Professional Documents
Culture Documents
Assignment 1
Professor Anirban Mahanti
Department of Computer Science
University of Calgary
Total Points: 50
Due Date: By 23:59 hours on January 30, 2006. (Late submissions are not acceptable.)
Submission Guidelines
When you complete the assignment, write the solutions using your favorite word
processing software and submit it in PS, PDF, or Word format. Your electronic file should
be submitted before the due date using the submit system. Only those who submit the
assignment shall receive the solution key.
Overview
This assignment consists of two parts. The first part of the assignment asks you to
analyze a network trace, and in the process aims to enhance your understanding of the
Internet protocol stack. The second part of the assignment asks you to answer several
problems. These problems should reinforce your understanding of fundamental computer
communications concepts, such as data rates, round-trip time, propagation delay, and
response time. You can expect to see similar problems in your midterm test.
I. Analyzing a Packet Trace (32 points)
Modern computer networks such as the Internet use a layered architecture. In a layered
architecture, each layer builds upon the layer below it. Specifically, each layer
accomplishes a portion of the required tasks by offering services to the layer above it.
Tasks are accomplished by using protocols operating between peer layers. For example,
Web client/server interactions on the Internet use the Hypertext Transfer Protocol (HTTP)
at the application layer. HTTP relies on the Transmission Control Protocol (TCP) at the
transport layer to deliver all data sent between the server and the client, without errors,
and in the proper order. TCP, in turn, relies on the Internet Protocol (IP) to route
datagrams through the network (from the server to the client and vice versa).
This portion of the assignment will focus on enhancing your understanding of the
Internet Protocol stack. You will examine real protocols in action using an open source
network protocol analyzer called Ethereal. Ethereal is available for most platforms,
including Unix/Linux, Mac, and Windows, from www.ethereal.com. It is also available
on department machines csb.cpsc.ucalgary.ca and csh.cpsc.ucalgary.ca (type ethereal
& at command line).
For obvious reasons, you typically need root privilege to capture packet traces using
Ethereal. Therefore, we provide you with a previously captured packet trace
simpletrace.cap. This trace was collected on a home network that utilizes an ADSL
modem router (with a 4-port switch and a built-in wireless access point) to connect to the
Internet. The network consists of two PCs wired to the router using CAT5 cables. The
trace was collected when the PCs were running several applications.
Using Ethereal, analyze this trace and answer the following questions:
1. How many packets does the trace show? (1 point)
2. What is the average size of packets in the trace? (1 point)
3. List all MAC addresses seen in the trace. (1 point)
4. How many IP addresses do you see in the trace? (1 point)
5. Some of the observed MAC addresses map to IP addresses. Provide this mapping.
(2 points)
6. What fraction of packets uses IP at the network layer? (1 point)
7. What fraction of packets uses TCP at the transport layer? (1 point)
8. List all application layer protocols that Ethereal identifies as using TCP. (2 points)
9. List all application layer protocols that Ethereal identifies as using UDP. (1 point)
10.
11.
List all data link layer protocols seen in the trace. (1 point)
12. How many IP packets have a Time-To-Live (TTL) greater than 200? How
many IP packets have a TTL of 128? How many IP packets have a TTL of 48?
Speculate on the difference in the observed TTL. (3 points)
13.
14. Plot a frequency histogram (PDF) of the IP datagram lengths seen in the trace.
What conclusions can you draw from this plot? (4 points)
15. Between which IP address pair is the most bytes exchanged. Plot a frequency
histogram (PDF) of the IP datagram lengths seen between this IP address pair.
Comment on your plot. (2 points)
16. Determine what activities were taking place during the duration of the trace
capture. This is an open-ended question. So be creative and extract as much
information as you can from the traces. (5 points)
You might want to consider answering questions such as those listed below:
Was an SSH session active? If yes, list the end hosts for this session.
Was there any Web browsing going on? If yes, what can you say about the
Web browser? Was the browser Internet Explorer?
Was any media streaming activity present? If yes, was the media player
from RealNetworks? Can you identify the media file?