Programming Project 2: Analyzing packet traces (PCAP) CSE 310, Spring 2022 Teacher: Aruna Balasubramanian Due date: March 10 2022, 9.00pm The aim of this task is to dissect TCP packets. To do that, you have to be conversant in the packet codecs (PCAP recordsdata). Particularly, your aim is to parse a PCAP file. PCAP is the file format used to retailer packets captured on the wire. PCAP recordsdata are in binary format and can’t be learn immediately. A PCAP library is used to parse the binary packet. Your aim is to write down a parser that analyzes the packet with the Helpance of the PCAP library. TCPdump is the command-line software that additionally analyzes the packets captured on the wire. Wireshark is the graphical model of TCPDump. You may take a look at these instruments to see some examples of packet Assessment in order for you. Half A PCAP Programming Job and flow-level info (70 factors) Your process is to write down a program analysis_pcap_tcp that analyzes a PCAP file to characterize the TCP flows within the hint. A TCP movement begins with a TCP “SYN” and ends at a TCP “FIN” between two hosts. A TCP movement is uniquely recognized by the tuple: (supply port, supply IP deal with, vacation spot port, vacation spot IP deal with). There will be a number of TCP flows on the similar time between the 2 hosts, on completely different ports. You need to use a PCAP library to research this file. Instance PCAP libraries are offered on the finish of this task. A PCAP library helps convert a PCAP packet from binary to byte format. You have to then write code to research the bytes to get the details about the packet. [Important: You can create your own packet structures and read the bytes into the structure. This will let you easily parse the bytes rather than doing byte operations. You can also use the ethernet and TCP modules in the PCAP library to get these packets. However, you cannot convert the PCAP file into text for analysis.] Particularly, we’ve got captured packets which can be occurring the wire—both packets from the pc and to the pc. This packet seize is in PCAP format and referred to as assignment2.pcap within the useful resource part. On this file, we’ve got captured packets despatched between 130.245.145.12 and 128.208.2.198. Node 130.245.145.12 establishes the connection (let’s name it sender) with 128.208.2.198 (let’s name it receiver) after which sends knowledge. The hint was captured on the sender. Your “ analysis_pcap_tcp” code ought to take as enter any pcap file (however particularly ought to work with assignment2.pcap). You may hardcode the sender and receiver IP addresses in your code. Your code ought to output the solutions to those questions (Ignore non-TCP site visitors):

● The variety of TCP flows initiated from the sender. A TCP movement begins with a SYN and ends with a FIN, and a TCP movement is recognized by a (supply port, supply IP deal with, vacation spot port, vacation spot IP deal with). A sender can provoke a number of TCP flows on the similar time.

● For every TCP movement

(a) Write down the (supply port, supply IP deal with, vacation spot port, vacation spot IP deal with) (b) For the primary two transactions after the TCP connection is about up (from sender to receiver), the values of the Sequence quantity, Ack quantity, and Obtain Window dimension. Within the determine under, the primary two transactions are marked in orange. If there’s a packet loss, this illustration ought to nonetheless work. If the final ACK within the three-way handshake is piggy-backed with the primary packet (in orange), then you must nonetheless begin with this piggy-backed packet. (c) The sender throughput. I’m defining throughput as the whole quantity of bytes despatched by the sender over a interval. The interval is the time between sending the primary byte to receiving the final acknowledgement. For throughput, solely think about the packets on the TCP degree (together with the header). You may ignore all different headers and acks.

This is just one instance, your movement could look completely different Half B Congestion management (30 factors) Now lengthen your program so that it’s going to output the next reply to the questions. For every TCP movement: (1) Print the primary three congestion window sizes (or until the top of the movement, if there are lower than three congestion home windows). The congestion window is estimated on the sender. You have to estimate the congestion window dimension empirically for the reason that info just isn’t obtainable within the packet. Touch upon how the congestion window dimension grows. Do not forget that your estimation will not be good, however that’s okay. Congestion window sizes change at roughly RTT-intervals.

Sender Node 130.245.145.12

Receiver Node 128.208.2.198

SYN

SYN/AC Ok

ACK

cwnd=icwnd

(2) The variety of occasions a retransmission occurred attributable to triple duplicate ack and the variety of occasions a retransmission occurred attributable to timeout. Please be aware that you want to analyze the packet and use some logic to find out when a packet is a triple duplicate ack and timeout. You can’t use a library (akin to PyShark) to get this reply. In uncommon circumstances, a packet could also be retransmitted even when there is no such thing as a triple duplicate ack (for that packet) or a timeout. Please be aware these as properly when you see them. Submission Instruction As earlier than, you might write your packages in Python or C/C++. If you wish to write in every other language, please speak to me. Viewing these traces on Wireshark will be useful. You have to submit your homework in a single zip file as follows: • The zip file and (the basis folder inside) needs to be named utilizing your final identify, first identify, and the task quantity, all separated by a splash (‘-‘) e.g. lastname-firstname-assignment2.zip • The zip file ought to comprise (i) the high-level abstract of the analysis_pcap_tcp code together with the way you estimated the solutions to the questions in Half A and Half B, (ii) the analysis_pcap_tcp program, and (iii) directions on the way to run your code Some instance pcap libraries that you need to use: C/C++ – libpcap Python – dpkt

—————

Analyzing packet traces is the second programming task (PCAP) Spring 2022, CSE 310 Aruna Balasubramanian is the teacher. Due date: March 10, 2022, at 9:00 p.m. This task’s goal is to dissect TCP packets. Try to be conversant with the packet codecs so as to take action (PCAP recordsdata). Your particular goal is to parse a PCAP file. PCAP is a file format for storing packets intercepted over the wire. PCAP recordsdata are binary in nature and so can’t be learn immediately. To parse the binary packet, a PCAP library is used. Your aim is to create a parser that analyzes the packet utilizing the PCAP library. TCPdump is a command-line utility for analyzing packets intercepted on the wire. Wireshark is the graphical model of TCPDump

Published by
Medical
View all posts