Lab 2’s answer template
43. The client computer uses the IP address of IP address of each student’s computer and the TCP port number of TCP port number of each student’s computer.
These are found by clicking the HTTP packet which has ’POST’ in the packet
information column and finding the IP header and TCP header .
45. The sequence number of the TCP SYN segment that is used to initiate the
TCP connection between the client computer and 128.119.245.12 is 0 . The fact
that SYN flag is set to 1 indicates that the segment is a SYN segment.
46. The sequence number of the SYNACK segment sent by 128.119.245.12
to the client computer in reply to the SYN is 0 . The value of the ACKnowledgement field in the SYNACK segment is 1 128.119.245.12 determines the value of
the ACKnowledgement field in the SYNACK segment by adding 1 to the initial
sequence number of SYN segment from the client computer.( In other words, the
sequence number of the SYN segment initiated by the client computer is 0 ) . The
fact that SYN flag and Acknowledgement flag is set to 1 indicates that the segment
is a SYNACK segment.
47. The sequence number of the TCP segment containing the HTTP POST
command has the value of 1
51. The RTT is the difference between the sent time and ACK received time.
The RTT value for each of the first six segments are for example 0.2746,0.035557,
0.070059, 0.11443, 0.13989, 0.18964 . These values are obtained by calculating
the difference between the sent time and the received time of each segment .
53. The minimum amount of available buffer space (receiver window) advertised at the receiver for the entire trace is 5840 for example . This value is found
in the line of ’window size field’ of the first TCP packet[SYN, ACK] sent from
the IP address of 128.119.245.12 to the IP address of each student’s computer’s
IP address .
56. There are some/no retransmitted segments in the trace file. The way to
find this out is: There are a couple of answers here.
1. finding out the packet whose background is red which indicates retransmission.
2. finding out the sequence numbers from student’s computer to 128.119.245.12
which does not increase monotonically which indicates the retransmission using
the graph produced in Question 55. .
62. Each of the UDP header fields is 2 bytes long.
68. Upload the timing diagram between client and server with one arrow for
each SSL record type: the answer is Fig. 1
71. Does the ClientHello record advertise the cipher specs it supports? yes .
List the cipher specs it supports. 17 specs such as TLS RSA mth RC4 128 MD5
which are presented in the cipher specs field under the SSL header .
1
2
Figure 1: Example timing diagram
Lab 3’s answer template
79. Has this IP datagram been fragmented? No . The reason of the answer is:
When you see the detail of the IP header, there is no field called IP fragments and
the flag for ’more fragments’ is 0. .
81. The pattern I see in the values in the Identification field of the IP Datagram/header is that the IP header identification fields increment with each ICMP
echo(ping) request .
84. The fact that the Flags bit for more fragments is set to one indicates that
the datagram been fragmented. The fact that the fragment offset field under the IP
header is set to 0 indicates that this is the first fragment.
88. There are 3 packets created from the original datagram. I can say this
because IP fragments field under IP header shows 3 packet-numbers .
The IP header fields that changed between all of the packets are: fragment
offset and checksum .
Between the first two packets and the last packet, I see a change in total length
and in the flag for ’more fragments’ .
91. The ICMP type is 8 and 8 and the code number is 0 . Under ICMP header
the ICMP packet also has checksum , identifier , sequence number , and data fields
. The checksum field is 2 byte(s). The sequence number field is 2 byte(s). The
identifier field is 2 byte(s).
94 Is this different from the ICMP ping query packets in question 91 focusing
on the ICMP headers ? If yes, how so? No. The ICMP echo request packet has the
same fields as the ping query packets. . The first 8 bytes of the content of Internet
Control Message Protocol header are 08 00 51 fe 01 00 a4 01 for example . These
are the first 8 bytes of the shaded/highlighted 72 bytes in the data field when the
ICMP header is clicked.
98 Within the tracert measurements such as Fig. 22, is there a link whose delay
is significantly longer than the links traced before? Yes, there is a link between
steps n and n + 1 that has a significantly longer delay. .
This is a transatlantic link between Amsterdam for example and New York
for example .
99 They are sent over UDP because there is a UDP header.
100 Upload the timing datagram illustrating the sequence of the first fourpacket Discover/Offer/Request/ACK DHCP exchange between the client and server.
When you filter the data with the key word of ’bootp’ and then click statistics →
flow graph and choose ’displayed packets’ and general flow type and standard
source/destination addresses type, then you will get the timing datagram such as
Fig. 2 You just need the four lines from the top of the figure if you draw the timing
datagram by hand.
108
3
Figure 2: Exemplar of the timing datagram
4
The client sends a DHCP Release message in order to cancel its lease on the
IP address given to it by the DHCP server .
Does the DHCP server issue an acknowledgment of receipt of the clients DHCP
Release? No .
If the DHCP Release message from the client is lost, the DHCP server would have
to wait until the lease period is over for that IP address until it could reuse it for
another client .
5