CIS-2151 Lab Assignment #6: TCP Connections
Reading: Chapter 15 covers TCP and UDP. We will eventually discuss both, but start by reading
section 15.1 and then the section on TCP (15.2).
The purpose of this lab assignment is to experiment with TCP connections.
There is a daytime server programming running on node 1 of the cluster at IP address
10.0.0.1. The server is listening on port 9000. To check if the server is running, use a
command (on Lemuria) such as:
$ dtclient 10.0.0.1 9000
Run this command again while using tshark (in a separate session) to capture traffic on
the em2 interface (the interface that connects to the cluster). Use a capture filter of
-f 'port 9000' This limits the capture to only traffic communicating with the
server.
Decode your captured traffic. Look for the three-way handshake at the beginning of the
TCP connection. Answer the following questions:
- What are the initial sequence numbers used in the two directions (a different number
from client to server and from server to client)? Show the actual sequence numbers and
not the "relative sequence numbers" that are computed by tshark as a convenience.
- What are the acknowledgement numbers in each of the three segments? Do they make sense
(do they acknowledge the right values)?
- What is the window size in the two directions? The client's window size is not
necessarily the same as the servers, although it might be.
- What is the maximum segment size announced by the two sides? The client's MSS is not
necessarily the same as the servers, although it might be. Look in the options of the
first two segments.
- Is there a "window scale option" set? What is it for both client and server?
Now look for the four (or three) segments used to close the connection (look for the
FIN flag). Answer the following questions:
- Do any of the segments used to close the connection contain data? Be sure to explain
how your arrived at your answer.
- What are the (raw) acknowledgement numbers and do they make sense? (Are they
acknowledging the correct things?
- Is the TCP Timestamp option being used? (See RFC-7323, Section 3). If so what are
the values of TSval and TSecr? Feel free to browse RFC-7323, but don't worry too much
about what these values mean right now. We will discuss it later. Be sure to look for
the TCP option and not the tshark timestamps shown in square brackets!
Submit a document to Canvas containing your answers to the questions above. Be sure to
include your name in the file This lab is worth 20 points.
Last Revised: 2023-02-28
© Copyright 2023 by Peter C. Chapin <pchapin@vtc.edu>