Hands-on 4: Understanding Reliable Transport via TCP and tcpdump

Due: 11:59pm March 13, 2018


This hands-on is a bit different from the others. The purpose is two-fold:

  1. To teach you the basics of reliable transport protocols.
  2. To use tcpdump to explore TCP, the most commonly-used reliable transport protocol.

In past semesters, we've gone over reliable transport protocols very quickly in lecture, which hasn't always gone well. To give you more time to get comfortable with those protocols, we've put together this guide to reliable transport. The first part of the hands-on is simply to read the guide.

It is imperative that you read the guide before beginning this hands-on. We have made the hands-on shorter to compensate for the extra reading. Not only is the guide a part of the hands-on, but we will build on the concepts in the lecture that follows this hands-on. The content of the guide is absolutely fair game for the midterm.


We recommend, but do not require, that you perform this assignment on Athena. Please note that the TAs cannot guarantee tech support if you do not use an Athena workstation.

Before you begin the assignment, please verify that tcpdump is installed. Most athena workstations (and linux machines, in general) should have tcpdump installed by default. If you get the error 'tcpdump: Command not found.', on an athena machine, run:

add ops
If you are using other linux (Debian/Ubuntu-based) machines, run:
sudo apt-get install tcpdump
to install it for the duration of a login session.

Understanding tcpdump

In this assignment you will understand how TCP works using tcpdump. To begin with, download the tcpdump log file from here. You can also download it on any linux machine using:

wget http://web.mit.edu/6.033/www/assignments/tcpdump.dat

For this trace, we used a program that transmits a file from a machine called willow to a machine called maple over a TCP connection. We ran the tcpdump tool on the sender, willow, to log both the departing data packets and the received acknowledgments (ACKs).

The file tcpdump.dat is a binary file which contains a log of all the TCP packets for the above TCP connection. The file is not human-readable. To parse the file, you can use tcpdump. For more information on tcpdump, you can look at:

man tcpdump

To understand the log file in a human-readable format, run:

tcpdump -r tcpdump.dat > /tmp/outfile.pcap ; mv /tmp/outfile.pcap outfile.txt
This is an incredibly weird way to save the results to outfile.txt. Athena has some interesting protections in place regarding tcpdump output. If you are having trouble creating this file, here is a copy of outfile.txt that we created on athena.

Now open outfile.txt on your preferred text editor. The output has several lines listing packets sent from willow to maple, and the ACKs from maple to willow. For example:

00:34:41.474225 IP willow.csail.mit.edu.39675 > maple.csail.mit.edu.5001: Flags [.], seq 1473:2921, ack 1, win 115, options [nop,nop,TS val 282136474 ecr 282202089], length 1448

Denotes a packet sent from willow to maple. The time stamp 00:34:41.474225 denotes the time at which the packet was transmitted by willow.

TCP uses sequence numbers to keep track of how much data it has sent. In the reliable-transport guide, we associated one sequence number with each packet (packet 1, packet 2, etc.). In TCP, there is one sequence number per byte of data. The above packet has a sequence number 1473:2921, indicating that it contains all bytes from byte #1473 to byte #2920 (= 2921 - 1) in the stream, which is a total of 1448 bytes.

(Note: There may be very minor variations in the format of the output of tcpdump depending on the version of tcpdump on your machine.)

Once maple receives the packet, assuming that it has received all previous packets as well, it sends an acknowledgment (ACK):

00:34:41.482047 IP maple.csail.mit.edu.5001 > willow.csail.mit.edu.39675: Flags [.], ack 2921, win 159, options [nop,nop,TS val 282202095 ecr 282136474], length 0

In the reliable-transport guide, an ACK for packet k indicated that the receiver had received all packets up to and including k. In TCP, the ACK reflects the next byte that the receiver expects. The above ACK indicates that maple has received all bytes from byte #0 to byte #2920. The next byte that maple expects is byte #2921. The time stamp 00:34:41.482047, denotes the time at which the ACK was received by willow.


Now you're ready for this week's questions.

Like before, the questions are in a read-only google doc. Make sure to enter quesitons in the page indicated (please do not erase the question text) and upload them as a PDF to Gradescope. See more detailed instructions at the end of the first week's hands-on. If you are having Gradescope problems, please post a question on Piazza!