COMP3331 Lab4

Exercise 1: Understanding TCP using Wireshark

Question 1. What is the IP address of gaia.cs.umass.edu? On what port number is it sending
and receiving TCP segments for this connection? What are the IP address and TCP port
numbers used by the client computer (source) that is transferring the file to gaia.cs.umass.edu?
The IP address of gaia.cse.umass.edu is 128.119.245.12 and the port number it is sending and
receiving is port 80. The client computer or the source has IP address 192.168.1.102 and has
TCP port 1161 as it is the source.

Question 2. What is the sequence number of the TCP segment containing the HTTP POST
command? Note that to find the POST command, you’ll need to dig into the packet content field
at the bottom of the Wireshark window, looking for a segment with a “POST” within its DATA
field.
From the below image the sequence number of the TCP segment containing the HTTP POST
command is 1.

Question 3. Consider the TCP segment containing the HTTP POST as the first segment in the
TCP connection.
(a) What are the sequence numbers of the first six segments in the TCP connection
(including the segment containing the HTTP POST) sent from the client to the webserver
(Do not consider the ACKs received from the server as part of these six segments)?
(b) At what time was each segment sent? When was the ACK for each segment received?
Given the difference between when each TCP segment was sent and when its
acknowledgement was received, what is the RTT value for each of the six segments?
(c) What is the EstimatedRTT value (see relevant parts of Section 3.5 or lecture slides) after
receiving each ACK? Assume that the initial value of EstimatedRTT is equal to the
measured RTT ( SampleRTT ) for the first segment and then is computed using
the EstimatedRTT equation for all subsequent segments. Set alpha to 0.125.

Seq Size Time sent Ack time Sample Estimated RTT

Number (t1) received (t2) RTT
1 565 0.026477 0.053937 0.02746 0.02746
566 1460 0.041737 0.077294 0.035557 0.02847
2026 1460 0.054026 0.124085 0.070059 0.03367
3486 1460 0.054690 0.169118 0.114428 0.04376
4946 1460 0.077405 0.217299 0.139894 0.05578
6406 1460 0.078157 0.267802 0.189645 0.07251
Question 4. What is the length of each of the first six TCP segments? (same six segments as
Question 3)
Seq Number Size/length
1 565
566 1460
2026 1460
3486 1460
4946 1460
6406 1460

Question 5. What is the minimum amount of available buffer space advertised at the receiver for
the entire trace? Does the lack of receiver buffer space ever throttle the sender?
From the picture below the minimum amount of available buffer space advertised at the receiver
for the entire trace is 5840 bytes.

Looking through the entire trace the window grows and reaches a maximum receiver buffer size
of 62780. As there is never a lack of receiver buffer space the sender is never throttled.
Question 6. Are there any retransmitted segments in the trace file? To answer this question,
what did you check for (in the trace)?
As seen from the picture below, all sequence numbers from the source to the destination are
increasing meaning that there were no retransmitted segments in this trace file. If there were
retransmitted segments there would be repeated sequence numbers which is not indicated in
the graph below.
Question 7. How much data does the receiver typically acknowledge in an ACK? Can you
identify cases where the receiver is ACKing every other received segment (recall the discussion
about delayed acks from the lecture notes or Section 3.5 of the text)?
The receiver typically acknowledges the amount of data.
Acknowledged Sequence number Acknowledged Data

566 566
2026 1460
3486 1460
4946 1460
6406 1460

A case where the receiver is ACKing every other received segment occurs in what is a delayed
ack. An example of when this occurs in the trace file is when the source sends 2 packets with
sequence number 36509 and then another with a sequence number 37969. However, the
receiver only ACKs 37969, which is an example of delayed ACK since it successfully received
both packets.
Question 8. What is the TCP connection's throughput (bytes transferred per unit of time)?
Explain how you calculated this value.
To calculate the TCP connection’s throughput, we gather the total bytes transferred divided by
the total time taken. To identify the size of the data transferred, we look at the last ack number
minus the first sequence number (ignoring SYN)
Total bytes transferred = 164091 – 1
Total bytes transferred = 164090 bytes

To calculate the total time taken to transfer the total bytes we look at the last ACK sent minus
the time of the first segment sent.

Total time = 5.455830 – 0.026477

Total time = 5.429353 seconds

Throughput = 164090 / 5.429353

Throughput = 30222.75 bytes per second.
Exercise 2: TCP Connection Management
Consider the following TCP transaction between a client (10.9.16.201) and a server
(10.99.6.175).

Answer the following questions:

Question 1. What is the sequence number of the TCP SYN segment that is used to initiate the
TCP connection between the client computer and server?
The sequence number of the TCP SYN segment used to initiate the TCP connection is
2818463618.
Question 2. What is the sequence number of the SYNACK segment sent by the server to the
client computer in reply to the SYN? What is the value of the Acknowledgement field in the
SYNACK segment? How did the server determine that value?
The sequence number of the SYNACK segment sent by the server to the client computer in
reply to the SYN is 1247095790. The value of the acknowledgement field in the SYNACK
segment is 2818463619. The server determines this value as it is the sequence number of the
TCP SYN used to initiate the TCP connection + 1.
Question 3. What is the sequence number of the ACK segment sent by the client computer in
response to the SYNACK? What is the value of the Acknowledgment field in this ACK segment?
Does this segment contain any data?
The sequence number of the ACK segment sent by the client computer in response to the
SYNACK is 2818463619. The value of the acknowledgement field in this ACK segment is
1247095791. The segment does not contain any data as the sequence number of the next
segment stays the same.
Question 4. Who has done the active close? Is it the client or the server? How have you
determined this? What type of closure has been performed? 3 Segment (FIN/FINACK/ACK), 4
Segment (FIN/ACK/FIN/ACK) or Simultaneous close?
Both the client and the server have initiated the active close. This was determined as both the
client and the server both send a FIN ACK packet and then after FIN ACK packets are sent, they
send ACKS back to each other which has the sequence number of FIN received + 1.
Question 5. How many data bytes have been transferred from the client to the server and from
the server to the client during the whole duration of the connection? What relationship does this
have with the Initial Sequence Number and the final ACK received from the other side?
To calculate the amount of data bytes transferred from the server to the client we look at the
last ACK number and minus the first sequence number.
Total data bytes transferred = 2818463653 – 2818463618
Total data bytes transferred = 35
We also need to subtract the ACKs in response to the FIN packets which was 2 since two FIN
packets were sent. Therefore, the total data bytes transferred is 33 bytes.
The total data bytes transferred can be calculated using the initial sequence number and the
final ACK as the final ACK tells us how much data was received since the beginning (the initial
sequence number). Therefore, if we subtract the initial sequence number from the final ACK and
then consider the ACKs sent in response to the FIN packets we would arrive at the same total
as above.