wireshark抓包实验之TCP(陕师大)

实验六WiresharkLab:TCP一、实验目的1.通过wireshark抓包理解应用层TCP协议。二、实验器材1.PC机电脑一台。2.Wireshark软件。三、实验内容1．依照WiresharkLab提供的实验步骤完成实验。2．回答实验中的问题。四、实验操作实践与步骤2.Afirstlookatthecapturedtrace1.WhatistheIPaddressandTCPportnumberusedbytheclientcomputer(source)thatistransferringthefiletogaia.cs.umass.edu?Toanswerthisquestion,it’sprobablyeasiesttoselectanHTTPmessageandexplorethedetailsoftheTCPpacketusedtocarrythisHTTPmessage,usingthe“detailsoftheselectedpacketheaderwindow”2.WhatistheIPaddressofgaia.cs.umass.edu?OnwhatportnumberisitsendingandreceivingTCPsegmentsforthisconnection?SourceIPaddress：129.168.1.102SourceTCPportnumber：1161DestinationIPaddress：128.119.245.12Ifyouhavebeenabletocreateyourowntrace,answerthefollowingquestion:3.WhatistheIPaddressandTCPportnumberusedbyyourclientcomputer(source)totransferthefiletogaia.cs.umass.edu?3.TCPBasics4.(1)WhatisthesequencenumberoftheTCPSYNsegmentthatisusedtoinitiatetheTCPconnectionbetweentheclientcomputerandgaia.cs.umass.edu?(2)WhatisitinthesegmentthatidentifiesthesegmentasaSYNsegment?(1)SYNsequencenumber=0DestinationTCPportnumber：80(2)WhatisintheredregionofthefigureaboveidentifiesthesegmentasaSYNsegment.5.(1)WhatisthesequencenumberoftheSYNACKsegmentsentbygaia.cs.umass.edutotheclientcomputerinreplytotheSYN?(2)WhatisthevalueoftheACKnowledgementfieldintheSYNACKsegment?Howdidgaia.cs.umass.edudeterminethatvalue?WhatisitinthesegmentthatidentifiesthesegmentasaSYNACKsegment?(1)SYNACKsequencenumber=0,ACKnowledgement=1(2)ACKnowledgementvalue=initiatesequencenumberoftheTCPSYNsegment+1(3)WhatisintheredregionofthefigureaboveidentifiesthesegmentasaSYNsegment.6.WhatisthesequencenumberoftheTCPsegmentcontainingtheHTTPPOSTcommand?NotethatinordertofindthePOSTcommand,you’llneedtodigintothepacketcontentfieldatthebottomoftheWiresharkwindow,lookingforasegmentwitha“POST”withinitsDATAfield.ThesequencenumberoftheTCPsegmentcontainingtheHTTPPOSTcommandis1.7.ConsidertheTCPsegmentcontainingtheHTTPPOSTasthefirstsegmentintheTCPconnection.(1)WhatarethesequencenumbersofthefirstsixsegmentsintheTCPconnection(includingthesegmentcontainingtheHTTPPOST)?(2)Atwhattimewaseachsegmentsent?WhenwastheACKforeachsegmentreceived?(3)GiventhedifferencebetweenwheneachTCPsegmentwassent,andwhenitsacknowledgementwasreceived,whatistheRTTvalueforeachofthesixsegments?(4)WhatistheEstimatedRTTvalue(seepage249intext)afterthereceiptofeachACK?(5)AssumethatthevalueoftheEstimatedRTTisequaltothemeasuredRTTforthefirstsegment,andtheniscomputedusingtheEstimatedRTTequationonpage249forallsubsequentsegments.Note:WiresharkhasanicefeaturethatallowsyoutoplottheRTTforeachoftheTCPsegmentssent.SelectaTCPsegmentinthe“listingofcapturedpackets”windowthatisbeingsentfromtheclienttothegaia.cs.umass.eduserver.Thenselect:Statistics-TCPStreamGraph-RoundTripTimeGraph(1)ThefirstsixsegmentsaretheNo.4,5,7,8,10,and11segments.(circledinred)No.TypeSeq.ACKval.4Data15Data5666ACK5667Data20268Data34869ACK202610Data494611Data640612ACK346814ACK494615ACK640616ACK7866Thesequencenumbersofthemrespectivelyare1,566,2026,3486,4946,6406,7866.(2)Theywererespectivelysentatthetimecircledintthefigurebellow.(3)ACKreceivedtimearegiveninthefigurebellow：（4）RTTvalueforeachofthesixsegmentsSenttimeACKreceivedtimeRTTvalueSegment10.0264770.0539370.02746Segment20.0417370.0772940.035557Segment30.0540260.1240850.070059Segment40.0546900.1691180.11443Segment50.0774050.2172990.13989Segment60.0781570.2678020.18964（5）EstimatedRTT=0.875*EstimatedRTT+0.125*SampleRTTEstimatedRTTafterthereceiptoftheACKofsegment1:EstimatedRTT=RTTforSegment1=0.02746secondsegment2:EstimatedRTT=0.875*0.02746+0.125*0.035557=0.0285segment3:EstimatedRTT=0.875*0.0285+0.125*0.070059=0.0337segment4:EstimatedRTT=0.875*0.0337+0.125*0.11443=0.0438segment5:EstimatedRTT=0.875*0.0438+0.125*0.13989=0.0558segment6:EstimatedRTT=0.875*0.0558+0.125*0.18964=0.0725Figure:RoundTripTimeGraph8.WhatisthelengthofeachofthefirstsixTCPsegments?ThelengthofthefirstTCPsegments(containingtheHTTPPOST)is566bytes.ThelengthofeachoftheotherfiveTCPsegmentsis1460bytes.9.Whatistheminimumamountofavailablebufferspaceadvertisedatthereceivedfortheentiretrace?Doesthelackofreceiverbufferspaceeverthrottlethesender?Theminimumamountofavailablebufferspaceatadvertisedatgaia.cs.umass.edufortheentiretraceis5840bytes,whichshowsinthefirstacknowledgement(No.2segment)fromtheserver.Thisreceiverwindowgrowssteadilyuntilamaximumreceiverbuffersizeof62780bytes.Thesenderisneverthrottledduetolackingofreceiverbufferspacebyinspectingthistrace.Figure:Minimumreceivewindow(packetNo.2)10.Arethereanyretransmittedsegmentsinthetracefile?Whatdidyoucheckfor(inthetrace)inordertoanswerthequestion?Thereisnoretransmittedsegmentsinthetracefile.Inordertoanswerthequestion,IcheckedforthesequencenumbersoftheTCPsegmentsinthetracefile.IntheTime-Sequence-Graph(Stevens)ofthistrace,allsequencenumbersfrom192.168.1.102to128.119.245.12areincreasinglinearandmonotonically.Ifthereisaretransmittedsegment,theTime-Sequence-Graph(Stevens)shouldbedifferentfromwhatwesee.11.(1)HowmuchdatadoesthereceivertypicallyacknowledgeinanACK?(2)Canyouid