CS 453 - Assignment Set 2 (Spring 2003)

Given: March 13, 2003

Due: May 2 (Friday), 2003

Language Options: C, C++, or Java

OS Options: Must run on CSEE shell servers

Part 1 [60 points total]: Construct a packet trace filtering tool. The captured packets are stored as a sequence of records in a file with the format below.
```
 0                             15                              31
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Capture Second                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                     Capture Microsecond                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                        Capture Length                         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                          IP Header                           ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       TCP/UDP Header                         ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                       Data (Optional)                        ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...                                                             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                 Capture Second (Packet 2)                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              Capture Microsecond (Packet 2)                   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                 Capture Length (Packet 2)                     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                      IP Header (Packet 2)                    ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
...
```
The capture seconds are measured since the epoch on January 1, 1970. Microseconds is the number of microseconds within that second. This is the standard C timeval structure timing. The capture length is the number of bytes captured of the message. The processing takes the form of the following.
- A [25 points]: Display information for each IP packet in a condensed format. This format must follow the form below for each IP packet
  HH:MM:SS.UUUUUU IP.port -> IP.port Proto TCPFlags Datalen
  Where HH:MM:SS.UUUUUU displays the capture time of the packet onset from the time of the first packet. The time of the first packet must be displayed to indicate the start of the capture. Proto is either "TCP" or "UDP" depending on the protocol field. TCPFlags is a set of characters specifying the TCP flags that are set. These are U, A, P, R, S, or F. And Datalen is the length of the entire IP packet. An example would be:
  Capture starts on: Tue Mar 11 20:15:37 EST 2003 and 034083 microseconds 00:00:00.000000 157.182.194.39.22 -> 157.182.194.28.7462 TCP S 40 00:00:00.005679 157.182.194.28.7462 -> 157.182.194.39.22 TCP S,A 40 . . .
  This would be an TCP packet with IP source address of 157.182.194.39 and source port of 22 going to IP destination address 157.182.194.28 and destination port 7462. The TCP flag that is set is SYN packet length is 40 bytes. The packet was captured at 00:00:00 and 0 microseconds after the capture started on Tuesday, March 11, 20:15:37 and 34083 microseconds.
- B [15 points]: Display only IP packets meeting specific IP address criteria. The Source IP address and/or the Destination IP address must match criteria given by the user. This criteria may include a netmask to apply to the IP address as well. This criteria may be given as command line arguments to the filter. With the -s argument specifying the Source IP address to look for and the -d argument specifying the Destination IP address to look for. e.g. $ pfilter -s 157.182.194.28/24 filename might only display information for IP packets that have a source IP address that falls in the 157.182.194.28/24 subnet. Both the Source IP address and Destination IP address may be given or just one of them may be given.
- C [5 points]: Instead of displaying the numbered dotted decimal representation of the IP address, try to use the resolver to obtain a hostname for the IP address. If the IP address is resolved, display that hostname, if not, display the numbered dotted decimal.
- D [15 points]: Check each packets IP checksum and TCP/UDP checksum and display whether the checksum is "correct" or "incorrect".
Part 2 [40 points total]: Construct a TFTP server. The server needs to process RRQ and WRQ TFTP commands. The server must be concurrent and only support the "octet" transfer mode. This part breaks down into the following pieces.
- A [20 points]: Mechanism to check a TFTP message to see if it is a correct RRQ or WRQ (octet mode, file that it can access/create, etc.). If not, it must send an appropriate TFTP Error message back to the client. This mechanism must create a second UDP socket to perform the actual transfer with to allow the main socket to be free to handle other connections. The mechanism here will need to open/create the requested file and send a TFTP message to the client on this new socket as dictated by the TFTP specification.
- B [10 points]: Mechanism to manage the RRQ transfer. It must send a TFTP Data message, wait for an ACK for 1 second, then send the TFTP Data message again if not received. If the same data message is sent 10 times, the transfer should be aborted.
- C [10 points]: Mechanism to manage the WRQ transfer. It must send a TFTP ACK message for each TFTP Data message it receives and must detect the end of the file correctly and close the file. If 10 seconds goes by without seeing a TFTP Data message after sending a TFTP ACK message, then the transfer should be aborted.

Notes: Your submissions must at least compile before any credit will be given. Submissions that do not compile will not be graded. Submissions submitted after the due date will not be graded. All work must be your own original work. To get partial credit for parts of the assignment, you must demonstrate that those pieces work by themselves. If you share code with others, you will be given a 0 for the assignment. This assignment set is worth 25% of your total grade.

Extra Credit

Value: up to +13% onto total grade

For extra credit, construct a DNS client application that can send queries for a given hostname or IP address. The application can also be given a list of domains to try in addition to the specified hostname alone. The application must send the query to a given DNS server, wait for the response (resending if necessary), and display all the Resource Records returned.

Todd L. Montgomery (revised 03.12.2003)