ICS 451 Assignment 7: TCP Connections

Assigned March 3rd, to be completed by March 10th.

Turn in this exercise by e-mailing to jmoroney@hawaii.edu your answers to the questions below.

You may do this assignment in groups of up to three.

This assignment asks you to study TCP connection management.

  1. TCP connection to a web server

    2. Start wireshark, using appropriate filters for the task below.

    After starting wireshark, visit a web page with your browser.

    Inspect the TCP header sent by your browser in the SYN packet.

    Inspect the TCP header sent by your browser in later packets.

    Find the FIN packets exchanged by client and server.

    1. What is the time delay between sending the SYN and sending the first ACK? (the last packet of the 3-way handshake). This is your connection delay to this server.
    2. Which side closed the connection first, the client or the server? Explain why you believe so, and provide any necessary evidence (e.g. a screenshot).
    3. What TCP options were sent by your browser with the TCP SYN packet? List each option in the header and the overall header size.
    4. What TCP options were sent by your browser with the first TCP data packet? List each option in the header and the overall header size.

  2. Closing Connections

    3. Write a client that sends an HTTP request -- you may base your code on the assignment 2 of anyone in the class.

    Modify your code to close the connection immediately after sending the request header.

    1. Now which side closed the connection first, the client or the server? Explain why you believe so, and provide any necessary evidence (e.g. a screenshot).
    2. Send your code to the TA, named closefast.c

  3. Operating System Closing Connections

    4. Modify your code from the previous part so your client sleeps for a long time after sending the request.

    While your client is sleeping, stop it with ^C (control-C) from the terminal, or with the kill command (run ps first to find the process ID).

    1. Describe how the connection was closed, as seen by wireshark.
    2. Send your code to the TA, named closesleep.c

  4. Resetting Connections

    5. Figure out what you can do to observe a reset connection in wireshark. Do it, then

    1. Describe how you got a connection reset. Include the absolute sequence numbers and ack numbers of the last packet sent in each direction.

    Note that wireshark gives you relative sequence and ack numbers. To obtain the absolute sequence (ack) number, highlight the sequence (ack) number field in the middle wireshark window, and copy the corresponding four bytes (in hex).

    Also note that the middle window in wireshark will not show an ACK field for the SYN packet. The ack value is the 4 bytes following the 4 bytes of the sequence number.

Options

In wireshark, capture a TCP exchange that sends many bytes (several megabytes or more). Stop the capture, and under the Statistics menu, select "TCP Stream Graph", and "Time-Sequence Graph (tcptrace)".

You should see two lines. The lower line represents the sequence numbers sent by the data sender, while the upper line represents the ack numbers sent back by the receiver.

You can zoom in to the graph by clicking and dragging the left mouse button around the area of interest. You can zoom out with "-".

I encourage you to explore the other available tools as well.



Computer Networks, ICS 451
Instructor: Edo Biagioni