tcpdump Labs
Network Simulation and Testing
Spring 2007
Lab 1. Taking traces
Download this file
lab.tr
to the team's FreeBSD machine first.
Change the filename to lab-'team#'.tr. For example for team 1, change the filename to lab-1.tr.
Start tcpdump
Take the tcpdump trace of all traffic through the interface during a time period.
Upload lab-'team#'.tr
Using 'FTP'
Log in to the regular hw FTP server '140dot112dot42dot221'
Username: netsim
Go to path '/test'
Upload file
Delete lab-'team#'.tr file when the transfer is completed
Log out
Stop tcpdump with the upload is complete
How large is the trace file?
Lab 2. Traffic Volumne
Process the trace and obtain (1) total number of packets and (2) total number of bytes.
Process the trace, classify the traffic, and obtain the number of (1) TCP, (2) UDP, (3)other packet and bytes.
Fill in the blanks in the following table:
# of packets # of bytes Total --- --- TCP --- --- UDP --- --- Other --- ---
Are there more TCP traffic or UDP traffic?
Lab 3. Traffic Burstiness
Process the trace and obtain a time series of (1) packet counts per second and (2) byte counts per second.
Plot the time series with X axis being the time, Y axis being the count.
Is this particular traffic bursty?
Lab 4. End-to-End Delay
Process the trace and obtain the TCP flows between the 140dot112dot42dot221 and your IP.
Try to tell apart data packets and ack packets.
Furthermore, try to identify which ack packet is for which data packet.
Find a pair of such data-ack packets and calculate the time difference for one sample of RTT.
Find all possible pairs and obtain more end-to-end delay samples
Plot the distribution with X axis being the time of data, Y axis being the delay.
Does the delay vary a lot?
Reference:
tcpdump.org