CIS-2151 Lab Assignment #6: TCP Connections

Reading: Chapter 15 covers TCP and UDP. We will eventually discuss both, but start by reading section 15.1 and then the section on TCP (15.2).

The purpose of this lab assignment is to experiment with TCP connections.

  1. There is a daytime server programming running on node 1 of the cluster at IP address 10.0.0.1. The server is listening on port 9000. To check if the server is running, use a command (on Lemuria) such as:

            $ dtclient 10.0.0.1 9000

    Run this command again while using tshark (in a separate session) to capture traffic on the em2 interface (the interface that connects to the cluster). Use a capture filter of -f 'port 9000' This limits the capture to only traffic communicating with the server.

  2. Decode your captured traffic. Look for the three-way handshake at the beginning of the TCP connection. Answer the following questions:

    1. What are the initial sequence numbers used in the two directions (a different number from client to server and from server to client)? Show the actual sequence numbers and not the "relative sequence numbers" that are computed by tshark as a convenience.
    2. What are the acknowledgement numbers in each of the three segments? Do they make sense (do they acknowledge the right values)?
    3. What is the window size in the two directions? The client's window size is not necessarily the same as the servers, although it might be.
    4. What is the maximum segment size announced by the two sides? The client's MSS is not necessarily the same as the servers, although it might be. Look in the options of the first two segments.
    5. Is there a "window scale option" set? What is it for both client and server?

  3. Now look for the four (or three) segments used to close the connection (look for the FIN flag). Answer the following questions:

    1. Do any of the segments used to close the connection contain data? Be sure to explain how your arrived at your answer.
    2. What are the (raw) acknowledgement numbers and do they make sense? (Are they acknowledging the correct things?
    3. Is the TCP Timestamp option being used? (See RFC-7323, Section 3). If so what are the values of TSval and TSecr? Feel free to browse RFC-7323, but don't worry too much about what these values mean right now. We will discuss it later. Be sure to look for the TCP option and not the tshark timestamps shown in square brackets!

Submit a document to Canvas containing your answers to the questions above. Be sure to include your name in the file This lab is worth 20 points.

Last Revised: 2023-02-28
© Copyright 2023 by Peter C. Chapin <pchapin@vtc.edu>