Monday, January 22, 2018

WireShark Lab HTTP

1. The Basic HTTP GET/response interaction

Let’s begin our exploration of HTTP by downloading a very simple HTML file - one that is very short, and contains no embedded objects. Do the following:

1.      Start up your web browser.
2.      Start up the Wireshark packet sniffer, as described in the Introductory lab (but don’t yet begin packet capture). Enter “http” (just the letters, not the quotation marks) in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet-listing window. (We’re only interested in the HTTP protocol here, and don’t want to see the clutter of all captured packets).
3.      Wait a bit more than one minute (we’ll see why shortly), and then begin Wireshark packet capture.
4.      Enter the following to your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file1.html Your browser should display the very simple, one-line HTML file.

5.      Stop Wireshark packet capture.





Your Wireshark window should look similar to the window shown in Figure 1. If you are unable to run Wireshark on a live network connection, you can download a packet trace that was created when the steps above were followed.2




1.      Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running?
Jawab : Browser saya versi http adalah 1.1 , server juga versi http 1.1
2.      What languages (if any) does your browser indicate that it can accept to the server?
Jawab : language = en-us , en

3.      What is the IP address of your computer? Of the gaia.cs.umass.edu server?
Jawab :
Ip saya : 192.168.1.7
IP gaia.cs.umass.edu server : 128.119.245.12
4.      What is the status code returned from the server to your browser?
Jawab : Http /1.1 200 OK (text/html)

5.      When was the HTML file that you are retrieving last modified at the server?
Jawab : Last modified = sun, 21 jan 2018 06:59:01 GMT


6.      How many bytes of content are being returned to your browser?
Jawab : content-length = 128


7.      By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one.
Jawab : Tidak semua header bisa ditemukan dalam data raw


2. The HTTP CONDITIONAL GET/response interaction

Recall from Section 2.2.6 of the text, that most web browsers perform object caching and thus perform a conditional GET when retrieving an HTTP object. Before performing the steps below, make sure your browser’s cache is empty. (To do this under Firefox, select Tools->Clear Recent History and check the Cache box, or for Internet Explorer, select Tools->Internet Options->Delete File; these actions will remove cached files from your browser’s cache.) Now do the following:

       Start up your web browser, and make sure your browser’s cache is cleared, as discussed above.

       Start up the Wireshark packet sniffer
       Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file2.html Your browser should display a very simple five-line HTML file.


       Quickly enter the same URL into your browser again (or simply select the refresh button on your browser)

       Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet-listing window.

       (Note: If you are unable to run Wireshark on a live network connection, you can use the http-ethereal-trace-2 packet trace to answer the questions below; see footnote 1. This trace file was gathered while performing the steps above on one of the author’s computers.)



Answer the following questions:

8.      Inspect the contents of the first HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
Jawab : Tidak
9.      Inspect the contents of the server response. Did the server explicitly return the contents of the file? How can you tell?
Jawab : Ya karena kita bisa melihat isinya di field Line-based text data

10.  Now inspect the contents of the second HTTP GET request from your browser to the server. Do you see an “IF-MODIFIED-SINCE:” line in the HTTP GET? If so, what information follows the “IF-MODIFIED-SINCE:” header?
Jawab : Ya , informasinya adalah sun, 21 jan 2018 06:59:01 GMT yang merupakan tanggal modifikasi terakhir file dari GET request sebelumnya


11.  What is the HTTP status code and phrase returned from the server in response to this second HTTP GET? Did the server explicitly return the contents of the file? Explain.
Jawab : status code = 304 dan phrase = Not Modified. Server tidak mengembalikan isi file karena browser memuatnya dari cache-nya



3. Retrieving Long Documents

In our examples thus far, the documents retrieved have been simple and short HTML files. Let’s next see what happens when we download a long HTML file. Do the following:

       Start up your web browser, and make sure your browser’s cache is cleared, as discussed above.

       Start up the Wireshark packet sniffer

       Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file3.html Your browser should display the rather lengthy US Bill of Rights.

       Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed.

       (Note: If you are unable to run Wireshark on a live network connection, you can use the http-ethereal-trace-3 packet trace to answer the questions below; see footnote 1. This trace file was gathered while performing the steps above on one of the author’s computers.)

Answer the following questions:

12.  How many HTTP GET request messages did your browser send? Which packet number in the trace contains the GET message for the Bill or Rights?
Jawab : ada 1 HTTP GET
13.  Which packet number in the trace contains the status code and phrase associated with the response to the HTTP GET request?
Jawab : di trace saya paket nomor 15
14.  What is the status code and phrase in the response?
Jawab : Status code 200 ,phrase OK
15.  How many data-containing TCP segments were needed to carry the single HTTP response and the text of the Bill of Rights?
Jawab : Ada 5 data TCP segment yaitu 1440 , 1440, 1440 dan 541 totalnya 4861

4.  HTML Documents with Embedded Objects

Now that we’ve seen how Wireshark displays the captured packet traffic for large HTML files, we can look at what happens when your browser downloads a file with embedded objects, i.e., a file that includes other objects (in the example below, image files) that are stored on another server(s).

Do the following:

       Start up your web browser, and make sure your browser’s cache is cleared, as discussed above.

       Start up the Wireshark packet sniffer
       Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/HTTP-wireshark-file4.html

Your browser should display a short HTML file with two images. These two images are referenced in the base HTML file. That is, the images themselves are not contained in the HTML; instead the URLs for the images are contained in the downloaded HTML file. As discussed in the textbook, your browser will have to retrieve these logos from the indicated web sites. Our publisher’s logo is retrieved from the www.aw-bc.com web site. The image of the cover for our 5th edition (one of our favorite covers) is stored at the manic.cs.umass.edu server.

       Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed.


Answer the following questions:

16.  How many HTTP GET request messages did your browser send? To which Internet addresses were these GET requests sent?
Jawab : ada 4 , alamat ip yang menjadi Get request adalah 128.119.245.12 ada 2 dan 128.119.245.90 ada 2
17.  Can you tell whether your browser downloaded the two images serially, or whether they were downloaded from the two web sites in parallel? Explain.
Jawab : Dengan memeriksa port TCP kita dapat melihat apakah file kita diunduh secara serial atau paralel. Dalam kasus ini, 2 gambar dikirimkan melalui 2 koneksi TCP sehingga mereka diunduh secara serial.

5 HTTP Authentication

Finally, let’s try visiting a web site that is password-protected and examine the sequence of HTTP message exchanged for such a site. The URL http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html is password protected. The username is “wireshark-students” (without the quotes), and the password is “network” (again, without the quotes). So let’s access this “secure” password-protected site. Do the following:

       Make sure your browser’s cache is cleared, as discussed above, and close down your browser. Then, start up your browser

       Start up the Wireshark packet sniffer
       Enter the following URL into your browser http://gaia.cs.umass.edu/wireshark-labs/protected_pages/HTTP-wireshark-file5.html
Type the requested user name and password into the pop up box.
       Stop Wireshark packet capture, and enter “http” in the display-filter-specification window, so that only captured HTTP messages will be displayed later in the packet-listing window.

       (Note: If you are unable to run Wireshark on a live network connection, you can use the http-ethereal-trace-5 packet trace to answer the questions below; see footnote 2. This trace file was gathered while performing the steps above on one of the author’s computers.)

Answer the following questions:

18.  What is the server’s response (status code and phrase) in response to the initial HTTP GET message from your browser?
Jawab : status code 401, phrase = Unauthorized
19.  When your browser’s sends the HTTP GET message for the second time, what new field is included in the HTTP GET message?
Jawab : field baru di pesan HTTP GET yang kedua adalah
Authorization: Basic d2lyZXNoYXJrLXN0dWRlbnRzOm5ldHdvcms=\r\n

Download Laporan WireShark Lab HTTP 

Tuesday, January 16, 2018

Praktikum WireShark Lab:UDP




WireShark Lab UDP

1.      Select one UDP packet from your trace. From this packet, determine how many fields there are in the UDP header. (You shouldn’t look in the textbook! Answer these questions directly from what you observe in the packet trace.) Name these fields.
Jawab :

Ada 4 kolom : source port , destination port, length dan checksum

2.      By consulting the displayed information in Wireshark’s packet content field for this packet, determine the length (in bytes) of each of the UDP header fields.
Jawab :

Header UDP memiliki panjang 8 byte. Masing-masing dari 4 kolom header ini berukuran 2 byte

3.      The value in the Length field is the length of what? (You can consult the text for this answer). Verify your claim with your captured UDP packet.
Jawab :


Panjang filed menentukan jumlah byte di segmen UDP (header plus data). Nilai panjang eksplisit diperlukan karena ukuran field data mungkin berbeda dari satu segmen UDP ke yang berikutnya.
Panjang muatan UDP untuk paket yang dipilih adalah 43 bytes.51 bytes - 8 bytes = 43 bytes.
4.      What is the maximum number of bytes that can be included in a UDP payload? (Hint: the answer to this question can be determined by your answer to 2. above)


Jumlah byte maksimum yang dapat disertakan dalam muatan UDP adalah (2 ^ 16 - 1) byte ditambah byte header.
(2^16-1) = ( 65536 – 1)  = 65535 bytes
65535 – panjang header UDP =  65535 bytes – 8 bytes = 65527 bytes

5.      What is the largest possible source port number? (Hint: see the hint in 4.)
Jawab : (2^16 – 1) = 65535.
6.      What is the protocol number for UDP? Give your answer in both hexadecimal and decimal notation. To answer this question, you’ll need to look into the Protocol field of the IP datagram containing this UDP segment (see Figure 4.13 in the text, and the discussion of IP header fields).
Jawab :
Protocol number UDP decimal adalah 17 , sedangkan hexadecimal adalah  0x11 hex
     




7.      Examine a pair of UDP packets in which your host sends the first UDP packet and the second UDP packet is a reply to this first UDP packet. (Hint: for a second packet to be sent in response to a first packet, the sender of the first packet should be the destination of the second packet). Describe the relationship between the port numbers in the two packets.
Jawab :
Source Port dari paket UDP yang dikirim oleh host sama dengan destination port dari paket reply, dan sebaliknya, destination port dari paket UDP yang dikirim oleh host sama dengan source port dari paket reply.





                                Paket Reply
                       
                               


















Saturday, January 13, 2018

Praktikum WireShark Lab:TCP


WireShark Lab:TCP

1.   Capturing a bulk TCP transfer from your computer to a remote server

         Start up your web browser. Go the http://gaia.cs.umass.edu/wireshark-labs/alice.txt and retrieve an ASCII copy of Alice in Wonderland. Store this file somewhere on your computer.
         Next go to http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html.
         You should see a screen that looks like:
         Use the Browse button in this form to enter the name of the file (full path name) on your computer containing Alice in Wonderland (or do so manually). Don’t yet press the “Upload alice.txt file” button.

         Now start up Wireshark and begin packet capture (Capture->Start) and then press OK on the Wireshark Packet Capture Options screen (we’ll not need to select any options here).

         Returning to your browser, press the “Upload alice.txt file” button to upload the file to the gaia.cs.umass.edu server. Once the file has been uploaded, a short congratulations message will be displayed in your browser window.

         Stop Wireshark packet capture. Your Wireshark window should look similar to the window shown below.




2.  A first look at the captured trace

Answer the following questions, by opening the Wireshark captured packet file tcp-ethereal-trace-1 in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip (that is download the trace and open that trace in Wireshark; see footnote 2). Whenever possible, when answering a question you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout3 to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question.


1.      What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu? To answer this question, it’s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header window” (refer to Figure 2 in the “Getting Started with Wireshark” Lab if you’re uncertain about the Wireshark windows.
Jawab:
Ip address [source] : 192.168.1.102
Port number [source] : 1161
2.      What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection?
Jawab:
Ip address [gaia.cs.ummass.edu] : 128.119.245.12
Port number [gaia.cs.ummass.edu] : 80

If you have been able to create your own trace, answer the following question:

3.      What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu?
Jawab:

Source Ip address : 192.168.1.6 and Port :50806



3. TCP Basics
4.      What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment?
Sequence number pada TCP SYN digunakan untuk memulai koneksi TCP antara client dengan gaia , nilai sequence numbernya adalah 0
Ciri” menandakan segment syn adalah flag syn set=1.


5.      What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment?
Jawab : Sequence number pada segment SYNACK dari gaia ke client dalam mereply SYN memiliki nilai 0 , Nilai field acknowledgment di segmen SYNACK adalah 1. Nilai field acknowledgment di segmen SYNACK ditentukan oleh gaia.cs.umass.edu dengan menambahkan 1 ke urutan awal segmen SYN dari komputer klien. Ciri” segment SYNACK adalah flag Acknowledgement set = 1.

6.      What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field.
Jawab :
Pada baris ke 4 , Sequence number http post adalah 1
Http post command

7.      Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the
TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value (see Section 3.5.3, page 239 in text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page 239 for all subsequent segments.

Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the “listing of captured packets” window that is being sent from the client to the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph.

      Jawab :
Nomor urut dari enam segmen pertama Segmen pertama adalah No. 4, 5, 7, 8, 10, dan 11. ACK segmen 1 - 6 adalah No. 6, 9, 12, 14, 15, dan 16.
Waktu masing-masing pengiriman dan penerimaan ACK

Segment
Sent time
Ack receive time
RTT
1
0.026477
0.053937
0.02746
2
0.041737
0.077294
0.035557
3
0.054026
0.124085
0.070059
4
0.054690
0.169118
0.11443
5
0.077405
0.217299
0.13989
6
0.078157
0.267802
0.18964

EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT

EstimatedRTT after the receipt of the ACK of segment 1:

EstimatedRTT = RTT for Segment 1 = 0.02746 second

EstimatedRTT after the receipt of the ACK of segment 2:

EstimatedRTT = 0.875 * 0.02746 + 0.125 * 0.035557 = 0.0285

EstimatedRTT after the receipt of the ACK of segment 3:

EstimatedRTT = 0.875 * 0.0285 + 0.125 * 0.070059 = 0.0337

EstimatedRTT after the receipt of the ACK of segment 4:

EstimatedRTT = 0.875 * 0.0337+ 0.125 * 0.11443 = 0.0438

EstimatedRTT after the receipt of the ACK of segment 5:

EstimatedRTT = 0.875 * 0.0438 + 0.125 * 0.13989 = 0.0558

EstimatedRTT after the receipt of the ACK of segment 6:

EstimatedRTT = 0.875 * 0.0558 + 0.125 * 0.18964 = 0.0725 second

Round Trip Time ( RTT )



8.      What is the length of each of the first six TCP segments?4

Jawab:

Segment Pertama mempunyai length 565



Segment kedua sampai 6 mempunyai length yang sama yaitu 1460




4. TCP congestion control in action

Let’s now examine the amount of data sent per unit time from the client to the server. Rather than (tediously!) calculating this from the raw data in the Wireshark window, we’ll use one of Wireshark’s TCP graphing utilities - Time-Sequence-Graph(Stevens) - to plot out data.

         Select a TCP segment in the Wireshark’s “listing of captured-packets” window. Then select the menu : Statistics->TCP Stream Graph-> Time-Sequence-Graph(Stevens). You should see a plot that looks similar to the following plot, which was created from the captured packets in the packet trace tcp-ethereal-trace-1 in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip (see earlier footnote ):




Here, each dot represents a TCP segment sent, plotting the sequence number of the segment versus the time at which it was sent. Note that a set of dots stacked above each other represents a series of packets that were sent back-to-back by the sender.


Answer the following questions for the TCP segments the packet trace tcp-ethereal-trace-1 in http://gaia.cs.umass.edu/wireshark -labs/wireshark-traces.zip

13.  Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? Comment on ways in which the measured data differs from the idealized behavior of TCP that we’ve studied in the text.
Jawab :
TCP slowstart dimulai pada awal koneksi, yaitu, ketika segmen HTTP POST dikirim di luar. Identifikasi fase slow start TCP dan penghindaran kemacetan
Fase tergantung dari besarnya ukuran window congestion dari pengirim TCP ini. Namun, nilai kemacetan ukuran jendela tidak bisa didapat secara langsung
dari grafik Time-Sequence-Graph (Stevens). Meski begitu, kita bisa memperkirakannya batas bawah TCP window size dengan jumlah data yang beredar karena data yang beredar adalah jumlah data tanpa acknowledgement. Kita Juga diketahui bahwa TCP window  dibatasi oleh window size penerima dan buffer penerima dapat bertindak sebagai batas atas dari TCP window size. buffer penerima bukan hambatan; Oleh karena itu, batas atas ini tidak cukup berguna untuk menyimpulkan TCP window size. Oleh karena itu, kita fokus pada batas bawah TCP window size
Dari tabel berikut, kita tidak dapat melihat bahwa jumlah data beredar meningkat cepat pada awal arus TCP ini; Namun, tidak pernah melebihi 8192 Bytes. Karena itu,kita dapat memastikan bahwa ukuran jendela TCP lebih besar dari 8192 Bytes. Meski demikian, kita tidak dapat menentukan akhir dari fase awal yang lambat dan awal penghindaran kemacetan fase untuk jejak ini Alasan utamanya adalah pengirim TCP ini tidak mengirimkan data cukup agresif untuk mendorong ke keadaan kemacetan. Dengan memeriksa jumlah Data yang beredar, kita dapat mengamati bahwa aplikasi paling banyak mengirimkan sebuah blok data 8192 byte Sebelum menerima pengakuan untuk seluruh blok 8192 ini bytes, aplikasi tidak akan mengirim lebih banyak data. Ini menunjukkan sebelum akhir awal yang lambat fase, aplikasi sudah berhenti transmisi temporal.


Type
No.
Seq.
ACKed seq.
Outstanding data
Data
4
1

565
Data
5
566

2025
ACK
6

566
1460
Data
7
2026

2920
Data
8
3486

4380
ACK
9

2026
2920
Data
10
4946

4380
Data
11
6406

5840
ACK
12

3486
4380
Data
13
7866

5527
ACK
14

4096
4917
ACK
15

6006
3007
ACK
16

7866
1147
ACK
17

9013
0
Data
18
9013

1460
Data
19
10473

2920
Data
20
11933

4380
Data
21
13393

5840
Data
22
14853

7300
Data
23
16313

8192
ACK
24

10473
6732
ACK
25

11933
5272
ACK
26

13393
3812
ACK
27

14853
2352
ACK
28

16313
892
ACK
29

17205
0
Data
30
17205

1460
Data
31
18665

2920
Data
32
20125

4380
Data
33
21585

5840
Data
34
23045

7300
Data
35
24505

8192
ACK
36

18665
6732
ACK
37

20125
5272
ACK
38

21585
3812
ACK
39

23045
2352
ACK
40

24505
892
ACK
41

25397
0
Data
42
25397

1460
Data
43
26857

2920
Data
44
28317

4380
Data
45
29777

5840






Data
46
31237

7300
Data
47
32697

8192
ACK
48

26857

ACK
49

28317

ACK
50

29777

ACK
51

31237

ACK
52

33589

Data
53
33589

6732
Data
54
35049

5272
Data
55
36509

3812
Data
56
37969

2352
Data
57
39429

892
Data
58
40889

0
ACK
59

35049
6732
ACK
60

37969
3812
ACK
61

40889
892
ACK
62

41781
0
Data
63
41781

1460
Data
64
43241

2920
Data
65
44701

4380
Data
66
46161

5840
Data
67
47621

7300
Data
68
49081

8192
ACK
69

44701
5272
ACK
70

47621
2352
ACK
71

49973
0
Data
72
49973

1460
Data
73
51433

2920
Data
74
52893

4380
Data
75
54353

5840
Data
76
55813

7300
Data
77
57273

8192
ACK
78

52893
5272
ACK
79

55813
2352
ACK
80

58165
0
Data
81
58165



Perhatikan bahwa kriteria untuk menentukan akhir awal yang lamban dan awal penghindaran kemacetan adalah bagaimana ukuran jendela kemacetan bereaksi terhadap kedatangan ACK. Setelah kedatangan ACK, jika ukuran jendela kemacetan meningkat satu MSS, pengirim TCP tetap berada di fase awal yang lambat. Pada tahap penghindaran kemacetan, ukuran jendela kemacetan meningkat pada 1 / (current_congestion_window_size). Dengan memeriksa perubahan jendela kemacetan pada saat kedatangan ACK, kita dapat menyimpulkan keadaan pengirim TCP.

14.  Answer each of two questions above for the trace that you have gathered when you transferred a file from your computer to gaia.cs.umass.edu
Jawab :

Perilaku ideal TCP dalam teks mengasumsikan bahwa pengirim TCP agresif dalam mengirim data. Terlalu banyak lalu lintas dapat menghambat jaringan; Oleh karena itu, pengirim TCP harus mengikuti algoritma AIMD sehingga ketika mereka mendeteksi kemacetan jaringan (yaitu packet loss), ukuran jendela pengiriman mereka harus drop down. Dalam prakteknya, perilaku TCP juga sangat bergantung pada aplikasi. Dalam contoh ini, ketika pengirim TCP dapat mengirimkan data, tidak ada data yang tersedia untuk transmisi. Dalam aplikasi web, beberapa objek web memiliki ukuran sangat kecil. Sebelum akhir fase mulai lambat, transmisi sudah selesai; Oleh karena itu, transmisi benda-benda web kecil ini mengalami penundaan yang tidak perlu karena fase start TCP yang lambat.



Download Laporan Praktikum WireShark Lab : TCP