Saturday, January 13, 2018

Praktikum WireShark Lab:TCP


WireShark Lab:TCP

1.   Capturing a bulk TCP transfer from your computer to a remote server

         Start up your web browser. Go the http://gaia.cs.umass.edu/wireshark-labs/alice.txt and retrieve an ASCII copy of Alice in Wonderland. Store this file somewhere on your computer.
         Next go to http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html.
         You should see a screen that looks like:
         Use the Browse button in this form to enter the name of the file (full path name) on your computer containing Alice in Wonderland (or do so manually). Don’t yet press the “Upload alice.txt file” button.

         Now start up Wireshark and begin packet capture (Capture->Start) and then press OK on the Wireshark Packet Capture Options screen (we’ll not need to select any options here).

         Returning to your browser, press the “Upload alice.txt file” button to upload the file to the gaia.cs.umass.edu server. Once the file has been uploaded, a short congratulations message will be displayed in your browser window.

         Stop Wireshark packet capture. Your Wireshark window should look similar to the window shown below.




2.  A first look at the captured trace

Answer the following questions, by opening the Wireshark captured packet file tcp-ethereal-trace-1 in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip (that is download the trace and open that trace in Wireshark; see footnote 2). Whenever possible, when answering a question you should hand in a printout of the packet(s) within the trace that you used to answer the question asked. Annotate the printout3 to explain your answer. To print a packet, use File->Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question.


1.      What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu? To answer this question, it’s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header window” (refer to Figure 2 in the “Getting Started with Wireshark” Lab if you’re uncertain about the Wireshark windows.
Jawab:
Ip address [source] : 192.168.1.102
Port number [source] : 1161
2.      What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection?
Jawab:
Ip address [gaia.cs.ummass.edu] : 128.119.245.12
Port number [gaia.cs.ummass.edu] : 80

If you have been able to create your own trace, answer the following question:

3.      What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu?
Jawab:

Source Ip address : 192.168.1.6 and Port :50806



3. TCP Basics
4.      What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment?
Sequence number pada TCP SYN digunakan untuk memulai koneksi TCP antara client dengan gaia , nilai sequence numbernya adalah 0
Ciri” menandakan segment syn adalah flag syn set=1.


5.      What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? What is the value of the Acknowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? What is it in the segment that identifies the segment as a SYNACK segment?
Jawab : Sequence number pada segment SYNACK dari gaia ke client dalam mereply SYN memiliki nilai 0 , Nilai field acknowledgment di segmen SYNACK adalah 1. Nilai field acknowledgment di segmen SYNACK ditentukan oleh gaia.cs.umass.edu dengan menambahkan 1 ke urutan awal segmen SYN dari komputer klien. Ciri” segment SYNACK adalah flag Acknowledgement set = 1.

6.      What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA field.
Jawab :
Pada baris ke 4 , Sequence number http post adalah 1
Http post command

7.      Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the
TCP connection (including the segment containing the HTTP POST)? At what time was each segment sent? When was the ACK for each segment received? Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments? What is the EstimatedRTT value (see Section 3.5.3, page 239 in text) after the receipt of each ACK? Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page 239 for all subsequent segments.

Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the “listing of captured packets” window that is being sent from the client to the gaia.cs.umass.edu server. Then select: Statistics->TCP Stream Graph->Round Trip Time Graph.

      Jawab :
Nomor urut dari enam segmen pertama Segmen pertama adalah No. 4, 5, 7, 8, 10, dan 11. ACK segmen 1 - 6 adalah No. 6, 9, 12, 14, 15, dan 16.
Waktu masing-masing pengiriman dan penerimaan ACK

Segment
Sent time
Ack receive time
RTT
1
0.026477
0.053937
0.02746
2
0.041737
0.077294
0.035557
3
0.054026
0.124085
0.070059
4
0.054690
0.169118
0.11443
5
0.077405
0.217299
0.13989
6
0.078157
0.267802
0.18964

EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT

EstimatedRTT after the receipt of the ACK of segment 1:

EstimatedRTT = RTT for Segment 1 = 0.02746 second

EstimatedRTT after the receipt of the ACK of segment 2:

EstimatedRTT = 0.875 * 0.02746 + 0.125 * 0.035557 = 0.0285

EstimatedRTT after the receipt of the ACK of segment 3:

EstimatedRTT = 0.875 * 0.0285 + 0.125 * 0.070059 = 0.0337

EstimatedRTT after the receipt of the ACK of segment 4:

EstimatedRTT = 0.875 * 0.0337+ 0.125 * 0.11443 = 0.0438

EstimatedRTT after the receipt of the ACK of segment 5:

EstimatedRTT = 0.875 * 0.0438 + 0.125 * 0.13989 = 0.0558

EstimatedRTT after the receipt of the ACK of segment 6:

EstimatedRTT = 0.875 * 0.0558 + 0.125 * 0.18964 = 0.0725 second

Round Trip Time ( RTT )



8.      What is the length of each of the first six TCP segments?4

Jawab:

Segment Pertama mempunyai length 565



Segment kedua sampai 6 mempunyai length yang sama yaitu 1460




4. TCP congestion control in action

Let’s now examine the amount of data sent per unit time from the client to the server. Rather than (tediously!) calculating this from the raw data in the Wireshark window, we’ll use one of Wireshark’s TCP graphing utilities - Time-Sequence-Graph(Stevens) - to plot out data.

         Select a TCP segment in the Wireshark’s “listing of captured-packets” window. Then select the menu : Statistics->TCP Stream Graph-> Time-Sequence-Graph(Stevens). You should see a plot that looks similar to the following plot, which was created from the captured packets in the packet trace tcp-ethereal-trace-1 in http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip (see earlier footnote ):




Here, each dot represents a TCP segment sent, plotting the sequence number of the segment versus the time at which it was sent. Note that a set of dots stacked above each other represents a series of packets that were sent back-to-back by the sender.


Answer the following questions for the TCP segments the packet trace tcp-ethereal-trace-1 in http://gaia.cs.umass.edu/wireshark -labs/wireshark-traces.zip

13.  Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP’s slowstart phase begins and ends, and where congestion avoidance takes over? Comment on ways in which the measured data differs from the idealized behavior of TCP that we’ve studied in the text.
Jawab :
TCP slowstart dimulai pada awal koneksi, yaitu, ketika segmen HTTP POST dikirim di luar. Identifikasi fase slow start TCP dan penghindaran kemacetan
Fase tergantung dari besarnya ukuran window congestion dari pengirim TCP ini. Namun, nilai kemacetan ukuran jendela tidak bisa didapat secara langsung
dari grafik Time-Sequence-Graph (Stevens). Meski begitu, kita bisa memperkirakannya batas bawah TCP window size dengan jumlah data yang beredar karena data yang beredar adalah jumlah data tanpa acknowledgement. Kita Juga diketahui bahwa TCP window  dibatasi oleh window size penerima dan buffer penerima dapat bertindak sebagai batas atas dari TCP window size. buffer penerima bukan hambatan; Oleh karena itu, batas atas ini tidak cukup berguna untuk menyimpulkan TCP window size. Oleh karena itu, kita fokus pada batas bawah TCP window size
Dari tabel berikut, kita tidak dapat melihat bahwa jumlah data beredar meningkat cepat pada awal arus TCP ini; Namun, tidak pernah melebihi 8192 Bytes. Karena itu,kita dapat memastikan bahwa ukuran jendela TCP lebih besar dari 8192 Bytes. Meski demikian, kita tidak dapat menentukan akhir dari fase awal yang lambat dan awal penghindaran kemacetan fase untuk jejak ini Alasan utamanya adalah pengirim TCP ini tidak mengirimkan data cukup agresif untuk mendorong ke keadaan kemacetan. Dengan memeriksa jumlah Data yang beredar, kita dapat mengamati bahwa aplikasi paling banyak mengirimkan sebuah blok data 8192 byte Sebelum menerima pengakuan untuk seluruh blok 8192 ini bytes, aplikasi tidak akan mengirim lebih banyak data. Ini menunjukkan sebelum akhir awal yang lambat fase, aplikasi sudah berhenti transmisi temporal.


Type
No.
Seq.
ACKed seq.
Outstanding data
Data
4
1

565
Data
5
566

2025
ACK
6

566
1460
Data
7
2026

2920
Data
8
3486

4380
ACK
9

2026
2920
Data
10
4946

4380
Data
11
6406

5840
ACK
12

3486
4380
Data
13
7866

5527
ACK
14

4096
4917
ACK
15

6006
3007
ACK
16

7866
1147
ACK
17

9013
0
Data
18
9013

1460
Data
19
10473

2920
Data
20
11933

4380
Data
21
13393

5840
Data
22
14853

7300
Data
23
16313

8192
ACK
24

10473
6732
ACK
25

11933
5272
ACK
26

13393
3812
ACK
27

14853
2352
ACK
28

16313
892
ACK
29

17205
0
Data
30
17205

1460
Data
31
18665

2920
Data
32
20125

4380
Data
33
21585

5840
Data
34
23045

7300
Data
35
24505

8192
ACK
36

18665
6732
ACK
37

20125
5272
ACK
38

21585
3812
ACK
39

23045
2352
ACK
40

24505
892
ACK
41

25397
0
Data
42
25397

1460
Data
43
26857

2920
Data
44
28317

4380
Data
45
29777

5840






Data
46
31237

7300
Data
47
32697

8192
ACK
48

26857

ACK
49

28317

ACK
50

29777

ACK
51

31237

ACK
52

33589

Data
53
33589

6732
Data
54
35049

5272
Data
55
36509

3812
Data
56
37969

2352
Data
57
39429

892
Data
58
40889

0
ACK
59

35049
6732
ACK
60

37969
3812
ACK
61

40889
892
ACK
62

41781
0
Data
63
41781

1460
Data
64
43241

2920
Data
65
44701

4380
Data
66
46161

5840
Data
67
47621

7300
Data
68
49081

8192
ACK
69

44701
5272
ACK
70

47621
2352
ACK
71

49973
0
Data
72
49973

1460
Data
73
51433

2920
Data
74
52893

4380
Data
75
54353

5840
Data
76
55813

7300
Data
77
57273

8192
ACK
78

52893
5272
ACK
79

55813
2352
ACK
80

58165
0
Data
81
58165



Perhatikan bahwa kriteria untuk menentukan akhir awal yang lamban dan awal penghindaran kemacetan adalah bagaimana ukuran jendela kemacetan bereaksi terhadap kedatangan ACK. Setelah kedatangan ACK, jika ukuran jendela kemacetan meningkat satu MSS, pengirim TCP tetap berada di fase awal yang lambat. Pada tahap penghindaran kemacetan, ukuran jendela kemacetan meningkat pada 1 / (current_congestion_window_size). Dengan memeriksa perubahan jendela kemacetan pada saat kedatangan ACK, kita dapat menyimpulkan keadaan pengirim TCP.

14.  Answer each of two questions above for the trace that you have gathered when you transferred a file from your computer to gaia.cs.umass.edu
Jawab :

Perilaku ideal TCP dalam teks mengasumsikan bahwa pengirim TCP agresif dalam mengirim data. Terlalu banyak lalu lintas dapat menghambat jaringan; Oleh karena itu, pengirim TCP harus mengikuti algoritma AIMD sehingga ketika mereka mendeteksi kemacetan jaringan (yaitu packet loss), ukuran jendela pengiriman mereka harus drop down. Dalam prakteknya, perilaku TCP juga sangat bergantung pada aplikasi. Dalam contoh ini, ketika pengirim TCP dapat mengirimkan data, tidak ada data yang tersedia untuk transmisi. Dalam aplikasi web, beberapa objek web memiliki ukuran sangat kecil. Sebelum akhir fase mulai lambat, transmisi sudah selesai; Oleh karena itu, transmisi benda-benda web kecil ini mengalami penundaan yang tidak perlu karena fase start TCP yang lambat.



Download Laporan Praktikum WireShark Lab : TCP