wireshark抓包实验之TCP(陕师大)

实验六 Wireshark Lab: TCP一、实验目的1.通过wireshark 抓包理解应用层TCP 协议。

二、实验器材1.PC 机电脑一台。

2.Wireshark 软件。

三、实验内容1．依照Wireshark Lab 提供的实验步骤完成实验。

2．回答实验中的问题。

四、实验操作实践与步骤2. A first look at the captured trace1. What is the IP address and TCP port number used by the client computer (source) that is transferring the file to ? To answer this question, it’s probably easiest to select an HTTP message and explore the details of the TCP packet used to carry this HTTP message, using the “details of the selected packet header window”2. What is the IP address of ? On what port number is itsending and receiving TCP segments for this connection? Source IP address ：129.168.1.102Source TCP portnumber ：1161Destination IP address ：128.119.245.12Destination TCPport number：80If you have been able to create your own trace, answer the following question:3. What is the IP address and TCP port number used by your client computer (source) to transfer the file to ?3. TCP Basics4. (1)What is the sequence number of the TCP SYN segment that is used to initiate the TCP connection between the client computer and ? (2)What is it in the segment that identifies the segment as a SYN segment?(1) SYN sequence number =0(2) What is in the red region of the figure above identifies the segment as a SYN segment.5. (1)What is the sequence number of the SYNACK segment sent by to the client computer in reply to the SYN?(2) What is the value of the ACKnowledgement field in the SYNACK segment? How did determine that value? What is it in the segment that identifies the segment as a SYNACK segment?(1)SYNACK sequence number =0, ACKnowledgement=1(2)ACKnowledgement value= initiate sequence number of the TCP SYN segment+1(3)What is in the red region of the figure above identifies the segment as a SYN segment.6. What is the sequence number of the TCP segment containing the HTTP POST command? Note that in order to find the POST command, you’ll need to dig into the packet content field at the bottom of the Wireshark window, looking for a segment with a “POST” wi thin itsDATA field.The sequence number of the TCP segment containing the HTTP POST command is 1.7. Consider the TCP segment containing the HTTP POST as the first segment in the TCP connection. (1)What are the sequence numbers of the first six segments in the TCP connection (including the segment containing the HTTP POST)? (2)At what time was each segment sent? When was the ACK for each segment received?(3) Given the difference between when each TCP segment was sent, and when its acknowledgement was received, what is the RTT value for each of the six segments?(4) What is the EstimatedRTT value (see page 249 in text) after the receipt of each ACK? (5)Assume that the value of the EstimatedRTT is equal to the measured RTT for the first segment, and then is computed using the EstimatedRTT equation on page 249 for allsubsequent segments.Note: Wireshark has a nice feature that allows you to plot the RTT for each of the TCP segments sent. Select a TCP segment in the “listing of captured packets” window that is being sent from the client to the server. Then select: Statistics->TCP Stream Graph- >Round Trip Time Graph(1) The first sixsegments are the No.4, 5, 7, 8, 10, and 11 segments.(circled in red)The sequence numbers of them respectively are1, 566, 2026, 3486, 4946, 6406, 7866.(2)They were respectively sent at the time circled int the figure bellow.(3)ACK received time are given in the figure bellow：（4）RTT value for each of the six segmentsSent time ACK received time RTT value Segment1 0.026477 0.053937 0.02746 Segment2 0.041737 0.077294 0.035557 Segment3 0.054026 0.124085 0.070059 Segment4 0.054690 0.169118 0.11443（5）EstimatedRTT = 0.875 * EstimatedRTT + 0.125 * SampleRTT EstimatedRTT after the receipt of the ACK of segment 1: EstimatedRTT = RTT for Segment 1 = 0.02746 secondsegment 2:EstimatedRTT = 0.875 * 0.02746 + 0.125 * 0.035557 = 0.0285 segment 3:EstimatedRTT = 0.875 * 0.0285 + 0.125 * 0.070059 = 0.0337 segment 4:EstimatedRTT = 0.875 * 0.0337+ 0.125 * 0.11443 = 0.0438 segment 5:EstimatedRTT = 0.875 * 0.0438 + 0.125 * 0.13989 = 0.0558 segment 6:EstimatedRTT = 0.875 * 0.0558+ 0.125 * 0.18964 = 0.0725Figure: Round Trip Time Graph8. What is the length of each of the first six TCP segments?The length of the first TCP segments (containing the HTTP POST) is 566 bytes. The length of each of the other five TCP segments is 1460 bytes.9. What is the minimum amount of available buffer space advertised at the received for the entire trace? Does the lack of receiver buffer space ever throttle the sender?The minimum amount of available buffer space at advertised at for the entire trace is 5840 bytes, which shows in the first acknowledgement (No.2 segment )from the server. This receiver window grows steadily until a maximum receiver buffer size of 62780bytes. The sender is never throttled due to lacking of receiver buffer space by inspecting this trace.Figure : Minimum receive window (packet No.2)10. Are there any retransmitted segments in the trace file? What did you check for (in the trace)in order to answer the question?There is no retransmitted segments in the trace file.In order to answer the question , I checked for the sequence numbers of the TCP segments in the trace file. In the Time-Sequence-Graph (Stevens) of this trace, all sequence numbers from 192.168.1.102 to 128.119.245.12 are increasing linear and monotonically. If there is a retransmitted segment, the Time-Sequence-Graph (Stevens) should be different from what we see.11.(1) How much data does the receiver typically acknowledge in an ACK?(2) Can you identify cases where the receiver is ACKing every other received segment (see Table 3.2 on page 257 in the text).The receiver typically acknowledged sequence numbers of the ACKs are listed in the following table.Acknowledged sequence number Acknowledged data SegmentnumberACK16 566 566ACK29 2026 1460ACK312 3486 1460ACK414 4946 1460ACK515 6406 146012. What is the throughput (bytes transferred per unit time) for the TCP connection? Explain how you calculated this value.The TCP connection started to transmit data at segment 4,and end in segment 202. We can see from the figure bellow:data1=1 byte t1=0.026477data2=164091 bytes t2=5.455830total data=164091-1=164090 bytesit takes time: total time=5.455830-0.026477=5.429353 secondsSo the throughput for the TCP connection is calculated as164090/5.4294353= 30.222 KByte/sec13. Use the Time-Sequence-Graph(Stevens) plotting tool to view the sequence number versus time plot of segments being sent from the client to the server. Can you identify where TCP’s slow start phase begins and ends, and where congestion avoidance takes over?Comment on ways in which the measured data differs from the idealized behavior of TCP that we’ve studied in the text.We can see from the figure above(Time-Sequence-Graph(Stevens)) that the TCP Slow Start begins at the start of the connection.The identification of the TCP slow start phase and congestion avoidance phase depends on the value of the congestion window size of this TCP sender. So once we know the congestion window size of this TCP sender, we can tell easily where TCP’s slow ends and where congestion avoidance takes over.When answering the previous question, we can know that the TCP window size is larger than 8192 Bytes.But there is no data sent more than 8192 Bytes. It indicates before the end of the start phase,the application already stops transmitting . That is to say, the TCP’s slow ends and congestion avoidance haven’t taken place.五、实验结论总的来说，这一次实验做的很痛苦，因为一开始问题回答不出来。