tcpdump Labs
Network Simulation and Testing
Spring 2005
Lab 1. Taking traces
Take the tcpdump trace of all traffic through the interface during a time period.
(You'll be given detailed instruction in class on the time duration.)
How large is the trace file?
Lab 2. Traffic Volumne
Process the trace and obtain (1) total number of packets and (2) total number of bytes.
Process the trace, classify the traffic, and obtain the number of (1) TCP, (2) UDP, (3)other packet and bytes.
Fill in the blanks in the following table:
# of packets # of bytes Total --- --- TCP --- --- UDP --- --- Other --- ---
Are there more TCP traffic or UDP traffic?
Lab 3. Traffic Burstiness
Process the trace and obtain a time series of (1) packet counts per second and (2) byte counts per second.
Plot the time series with X axis being the time, Y axis being the count.
Is this particular traffic bursty?
Lab 4. End-to-End Delay
Process the trace and obtain the TCP flows between the IP address given on the whiteboard and your IP.
Try to tell apart data packets and ack packets.
Furthermore, try to identify which ack packet is for which data packet.
Find a pair of such data-ack packets and calculate the time difference for one sample of RTT.
Find all possible pairs and obtain more end-to-end delay samples
Plot the distribution with X axis being the time of data, Y axis being the delay.
Does the delay vary a lot?
Reference:
tcpdump.org