1

Lab 3Transport Layer

T.A. Youngjoo Han

2

Transport Layer

Providing logical communication b/w application processes running on different hosts

Transport Layer Protocol TCP UDP

3

Objectives

Understanding role of transport layer

How to utilize toolkits to identify the TCP operation and performance measurement of underlying networks

4

Preparation for LAB 3 Wireshark is a network protocol analyzer for UNIX and Windows. We use

this tool in this LAB 3 Before installing Wireshark, we must install WinPcap. WinPcap is a library

for capturing packets and loock network status. WinPcap can be downloaded from the following site.

http://www.winpcap.org/install/default.htm

We also can download Wireshark from

http://sourceforge.net/projects/wireshark/files/win32/all-versions/wireshark-win32-1.6.2.exe/download

We also can download Wireshark User’s guide on

http://www.wireshark.org/download/docs/user-guide-a4.pdf

5

Starting Wireshark (1)

6

Starting Wireshark (2) Identifying TCP operation with Wireshark After starting Wireshark, you can find a button

which is in above red box. Click the button.

7

Starting Wireshark (3)Wireshark Capture Options

You don’t need to select Interface here. You can select Interface when running packet capture. See p10 of this ppt

“Promiscuous” means that receiving all the packet in all network related on this computer

Pcap-ng format is “PCAP Next Generation Dump File Format”. But we don’t deal with dump file in this lab.

8

Starting Wireshark (4) Update list of packets in real time This option allows you to specify that

Wireshark should update the packet list in real time. If you do not specify this, Wireshark does not display any packets until you stop the capture

Automatic scrolling in live capture This option allows you to specify that

Wireshare should scroll the packet list as new packets come in, so you are always looking at the last packet

Hide capture info dialog If this option is checked, the capture info

dialog will be hidden

Enable MAC name resolution This option allows you to control whether

or not Wireshark translates MAC address into names

Enable network name resolution This option allows you to control whether

or not Wireshark translates network address into names

Enable transport name resolution This option allows you to control whether

or not Wireshark translates transport address into names

Wireshark Capture Options (Cont.)

9

Starting Wireshark (5) Complete the following configuration as shown for this lab.

Check “Enable MAC name resolution” and “Enable transport name resolution”

10

Starting Wireshark (6)

Click the start button where finding packets increasing

Click the button to run

11

Starting Wireshark (7) After configuration, we can see the results.

• No. The number of the packet in the capture file.

• Time The timestamp of the packet.

• Source The address where this packet is coming from.

• Destination The address where this packet is going to.

• Protocol The protocol name in a short version.

• Info Additional information about the packet content

You can see the current packet in a more detailed form

You can see the data of the current packet in a hexdump style

12

TCP MEASURE USING APPLICATION

13

Lab 3 – Prerequisite (1) Let’s measure packets between 143.248.6.69 and your

computer

Prerequisite step for Lab 3I. Start Wireshark

II. Run to capture packets in Wireshark

III. Visit http://ancl.kaist.ac.kr/?page_id=402

IV. Download installer_r16-windows.exe

V. After finishing download, stop running

VI. You can see the result

VII. Then, enter “tcp” on Filter box in Wireshark like

VIII. Finally, you can see the result with only tcp like the figure in next page

14

Lab 3 – Prerequisite (2)

15

HOW TO TCP WORKS

*figures in following pages are based on the figure in previous page, Lab 3 – Prerequisite (2)

*143.248.6.69 is our homepage server

* 143.248.6.7 is TA’s computer

16

Lab 3-1 Understanding TCP Three-way Handshaking

(1) How to check TCP Three-way Handshaking?

TCP connections are established with a set of three messages called the three-way handshaking. This is for reliable and connection-oriented communication between server and client. Three-way handshaking follows these steps

First, client sends SYN packet to server. This segment requests the establishment of the connection.

Second, server sends SYN packet and ACK packet to client. ACK packet is for notifying well-receiving of packet that client sends.

Third, client sends ACK packet to server. Then, three-way handshaking ends

17

Operation of TCP Three-way Handshaking

SEQ:0, ACK:-

SEQ:0, ACK:1

SEQ:1, ACK:1

A : 210. 107. 139. 224 B : 143. 248. 4. 223

SYN

SYN+ACK

ACK

18

Lab 3-2 TCP Data Transmission(2) Data Transmission

• PDU is Protocol Data Unit. • [TCP segment of a reassembled PDU] means that divided data of one unit is transferred. This is because original one unit is too big to transfer with one packet.• We can also see 143.248.6.7 sends acknowledge to notify well-receiving

19

Lab 3-3 TCP Closing the connection (1)

(3) Closing the connection

Steps for closing TCP connection are like following. First, client sends FIN packets to server to notifying close of connection.

Then, server sends ACK packets. Second, server sends FIN packets to client to notifying close of connection.

Then, client sends ACK packets.

20

Operation of TCP Closing the connection

SEQ:222, ACK:-

SEQ:244, ACK:223

SEQ:223, ACK:245

A : 210. 107. 139. 224 B : 143. 248. 4. 223FIN

ACK

ACK

SEQ:244, ACK:223

FIN

21

LAB 3 ASSIGNMENT

22

Lab Assignment) IP address, server identification (1)

Let’s obtain an IP address for our machine. Our machine is running Windows and we will open up command prompt. We will start a Wireshark trace and then issued the following commands to command prompt.

DHCP: DHCP (Dynamic Host Configuration Protocol) is a network configuration protocol for hosts on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default route and routing prefix. DHCP eliminates the manual task by a network administrator. It also provides a central database of devices that are connected to the network and eliminates duplicate resource assignments.

 Operations of DHCP: DHCP discovery DHCP offer DHCP request DHCP ACK

23

Lab Assignment) IP address, server identification(2)

Ipconfig /release ipconfig /renew ipconfig /renew ipconfig /release Ipconfig /release is used to cut the connection with devices currently

connected. IPconfig /renew is used to renew the address.

24

Lab Assignment) IP address, server identification (3)

Packet 1817 is used to release the machine’s current IP address, 192.168.0.5. Notice that packet 1817 lists 192.168.0.5 as the source IP address. After it is released, the machine has no valid IP address and uses the address 0.0.0.0 as the source address in packet 1852.

25

Lab Assignment) IP address, server identification(4)

we input ipconfig /renew twice. DHCP Discovery: Especially, let’s look at packet 1852. Packet 1852 is a DHCP Discovery

message, and it is used by machines without an IP address to request one. It is sent to the special broadcast address, 255.255.255.255. This address will reach all connected hosts within a limited broadcast range. Logically, 255.255.255.255 means broadcast the entire Internet, but this is never literally the case because routers will not forward such a broadcast beyond the local network to avoid swamping the Internet with such requests.

DHCP Offer: DHCP server received DHCP Discovery message sends DHCP Offer message to client. Here, also DHCP uses broadcast.

DHCP request: Client selects the first arrived message from server’s DHCP offer message, then, broadcasts all DHCP servers.

DHCP ACK: DHCP server received DHCP Request sends ACK to client. If client receives this ACK well, TCP/IP becomes initiated and client is recognized as binding DHCP client.

26

Lab Assignment) IP address, server identification(5)

We commanded ipconfig /release finally. So, we can see like following picture.

27

Lab 3 Assignment

Please follow things from p22 to p26 in this ppt Submit the result as report form Report must contain all contents in slides from

p22 to p26 and related screen shot Also, you should write necessary explanation in

your report Due is up to 00:00, Sep. 22, 2012