Objective: The purpose of this exercise is to use a network sniffing tool to understand packet structure on a TCP/IP Ethernet-based network, and to discover features of the TCP sliding window protocol. You will use the snoop administration tool on the Sun workstations for this exercise.

Preparation:

1. You will have to login to csce, engr, or another Sun workstation to do this exercise. You can also do this exercise on comp.

2. Read the material on sliding window protocols from Tanenbaum, sections 3.3 and 3.4. Also read the material on the TCP sliding window protocol on p. 526 in Tanenbaum. The meaning of sequence numbers in TCP is slightly different from the data link layer protocols described in Chapter 3, but the principles are the same.

3. Read the man page on snoop to find out how it works. Options you may want to use include -i, -p, -V, and -v, among others. Snoop is a utility on Sun workstations that can be used to capture packets from the network. Captured packets can be displayed as they are received, or saved to a file for later inspection. Snoop captures packets by operating the network interface card on the workstation in promiscuous mode . In this mode, all packets that pass by the workstation can be collected. Furthermore, since operating the network interface in promiscuous mode is a privileged operation, you must have root privileges to be able to collect packets. It is possible to use snoop to collect only packets with certain attributes. For example, you may want to collect only packets from a particular source, or to a particular destination.

4. For this exercise a data file been collected for you that you will process using snoop. Since you will not be collecting the packets yourself you will not need root privileges. Copy the data file snooplog.bin to your home directory on csci or engr.

Exercise: After learning how to use snoop, run snoop on the data file by executing /usr/sbin/snoop. Answer the following questions in a plain ascii file:

1. Examine packet number 1. What is its packet size?
2. What time did packet number 1 arrive?
3. Name and describe the headers on packet 1, in the order they were added from the application layer.
4. What application is being used?
5. Give the IP name of the source of packet 1, if available.
6. Give the IP name of the destination of packet 1, if available.
7. Give the IP address of the source and destination in packet 1.
8. Give the Ethernet address of the source and destination in packet 1.
9. Now examine packet 8. What is its packet size?
10. Give the IP address of the source and destination in packet 8.
11. Name and describe the headers on packet 8, in the order they were added from the application layer.
12. Give the TCP ports used by each machine for the transfer that occurs with packet 8.
13. What text is transmitted in packet 8? What does this mean? (Hint: think about the application that is being used. If this is a command to the application server, what does it expect to receive?)
14. What is the TCP sequence number in packet 8?
15. What is the purpose of packet 9? (Hint: look at the acknowledgement number.)
16. Explain the TCP acknowledgment number in packet 9.
17. What is the TCP sequence number in packet 10?
18. Explain the TCP acknowledgment number in packet 11.
19. What is the general rule for TCP acknowledgements?
20. What is the name of the user for this application?
21. What is this user's password?
22. What text is transmitted in packet 15? What does this mean?
23. What is the application doing in packet 19?
24. Give the TCP ports used by each machine for the transfer that occurs with packet 21.
25. What file is transferred?
26. How many data packets are used to transfer the file?
27. What is the number of the last packet that was sniffed?
28. What time did the last packet arrive?

Turn in: Email your answers as plain ascii to Damon, at mdhill@comp.uark.edu before the start of class on Friday, March 17.