Assignment 2: TCP Traffic Analysis

1 CSc 361: Computer Communications and Networks
2 (Spring 2021)
3 Assignment 2: TCP Traffic Analysis

5 1 Goal
6 The purpose of this project is to understand the details of state management in Transmission
7 Control Protocol (TCP). You are required to write a python program to analyze the TCP protocol
8 behavior.
9 2 Requirements
10 You will be given a sample TCP trace file (sample-capture-file.cap). During the period traced, a
11 single web client accesses different web sites on the Internet. This trace is to be used for your own
12 test. TA might use a different trace file to test your code.
13 You need to write a python program for parsing and processing the trace file, and tracking TCP
14 state information. In this assignment, your code will be tested on the server linux.csc.uvic.ca. As
15 such, you are allowed to use only the Python packages of python3 currently installed on
16 linux.csc.uvic.ca. You are not allowed to install/use other third-party python packages.
17 Your program should process the trace file and compute summary information about TCP
18 connections. Note that a TCP connection is identified by a 4-tuple (IP source address, source port,
19 IP destination address, destination port), and packets can flow in both directions on a connection
20 (i.e., duplex). Also note that the packets from different connections can be arbitrarily interleaved
21 with each other in time, so your program will need to extract packets and associate them with the
22 correct connection.
23 The summary information to be computed for each TCP connection includes:
24 • the state of the connection. Possible states are: S0F0 (no SYN and no FIN), S1F0 (one SYN
25 and no FIN), S2F0 (two SYN and no FIN), S1F1 (one SYN and one FIN), S2F1 (two SYN
26 and one FIN), S2F2 (two SYN and two FIN), S0F1 (no SYN and one FIN), S0F2 (no SYN and
27 two FIN), and so on, as well as R (connection reset due to protocol error). For consistence,
28 we count a SYN+ACK segment (i.e., a segment with both SYN bit and ACK bit set to 1)
29 as a SYN message. (Of course, a SYN segment is also counted as a SYN segment). Getting
30 this state information correct is the most important part of your program. We are especially
31 interested in the complete TCP connections for which we see at least one SYN and at least
32 one FIN. For these complete connections, you can report additional information, as indicated
33 in the following.
34 • the starting time, ending time, and duration of each complete connection
1
35 • the number of packets sent in each direction on each complete connection, as well as the total
36 packets
37 • the number of data bytes sent in each direction on each complete connection, as well as
38 the total bytes. This byte count is for data bytes (i.e., excluding the TCP and IP protocol
39 headers).
40 Besides the above information for each TCP connection, your program needs to provide the
41 following statistical results for the whole trace data:
42 • the number of reset TCP connections observed in the trace
43 • the number of TCP connections that were still open when the trace capture ended
44 • the number of complete TCP connections observed in the trace
45 • Regarding the complete TCP connections you observed:
46 – the minimum, mean, and maximum time durations of the complete TCP connections
47 – the minimum, mean, and maximum RTT (Round Trip Time) values of the complete
48 TCP connections
49 – the minimum, mean, and maximum number of packets (both directions) sent on the
50 complete TCP connections
51 – the minimum, mean, and maximum receive window sizes (both sides) of the complete
52 TCP connections.
53 As a guideline for output format, please follow the output format of this project shown in
54 outputformat.pdf.
55 3 Deliverables and Marking Scheme
56 For your final submission of your assignment, you are required to submit your source code. You
57 should include a readme file to tell TA how to run your code.
58 Zip your assignments (code) as one tar file using %tar -czvf on linux.csc.uvic.ca.
59 The marking scheme is as follows (refer to outputformat.pdf as well):
Components Weight
Total number of connections 25
Connections’ details 30
General Statistics 20
Complete TCP connections: 20
Readme.txt, code style 5
Total Weight 100
60
61 4 Plagiarism
62 This assignment is to be done individually. You are encouraged to discuss the design of your solution
63 with your classmates, but each person must implement their own assignment.
64 The End
2