Time and Date Routines
Exercises
Question 10.1
Compare the actual number of network messages exchanged between a client and server using time protocol, for UDP versus TCP.
- Answer
Before moving to the actual packets exchanged between the client and the server, there is one thing that needs to be understood.
The client is communicating with the host sroot, which is basically the name which maps to the Internet address of the system. This is not by default and was done by me to write working programs for Chapter 8. The Internet address this host maps to is the one as seen in the en0 interface. It should be noted that I'm working on the same system, so the Internet address of client is identical to that of the server, which is sroot (host). The server also listens to port 37 (time) and port 13 (daytime). The port of client is arbitrary.
Although the Internet address is not a loopback address, when communication takes place within the same system, the loopback interface (lo0) is used for communication. So, attempting to sniff packets on en0 interface won't show any result, rather one needs to check the lo0 interface.
Also, the question mentions to compare for time protcol (37), but the result here is for both time and daytime. The reason for this is as there is no inetd in my machine, so there isn't any time server listening for client. I had to make my own server. The server I made serves both the time protocol as well as the daytime protocol. Also, the reason why the length of the packet for daytime is 512 is explained in inettime.c file.
[UDP] As for the actual question, the total packet sent, captured using tcpdump with the udp flag specified along with port 13 and port 37 are:
11:22:02.655209 IP (tos 0x0, ttl 64, id 32684, offset 0, flags [none], proto UDP (17), length 29, bad cksum 0 (->7745)!)
sroot.60005 > sroot.daytime: UDP, length 1
11:22:02.655471 IP (tos 0x0, ttl 64, id 4055, offset 0, flags [none], proto UDP (17), length 540, bad cksum 0 (->e51b)!)
sroot.daytime > sroot.60005: UDP, length 512
11:22:02.655900 IP (tos 0x0, ttl 64, id 50856, offset 0, flags [none], proto UDP (17), length 29, bad cksum 0 (->3049)!)
sroot.64595 > sroot.time: UDP, length 1
11:22:02.655938 IP (tos 0x0, ttl 64, id 47393, offset 0, flags [none], proto UDP (17), length 36, bad cksum 0 (->3dc9)!)
sroot.time > sroot.64595: UDP, length 8
Without the verbose -v flag, the output is:
12:31:17.152398 IP sroot.60887 > sroot.daytime: UDP, length 1
12:31:17.152526 IP sroot.daytime > sroot.60887: UDP, length 512
12:31:17.152883 IP sroot.52435 > sroot.time: UDP, length 1
12:31:17.152914 IP sroot.time > sroot.52435: UDP, length 8
This is obtained using the command tcpdump -i lo0 udp port 13 or udp port 37 -v. We can notice that 4 packets is being sent throughout the communication between the client and the server. Using Wireshark with filter as udp.port == 13 || udp.port == 37 yields a similar result.
But it should be noted that Wireshark must be informed to trace the lo0 interface as mentioned earlier.
[TCP] For TCP, the packet captured was as follows:
11:28:20.961324 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->b6d9)!)
sroot.56859 > sroot.daytime: Flags [S], cksum 0x8411 (incorrect -> 0xe208), seq 2013833583, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 72585980 ecr 0,sackOK,eol], length 0
11:28:20.961454 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->b6d9)!)
sroot.daytime > sroot.56859: Flags [S.], cksum 0x8411 (incorrect -> 0xcac7), seq 2057933781, ack 2013833584, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 2863357445 ecr 72585980,sackOK,eol], length 0
11:28:20.961469 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.56859 > sroot.daytime: Flags [.], cksum 0x8405 (incorrect -> 0x2bd1), ack 1, win 6379, options [nop,nop,TS val 72585980 ecr 2863357445], length 0
11:28:20.961483 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.daytime > sroot.56859: Flags [.], cksum 0x8405 (incorrect -> 0x2bd1), ack 1, win 6379, options [nop,nop,TS val 2863357445 ecr 72585980], length 0
11:28:20.962777 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 564, bad cksum 0 (->b4e5)!)
sroot.daytime > sroot.56859: Flags [P.], cksum 0x8605 (incorrect -> 0x59fe), seq 1:513, ack 1, win 6379, options [nop,nop,TS val 2863357447 ecr 72585980], length 512
11:28:20.962782 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.daytime > sroot.56859: Flags [F.], cksum 0x8405 (incorrect -> 0x29ce), seq 513, ack 1, win 6379, options [nop,nop,TS val 2863357447 ecr 72585980], length 0
11:28:20.962817 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.56859 > sroot.daytime: Flags [.], cksum 0x8405 (incorrect -> 0x29d5), ack 513, win 6371, options [nop,nop,TS val 72585982 ecr 2863357447], length 0
11:28:20.962828 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.56859 > sroot.daytime: Flags [.], cksum 0x8405 (incorrect -> 0x29d4), ack 514, win 6371, options [nop,nop,TS val 72585982 ecr 2863357447], length 0
11:28:20.962859 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->b6f1)!)
sroot.56859 > sroot.daytime: Flags [R.], cksum 0x83f9 (incorrect -> 0x02ec), seq 1, ack 514, win 6371, length 0
11:28:20.963853 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->b6d9)!)
sroot.56860 > sroot.time: Flags [S], cksum 0x8411 (incorrect -> 0xd1c0), seq 1803198552, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 1150908554 ecr 0,sackOK,eol], length 0
11:28:20.963949 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 64, bad cksum 0 (->b6d9)!)
sroot.time > sroot.56860: Flags [S.], cksum 0x8411 (incorrect -> 0xacf2), seq 3440759067, ack 1803198553, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 539125353 ecr 1150908554,sackOK,eol], length 0
11:28:20.963962 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.56860 > sroot.time: Flags [.], cksum 0x8405 (incorrect -> 0x0dfc), ack 1, win 6379, options [nop,nop,TS val 1150908554 ecr 539125353], length 0
11:28:20.963974 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.time > sroot.56860: Flags [.], cksum 0x8405 (incorrect -> 0x0dfc), ack 1, win 6379, options [nop,nop,TS val 539125353 ecr 1150908554], length 0
11:28:20.963981 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 0 (->b6dd)!)
sroot.time > sroot.56860: Flags [P.], cksum 0x840d (incorrect -> 0xabd0), seq 1:9, ack 1, win 6379, options [nop,nop,TS val 539125353 ecr 1150908554], length 8
11:28:20.963983 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.time > sroot.56860: Flags [F.], cksum 0x8405 (incorrect -> 0x0df3), seq 9, ack 1, win 6379, options [nop,nop,TS val 539125353 ecr 1150908554], length 0
11:28:20.963994 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.56860 > sroot.time: Flags [.], cksum 0x8405 (incorrect -> 0x0df4), ack 9, win 6379, options [nop,nop,TS val 1150908554 ecr 539125353], length 0
11:28:20.964001 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52, bad cksum 0 (->b6e5)!)
sroot.56860 > sroot.time: Flags [.], cksum 0x8405 (incorrect -> 0x0df3), ack 10, win 6379, options [nop,nop,TS val 1150908554 ecr 539125353], length 0
11:28:20.964009 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40, bad cksum 0 (->b6f1)!)
sroot.56860 > sroot.time: Flags [R.], cksum 0x83f9 (incorrect -> 0x8ab5), seq 1, ack 10, win 6379, length 0
A total of 18 packets were exchanged between the client and the server. The command used was tcpdump -i lo0 tcp port 13 or tcp port 37 -v.
Without the verbose -v flag, the output received is:
11:33:19.721105 IP sroot.56895 > sroot.daytime: Flags [S], seq 2852318545, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 2243816045 ecr 0,sackOK,eol], length 0
11:33:19.721218 IP sroot.daytime > sroot.56895: Flags [S.], seq 1326307678, ack 2852318546, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 581290541 ecr 2243816045,sackOK,eol], length 0
11:33:19.721235 IP sroot.56895 > sroot.daytime: Flags [.], ack 1, win 6379, options [nop,nop,TS val 2243816045 ecr 581290541], length 0
11:33:19.721249 IP sroot.daytime > sroot.56895: Flags [.], ack 1, win 6379, options [nop,nop,TS val 581290541 ecr 2243816045], length 0
11:33:19.721444 IP sroot.daytime > sroot.56895: Flags [P.], seq 1:513, ack 1, win 6379, options [nop,nop,TS val 581290541 ecr 2243816045], length 512
11:33:19.721449 IP sroot.daytime > sroot.56895: Flags [F.], seq 513, ack 1, win 6379, options [nop,nop,TS val 581290541 ecr 2243816045], length 0
11:33:19.721467 IP sroot.56895 > sroot.daytime: Flags [.], ack 513, win 6371, options [nop,nop,TS val 2243816045 ecr 581290541], length 0
11:33:19.721475 IP sroot.56895 > sroot.daytime: Flags [.], ack 514, win 6371, options [nop,nop,TS val 2243816045 ecr 581290541], length 0
11:33:19.721508 IP sroot.56895 > sroot.daytime: Flags [R.], seq 1, ack 514, win 6371, length 0
11:33:19.721989 IP sroot.56896 > sroot.time: Flags [S], seq 4091788874, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 715154156 ecr 0,sackOK,eol], length 0
11:33:19.722087 IP sroot.time > sroot.56896: Flags [S.], seq 975324587, ack 4091788875, win 65535, options [mss 16344,nop,wscale 6,nop,nop,TS val 983292238 ecr 715154156,sackOK,eol], length 0
11:33:19.722100 IP sroot.56896 > sroot.time: Flags [.], ack 1, win 6379, options [nop,nop,TS val 715154157 ecr 983292238], length 0
11:33:19.722112 IP sroot.time > sroot.56896: Flags [.], ack 1, win 6379, options [nop,nop,TS val 983292239 ecr 715154157], length 0
11:33:19.722118 IP sroot.time > sroot.56896: Flags [P.], seq 1:9, ack 1, win 6379, options [nop,nop,TS val 983292239 ecr 715154157], length 8
11:33:19.722122 IP sroot.time > sroot.56896: Flags [F.], seq 9, ack 1, win 6379, options [nop,nop,TS val 983292239 ecr 715154157], length 0
11:33:19.722133 IP sroot.56896 > sroot.time: Flags [.], ack 9, win 6379, options [nop,nop,TS val 715154157 ecr 983292239], length 0
11:33:19.722140 IP sroot.56896 > sroot.time: Flags [.], ack 10, win 6379, options [nop,nop,TS val 715154157 ecr 983292239], length 0
11:33:19.722147 IP sroot.56896 > sroot.time: Flags [R.], seq 1, ack 10, win 6379, length 0
Question 10.2
Compare the ICMP timestamp request and timestamp reply messages with the Internet time and daytime protocols. Which are more accurate?
- Answer
I failed to see any ICMP packet when attempting to sniff the packet. I assume one of the reason for this is cause of using the same machine as both client and the server, so ICMP isn't required. Another probable reason is, I have not yet seen the actual implementation of the daytime and time server provided by 4.3BSD's inetd. There may be transmission of ICMP packets with these implementation, but the server I created has no explicit ICMP message passing for the client.