CS615A -- Aspects of System Administration - HW#2

HW2: packet captures


The objective of this assignment is for you to learn how to capture and read packets to observe and analyze network traffic as well as to research and explain some parts of the physical aspects of the internet. This reinforces lessons from our networking videos.

Note: this assignment requires you to use multiple tools. Please pay close attention to which tools to use for which parts of the assignment.


Please carefully read the assignment in full before you begin.

This assignment is worth 30 points.


Create an OmniOS instance (ami-0242bbd23361d20e2') and a Fedora instance (ami-01efb339f953fdf36). On each, run the command traceroute www.stevens.edu; capture only the ICMP and UDP packets relevant to this trace using the snoop(1M) and tcpdump(8) tools respectively.

Next, issue an HTTP request to 6.ifconfig.pro using the telnet(1) command and capture the TCP packets only. Use the -v flag to snoop(1M) to display all the details; use -w for tcpdump(8) to write the data into a pcap file, then load that file into Wireshark and identify and compare the TCP packet details. Return back to the tcpdump(8) output and identify the same properties marked by "wireshark" and snoop(1M) in the tcpdump -r output.

Finally, run traceroutes to the following hosts to observe the different routes across the globe taken:

Identify some other service endpoints in distant geographic locations, if you like.

Use Visual Traceroute, IP2Location Traceroute, traceroute on a map, traceroute mapper or perhaps Open Visual Traceroute to map the hops from different starting locations to these addresses. Take note of the different networks the packets traverse and the paths they take. How does this differ from traceroutes run from your laptop? Can you identify major peering points and tier-1 operators? How many ASes do the traces pass through? Report anything noteworthy or interesting. If anything appears surprising or non-obvious, research and present an explanation.

Deliverables Due Date

You will submit a single tar(1) archive. The file to submit will be called "$USER-hw2.tar" (where "$USER" is your username). The archive will extract all files and subdirectories into a directory named $USER. Your archive will contain the following files:

  • traceroute.txt - a text file containing the annotated output of snoop(1M) / tcpdump(8), showing clearly and only the relevant ICMP and UDP packets for the traceroute to www.stevens.edu
  • http.txt - a text file containing the annotated output of tcpdump -r of your HTTP request, explaining and identifying separately the TCP handshake, the HTTP request, the HTTP reply, and the termination of the connection
  • visual-traceroute.txt - a plain text file noting your findings from the visual traceroute and answering the questions above
  • README - commentary on what you learned, what you found difficult, what you found surprising

Creating a valid submission might look as follows:

$ mkdir $USER
$ cd $USER
$ vi traceroute.txt http.txt visual-traceroute.txt README
$ cd ..
$ tar cf ${USER}-hw3.tar ${USER}

Please attach the file to an email sent from your @stevens.edu email address to jschauma@stevens.edu with a subject of "[CS615] HW2".

The due date for this assignment is 2021-03-22 16:00 EDT.

[Course Website]