Due Monday, March 15
Use tcpdump to analyse TCP/IP packets being sent and received by your machine. First start your browser. Then, on a Mac, start the terminal program and use the command:
sudo -u root tcpdump -vv -X -c10 -s1000 host [yourIPaddress]where [yourIPaddress] is replaced by the IP address of the machine you are on. (On any other Unix platform, just su to root and give the tcpdump portion of the command.) Once you have started tcpdump, switch back to your browser, load a web page, and then return to tcpdump to look at the packets exchanged. Note that the command
man tcpdumpwill give you documentation for tcpdump.
1. Figure out where the IP and TCP headers are.
2. Show how the IP source and destination addresses are reversing depending upon the direction of communication. Do the same for the TCP source and destination ports. Confirm that the hex value of your IP address matches the value that appears in tcpdump.
3. Show how the TCP syn bit is set to 1 for the initial (how many?) packets and then reverts to 0 once the connection is established.
4. How is the initial Sequence number established? Show how it increases in successive packets.
5. Confirm the functionality of several other fields.
EXTRA CREDIT: Confirm the IP header checksum or the TCP checksum for one packet.
Bring any questions to class Monday.
Updated March 11, 2004