Assignment Overview

Assignment Details

For this assignment you will use Solaris machines (one of net01.utdallas.edu ... net50.utdallas.edu).  The command you will be using is /usr/sbin/snoop . This tool can be used to collect packets from the network for analysis purposes. In general, you need to have root privileges to use snoop in its default mode. However, there is an option (-i option) which does not require root privileges. Using this option,  you can look at the content of a file which includes an already collected network information for you. I have already collected some traffic from the network using the snoop tool and put them into a trace file called HW4-SNOOP.DATA. You need to copy this file from its current location (do "cp /home/cs/k/kxs028100/snoopfile.bin     <destination directory>") and use it in your assignment.  After copying this file, you will use snoop with -i option to read the content of this file to analyse (i.e. do "/usr/sbin/snoop -i snoopfile.bin"). For your analysis, you may want to use a number of additional snoop options to more closely investigate what is happening in the trace file (use man pages for snoop to see some of these options, particularly pay attention to - v option).

It is important to realize that while we have gone over a number of  protocols you will see, we will not necessarily have gone over everything. You will have to use the class textbook and online sites as references to research the details of some of these protocols. I will also try to provide some in-class time to answer questions so be prepared to ask questions when the time comes.

This assignment will be graded based on your ability to communicate that you understand everything about the packet trace. For this, you are expected to provide correct answers for the following questions:

• How many total packets are in the trace file?
• What protocols (at each layer of the Internet stack) are seen at least once somewhere in the trace?
• What are the contents and function of each packet (I do realize that this is a tedious work to do but it is quite a valuable experience for understanding all the details, especially for TCP. In this part, you need to provide information for application layer and transport layer  protocol interactions when applicable. As an example, if you see a TCP connection, I need you to clearly indicate the packets used in 3-way handshake, clearly indicate which packets are ACKs for which packets, packets used in connection teardown clearly indicating which packet is a connection close request and which one is the response, etc.)
• What Link/MAC layer addresses are seen in the trace? Who these MAC addresses belong to (clearly indicate the owner's identity)
• What IP addresses are seen in the trace?
• What host names are seen in the trace?
• What transport-layer port numbers do you see? Are any of them reserved? Which ones and what services are they reserved for? How are the others chosen, explain briefly?
• What different IP `next protocol' values can be seen what does each mean?
• Does IP fragmentation ever occur?
• Why would some packets have the ``Don't fragment" bit set?  Your answer should be specific to this trace, if applicable.
• What are the ranges of sequence numbers in each TCP flow? Clearly indicate them and the TCP flows they  correspond to.
• What are the ranges of acknowledgment numbers in each TCP flow? Clearly indicate them and the TCP flows they correspond to.
• In any of the TCP connections, what is the window size? Does it ever change between connections? How is it chosen?
• After answering the above questions and understanding what is going on in the trace, create a description of the session, what it does, what commands were probably executed by the target host during the trace. Using this set of commands, create a timeline about the order of execution and then fill in details about what happened in the trace and when.

Assignment Turnin