* 第一部份 ** What is the IP address and TCP port number used by the client computer (source) that is transferring the file to gaia.cs.umass.edu? #+BEGIN_QUOTE To answer this question, it ’ s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “ details of the selected packet header window ” (refer to Figure 2 in the “ Getting Started with Wireshark ” Lab if you ’ re uncertain about the Wireshark windows. #+END_QUOTE Source: 192.168.0.103:54131 : Source: 192.168.0.103 (192.168.0.103) : Destination: 128.119.245.12 (128.119.245.12) : Transmission Control Protocol, Src Port: 54131 (54131), Dst Port: http (80), Seq: 1, Ack: 1, Len: 633 ** What is the IP address of gaia.cs.umass.edu? On what port number is it sending and receiving TCP segments for this connection? (輸出同上) Distination: 128.119.245.12:80 ** What is the IP address and TCP port number used by your client computer (source) to transfer the file to gaia.cs.umass.edu? Source: 192.168.0.103:54131 Destination: 128.119.245.12:80 (這題想問的跟第一題有什麼不同的地方?) * 第二部份 ** What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and gaia.cs.umass.edu? What is it in the segment that identifies the segment as a SYN segment? TCP SYN 的 SeqNum 為 0;上面寫著[SYN, ACK]。 #+BEGIN_EXAMPLE 12 0.484590000 128.119.245.12 192.168.0.103 TCP 76 http > 54131 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 SACK_PERM=1 TSval=1687806537 TSecr=883895839 WS=128 ... Transmission Control Protocol, Src Port: 54131 (54131), Dst Port: http (80), Seq: 0, Len: 0 Source port: 54131 (54131) Destination port: http (80) [Stream index: 0] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x002 (SYN) # SYN 的 Flag 底加 Window size value: 29200 [Calculated window size: 29200] Checksum: 0x227d [validation disabled] Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale #+END_EXAMPLE ** What is the sequence number of the SYNACK segment sent by gaia.cs.umass.edu to the client computer in reply to the SYN? Seq 為 0; *** What is the value of the ACKnowledgement field in the SYNACK segment? How did gaia.cs.umass.edu determine that value? ACK 為 1。SYNACK = 前一個封包的 Seq +1 #+BEGIN_QUOTE 「第 3 個封包開始的 Seq = 前 1 個 received 封包的 ACK(「我已經收到『到 ACK num 為止的長度』的封包惹」)」? 「第 4 個封包開始的 ACK = 前 1 個 received 封包的 Seq + 長度」 #+END_QUOTE | 序号 | 方向 | seq | ack | | |------+------+------------------------+---------------+----------| | 1 | A->B | 10000(隨機產生?[fn:4]) | 0 | SYN | | 2 | A<-B | 20000(隨機產生?) | 10000+1=10001 | SYN, ACK | | 3 | A->B | 10001 | 20000+1=20001 | ACK | 表格引用自[[http://hi.baidu.com/jialy1987/item/a4fe100f9bdef138f3eafca9][TCP 三次握手连接及 seq 和 ack 号的正确理解]] | 序号 | 方向 | seq | ack | size | |------+------+-------+--------------------------------------------------+------| | 23 | A->B | 40000 | 70000 | 1514 | | 24 | B->A | 70000 | 40000+1514-54=41460 # 等等要扣掉 54 嗎?![fn:5] | 54 | | 25 | A->B | 41460 | 70000+54-54=70000 | 1514 | | 26 | B->A | 70000 | 41460+1514-54=42920 | 54 | 表格引用自[[http://hi.baidu.com/jialy1987/item/a4fe100f9bdef138f3eafca9][TCP 三次握手连接及 seq 和 ack 号的正确理解]] *** What is it in the segment that identifies the segment as a SYNACK segment? 封包中包含 SYN flag,如下: #+BEGIN_EXAMPLE Transmission Control Protocol, Src Port: 54131 (54131), Dst Port: http (80), Seq: 0, Len: 0 Source port: 54131 (54131) Destination port: http (80) [Stream index: 0] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set #+END_EXAMPLE ** What is the sequence number of the TCP segment containing the HTTP POST command? 封包 No. 14,他的 sequence number 是 1。 封包 No. 168 也有包含 "POST" 一詞,sequence number 是 152050。 #+BEGIN_QUOTE 封包 No. 14 的 TCP segment data(633 bytes)內容是: #+BEGIN_EXAMPLE POST /wireshark-labs/lab3-1-reply.htm HTTP/1.1 Host: gaia.cs.umass.edu Connection: keep-alive Content-Length: 152321 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://gaia.cs.umass.edu User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 SUSE/34.0.1847.116 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAKBJRyvCHAhbb6qs Referer: http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 #+END_EXAMPLE #+END_QUOTE #+BEGIN_QUOTE 我不確定題目問的是哪一個[fn:2], *因為 No. 168 也有包含 "POST" 一詞(sequence number 是 152050)* ,原本以為題目提到的"the TCP segment containing the HTTP POST"就是這個,但: 1. *Wireshark 在顯示 No.168 時,螢幕最下方多了一個* =Reassembled TCP= *的分頁* 。 2. 而且封包 No. 168 在 Wireshark 裡雖然可以看到整個上傳的 txt 檔完整內容,然而 No.168 這個 *封包本身的的 length 似乎卻只有 973* 。 3. 接在 No. 168 後面出現的封包只剩下一堆 ACK 和最後一個 HTTP 200,而沒有任何實際在「上傳 txt 檔案」的封包。 所以 No. 168 只是 *整個 POST 都結束了才出現的最後一個封包* 、用來告訴對方「我剛剛傳的『第#14, #15,#16.......個封包』是要接在一起的」這樣嗎? 我不太確定自己有沒有搞錯,以下為 wireshark 中,No. 168 的 TCP 欄位顯示的東西: #+BEGIN_EXAMPLE 168 1.452460000 192.168.0.103 128.119.245.12 HTTP 973 POST /wireshark-labs/lab3-1-reply.htm HTTP/1.1 (text/plain) Transmission Control Protocol, Src Port: 54131 (54131), Dst Port: http (80), Seq: 152050, Ack: 1, Len: 905 110 Reassembled TCP Segments (152954 bytes): #14(633), #15(1402), #16(1402), #17(1402), #19(1402), #20(1402), #22(1402), #23(1402), #25(1402), #26(1402), #28(1402), #29(1402), #30(1402), #31(1402), #32(1402), #34(1402), #36(1402), #37(1402)...... ...... Segment count: 110 Reassembled TCP length: 152954 Reassembled TCP Data: 504f5354202f77697265736861726b2d6c6162732f6c6162... #+END_EXAMPLE 然後下面是 No. 168 整個封包在 wireshark 裡看到的東西: #+BEGIN_EXAMPLE No. Time Source Destination Protocol Length Info 168 1.452460000 192.168.0.103 128.119.245.12 HTTP 973 POST /wireshark-labs/lab3-1-reply.htm HTTP/1.1 (text/plain) .... Transmission Control Protocol, Src Port: 54131 (54131), Dst Port: http (80), Seq: 152050, Ack: 1, Len: 905 Source port: 54131 (54131) Destination port: http (80) [Stream index: 0] Sequence number: 152050 (relative sequence number) #sequence number 在這 [Next sequence number: 152955 (relative sequence number)] Acknowledgment number: 1 (relative ack number) Header length: 32 bytes .... Hypertext Transfer Protocol POST /wireshark-labs/lab3-1-reply.htm HTTP/1.1\r\n [Expert Info (Chat/Sequence): POST /wireshark-labs/lab3-1-reply.htm HTTP/1.1\r\n] [Message: POST /wireshark-labs/lab3-1-reply.htm HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: POST Request URI: /wireshark-labs/lab3-1-reply.htm Request Version: HTTP/1.1 Host: gaia.cs.umass.edu\r\n Connection: keep-alive\r\n Content-Length: 152321\r\n [Content length: 152321] Cache-Control: max-age=0\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n Origin: http://gaia.cs.umass.edu\r\n User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 SUSE/34.0.1847.116\r\n Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAKBJRyvCHAhbb6qs\r\n Referer: http://gaia.cs.umass.edu/wireshark-labs/TCP-wireshark-file1.html\r\n Accept-Encoding: gzip,deflate,sdch\r\n Accept-Language: en-US,en;q=0.8\r\n \r\n [Full request URI: http://gaia.cs.umass.edu/wireshark-labs/lab3-1-reply.htm] [HTTP request 1/1] [Response in frame: 203] MIME Multipart Media Encapsulation, Type: multipart/form-data, Boundary: "----WebKitFormBoundaryAKBJRyvCHAhbb6qs" [Type: multipart/form-data] First boundary: ------WebKitFormBoundaryAKBJRyvCHAhbb6qs\r\n Encapsulated multipart part: (text/plain) Content-Disposition: form-data; name="file"; filename="alice.txt"\r\n Content-Type: text/plain\r\n\r\n Line-based text data: text/plain ALICE'S ADVENTURES IN WONDERLAND\r\n \r\n Lewis Carroll\r\n \r\n THE MILLENNIUM FULCRUM EDITION 3.0\r\n \r\n ... (以下為上傳的 txt 內容) #+END_EXAMPLE #+END_QUOTE ** Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? *** At what time was each segment sent? When was the ACK for each segment received? | 編號 | 送出時間 | 收到 ACK 時間 | RTT | length | |------+-------------------+---------------+----------+--------| | 14 | 0.484984000 | 0.716423000 | 0.231439 | 701 | | 15 | 0.485395000 | 0.716500000 | 0.231105 | 1470 | | 16 | 0.485438000 | 0.719277000 | 0.233839 | 1470 | | 17 | 0.485471000 | 0.719443000 | 0.233972 | 1470 | | 18 | (此為 #14 的 ACK) | | | 68 | | 19 | 0.716467000 | 0.953501000 | 0.237034 | 1470 | | 20 | 0.716500000 | 0.953607000 | 0.237107 | 1470 | #+TBLFM: $4=$3-$2 #+BEGIN_EXAMPLE 14 0.484984000 192.168.0.103 128.119.245.12 TCP 701 [TCP segment of a reassembled PDU] 15 0.485395000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 16 0.485438000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 17 0.485471000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 18 0.716423000 128.119.245.12 192.168.0.103 TCP 68 http > 54131 [ACK] Seq=1 Ack=634 Win=7168 Len=0 TSval=1687806769 TSecr=883896072 #14 的 ACK 19 0.716467000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 20 0.716500000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] # 至此行的 #14~17 與 #19, #20 為題目要的前 6 個 TCP connection segments 21 0.719164000 128.119.245.12 192.168.0.103 TCP 68 http > 54131 [ACK] Seq=1 Ack=2036 Win=9984 Len=0 TSval=1687806770 TSecr=883896073 #15 的 ACK 22 0.719215000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 23 0.719252000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 24 0.719277000 128.119.245.12 192.168.0.103 TCP 68 http > 54131 [ACK] Seq=1 Ack=3438 Win=12928 Len=0 TSval=1687806770 TSecr=883896073 #16 的 ACK 25 0.719299000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 26 0.719391000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 27 0.719443000 128.119.245.12 192.168.0.103 TCP 68 http > 54131 [ACK] Seq=1 Ack=4840 Win=15872 Len=0 TSval=1687806772 TSecr=883896073 #17 的 ACK 28 0.719507000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 29 0.719627000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 30 0.719749000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 31 0.719874000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 32 0.719981000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 33 0.953501000 128.119.245.12 192.168.0.103 TCP 68 http > 54131 [ACK] Seq=1 Ack=6242 Win=18688 Len=0 TSval=1687807006 TSecr=883896304 #19 的 ACK 34 0.953585000 192.168.0.103 128.119.245.12 TCP 1470 [TCP segment of a reassembled PDU] 35 0.953607000 128.119.245.12 192.168.0.103 TCP 68 http > 54131 [ACK] Seq=1 Ack=7644 Win=21632 Len=0 TSval=1687807006 TSecr=883896304 #20 的 ACK #+END_EXAMPLE *** Given the difference between when each TCP segment was sent, and when its acknowledgement was received. 看不懂這問題是什麼意思。不就送出的時間順序不一樣嗎? 從上面可以看出 ACK 送來的時間非常不固定。不過我沒有去一個個看 ACK 有沒有也跟送出的時間順序一樣都完美的按照順序送回來。 *** What is the RTT value for each of the six segments? 見前面的表格。 *** What is the EstimatedRTT value (see page 249 in text) after the receipt of each ACK? 0.23317837261962887 #+BEGIN_SRC elisp (let ((ERTT 0.231439)) (mapcar (lambda (x) (setq ERTT (+ (* RTT 0.875) (* x 0.125)))) '(0.231105 0.233839 0.233972 0.237034 0.237107)) ERTT) => 0.23317837261962887 #+END_SRC *** What is the length of each of the first six TCP segments? 見前面表格。 *** What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of receiver buffer space ever throttle the sender? 1. 第一個問題救命啊不知道該從哪裡看。[fn:1] 2. 第二個問題是:沒有,因為資料傳輸過程中封包長度一直都是 1470 沒有因為 buffer 被塞爆而縮小過。[fn:3] *** Are there any retransmitted segments in the trace file? What did you check for (in the trace) in order to answer this question? 沒有,因為 wireshark 吐出來的整串封包清單都沒有重複的 ACK num。 *** How much data does the receiver typically acknowledge in an ACK? Can you identify cases where the receiver is ACKing every other received segment (see Table 3.2 on page 257 in the text). 1. 1460。 2. 我看不懂這題指的"*every other* received segment"到底在說什麼。[fn:6] *** What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this value. 97842.160 bytes/sec;直接看 Wireshark: Statictics => Summary => Avg. bytes/sec(算作弊嗎?) 整個 dump 出來的檔案大小 175184 bytes;從 SYN 開始直到收到最後一個 ACK 共歷時 1.716571 秒 175184 / 1.716571 = 102054.619355 #呃...我不太確定該怎麼算,不過跟上面的值好像蠻接近的。 * 第三部份 ** Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the gaia.cs.umass.edu server. Can you identify where TCP's slowstart phase begins and ends, and where congestion avoidance takes over? Comment on ways in which the measured data differs from the idealized behavior of TCP that we've studied in the text. ** Answer each of two questions above for the trace that you have gathered when you transferred a file from your computer to gaia.cs.umass.edu * Footnotes [fn:1] [fn:2] [fn:3] 到底 buffer 是限制封包長度還是數量啊 [fn:4] 隨機的? [fn:5] 需要扣掉嗎?! [fn:6]