Question

1 Approved Answer

Posted on Sep 25, 2024

You use tcpdump to monitor our sockets programm from HW#2. Tcpdump can decode many of the TCP fields for you, the output shown below is

image text in transcribed

You use tcpdump to monitor our sockets programm from HW#2. Tcpdump can decode many of the TCP fields for you, the output shown below is the decoded packet sum hopefully obvious. In the "Flags" field, S-SYN, P-PSH, F-FIN, etc. Also note tcpdump by default uses "relative SEQ/ACK counts" which means after the initial packet it will print the difference rather than the raw SEQ/ACK values. mary. Fields like seq" and win" are (a) You start the server, then connect with the client and you see the following 16:38:55.451412 IP macbook-air.52658 > pi3.31337 Flags [S, seq 3649305635, win 29200, options mss 1460, sackoK, TS val 23595005 ecr 0, nop, wscale 71, length 0 16:38:55.451762 IP pi3.31337macbook-air.52658: Flags S.1, seq 2280757527, ack 3649305636, win 28960, options mss 1460, sackoK, TS val 122287507 ecr 23595005, nop, wscale 7, length 0 16:38:55.451829 IP macbook-air.52658 > pi3.31337 Flags , ack 1, win 229, options nop, nop, TS val 23595005 ecr 1222875071, length 0 What just happened? How do you know? (b) Your "uppercase" server from HW#2 is running. You type "Hi" on the client and press enter and the following happens 16:39:01.056250 IP macbook-air.52658 > pi3.31337: Flags [P., seq 1:4, ack 1, win 229, options [nop, nop, TS val 23596406 ecr 122287507, length 3 16:39:01.056551 IP p3.31337 > macbook-air.52 658: Flags , ack 4, win 227, options nop, nop, TS val 122288067 ecr 235964061, length 0 16:39:01057167 IP pi3.31337macbook-air.52658: Flags [P., seq 1:4, ack 4, win 227, options [nop, nop, TS val 122288067 ecr 23596406, length 3 16:39:01.057265 IP macbook-air.52658 > pi3.31337: Flags , ack 4, win 229, options [nop, nop, TS val 23596406 ecr 1222880671, length 0 Describe briefly what is going on in each packet. (c) After typing "bye" and receiving the result BYE you see the following set of packets: 16:39:16.168569 IP macbook-air52658 > p3.31337: Flags [F, seq 18, ack 18, win 229, options [nop, nop, TS val 23600184 ecr 122289578, length 0 16:39:16.168921 IP pi3.31337> macbook-air.52658: Flags [F.], seq 18, ack 19, win 227, options [nop, nop, TS val 122289578 ecr 23600184], length 0 16:39:16.168974 IP macbook-air.52658> pi3.31337: Flags [, ack 19, win 229, options nop, nop, TS val 23600184 ecr 122289578, length 0 What is going on with these packets? You use tcpdump to monitor our sockets programm from HW#2. Tcpdump can decode many of the TCP fields for you, the output shown below is the decoded packet sum hopefully obvious. In the "Flags" field, S-SYN, P-PSH, F-FIN, etc. Also note tcpdump by default uses "relative SEQ/ACK counts" which means after the initial packet it will print the difference rather than the raw SEQ/ACK values. mary. Fields like seq" and win" are (a) You start the server, then connect with the client and you see the following 16:38:55.451412 IP macbook-air.52658 > pi3.31337 Flags [S, seq 3649305635, win 29200, options mss 1460, sackoK, TS val 23595005 ecr 0, nop, wscale 71, length 0 16:38:55.451762 IP pi3.31337macbook-air.52658: Flags S.1, seq 2280757527, ack 3649305636, win 28960, options mss 1460, sackoK, TS val 122287507 ecr 23595005, nop, wscale 7, length 0 16:38:55.451829 IP macbook-air.52658 > pi3.31337 Flags , ack 1, win 229, options nop, nop, TS val 23595005 ecr 1222875071, length 0 What just happened? How do you know? (b) Your "uppercase" server from HW#2 is running. You type "Hi" on the client and press enter and the following happens 16:39:01.056250 IP macbook-air.52658 > pi3.31337: Flags [P., seq 1:4, ack 1, win 229, options [nop, nop, TS val 23596406 ecr 122287507, length 3 16:39:01.056551 IP p3.31337 > macbook-air.52 658: Flags , ack 4, win 227, options nop, nop, TS val 122288067 ecr 235964061, length 0 16:39:01057167 IP pi3.31337macbook-air.52658: Flags [P., seq 1:4, ack 4, win 227, options [nop, nop, TS val 122288067 ecr 23596406, length 3 16:39:01.057265 IP macbook-air.52658 > pi3.31337: Flags , ack 4, win 229, options [nop, nop, TS val 23596406 ecr 1222880671, length 0 Describe briefly what is going on in each packet. (c) After typing "bye" and receiving the result BYE you see the following set of packets: 16:39:16.168569 IP macbook-air52658 > p3.31337: Flags [F, seq 18, ack 18, win 229, options [nop, nop, TS val 23600184 ecr 122289578, length 0 16:39:16.168921 IP pi3.31337> macbook-air.52658: Flags [F.], seq 18, ack 19, win 227, options [nop, nop, TS val 122289578 ecr 23600184], length 0 16:39:16.168974 IP macbook-air.52658> pi3.31337: Flags [, ack 19, win 229, options nop, nop, TS val 23600184 ecr 122289578, length 0 What is going on with these packets