Advanced Networking Class Dr Ott. Fall 2004. Wed 6:00 - 9:05 pm. First Class Session: Wed Sept 01. Every student will become familiar with the tool ``tcpdump''. Tcpdump is a tool that makes a trace of all packets seen by some host. For each packet: timestamp and lots of other information. If desired the whole packet, including ethernet header, IP header (or ARP header), other headers, data. To use tcpdump you must be root. But any user can get the tcpdump manual. (1) Excercise: Log on to a Linux system. Do ``man tcpdump''. Save the output to some file. Print it. Read the first few pages. Every student will get access to the ``Internet Laboratory'' (GITC 4325) and get user accounts on most of the Linux computers there. You can do the excercise above in the lab, or on any other linux computer you have access to. A Unix or Solaris computer is OK, too, but be warned, there may be subtle differences between tcpdump on these and tcpdump on Linux. (And even between various forms of Linux. To be safe, try to stick with RedHat Linux. The Linux computers in the lab are RedHat.) Most linux computers in the lab will have the same root password. Students will get that root password. But every student will have only one computer on which he/she is allowed to be root. (Violation may lead to an F). Because I am short of computers, a few students will need to share a computer to which they have root access. (2) Excercise: Students will create a small file (~ 100,000 to 150,000 Bytes) in their home directory in ``their'' computer. They will log in as root and turn on tcpdump (with the -w option, from excercise (1) they know what that is). They will ftp the small file to another computer. When ftp is done they will turn off tcpdump, thus having a created a ``raw'' (binary) file of tcpdump output which contains a trace of the ftp transaction (plus whatever else happened on the link). Then they will analyze that resulting ``raw'' output file (using tcpdump with the -r option) in several ways and check the rules for TCP/IP are followed. This includes recognizing the slowstart phase and the congestion avoidance phases. The student does this on the computer where he or she is permitted to be root. I recommend you ftp to the computer ``franklin''. Franklin is hidden behind the router ``marconi''. I have set up Nistnet in marconi in such a way that traffic from franklin is delayed by 50 msec. This way there is less confusion about what datapackets are caused by what acknowledsgements. This means you must make yourself a user account on franklin. (Also ftp to other computers and notice the difference.) tcpdump with option ``-w'' (``write'') creates a binary file with raw images of all packets traced. tcpdump with option ``-r'' (``read'') reads that binary file and creates various human-readable ``massaged'' files (exact nature depends on other options chosen). Analysis of the ``massaged'' files involves writing simple Perl scripts that improve readability and compute various statistics. Recommended: Read up on ftp (e.g. in Forouzan, TCP/IP Protocol Suite, Ch 20). Do the tcpdump analysis with as well as without option ``-n'' or option ``-nn''. (Computers by address, by name; Ports by number, by name). See that the linux implementation is slightly different from what Forouzan says it ought to be. Next: Kernel modification. From here on, every student will have his own kernel (or a few kernels). When the system is booted up, the student chooses the appropriate kernel. (This will be taught). (3) Excercise: The student will create a kernel with a slightly modified TCP code: During slowstart the congestion window (cwnd) will increase by TWO MSSs for every ``good acknowledgement'' (instead of by one MSS). In RedHat lInux, the code that needs to be changed is in /usr/src/linux/net/ipv4/tcp/input.c , and the specific subroutine is static __inline__ void tcp_cong_avoid(struct tcp_opt *tp) . I will soon put documentation on my website that shows how to recompile the kernel etc. I will soon put documentation on my website that explains what the various variables in the tcp code stand for. (4) Excercise: The student will repeat excercise (2) with the new kernel from (3) and study the differences in tcpdump outputs. (5) Project: Students will think of more interesting modifications of the TCP/IP code, and play with the code. (6) ns. NS (Network Simulator) is freeware from ISI. To get it, go to Google and look for ns (or ns-2). Read the instructions and download and install ns-2 in some computer. Students will get access to an afs computer (Unix) to do this. A short class will be allotted to the use of ns-2. Feel free to do this on your own computer (also). (7) Excercise: Every student will do a simple ns-2 simulation of a simple network. (8) Project: Every student will think of a (slightly) more interesting problem to be studied with ns, and study that problem. Ideal: I would like students to study the same problem by simulation (using ns) and ``for real'' on the linux computers in the lab. This may not be practical. Let's give it a try. --- Many students who have root access to some computer (preferable RedHat linux) can do the tcpdump work above on their own. Feel free to start now. Most students who have access to a computer with enough memory can do the ns work above on their own. Feel free to start now. If you promise to really use the opportunity, you can get access to the lab now. ---