CS615A -- Aspects of System Administration - HW#3

HW3: packet captures


The objective of this assignment is for you to learn how to capture and read packets to observe and analyze network traffic as well as to research and explain some parts of the physical aspects of the internet. This reinforces lessons from networking lectures.

Note: this assignment requires you to use multiple tools. Please pay close attention to which tools to use for which parts of the assignment.


Please carefully read the assignment in full before you begin.

This assignment is worth 30 points.


Create an OmniOS instance (AMI ami-0b2c7fd1c1f7e91d6) and a Fedora instance (AMI ami-0d7a9cc499e108f74). On each, run the command traceroute www.stevens.edu; capture only the ICMP and UDP packets relevant to this trace using the snoop(1M) and tcpdump(8) tools respectively.

Next, issue an HTTP request using the telnet(1) command and capture the TCP packets only. Use the -v flag to snoop(1M) to display all the details; use -w for tcpdump(8) to write the data into a pcap file, then load that file into Wireshark and identify and compare the TCP packet details. Return back to the tcpdump(8) output and identify the same properties marked by "wireshark" and snoop(1M) in the tcpdump -r output.

Finally, run traceroutes to the following hosts to observe the different routes across the globe taken: www.cs.stevens.edu, www.uni-marburg.de, www.uba.ar, www.hawaii.edu, www.hku.hk, www.du.ac.in, www.usyd.edu.au. Identity some other service endpoints in distant geographic locations, if you like.

Use Visual Traceroute and traceroute on a map or perhaps Open Visual Traceroute to map the hops from different starting locations to these addresses. Take note of the different networks the packets traverse and the paths they take. How does this differ from traceroutes run from your laptop? Can you identify major peering points and tier-1 operators? How many ASes do the traces pass through? Report anything noteworthy or interesting. If anything appears surprising or non-obvious, research and present an explanation.

Deliverables Due Date

You will submit a single tar(1) archive. The file to submit will be called "$USER-hw3.tar" (where "$USER" is your username). The archive will extract all files and subdirectories into a directory named $USER. Your archive will contain the following files:

  • traceroute.txt - the annotated packet capture output from snoop(1M) / tcpdump(8), showing clearly and only the relevant ICMP and UDP packets for the traceroute to www.stevens.edu
  • http.txt - a text file containing the annotated output of tcpdump -r of your HTTP request explaining and illustrating the TCP handshake, the HTTP request, the HTTP reply, and the termination of the connection
  • visual-traceroute.txt - a plain text file noting your findings from the visual traceroute
  • README - commentary on what you learned, what you found difficult, what you found surprising

Creating a valid submission might look as follows:

$ mkdir $USER
$ cd $USER
$ vi traceroute.txt http.txt visual-traceroute.txt README
$ cd ..
$ tar cf ${USER}-hw3.tar ${USER}

Please attach the file to an email sent from your @stevens.edu email address to jschauma@stevens.edu with a subject of "[CS615] HW3".

The due date for this assignment is 2019-03-11 16:00 EDT.

[Course Website]