URL: http://www.ccs.neu.edu/home/rraj/Courses/1337/S03/Programs/pa2.html

COM 1337 / 3501 - Computer Networks                                                         May 15, 2003
Spring 2003

Lab Assignment 2: Analysis of a Packet Trace

Deadline:

Hard copy due Thursday, May 29, in class

In this assignment, you will be examining packets flowing across a network segment and can see the operation of various Internet protocols across the different OSI layers.  Extracting packet headers and all of the relevant fields from the headers can be a tedious task. Fortunately, there are a number of tools that network architects and administrators have developed to analyze packet headers and present it in a useful format.  Examples of these tools are netstat,  snoop}, and tcpdump.

For this assignment, you will use the  snoop command on your CCS Unix account.  Of course, the command snoop can only be used by network administrators since sniffing packets sent on the network is not something you want everybody to be able to do.  However, the snoop command is available to use with the -i option when a specific packet data trace, collected by snoop, is provided as input. Download the following file pa2.bin (it is in binary; on Explorer, use "Save link as" or "Save target as") and use it as the source file for the  snoop -i command.  You can find out the complete details of the snoop command using the "man snoop" command on any Unix machine.  Be sure to use the  -v or -V option (and any other options you find useful) to extract useful information from the binary file.  The -v option is fully verbose, listing all the details of each packet, and the -V option lies between the fully verbose and summary listing.  On occasion, it may be useful (and faster) to write a simple script or program to automatically extract some information from the data generated by the snoop program; since the trace file is not that large, however, this is not necessary to perform the analysis suggested below.

The trace may include protocols that we have not discussed in class.  Looking up in the textbook or searching on the web will yield a lot of information about any protocol you encounter in the trace.

Your task is to analyze the packet trace and write a report based on your analysis of what you find in the trace.  In your report, you need to answer the following questions.  In addition, add a minimum of 3 observations of your own that you find interesting in the trace.
 

  1. Packets: How many packets are in the trace?
  2. Protocols: What protocols (at each of the layers) are seen at least once in the trace?
  3. Addresses: What IP addresses and MAC layer (Ethernet/physical/hardware) addresses appear in the trace?
  4. Hosts:
    1. What host names appear in the trace?
    2. Identify the local host, i.e., the host that is taking the trace.
    3. Can you identify which hosts are on the local network?
    4. Which ones are remote (not on the local area network)?
    5. How far away are the remote hosts?
    6. What in the packets can you use to deduce this information?
  5. Retransmissions: List all the packets that are retransmitted, if any.
  6. TCP sessions:
    1. List all the different sessions that appear in the trace.
    2. Indicate when they begin (if they do in the trace), when they end (if they do), and how many packets are transmitted as part of the session.
    3. What application may be associated with each of the sessions?
    4. What are the ranges of sequence numbers in each TCP flow? What are the ranges of acknowledgment numbers in each TCP flow?
    5. Window sizes: What are window sizes of each TCP transmission?  Do the window sizes change with time?
    6. Congestion window: Is there any information that tells you the TCP congestion window for a particular flow?
  7. IP: Does IP fragmentation ever occur?
  8. Packet formats: Take 3 different packets, each different from the other in at least one protocol, and describe how the headers (corresponding to each protocol) are laid out.
You may work in pairs (that is, at most two students in a group) for this assignment.   Note that teamwork implies equal partnership.

Grading:

This assignment will be graded out of 40 points, and will account for 8% of the total grade.  The grading will be based on the quality of the report, the technical presentation, and the 3 observations you provide on your own.  You may earn an extra credit of up to 4 points by providing additional interesting observations about the trace.  The grade for both the students in a group of two will be identical.

What to submit:

The report you submit should be in a typed format (e.g., plain text, word document, etc.).  It does not matter what word processor you use since you will be turning in a hard copy only.   If you are providing any figures, hand-drawn figures are fine as long as they are neatly presented.  

Back to course home page