Midterm II, CIS 656 Name on every sheet! April 03, 2004 Dr Ott. 1. Draw the header of a TCP packet without options. For each field, give size and a SHORT description of meaning or function or role. Where appropriate, indicate units in which it is expressed. For the Flags, try to get them in the right order, but as long as you have them and explain them correctly, I give only small weight to the correct order. Study the attached tcpdump output. It was taken on Friday April 02, 2004, on 10.7.0.1 in the Internet Lab. 10.x.y.z are private addresses in the Internet Lab. 128.235.u.v are public addresses in NJIT. The ethertype of IPv4 is 0800. Of ARP it is 0806 (both hexadecimal). Portnumbers 20 and 21 are used for ftp. (File Transport Protocol). 2. Explain what the packets numbered one and two do. I see two IP addresses in these two packets. For which of these do you know the physical address? (neither? both? first only? second only?). Give the combinations of physical address - IP address you know. 3. There are two three way handshakes in this output. Find both. For both, give (IP address, portnumber) of both parties, and the timestamps of all packets that are part of the three way handshake. 4. Something that was NOT discussed in class happens in this output. It starts around time 12:26:47.059425 , and lasts for a few packets. Figure out what happens and explain it. Hint: the packet timestamped 12:26:47.059478 tells 128.235.32.243.2079 that 10.7.0.1.36869 received bytes starting at 1498408780, until ``just before'' 1498409558, but that before 1498408780 something is missing. You have to go back a few packets to figure it all out. What data was lost and later re-transmitted? (The first transmission is not in this output: it was lost before it reached 10.7.0.1). 5. There is one ``ordinary'' four-way handshake in this output. Find it, give (IP address, portnumber) of both parties, and timestamps of all packets in the four-way handshake. 6. There are two TCP flows in this output. For each, find starting time (first SYN), ending time (last ACK after last FIN, or last FIN if there is no ACK after the last FIN). Good Luck.