[Solved] CSC361 Assignment 2-TCP Traffic Analysis

The purpose of this project is to understand the details of state management in Transmission 7 Control Protocol (TCP). You are required to write a python program to analyze the TCP protocol 8 behavior.

9 2 Requirements

10 You will be given a sample TCP trace file (sample-capture-file.cap). During the period traced, a 11 single web client accesses different web sites on the Internet. This trace is to be used for your own 12 test. TA might use a different trace file to test your code.

13 You need to write a python program for parsing and processing the trace file, and tracking TCP 14 state information. In this assignment, your code will be tested on the server linux.csc.uvic.ca. As 15 such, you are allowed to use only the Python packages of python3 currently installed on 16 linux.csc.uvic.ca. You are not allowed to install/use other third-party python packages.

17 Your program should process the trace file and compute summary information about TCP 18 connections. Note that a TCP connection is identified by a 4-tuple (IP source address, source port, 19 IP destination address, destination port), and packets can flow in both directions on a connection 20 (i.e., duplex). Also note that the packets from different connections can be arbitrarily interleaved 21 with each other in time, so your program will need to extract packets and associate them with the 22 correct connection.

• The summary information to be computed for each TCP connection includes:

• the state of the connection. Possible states are: S0F0 (no SYN and no FIN), S1F0 (one SYN and no FIN), S2F0 (two SYN and no FIN), S1F1 (one SYN and one FIN), S2F1 (two SYN and one FIN), S2F2 (two SYN and two FIN), S0F1 (no SYN and one FIN), S0F2 (no SYN and two FIN), and so on, as well as R (connection reset due to protocol error). For consistence, we count a SYN+ACK segment (i.e., a segment with both SYN bit and ACK bit set to 1) as a SYN message. (Of course, a SYN segment is also counted as a SYN segment). Getting this state information correct is the most important part of your program. We are especially interested in the complete TCP connections for which we see at least one SYN and at least one FIN. For these complete connections, you can report additional information, as indicated in the following. the starting time, ending time, and duration of each complete connection

1

• the number of packets sent in each direction on each complete connection, as well as the total
• packets
• the number of data bytes sent in each direction on each complete connection, as well as 38 the total bytes. This byte count is for data bytes (i.e., excluding the TCP and IP protocol 39 headers).

40 Besides the above information for each TCP connection, your program needs to provide the 41 following statistical results for the whole trace data:

• the number of reset TCP connections observed in the trace
• the number of TCP connections that were still open when the trace capture ended
• the number of complete TCP connections observed in the trace
• Regarding the complete TCP connections you observed:
• the minimum, mean, and maximum time durations of the complete TCP connections
• the minimum, mean, and maximum RTT (Round Trip Time) values of the complete 48 TCP connections

49 the minimum, mean, and maximum number of packets (both directions) sent on the 50 complete TCP connections

51 the minimum, mean, and maximum receive window sizes (both sides) of the complete 52 TCP connections.

53 As a guideline for output format, please follow the output format of this project shown in 54 outputformat.pdf.