Logout Open In App
Open In App
Warning: foreach() argument must be of type array|object, bool given in /var/www/html/web/app/themes/studypress-core-theme/template-parts/header/mobile-offcanvas.php on line 20

Chapter 5: Problem 18

Diagnostic programs are commonly available that record the first 100 bytes, say, of every TCP connection to a certain (host, port). Outline what must be done with each received TCP packet, P, in order to determine if it contains data that belongs to the first 100 bytes of a connection to host HOST, port PORT. Assume the IP header is P.IPHEAD, the TCP header is P.TCPHEAD, and header fields are as named in Figures \(4.3\) and 5.4. Hint: To get initial sequence numbers (ISNs) you will have to examine every packet with the SYN bit set. Ignore the fact that sequence numbers will eventually be reused.

Short Answer

Expert verified
Check target HOST and PORT, examine SYN bit, store ISN, calculate and compare sequence ranges, extract and record data within the first 100 bytes.

Step by step solution

01

- Identify the Target Host and Port

Check if the TCP packet, P, is directed to the specific HOST and PORT. This can be done by examining P.IPHEAD.DestIP and P.TCPHEAD.DestPort fields. If these values match the target HOST and PORT, proceed to the next step.
02

- Check for SYN Bit

Examine if the SYN bit is set in the TCP header, P.TCPHEAD.Flags. If this bit is set, store the initial sequence number (ISN), which is given by P.TCPHEAD.SeqNum. This ISN is essential in determining the sequence range for the first 100 bytes.
03

- Calculate Sequence Number Range

Using the stored ISN, calculate the sequence number range for the first 100 bytes of data in the connection. The range will be ISN to ISN + 99.
04

- Extract Sequence Number from Packet

For each received TCP packet, extract its sequence number from P.TCPHEAD.SeqNum. This will help to determine if the packet contains the desired byte range.
05

- Determine Data Offset

Calculate the offset of the data within the TCP packet. This is typically done by considering the length of the TCP header (given by P.TCPHEAD.HeaderLength), which will specify where the actual data starts in the packet.
06

- Check Data Range

Compare the extracted sequence number with the desired byte range (ISN to ISN + 99). If the sequence number, plus the length of data in the packet, falls within this range, then the data in this packet is part of the first 100 bytes.
07

- Extract and Record Data

If Step 6 is satisfied, extract the data from the TCP packet starting at the determined offset and up to the length of data within the packet. This extracted data should then be recorded/stored until the total reaches 100 bytes.

Key Concepts

These are the key concepts you need to understand to accurately answer the question.

TCP Header Analysis
When dealing with TCP connections, analyzing the TCP header is crucial. The header contains important information about the packet, such as the destination port, sequence numbers, and flags. Here are some key fields you'll encounter in the TCP header:
  • Source Port: The sending port of the packet.
  • Destination Port: The receiving port, which helps identify where the packet should go.
  • Sequence Number: Indicates the position of the first byte of data in the segment.
  • Acknowledgment Number: Used for acknowledging the receipt of data.
  • Flags: Control bits like SYN, ACK, FIN, which are used to establish, maintain, and terminate connections.
  • Header Length: Length of the TCP header, which helps determine where the data starts.

By analyzing these fields, you can determine if a packet belongs to a specific TCP connection and what its role is, such as starting a new connection (SYN flag) or acknowledging received data.
Sequence Numbers
Sequence numbers are essential for keeping track of data packets in TCP connections. When establishing a connection, the initiating host sends a packet with the SYN flag set and an Initial Sequence Number (ISN). The ISN is randomly generated to prevent security issues like replay attacks.

To monitor the first 100 bytes of a TCP connection, you need to focus on sequence numbers as follows:
  • Identify the ISN from the SYN packet.
  • Calculate the range for the first 100 bytes of data. This is done by adding 99 to the ISN (ISN + 99).
  • Check each incoming packet's sequence number to see if it falls within this range.

By following these steps, you can ascertain whether a packet contains data within the first 100 bytes of the TCP stream.
Data Extraction
Once you identify packets that fall within the first 100 bytes of a TCP connection, extracting and recording the data is the next step. Here's how to do it:
  • Calculate the data offset using the header length. The data offset is essentially the point where the header ends, and the data begins.
  • Compare the packet's sequence number and the data length to the identified 100-byte range.
  • If the packet's data overlaps with the desired byte range, extract the relevant portion of the data.

For example, if your ISN is 1000, you should extract data from packets whose sequence numbers are within the range 1000 to 1099. Calculate where the data starts and ends using both the sequence number and the data offset from the header. Store this data until you have a complete 100-byte segment.

By understanding these key concepts, you can effectively parse and record the relevant data from TCP streams for further analysis or diagnostics.

One App. One Place for Learning.

All the tools & learning materials you need for study success - in one app.

Get started for free

Most popular questions from this chapter

Consult Request for Comments 793 to find out how TCP is supposed to respond if a FIN or an RST arrives with a sequence number other than NextByteExpected. Consider both when the sequence number is within the receive window and when it is not.

Suppose we were to implement remote file system mounting using an unreliable RPC protocol that offers zero-or-more semantics. If a message reply is received, this improves to at-least-once semantics. We define read() to return the specified Nth block, rather than the next block in sequence; this way reading once is the same as reading twice and at-least-once semantics is thus the same as exactly once. (a) For what other file system operations is there no difference between at- leastonce and exactly once semantics? Consider open, create, write, seek, opendir, readdir, mkdir, delete (aka unlink), and rmdir. (b) For the remaining operations, which can have their semantics altered to achieve equivalence of at-least-once and exactly once? What file system operations are irreconcilable with at-least-once semantics? (c) Suppose the semantics of the rmdir system call are now that the given directory is removed if it exists, and nothing is done otherwise. How could you write a program to delete directories that distinguishes between these two cases?

The Jacobson/Karels algorithm sets TimeOut to be 4 mean deviations above the mean. Assume that individual packet round-trip times follow a statistical normal distribution, for which 4 mean deviations are \(\pi\) standard deviations. Using statistical tables, for example, what is the probability that a packet will take more than TimeOut time to arrive?

Suppose a TCP connection, with window size 1, loses every other packet. Those that do arrive have RTT \(=1\) second. What happens? What happens to TimeOut? Do this for two cases: (a) After a packet is eventually received, we pick up where we left off, resuming with EstimatedRTT initialized to its pretimeout value and TimeOut double that. (b) After a packet is eventually received, we resume with TimeOut initialized to the last exponentially backed-off value used for the timeout interval. In the following four exercises, the calculations involved are straightforward with a spreadsheet.

Suppose, in TCP's adaptive retransmission mechanism, that EstimatedRTT is 90 at some point and subsequent measured RTTs all are 200 . How long does it take before the TimeOut value, as calculated by the Jacobson/Karels algorithm, falls below 300 ? Assume initial Deviation value of 25 ; use \(\delta=1 / 8\).
See all solutions

Recommended explanations on Computer Science Textbooks

Issues in Computer Science

Read Explanation

Databases

Read Explanation

Theory of Computation

Read Explanation

Cybersecurity in Computer Science

Read Explanation

Computer Programming

Read Explanation

Functional Programming

Read Explanation
View all explanations

What do you think about this solution?

We value your feedback to improve our textbook solutions.

Study anywhere. Anytime. Across all devices.

Sign-up for free