CSS 432 - Program 3: TCP Analysis

CSS 432
Program 3: TCP Anaysis
Instructor: Joe McCarthy
Due date: See the syllabus

1. Purpose

Through this assignment you are to analyze the behavior of the TCP protocol. Your analysis includes two sub tasks.

You will run the instructor's hw3 program so as to draw its TCP state transition diagram as well as the corresponding timing chart, and write your own program mimicking the instructor's in order to understand what sequence of system calls generates the TCP behavior you observed.
You will run the instructor's ttcp program, manipulating its parameters such as the message size, the number of messages transfered, the socket buffer size, and Nagle's algorithm on/off switch. [Note that there is also a version at /usr/bin/ttcp, but we will not be using that version.] Using tcpdump, ttcp, netstat, and strace, you will observe how TCP segments are actually transmitted and how the OS interferes with the transmission.

2. Required Knowledge on TCP

Read the following sections of your textbook to review TCP's typical behavior:

Section 5.2.3 Connection Establishment and Termination (pp 390-394)

Review the timeline for the three-way handshake algorithm (on page 391). You will draw such a timing chart as part of your assignment work. Trace a TCP state transition diagram (on page 392), so that you can draw the diagram corresponding to the instructor's hw3 program.

Section 5.2.5 Triggering Transmission (pp 414-418)

Understand when TCP transmits a new segment on the network. This knowledge is necessary to write a program mimicikng the instructor's hw3 program. Review the silly window syndrome and Nagle's algorithm so as to reason about ttcp's behavior in these contexts.

Sections 6.3.1 AIMD and 6.3.2 Slow Start (pp 500-510)

Review two algorithms to increase the advertized/congestion window in TCP: additive increase and slow start. You will be asked which of those algorithms is being used, along with other observations in your experiment.

3. Overview of ttcp, tcpdump, netstat, and strace

The following four commands are useful to check the statistics of TCP segments exchanged with a remote computer.

3.1 ttcp

The Test TCP (ttcp) utility is a public domain program written in the 1980s by Mike Muuss and Terry Slattery at the Ballistics Research Laboratory. It sends arbitrary amounts of data to another machine using TCP or UDP, and collects statistics regarding the transfer. Although this utility has various options, we will focus on TCP and a subset of the original options.

Usage: ttcp -t [-options] remotehost
       ttcp -r [-options]
       where:
        -t      transmit data
        -r      receive data
       common options:
        -l#     length of bufs read from or written to network (default 8192)
        -b#     set the socket buffer size if supported (default is 16384)
        -p#     specify another service port (default is 5001)
        -?      print this help
       options specific to -t:
        -n#     number of source bufs written to network (default 2048)
        -D      don't buffer TCP writes (sets TCP_NODELAY socket option)

You need to start ttcp on a server computer first and then start it on a client computer. If, for example, you are using UW1-320-01 as a client (sender) and UW-320-02 as a server (receiver), and have copied the instructor's ttcp executable to your hw3 directory, the invocations might look like the following:

[user@uw1-320-02 hw3]$ ./ttcp -r

[user@uw1-320-01 hw3]$ ./ttcp -t uw1-320-02

Given the -r option, ttcp will keep running as a server to repeatedly accept a new TCP connection and to sink (discard) all data received along the connection until a user specifically terminates it with CTRL-C. On the client side, the -t option directs ttcp to make a new TCP connection to a server, to send messages to it, and then terminate the program.

3.2 tcpdump

tcpdump is a network sniffer or analyzer made available on both Linux and Windows. To run this utility, you must be a superuser or an administrator, because tcpdump reveals all network transactions. In our class, you will use sudo to temporarily invoke superuser status while executing the /usr/bin/dumptcp.sh shell script to run tcpdump with limited parameters such as:

 tcpdump -vtt host $1 and port $2 and tcp

where $1 is a remote IP name and $2 is the port of the TCP connection you would like to access. The port must be larger than 5000.

Following the previous example, if you use uw1-320-01 as a ttcp client (transmitter) and uw1-320-02 as a ttcp server (receiver), you should start the server, then open another xterm on the client end (at uw1-320-01) to run dumptcp.sh as follows:

Start the ttcp receiver on uw1-320-02 by typing
./ttcp -r
Start recording the tcp dump on the client (uw1-320-01) by typing
sudo /usr/bin/dumptcp.sh uw1-320-02 5001 >& dumptcp.output
Start the ttcp transmitter in a separate xterm on uw1-320-01 by typing
./ttcp -t uw1-320-02
When the ttcp transmitter finishes, stop recording the tcp dump by typing CTRL-C in that xterm
Stop the server by typing CTRL-C in the xterm on uw1-320-02

An enormous amount of data is generated by this command, so the results should always be saved in a file using the Linux stderr redirect operator (>&). Note that this file might be too big to view using an editor like emacs or pico. Instead, use the more command, or better yet, the less command. Learn the output formats of the version of tcpdump installed on our system by using man tcpdump.

3.3 netstat

netstat is a utility that prints network connections, routing tables, interface statistics, masquerade connections and multicast memberships.

tcpdump displays all exchanged packets, which can provide an overwhelming amount of information; some of this information can be more easily retrieved with the netstat command with appropriate options. We are interested in obtaining summarized statistics of tcp packets. Learn how to use the version of netstat installed on our system by using man netstat, and confirm that the -st option is necessary to display the number of tcp packets sent, received, and retransmitted so far.

In this case, invoke netstat right before and after the execution of ttcp -t in the same xterm on the client side. The actual number of tcp packets exchanged can be calculated as a difference in the statistics between those two invocations of netstat.

[user@uw1-320-01 hw3]$ netstat -st | grep segments
[user@uw1-320-01 hw3]$ ttcp -t [-options] uw1-320-02
[user@uw1-320-01 hw3]$ netstat -st | grep segments

3.4 strace

Most operating systems provide a command to trace system calls issued by a user application. In Linux, it is strace. We are interested in how long (in microseconds) the Linux OS has spent executing each of write() system calls issued by ttcp -t on the client side. Learn how to use strace through man strace. To store the traced results in a file, you might want to execute ttcp -t as follows:

[user@uw1-320-01 hw3]$ strace -ttT ttcp -t [-options] uw1-320-02 >& strace.output

The traced results are saved in the results file. Note that we are interested in write() system calls using a particular file descriptor, (i.e., a socket opened by ttcp). The file descriptor numbers 0, 1, and 2 are stdin, stdout, and stderr respectively. To determine what number this socket is allocated, you may want to invoke grep with an appropriate keyword, for example

[user@uw1-320-01 hw3]$ grep [keyword] < results

4. Statement of Work

4.1 Experiments with `hw3` Program

The instructor's hw3 program is located at ~css432/hw3/hw3 on the Linux Lab network (uw1-320-lab.uwb.edu).

Test 1: Run hw3 on any two of UW1-320's 100Mbps machines, (i.e., uw1-320-00 ~ uw1-320-15) after starting dumptcp.sh on another xterm window.
Note that unlike the ttcp examples above, dumptcp.sh should be run on the server side.
The general execution format:
xterm 1 (server side):
[user@uw1-320-02 hw3]$ sudo /usr/bin/dumptcp.sh clienthostname portnumber
xterm 2 (server side):
[user@uw1-320-02 hw3]$ ./hw3 portnumber
xterm 3 (client side):
[user@uw1-320-01 hw3]$ ./hw3 portnumber serverhostname
A specific example:
xterm 1 (server side):
[user@uw1-320-02 hw3]$ sudo /usr/bin/dumptcp.sh uw1-320-01 12345
xterm 2 (server side):
[user@uw1-320-02 hw3]$ ./hw3 12345
xterm 3 (client side):
[user@uw1-320-01 hw3]$ ./hw3 12345 uw1-320-02
Analysis 1: Based on your dumptcp.sh results, draw a transition diagram as shown in Figure 5.7 on page 405 of our textbook (a version also appears in the slides for Chapter 5), and trace it for the hw3 client and server respectively. (Draw thick red lines along appropriate arrows for the client and thick blue lines for the server.)

Draw a timing chart as shown in Figure 5.6 on texbook page 403 that corresponds to your dumptcp.sh results from the connection request to the disconnection.
Coding: Code a program that mimics the hw3 program. The dumptcp.sh's results for your program must be the same as those for hw3 in terms of:
- the total number of messages
- the sequence and direction of messages including S, ., P, F, >, and < notations
- the data size of each message
Of course, timestamps, message sequence numbers, ip addresses, and port numbers may vary for each execution.
Hint: You must use the shutdown system call on the server side.

4.2 Experiments with `ttcp` Program

The instructor's ttcp is available at ~css432/hw3/ttcp on the Linux Lab network (uw1-320-lab.uwb.edu).

Test 2: Run ttcp on any two of UW1-320's 100Mbps machines, (i.e., uw1-320-00 ~ uw1-320-15) in the following test cases without and with -D option.

-l (message length) -n (# messages)

64 1048576

128 524288

256 262144

512 131072

1024 65536

2048 32768

4096 16384

8192 8192
Test 3: Run ttcp in the following particular test case without -D while you are running dumptcp.sh on another xterm. Check your dump file to see if the TCP maximum segment size (MSS) is 1448 bytes or not.

-l (message length) -n (# messages)

32768 2048

Test 4: Run ttcp in the following 5 test cases where -l option is from 1446 to 1450 with and without -D option.

-l (message length)	-n (# messages), round decimal points
1446	67108864 / 1446 = 46410
1447	67108864 / 1447 = 46378
1448	67108864 / 1448 = 46346
1449	67108864 / 1449 = 46314
1450	67108864 / 1450 = 46282

Test 5: Run ttcp in the following particular test case with and without -D option. Run netstat right before and after each execution of ttcp to count the tcp segments sent, received, and retransmitted. Thereafter, run strace -ttT ttcp in the following particular test case without and with -D option while you are running dumptcp.sh on another xterm. (Note that you must start and stop dumptcp.sh every time you run a different test case, and should save the result of each test case in a different file.)

-l (message length) -n (# messages)

64 1048576
Analysis 2: Make a graph or a table in terms of Mbps for Test 2. Discuss:
1. The effect of buffer length without using -D option
2. The effect of -D option
Analysis 3: Make a graph describing how an advertised window grew on the server side when you ran Test 3. Just focus on the first 20 acknowledgments from the server. Make clear:
1. Does the growth of the advertised window follow additive increment, slow start, or perhaps a different algorithm?
2. How large is MSS in TCP? Is it 1448 bytes?
Analysis 4: Make a graph or a table in terms of Mbps for Test 4. Discuss:
1. The effect of buffer length without using -D option
2. The effect of -D option
Analysis 5: Discuss the effect of -D option based on the following results you received from the test 5:
1. the number of TCP packets sent, received, and retransmitted
2. the time required for OS to execute each write() system call (focus on the first 20 writes)
3. the actual packet size exchanged over network (focus on the first 20 packets sent)

5. What to Turn in

The homework is due at the beginning of class on the due date and must be submitted via Catalyst.

Criteria	Points (pct)
Test 1's execution results: the instructor's `hw3`'s `dumptcp.sh` results as well as your program's `dumptcp` results.	2 pts (10%)
Analysis 1's documents: your state transition diaggram and timing chart that traces the `hw3` program	4 pts (20%)
Coding: your source code that demonstrates good modularization, coding style, and an appropriate amount of comments. The source code is graded in terms of using `shutdown` (1 pt) correctness (3 pts) comments (1 pt)	5 pts (25%)
Tests 2, 3, 4 & 5 performance results: all results must be represented in tables and/or graphs rather than raw data. Test 2's results in Mbps (1 pt) Test 3's results in terms of the advertised window (1 pt) Test 4's results in Mbps (1 pt) Test 5's results in terms of packets sent, received, and retransmitted, the time elapsed for each of the first 20 `write()` system calls, and each size of the first 20 packets sent. (1 pt)	4 pts (20%)
Discussion: Analysis 1 (1 pt) Analysis 2 (1 pt) Analysis 3 (1 pt) Analysis 4 (1 pt) Analysis 5 (1 pt)	5 pts (25%)
Total	20 pts (100%)

6. FAQ

This FAQ page may address some of your questions. Click here

7. Acknowledgment

This assignment is closely modeled on an assignment earlier specified by Professor Fukuda.

-l (message length)	-n (# messages)
64	1048576
128	524288
256	262144
512	131072
1024	65536
2048	32768
4096	16384
8192	8192