from tryon, here is the output of netstat -i -I ln0.
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll ln0 1500 <Link> 08:00:2b:39:ca:c7 22557196 0 935778 0 37461 ln0 1500 DLI none 22557196 0 935778 0 37461 ln0 1500 152.18.16 tryon 22557196 0 935778 0 37461
This is the output of ifconfig on burnsville.
eth0 Link encap:Ethernet HWaddr 00:B0:D0:2A:3D:8D
inet addr:152.18.35.35 Bcast:152.18.47.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:341456 errors:0 dropped:0 overruns:1 frame:0
TX packets:682114 errors:0 dropped:0 overruns:0 carrier:0
collisions:98681 txqueuelen:100
Interrupt:5 Base address:0xec80
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:142 errors:0 dropped:0 overruns:0 frame:0
TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Here is the output of arp run on tryon.
dhcp1-23-199.facstaff.unca.edu (152.18.23.199) at 00-50-da-71-93-53 dhcp2-28-95.facstaff.unca.edu (152.18.28.95) at 00-01-02-25-6a-4f stale woodfin.cs.unca.edu (152.18.19.7) at 08-00-2b-e5-0b-07 dhcp1-23-27.facstaff.unca.edu (152.18.23.27) at 00-b0-d0-f7-ae-c1 dhcp2-29-192.facstaff.unca.edu (152.18.29.192) at 00-04-76-3a-d6-03 dhcp2-28-60.facstaff.unca.edu (152.18.28.60) at 00-50-da-b5-6b-06 rbhlp-1m.net.unca.edu (152.18.31.254) at 00-80-3e-93-c6-e5 bulldog.unca.edu (152.18.16.9) at 00-06-2b-01-45-f9
And here is the output burnsville.
rbhlp-1m.net.unca.edu (152.18.47.254) at 00:80:3E:93:C6:E6 [ether] on eth0 tuxedo.cs.unca.edu (152.18.35.96) at 00:B0:D0:2A:28:FB [ether] on eth0 fruitland.cs.unca.edu (152.18.35.103) at 00:B0:D0:2A:28:F9 [ether] on eth0 waynesville.cs.unca.edu (152.18.35.101) at 00:B0:D0:2A:28:F4 [ether] on eth0 woodfin.cs.unca.edu (152.18.35.7) at 00:00:F8:01:81:B5 [ether] on eth0 luck.cs.unca.edu (152.18.35.105) at 00:B0:D0:2A:28:F0 [ether] on eth0 joe.cs.unca.edu (152.18.35.104) at 00:B0:D0:2A:29:14 [ether] on eth0
This is tryon running netstat -nr.
Routing tables Destination Gateway Flags Refs Use Interface Route Tree for Protocol Family 2: default 152.18.31.254 UGS 0 227 ln0 127.0.0.1 127.0.0.1 UHL 1 35 lo0 152.18.16/20 152.18.19.6 U 4 837 ln0 152.18.19.6 152.18.19.6 UHL 0 128 ln0
This is burnsville running netstat -nr.
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 152.18.32.0 0.0.0.0 255.255.240.0 U 40 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 152.18.47.254 0.0.0.0 UG 40 0 0 eth0
Please answer the following questions.
From the above output, how do we know that tryon and burnsville are not on the same IP network?
What gateway or gateways is involved in the transfer of IP packets between tryon and burnsville?
Make a drawing showing tryon, burnsville, and any interconnecting gateways. Label the interfaces shown in your drawing with both IP and Ethernet numbers.
Here is a picture of the TCP header as show in RFC 793, the TCP protocol specification.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TCP Header Format
And here is the IP header as show in RFC 791, the Internet protocol specification.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Ver= 4 |IHL= 5 |Type of Service| Total Length = 21 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification = 111 |Flg=0| Fragment Offset = 0 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time = 123 | Protocol = 1 | header checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| destination address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+
Example Internet Datagram
Download the CSCI 363 Homework 7 form. The form will contain five packets taken from the above list of ten. Fill in the ten TCP, IP, and Ethernet headers for those packets and turn in the completed form. Include the real sequence and acknowledgment numbers in your TCP headers.
You don't have to fill in the various checksum fields, but pretty much everything else should be complete. This even includes the TCP data fields.