on the network. Many shareware and freeware tools exist to capture packets as they are sent across the ... some network monitoring toclls for student use and ...
PACKET tracing: a new paradigm for teaching computer network courses Willis F. Marti, Udo W. Pooch of Computer Science, College of Engineering Texas A&M University
Dept.
College
Station,
TX
77843
{willis, pooch} @cs.tamu.edu John A. Hamilton, Jr. of Electrical
Dept. &
Engineering
Computer Science
U.S. Military Academy West Point, NY 10996
dj7560@eecsl
.eecs.usma,edu makes it an inviting environment for student projects. TCP/IP is the short name for the TCP/IP Intemet Protocol Suite. The packet tracing methodology we describe can certainly be applied to any TCP/IP network. Similar analysis is possible for any layered communications system where observation of the signal on the media is available. The general principles illustrated should serve the students well regardless of the network protocols and architectures the students have available. Figure 1 shows the layered architecture of some of the TCP/IP protocols operating over Ethernet.
Abstract Networking is a complex and evolving topic central to today’s computing environment. The most important example of this technology is the Intemet, which has become a staple of modem society. We present a method for combining principles and practices in the classroom, reinforcing the student’s knowledge of fundamentals while providing useful skills. Students are being exposed to the Intemet early in their academic careers. Students in a principles only networking course may have trouble connecting their classroom theory with their own network experiences.
1 Layered
USER
architectures
FTP
The key to understanding packet based data communications is In a layered the abstract concept of a layered architecture. architecture, functionality is divided into separate Iayers, with no sharing of functionality between layers. Each layer uses the services of the layer immediately below it, and provides services to the layer immediately above it. Layers that are not adjacent do not communicate.
DNS TFI NFT
TCP
of TCP/IP
running
UDP
1P ARP
ICMP
I Ethernet
Network technology is one of the fastest growing areas in computer science. For this reason, many authors and educators Implementation emphasize principles over technologies. specifics change rapidly and new protocols are constantly being developed. Only some of the fundamentals are likely to be unchanged over time. Therefore we must base our education on today’s technologies, not on experimental protocols which may never be widely implemented. The prevalence
. . . .
Figure
(IEEE: LLC MAC PHY)
1 TCP/IP
Model.
TCP/IP has the same functionality as the 0S1 model although the layers and layer boundaries are different.
(Figure
2)
over Ethernet in academia
2 Approaches
to a network
course
In such a broad field of study, there are clearly limits on what may be covered in a one semester course. Our interest is in a first course taught at the undergraduate upper division level. Approaches to presenting the material are as diverse as the There are several excellent books members of the faculty. available to support a first networks course. We have typically used a mainstream text augmented with our packet tracing notes. The World Wide Web URL for our course notes is:
Permission to make digitdhard copy of part or all of this work for personal or claes.room use is ranted without fee provided that copies are not made or distributed for Pro ?It or commercial advanb e. the @pYright noti~, the title of the publication and its date appear, an #notice isgiven that copying is by permission of ACM, Inc. To mpy otherwise, to republish, to post on servers, or to redistribute to Me, requires prior specific permission andior a fee. Integrating Tech. into C.S,E. 6/96 Barcelona, Spain 01996 ACM 0-89791 -844-4/96/0009 ...$3.50
http://www.cs.tamu
162
.edulcourse-inf
olcpsc463.
Three approaches following areas:
often
used
are to
emphasize
one
of
the
We have also found NetSim valuable in assignments [2]. allowing students to observe and experiment the effects clf bottlenecks, delays and other network phenomena. NetSim was developed at M.I.T. and runs over the X Window System [6”1. The x-kernel programming system from the University c~f
The 0S1 Model Performance Network
Analysis
Arizona is another example of code used to make network operation more visible to the student [1]. Effective use of the x.kernel requires extensive programming expertise in the C programming language.
Simulation
As we summarize each area, we must point out that most networks courses will cover each of these areas and vary the degree of coverage.
3 Packet tracing
0S1 Model - instruction based on this model is very common. Typically, the functionality of each layer of the 0S1 Model is presented. Then, examples of this functionality in a specific network protocol are provided. In order to interconnect different network architectures, data must be translated and reformatted appropriately [5]. Many of the widely implemented network protocols have architecture layers that are not strictly aligned with However, the reference model still the 0S1 model layers. provides a valuable tool to analyze disparate protocol architectures [9]. The major contribution of the 0S1 is its very generality which allows an abstract functional decomposition of a network protocol. The seven layers of the 0S1 model are shown in Figure-2,
There are three compelling reasons to use packet tracing as a pedagogical tool [7]. First, being able to accurately predict packets shows an understanding of the interactions of the different network layers in a single network device. Second. diagnostic skills are attained when students can understand why observed packets are not the same as the predicted packets. Third, understanding network protocols enables one to debug applications that work over the network by determining exactly what information is exchanged among the applications.
1 Application
Packet tracing has been used in our upper division networks Originally we only required manual courses for several years. tracing. We have since modified some network monitoring toclls for student use and are augmenting our manual drills with automated tools [3][4].
Presentation
Session
Transport
We have found classroom exercises useful and designate students to ‘role play’ as protocols on the TCP/IP stack. One student is designated as the 1P layer, another is designated as UDP, another as TCP, et cetera. The network architecture and table information is written on the board. Then a command such as ‘telnet eecs 1‘ is given and the students in turn state the actions taken at their layer to check and forward packets to process the command. Simpler commands are traced first and then progressively more complex commands and combinations of commands are traced. Problems consist of a set of information about system addresses and servers, assumptions about device state, a drawing for reference and the command or action to be traced.
Network
L!nk
Physical
Figure
20S1
Reference
methodology
Packet tracing is the technique of predicting the sequence and content of packets visible at the physical layer of the 0S1 model, based on some action at an upper layer [7]. It is also the action of observing packets as they appear on the media and deriving the activities occurring on hosts. Activity on the media represents the one place where the network investigator is guaranteed access to what is actually occurring on the network. Many shareware and freeware tools exist to capture packets as they are sent across the media [4].
Model
Each peer layer is logically connected between nodes, although the real (physical) connection is only at the physical layer.
Students are required to trace a ‘DNS Query’ initated on host A. We want to know what packets are generated if some process initiates a request to resolve a DNS name on host A. Since we are using a TCP/IP-based system, we will trace the action of each layer shown in Figure 1.
Performance Analysis - an emphasis on analytical models and the associated probability is also challenging. Not all undergraduates will have the necessary mathematical/statistical background for serious work in analytical modeling of computer networks. While the academic value of analytical modeling is sound, it should be noted that an increasing number of researchers are questioning how well classical queuing theory approximates actual network operation [8].
PP Figure
Simulation - simulating computer networks provides students with simulated observations of the operation of a network. Barnett proposes the use of the NetSim simulator to support both major project assignments and more focused homework
3 Example
Network.
Consider the sample network in Figure 3. First, the system passes the request to the DNS code residing on host A which determines that a query must be sent to the DNS server. A packet is created
163
and given to the UDP layer for delivery. The UDP layer adds a minimal header and passes the packet to the 1P layer. At the 1P layer the netmask is applied to the source and destination addresses to determine if the delivery is local or non-local. For a local delivery to the Data/Link layer, the Ethernet address is required. An ARP request is sent by the 1P layer to get the Ethernet address corresponding to the 1P address. The address is returned to the 1P layer which updates its cache, adds the address to the packet and requests the Ethernet layer to deliver the packet. The 1P layer on host B receives the packet and then starts the delivery process on that host.
our undergraduate CPSC 463 Networks and Distributed Processing course. Additionally, this technique has been used in courses taught through the Texas Engineering Extension Service. As one group of students wrote: Most of what we have learned about networks has been theory. Packet tracing was a very good way to take some of that information and apply it. Before we traced packets, we knew how bridges and routers were supposed to process packets, but actually tracing a packet made us understand all the steps involved. This exercise showed us how many of the protocols work and how they work together to send a packet through a network.
The preceding paragraph is a high level summary of the first part of executing a ‘DNS Query’ command. Students thoroughly trace the actions of each layer in the problem shown below. Sample
problem:
Telnet connection
We found that the packet-tracing exercises served to effectively reinforce networking theory found in the mainstream textbooks. We have also observed industry showing considerable interest in our graduates who understand TCPIIP networking.
on a single segment.
Refer to Figure 3.
5 Conclusions
Host A, 1P address 128.194.1.2
Applied study of networks is often resource intensive. Manual packet tracing requires no equipment. Our methodology provides an application framework to illustrate the theory of networking. Students receive a strong foundation in both the practical and theoretical aspects of networking. Best of all, the students can directly relate their academic experience with the internetwork they are most likely to use: the TCP/IP-based Internet.
Host B, 1P address 128.194.1.3 netmask 255.255 .255.0 Assumptions:
ARP caches and bridge tables are empty.
All hosts know DNS Server is 128.194.1.3.
References Requirement:
Trace command
‘telnet B‘ initiated
on Host A.
1
X-kernel
documentation
http://www.cs.arizona. The above problem is a typical problem for either in-class roleplaying or homework assignment. Students are expected to trace the packets through each TCP/IP layer (i.e. UDP, 1P, Ethernet) including the services provided at each level such as address resolution protocol (ARP).
2
Barnett,
III,
18-19, 3
would look like:
Ethernet
1P 4 Source
‘Type’
Source
Destination
Broadcast
EA
ARP Request
128.194.1.2
128.194.1.3
EA
EB
ARP Reply
128.194.1.3
128.194.1.2
Erj
EA
DNS Query
128.194.1.2
128.194.1.3
Symposium
Web,
simulator
Twenty-Fourth
on Computer Ind.).
Science Education
Association
for
SIGCSE
for
(Feb.
Computing
MD 1993, 145-150.
Hamilton,
Jr., J. A., Ratterree,
Hamilton, Jr., J. A., Ratterree, A., Muppidi, S., Cunningham, W., Getting’inside and resources.
G. R. and Pooch,
U. W., A
your local area network:
Hamilton, Jr., W.,. Distributed
6
Heybey, A., The
network
of
Science,
of
G. R., Brutch, P., Karmarkar, C., Fisch, E. and Pooch, U.
Cross Talk, 8, 1 (1995),
5
tools, techniques
19-23.
J. A., Nash, D. A., and Simulation, CRC Press, Boca
Pooch, Raton,
U. FL,
1996,
...
Computer
Technology, Student involvement in the tracing instruction is critical since otherwise a lecture on tracing complex commands will become tedious. The hand tracing process is the key to understanding the actual operation of a layered communications architecture. Once students develop basic proficiency, automated tools can be used to observe the actual movement of packets on an operational network [3]. We consider the use of automated tools to observe an operational network highIy desirable, but not essential to successfully employ our packet tracing method. A good discussion of tools available on the Internet maybe found in [4].
tracing
Wide
toolkit for monitoring the utilization and performance computer networks. Simulation. 64, 5 (1995), 297-301.
Destination
4 Packet
World
performance
networking.
Indianapolis,
Machinery, The first part of the solution
the
B. L., An ethernet
undergraduate Technical
on
edu:8O/xkernel/doc/.
7
Marti,
W.
exercises.
8
simulator
F. and
Hamilton.
In Workshop
experiences
164
Institute
of
Jr., J. A.,
at the 1996 Special
Packet
tracing
Interest
Group
on Computer Science Education, Penn.) Association for Computing
(Feb. 15-17 Philadelphia, Machinery, MD 1996,
Paxson, V., and Floyd,
area traffic:
Pooch,
u.
w.,
Telecommunications Raton, FL, 1991.
The student response to the packet tracing exercises has been very positive. This technique has been used for the past five years in
2,1, Laboratory
1990.
S., Wide
~oisson modelirw, IEEE/ACM ~, 3 (1995) 226-~44. 9
version
Massachusetts
Machuel, and
Transactions
D. Networking,
the failure on Networkirw.
of “.
and McCahn, J., CRC Press, Boca
