CSS 432 - Program 3: TCP Analysis

CSS 432
Program 3: TCP Anaysis
Professor: Munehiro Fukuda
Due date: See the syllabus

1. Purpose

Through this assignment you are to analyze the behavior of the TCP protocol. Your analysis includes two sub tasks. First, you will run the professor's hw3 program so as to draw its TCP state transition diagram as well as the corresponding timing chart, and write your own program mimicing the professor's in order to understand what sequence of system calls generates the TCP behavior you observed. Second, you will run the professor's ttcp program as changing its parameters such as the message size, the number of messages transfered, the socket buffer size, and Nagle's algorithm on/off switch. Using tcpdump, ttcp, netstat, and strace, you will observe how TCP segments are actually transmitted and how OS interferes with the transmission.

2. Required Knowledge on TCP

Read the following sections of your textbook to review TCP's typical behavior:

Section 5.2.3 Connection Establishment and Termination (pp 402-407)

Review a timeline for three-way handshake algorithm (on page 402). You will draw such a timing chart as part of your assignment work. Trace a TCP state transition diagram (on page 405), so that you can draw the diagram corresponding to the professor's hw3 program.

Section 5.2.5 Triggering Transmission (pp 414-417)

Understand when TCP transmits a new segment on network. This knowledge is necessary to write a program mimicing the professor's hw3 program. Review the silly window syndrome and Nagle's algorithm as so to reason ttcp's behavior with these knowledges.

Sections 6.3.1 AIMD and 6.3.2 Slow Start (pp 500-510)

Review two algorithms to increase the advertized/congestion window in TCP: additive increase and slow start. You will be asked which of those algorithms or even what else you observed in your experiment.

3. Overview of ttcp, tcpdump, netstat, and strace

The following four commands are useful to check the statistics of TCP segments exchanged with a remote computer.

3.1 ttcp

The ttcp utility is a public domain program originally provided from the Ballistics Research Laboratory. It sends arbitrary amounts of data to another machine using TCP or UDP, and to collect statistics regarding the transfer. Although this utility has various options, we will focus on only TCP and a portion of the original options.

Usage: ttcp -t [-options] remotehost
       ttcp -r [-options]
       where:
        -t      transmit data
        -r      receive data
       common options:
        -l#     length of bufs read from or written to network (default 8192)
        -b#     set the socket buffer size if supported (default is 16384)
        -p#     specify another service port (default is 5001)
        -?    print this help
       options specific to -t:
        -n#     number of source bufs written to network (default 2048)
        -D      don't buffer TCP writes (sets TCP_NODELAY socket option)

You need to run ttcp on a server computer first and thereafter on a client computer. Assuming that UW1-320-01 is a client and UW-320-02 is a server, the default invocation will be:

[user@uw1-320-02 hw3]$ ttcp -r
[user@uw1-320-01 hw3]$ ttcp -t

Given the -r option, ttcp will keep running as a server to repeatedly accept a new TCP connection and to sink all data received along the connection until a user specifically terminates it with a "control c" key input. On the other hand, the -t option directs ttcp to make a new TCP connection to a server, to send all messages to it, and to terminate the program.

3.2 tcpdump

This is a network sniffer or analyzer made available on both Linux and Windows. To run this utility, of course, you must be a super user or an administrator, because tcpdump reveals all network transactions. In our class, you will use the /usr/bin/dumptcp.sh shell script that temporarily changes your effective user id to the root user and runs tcpdump with limited parameters such as:

 tcpdump -vtt host $1 and port $2 and tcp

where $1 is a remote IP name and $2 is an IP port of the tcp connection you would like to peek. The port must be larger than 5000. For instance, if you use uw1-320-01 and uw1-320-02 as a client and a server respectively, you should open another xterm at UW1-320-01 to run dumptcp.sh as follows:

[user@uw1-320-01 hw3]$ sudo /usr/bin/dumptcp.sh uw1-320-02 5001 >& dump

When you are finished with "ttcp -t", you should stop dumptcp.sh by typing "control c". The traced results are saved in the dump file that however must be too big to peek using an editor like emacs and pico. Use the more command instead. Learn the output formats of tcpdump through "man tcpdump".

3.3 netstat

This is a utility that prints network connections, routing tables, and interface statistics, masquerade connections, and multicast memberships.

Since the tcpdump displays all exchanged packets, it is overwhelming to count the number of tcp packets, which could be easily retrieved with the netstat command by giving several options. We are interested in obtaining summarized statistics of tcp packets. Learn how to use netstat through "man netstat", and confirm that -st is necessary to display the number of tcp packets sent, received, and retransmitted so far.

Invoke netstat right before and after the execution of "ttcp -t". The actual number of tcp packets exchanged can be calculated as a difference in the statistics between those two invocations of netstat.

[user@uw1-320-01 hw3]$ netstat -st | grep segments
[user@uw1-320-01 hw3]$ ttcp -t [-options] uw1-320-02
[user@uw1-320-01 hw3]$ netstat -st | grep segments

3.4 strace

Most operating systems provide a command to trace system calls issued by a user application. In Linux, it is strace. We are interested in how long (in microseconds) the Linux OS has spent to execute each of (write) system calls issued by "ttcp -t" on the client side. Learn how to use strace through "man strace". To keep the traced results in the file, you might want to execute "ttcp -t" as follows:

[user@uw1-320-01 hw3]$ strace -ttT ttcp -t [-options] uw1-320-02 >& results

The traced results are saved in the results file. Note that we are interested in write system calls onto a particular file descriptor, (i.e., a socket opened by ttcp). The file descriptor numbers 0, 1, and 2 are stdin, stdout, and stderr respectively. Then what number is this socket allocated? To view only write system calls onto this socket, you have to invoke the following cat and grep with an appropriate keyword.

[user@uw1-320-01 hw3]$ cat results | grep [keyword]

4. Statement of Work

4.1 Experiments with `hw3` Program

The professor's hw3 program is located at:

machines	metis, uw1-320-00 ~ uw1-320-31.bothell.washington.edu
directory	~css432/hw3/
executable file	hw3

Test 1: Run hw3 on any two of UW1-320 machines, (i.e., uw1-320-00 ~ uw1-320-15) after starting dumptcp.sh on another xterm window.

The general execution format:
xterm 1:
[user@uw1-320-02 hw3]$ sudo /usr/bin/dumptcp.sh clientIp ipPort // server side

xterm 2:
[user@uw1-320-02 hw3]$ hw3 ipPort                               // server side

xterm 3:
[user@uw1-320-01 hw3]$ hw3 ipPort serverIp                      // client side

An example:
xterm 1:
[user@uw1-320-02 hw3]$ sudo /usr/bin/dumptcp.sh uw1-320-01 12345

xterm 2:
[user@uw1-320-02 hw3]$ hw3 12345

xterm 3:
[user@uw1-320-01 hw3]$ hw3 12345 uw1-320-02

Analysis 1: Based on your dumptcp.sh results, draw a transition diagram as shown on textbook page 392 and trace it for the hw3 client and server respectively. (Draw thick red lines along appropriate arrows for the client and think blue lines for the server.)

Draw a timing chart as shown on texbook page 391 that corresponds to your dumptcp.sh results from the connection request to the disconnection.
Coding: Code a program that mimics the hw3 program. The dumptcp.sh's results for your program must be the same as those for hw3 in terms of:
- the total number of messages
- the sequence and direction of messages including S, ., P, F, >, and < notations
- the data amount of each message
Of course, timestamps, message sequence numbers, ip addresses, and port numbers may vary for each execution.
Hint: You must use the shutdown system call at the server side.

4.2 Experiments with `ttcp` Program

The professor's ttcp is available at:

machines	metis, uw1-320-00 ~ uw1-320-31.bothell.washington.edu
directory	~css432/hw3/
executable file	ttcp

Test 2: Run ttcp on any two of UW1-320's machines, (i.e., uw1-320-00 ~ uw1-320-15) in the following test cases without and with -D option.

-l (message length) -n (# messages)

64 1048576

128 524288

256 262144

512 131072

1024 65536

2048 32768

4096 16384

8192 8192
Test 3: Run ttcp in the following particular test case without -D while you are running dumptcp.sh on another xterm. Check from your dump file if TCP MSS is 1460 bytes or not.

-l (message length) -n (# messages)

1500 20

Test 4: Run ttcp in the following 5 test cases where -l option is from 1458 to 1462 with and without -D option.

-l (message length)	-n (# messages), round decimal points
1458	67108864 / 1458 = 46028
1459	67108864 / 1459 = 45996
1460	67108864 / 1460 = 45965
1461	67108864 / 1461 = 45934
1462	67108864 / 1462 = 45902

Test 5: Run ttcp in the following particular test case with and without -D option. Run netstat right before and after each execution of ttcp to count the tcp packets sent, received, and retransmitted. Thereafter, run "strace -ttT ttcp" in the following particular test case without and with -D option.

-l (message length) -n (# messages)

64 1048576
Analysis 2: Make a graph or a table in terms of Mbps for the test 2. Discuss about:
1. The effect of buffer length without using -D option
2. The effect of -D option
Analysis 3: Make a graph describing how an advertised window changed on the server side when you ran test 3. Just focus on the first 10 acknowledgments from the server. Make clear:
1. Did the server-side advertised window change?
2. How large is MSS in TCP? Is it 1460 bytes?
Analysis 4: Make a graph or a table in terms of Mbps for the test 4. Discuss about:
1. The effect of buffer length without using -D option
2. The effect of -D option
Analysis 5: Discuss about the effect of -D option based on the following results you received from the test 5:
1. the number of TCP packets sent, received, and retransmitted
2. the time required for OS to execute each write system call (focus on the first 20 writes.)

5. What to Turn in

The homework is due at the beginning of class on the due date. You have to turn in the following materials to CollectIt. No email submission is accepted.

Criteria	Percentage
Test 1's execution results: the professor's `hw3`'s dumptcp.sh results as well as your program's dumptcp results.	2pts(10%)
Analysis 1's documents: your state transition diaggram and timing chart that traces the `hw3` program	4pts(20%)
Coding: your source code that adheres good modularization, coding style, and an appropriate amount of comments. The source code is graded in terms of (1) using shutdown (1pt), (2) correctness (3pts), and (3) comments (1pt). Write as many comments as possible, otherwise the professor/the grader cannot keep track of your program.	5pts(25%)
Test 2 ~ 5's performance results: should include (1) test 2's results in Mbps, (2) test 3's results in terms of the advertised window, (3) test 4's results in Mbps, and (4) test 5's results in terms of packets sent, received, and retransmitted; and the time elapsed for each of the first 20 write system calls. Results must be compiled in tables and/or graphs. Don't attach raw data.	4pts(20%)
Discussions: should be given in terms of analysis 1 (1pt), analysis 2 (1pt), analysis 3(1pt), analysis 4(1pt), and analysis 5(1pt).	5pts(25%)
Total	20pts(100%)

6. FAQ

This FAQ page may answer your quetions. Click here

-l (message length)	-n (# messages)
64	1048576
128	524288
256	262144
512	131072
1024	65536
2048	32768
4096	16384
8192	8192