Department of Computer Science and Engineering

Kalyani Government Engineering College

M.Tech 1st Year 2nd Sem CSE

Sub: PGCSE-292 Computer Networking
Session-2020

Assignment-III – Understanding TCP using Wireshark

Objective-
The goal of this assignment is to make you familiar with the basics of the Transmission Control Protocol (TCP)

Introduction-
In this Lab you will use the traces given to you for analysis and study of TCP Protocol.

Assignment 3.1: TCP basics

First, you will analyze the provided Wireshark trace file tcp-ethereal-trace-1. This trace file is captured during
uploading a 150KB text file to a Web server through the HTTP POST method. Run Wireshark and open the above
trace file. Enter tcp (lowercase) into the filter input box and click APPLY.

You should now see the initial three-way handshake (packet numbers 1, 2, and 3) used to setup the TCP
connection before transmitting the HTTP data. Since the size of this POST request is larger than what can be fit
into a single TCP segment, the transfer is split across multiple segments. Wireshark, depending on its version,
might show this POST request (in the packet list pane) as the last transmitted packet of this HTTP request.
Therefore, to find out which packet contains the actual POST request (i.e. which packet is the start of HTTP data
transmission) you can use the Find Packet feature of Wireshark (choose Edit->Find Packet...), which is shown
in Figure 1.

Figure 1: The Find Packet feature in Wireshark

 Department of Computer Science and Engineering
Kalyani Government Engineering College

Next, answer the following questions (Q 1-12). If needed, print out the packet(s) and annotate it to explain your
answer. To print out packet information you can use File->Print, choose Selected packet only, choose Packet
summary line, and select the minimum amount of packet details that you need to answer the questions. Hand in
such printouts along with your answers.

Note 1: In answering the following questions, you may find it convenient to add some of TCP segment fields, such
as Sequence Number and Acknowledgment Number, as columns to the Packet List Pane. To do so, simply right-
click on the desired field in the Packet Details Pane and choose "Apply as column" from the pop-up menu that
appears.
Note 2: Wireshark shows the sequence and acknowledgment numbers relative to the initial numbers exchanged
during the TCP handshaking. Therefore, in answering questions 4, 5, and 6, look for the actual (and not the
relative) numbers!

Task A: Answer questions:

1. What are the first and last packets for the POST request?
2. What is the IP address and the TCP port used by the client computer (source) that is transferring the file
to gaia.cs.umass.edu?
3. What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP
segments for this connection?
4. What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection
between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment
as a SYN segment?
5. What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer
in reply to the SYN? What is the value of the ACKnowledgement field in the SYNACK segment? How
did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a
SYNACK segment?
6. What is the sequence number of the TCP segment containing the HTTP POST command?
7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What
are the sequence numbers of the first six segments in the TCP connection (including the segment
containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment
received? Given the difference between when each TCP segment was sent, and when its acknowledgement
was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value (see
page 277 in text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to
the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page
277 for all subsequent segments.

Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent.
Select a TCP segment in the Packet List Pane that is being sent from the client to the gaia.cs.umass.edu
server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph.

8. What is the length of each of the first six TCP segments?

9. What is the minimum amount of available buffer space advertised at the receiver for the entire trace?
Does the lack of receiver buffer space ever throttle the sender?
10. Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to
answer this question?
 Department of Computer Science and Engineering
Kalyani Government Engineering College

11. How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the
receiver is ACKing every other received segment (see Table 3.2 on page 285 in the text).
12. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you
calculated this value.

Assignment 3.1: TCP Congestion Control

In real scenario there are many TCP versions have been proposed, and a wide range of these are being used on
various systems. For example, Linux machines are today typically using CUBIC TCP, and some Microsoft
machines are using an extension to Reno called compound TCP that use a combination of losses and delay
measurements to adjust the congestion window. In addition, companies such as Google are advocating for a large
initial window and implementing their own transport layer solutions. Other TCP versions are designed specifically
for data centers, wireless environments, and for long-haul links in research networks. One method to understand
how different TCP versions (implemented on different machines and OS) operate is to collect packet traces under
different traffic conditions (degrees of congestion) and see how the protocols behave.

In this part of the assignment you will learn about how time-sequence graphs can be used for this task.

Wireshark's Time-Sequence Graph: Let’s now examine the amount of data sent per unit time from the client
to the server. Rather than (tediously) calculating this from the raw data in the Wireshark window, we’ll use one
of Wireshark’s TCP graphing utilities—Time-Sequence-Graph(Stevens) —to plot out data. Select a TCP segment
in the Wireshark’s Packet List Pane. Then select the menu: Statistics->TCP Stream Graph-> Time-Sequence-
Graph(Stevens). You should see a plot that looks similar to the plot in Figure 2.

Note: You will not get the graph as shown in Figure 2 if you click on the wrong packet, e.g. if you click on an
acknowledgment packet instead of a TCP segment containing data!

Figure 2a: TCP sequence number plot using one Figure 2a: TCP sequence number plot using one
(old) sample trace. (recent) sample trace.

Here, each dot represents a TCP segment sent, plotting the sequence number of the segment versus the time at
which it was sent. Note that a set of dots stacked above each other represents a series of packets that were sent
 Department of Computer Science and Engineering
Kalyani Government Engineering College

back-to-back by the sender. Left-clicking on each of the dots in the graph, selects (i.e. moves the highlight over)
the corresponding segment in the Packet List Pane.

Along with the graph window, Wireshark shows also the graph control window. (See Figure 3.) By clicking on
the Help button in this window you can find out the keyboard shortcuts for zooming, navigating, etc.

Use Ctrl + "+" to zoom in and Ctrl + "-" to zoom out.

Figure 3: Wireshark's graph control window

Task B: Now answer and discuss the following three questions:

13. Use the Time-Sequence-Graph (Stevens) plotting tool to view the sequence number versus time plot of
segments being sent from the client to the server (Figure 2a and Figure 2b). For each of the two traces,
can you identify where TCP's slow start phase begins and ends, and where congestion avoidance takes
over? If you can, explain how. If not, explain why not. To better identify these phases, you may need to
find the number of unacknowledged packets (or bytes) at different times and plot the unacknowledged
packets (y-axis) as a function of time (x-axis). Note that the number of unacknowledged packets at
different times can be found by comparing the number of packets that have been sent with the number of
packets that have been acknowledged. After plotting the number of unacknowledged packets versus time,
comment on ways in which the measured data differs from the idealized behavior of TCP that we've
studied in the text.
14. Explain the relationship between (i) the congestion window, (ii) the receiver advertised window, (iii) the
number of unacknowledged bytes, and (iv) the effective window at the sender.
15. Is it generally possible to find the congestion window size (i.e. cwnd) and how it changes with time, from
the captured trace files? If so, please explain how. If not, please explain when and when not. Motivate
your answer and give examples. Your answer may also benefit from trying to describe and discuss your
answer in the context of the two prior questions, for example.

*************
Last Date of Submission: 27th March, 2020
Answer only those questions which you understand and you have done by yourself.