CS354 A2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

TCP is sending data at 1 million octets per second (8 Mbps). If the sequence number starts with 7,000, how long does it take before the sequence number goes back to zero?

(2^32 - 7000) / 1,000,000 = 4295 sec ≈ 71.6 minutes

Given the IP address 180.25.21.172 and the subnet mask 255.255.192.0, what is the subnet address?

180.25.21.172 AND 255.255.192.0 = 180.25.0.0

Find the netid and the hostid of the following IP addresses 192.8.56.2 220.34.8.9 208.34.54.12 205.23.67.8 114.34.2.8 132.56.8.6 251.34.98.5

192.8.56.2 o Class C: first 24 bits describe network id o NetID: 192.8.56 = 11000000.00001000.00111000 o HostID: 2 = 00000010 220.34.8.9 o Class C: first 24 bits describe network id o NetID: 220.34.8 = 11011100.00100010. 00001000 o HostID: 9=00001001 208.34.54.12 o Class C: first 24 bits describe network id o NetID: 208.34.54 = 11010000.00100010.00110110 o HostID: 12=00001100 205.23.67.8 o Class C: first 24 bits describe network id o NetID: 205.23.67 = 11001101.00010111.01000011 o HostID: 8=00001000 114.34.2.8: netid = 114, host = 34.2.8 (class A) 132.56.8.6 netid = 132.56, host = 8.6 (class B) 251.34.98.5 can't be divided into netid and hostid (class E)

How many subnets do the following Class B masks create: a mask 255.255.128.0 a mask 255.255.224.0 a mask 255.255.248.0 a mask 255.255.252.0 a mask 255.255.254.0 a mask 255.255.255.0 a mask 255.255.192.0 a mask 255.255.0.0

2 subnets 8 subnets 32 subnets 64 subnets 128 subnets 258 subnets 4 subnets 1 subnet

What is the minimum network MTU required to send an IP datagram that contains at least one octet of data?

21 octets (20 octets for header)

Find the masks that create the following number of subnets in class B. 2 5 30 62 120 250

2: 255.255.192.0 5: 255.255.224.0 30: 255.255.248.0 62: 255.255.252.0 120: 255.255.254.0 250: 255.255. 255.0

A small organization has a Class C address for seven networks each with 24 hosts. What is an appropriate subnet mask?

7 networks = 2^3 = 8 24 hosts = 26 hosts = 2^5 (therefore 5 zeros in mask) 11111111.11111111.11111111.11100000 255.255.255.224

Definition of a flow

A Flow: is a sequence of packets sent between an O-D pair that follow the same route.

Suppose the drop policy at a router is to drop the highest-cost packet whenever queues are full, where the cost of a packet is defined as the product of its size by the time remaining that it will spend in the queue. Let Ni denote the size of packet i. When calculating the cost of packet i? you can use thesumof the sizes of the earlier packets instead of the remaining time. What advantages and disadvantages might such a policy offer, compared to tail drop?

Ads: Fewer packets would be dropped, reducing the number of flows affected by the congestion. Disads: computation overhead reduces the space that can be used for buffering on routers. Another drawback is the need to recompute cost whenever the queue advances.

Consider the three-way handshake authentication negotiation presented below. Explain how the Client can detect a false Server masquerading as the Server.

Another attack is if the real John sends a request to a fake bank. John will send the first message with his ClientID and random number x encrypted. The fake bank can't decrypt and recover x, so the fake bank sends a message back to John with some random value of x in the second message. The real John decrypts x and sees that it is not the value of x which he sent to the bank so he knows that this bank is not the real bank.

The UDP checksum is computed over the UDP header, the UDP body and the pseudo header. Explain why the pseudo header is useful even if the packet contents are not encrypted. Hint: consider a man-in-the middle attack which changes the IP header or the UDP header or the UDP payload. Explain if the change can be detected at the destination or not.

Because the pseudo header is only constructed at the source and the destination, and is not a part of the packet that is moving from router to router, a malicious router can change the packet header or the payload, but when the pseudo header is reconstructed on by the destination, it will not match the UDP checksum that the malicious router may have placed in the packet.

Find the class of the following IP addresses 208.34.54.12 238.34.2.1 114.34.2.8 129.14.6.8 241.34.2.8

C, D, A, B, E

Suppose a router has three input flows and one output flow. It receives the packets listed below all at about the same time, in the order listed, during a period when the output port of the router is busy and all the queues are empty. Give the order in which the packets are transmitted, assuming fair queueing scheduling.

CHECK pdf

Suppose a router has three input flows and one output flow. It receives the packets listed below all at about the same time, in the order listed, during a period when the output port of the router is busy and all the queues are empty. Give the order in which the packets are transmitted, assuming weighted fair queueing scheduling with flow 2 having twice as much share as flow 1 and flow 3 having 1.5 times as much share as flow 1.

CHECK pdf

The TCP congestion control policy uses receiver and congestion windows, the slow start algorithm and the threshold parameter. Assuming a maximum TCP segment size of 1 Kbyte, a TCP receiver window of 18 Kbyte and a congestion window set to 30 Kbyte when a timeout occurs, calculate the following, showing your working How big the congestion window will be if the next 9 sets of transmissions are all successful.

Congestion window will be set to one segment size and doubles with each successfully transmitted burst. After 4 bursts the congestion window = 8K. For transmission 5, congestion window will equal 15K (because it cannot exceed the threshold limit). For transmission 6, 7, 8 the congestion window increases by one segment (18 K bytes). For transmission 9, congestion window is 19K bytes. BUT please note that the transmission window is the smallest of the receiver and congestion windows. So sender transmission window is 18 Kbytes (not 19 Kbytes).

Difference between the CongestionWindow, AdvertisedWindow and the EffectiveWindow

CongestionWindow: how much in transit AdvertisedWindow: space available at the destination to accept incoming packets EffectiveWindow: the space in the buffer at the source that was available for new segments coming in

Consider the 3-way handshake on TCP connection setup. Suppose that an old SYN segment from host A arrives at host B requesting a TCP connection. Explain how the 3-way handshake procedure ensures that the connection is rejected.

Connection request arrives at host 2, but it is a connection request for an old connection. Host 2 treats it seriously and sends an ACK to host 1, and this reaches host 1 which realises this ACK is acknowledging a connection request that I did not send, so it rejects the connection request. OR (probs better) In a three-way handshake procedure, one must ensure the selection of the initial sequence number is always unique. If station B receives an old SYN segment from A, B will acknowledge the request based on the old sequence number. When A receives the acknowledgment segment from B, A will find out that B received a wrong sequence number. A will discard the acknowledgment packet and reset the connection.

Explain why each of the following statements is either true or false. Host A is sending a large file over a TCP connection to host B. If the sequence number for a segment for this connection is m, then the sequence number of the subsequent segment is necessarily m+1.

False, the sequence number of the subsequent segment depends on the number of 8-byte characters in the current segment.

Explain why each of the following statements is either true or false. The size of the TCP RcvWindow (advertisedWindow) never changes throughout the duration of the connection.

False. It is the size of the receiver's buffer that's never changed. RcvWindow is the part of the receiver's buffer that's changing all the time depending on the processing capability at the receiver's side and the network traffic.

Explain why each of the following statements is either true or false. Suppose that the last SampleRTT in a TCP connection is equal to 1 second. Then the current value of the Timeout Interval is necessarily ≥1 second.

False. Next_RTT = alpha x last_estimated_RTT + (1-alpha)xnewly_collected_RTT_sample. In this case even though the last sampleRTT which is the newly_collected_RTT_sample is 1sec, the next_RTT still depends on alpha and last_estimated_RTT. Therefore, the next_RTT is not necessarily greater than 1sec.

Explain why each of the following statements is either true or false. Suppose host A sends over a TCP connection to host B one segment with sequence number 38 and 4 bytes of data. In this same segment the acknowledgement number is necessarily 42.

False. The acknowledgement number has nothing to do with the sequence number. The ack. number indicates the next sequence number A is expecting from B.

Calculate the total time required to transfer a 1.5 MByte file in the following cases, assuming a RTT of 80 msecs, a packet size of 1 KByte and an initial 2 × RTT of "handshaking" before the data is sent the bandwidth is 10 Mbps and data packets can be sent continuously

File: 1.5MB to Bytes = 1.5 x 2^20 = 1572864 bytes 1572864 bytes to bit = 1572864 x 8 = 12582912 bits Initial Round trip time: 2 RTT ms = 80 + 80 = 160ms 160ms to seconds = 160/1000 = 0.16 seconds Throughput: 10mbps to bits per second = 10^6 = 10000000 bps Throughput = file size/time 1000000 bps = 12582912/t t = 1.258 seconds Propagation: RTT/2 as only sending one way RTT ms = 80 1⁄2(80) to seconds = 40/1000 = 0.04 seconds t = 0.04 seconds Total = Initial Round trip time + Throughput + Propagation = 0.16 + 1.258 + 0.04 = 1.458

Consider the 3-way handshake on TCP connection setup. Suppose that an old SYN segment from host A arrives at host B followed later by an old ACK segment from host A in response to a SYN segment from host B. Is this connection request also rejected? Explain why.

If an old SYN segment from A arrives at B, followed by an old ACK segment from A to a SYN segment from B, the connection will also be rejected. Initially, when B receives an old SYN segment, B will send a SYN segment with its own distinct sequence number set by itself. If B receives the old ACK from A, B will notify A that the connection is invalid since the old ACK sequence number does not match the sequence number previously defined by B. Therefore, the connection is rejected.

Describe why an application developer may choose to run an application over UDP rather than over TCP?

If packet loss isn't an issue in what they are creating then they might want to choose speed over reliability and in that case it would be better to use UDP. This is the case in most live streaming services

Hosts A and B are communicating over a TCP connection, and Host B has already received from A all bytes up through byte 126. Suppose Host A then sends two segments to Host B back-to-back. The first and second segments contain 80 and 40 bytes of data respectively. In the first segment, the sequence number is 127, the source port number is 302, and the destination port number is 80. Host B sends an acknowledgment whenever it receives a segment from Host A. If the first segment arrives before the secondsegment, in the acknowledgment of the first arrivingsegments, what is the ACK number, the source port number and the destination port number?

If the first segment arrives before the second, in the acknowledgement of the first arriving segment, the acknowledgement number is 207, the source port number is 80 and the destination port number is 302.

Hosts A and B are communicating over a TCP connection, and Host B has already received from A all bytes up through byte 126. Suppose Host A then sends two segments to Host B back-to-back. The first and second segments contain 80 and 40 bytes of data respectively. In the first segment, the sequence number is 127, the source port number is 302, and the destination port number is 80. Host B sends an acknowledgment whenever it receives a segment from Host A. If the second segment arrives before the first segment, in the ACK of the first arriving segment, what is the ACK number?

Ifthesecondsegmentarrivesbeforethefirstsegment,intheacknowledgementofthe first arriving segment, the acknowledgement number is 127, indicating that it is still waiting for bytes 127 and onwards.

What is the difference between congestion avoidance and congestion control?

In congestion avoidance we try avoid congestion altogether whereas with congestion control we try allow congestion and then control it once it has already occurred.

Why are different inter-AS and intra-AS protocols used in the Internet?

Inter-AS protocol uses Border Gateway Protocol -> Specializes in controlled distribution of routing information. (Focused on policy) Intra-AS protocol uses Router Information Protocol and OSPF -> Pays less attention to choosing routes and focuses more on performance. Routing within an AS: intra-domain routing - Interior Router Protocol IRP: each AS selects its own IRP - IRP is mostly driven by performance considerations.- Almost always OSPF - Is optimal • Routing between AS's: inter-domain routing - Exterior Router Protocol ERP: an Internet-wide standard - ERP depends on policy issues, economics, . . . as well as on performance. - Not optimal

If all the links in the Internet were to provide a reliable delivery service, would the TCP reliable delivery service be redundant? Explain why or why not?

It can take different flows and different routes as well as packets arriving out of order so TCP would still be useful.

Consider computation for a TCP checksum. Assume that although the checksum field in the segment has not been set to zero, the result of computing the checksum is zero. What can you conclude?

It means that the uncleared checksum field already has the actually checksum that need to send.

One of the TCP options permits a receiver to specify the maximum segment size it is willing to accept. Why does TCP support an option to specify maximum segment size when it also has a window advertisement mechanism?

MSS normally represents the maximum transmission unit (MTU) of the underlying network. As for the window field, it specifies how much data a receiver is willing to accept by specifying its buffer size. This establishes a form of congestion control for the node.

Are both UDP and TCP/IP unreliable to the same degree? Why or why not?

No, TCP is more reliableas packets are guaranteed to be deliveredwhereas with UDP packets can be dropped so it is not reliable.

A process on host 1 has been assigned port p, and a process on host 2 has been assigned port q. Is it possible for there to be two or more TCP connections between these two ports at the same time?

No. A pair of ports uniquely sets up ONE connection

Assume we have a simple network with 5 hosts and a router. The router connects each of the 5 hosts in a star topology. The RTT between each pair of hosts is 10 ms. Each host uses a simple UDP query and response protocol (i.e., each packet sent to a destination results in a single packet being sent back to the sender) to communicate between hosts. Additionally, if a sender does not receive a response within 20 ms, it retransmits the request. Multiple requests can be outstanding at one time, but each request will be retransmitted until a response is received. Assume that the router queue is empty at the beginning. All hosts start sending requests to each other at a very high (fixed) rate. Very shortly thereafter, we notice a congestion collapse. Briefly explain (however, please be precise about your assumptions) how each of the following techniques, if implemented, would affect/prevent the congestion collapse? Use a flow control window at each receiver to prevent buffer overruns.

Not really, since flow control will not help as it doesn't directly help reduce the traffic sent to the router. Note, flow control is not the same as congestion control.

Do port addresses have to be unique? Why or why not? Why are port addresses shorter than IP addresses?

Port addresses do not need to be universally unique as long as each IP address/port address pair uniquely identify a particular process running on a particular host.Port addresses are shorter than IP addresses because their domain, a single system, is smaller than the domain of IP addresses

Calculate the total time required to transfer a 1.5 MByte file in the following cases, assuming a RTT of 80 msecs, a packet size of 1 KByte and an initial 2 × RTT of "handshaking" before the data is sent the bandwidth is 10 Mbps but after we finish sending each data packet we must wait one RTT before sending the next data packet

We take the previous time and times it by the number of seconds it will take to send all the packets: Each packet: 1KB to Bytes = 1 x 2^10 = 1024 bytes 1024 bytes to bit = 1024 x 8 = 8192 bits Number of times a packet is sent: File/ Each packet 12582912/8192 = 1536 (but don't have to wait for the last packet to be sent so -1 = 1535 times per packet Time to send all packets: Number of times a packet is sent*RTT 1535*0.08 = 122.8 seconds Total = previous answer + time to send all packets =1.458 + 122.8= 124.258 seconds

A university has 150 LANs with 100 hosts on each LAN. Suppose the university has one class B address. Design an appropriate CIDR addressing scheme

check

A university has 150 LANs with 100 hosts on each LAN. Suppose the university has one class B address. Design an appropriate subnet addressing scheme.

check

An ISP is granted a block of IPV4 addresses starting with 190.100.0.0/16. The ISP needs to distribute these addresses to three groups of customers as follows: 1. the first group has 64 customers: each customer needs 256 addresses2. the second group has 128 customers: each customer needs 128 addresses 3. the third group has 128 customers: each customer needs 64 addresses. Design an address allocation scheme whereby blocks of addresses are assigned to the customers in each group. How many addresses are available after the addresses have been allocated?

check

Calculate the total time required to transfer a 1.5 MByte file in the following cases, assuming a RTT of 80 msecs, a packet size of 1 KByte and an initial 2 × RTT of "handshaking" before the data is sent Zero transmission time (infinitely fast transmission), but during the first RTT we can send 1 packet, during the second RTT we can send 2 packets, during the third RTT we can send 2^3−1 = 4 packets, and so on.

check

(check pdf) Suppose a router has built up a routing table as shown below. Explain what the router does with a packet addressed to each of the following destinations: 128.96.39.10 128.96.40.12 128.96.40.151 192.4.153.17 192.4.153.90

check pdf

How many bits do the following masks have: the mask 255.255.255.0 the mask 255.0.0.0 the mask 255.255.224.0 the mask 255.255.240.0

has /24 bits has /8 bits has /19 bits has /20 bits

Calculate the network IDs and the host IDs of the following: 114.34.2.8 19.34.21.5 23.67.12.1 127.23.4.0 192.34.5.1

i. 114.34.2.8 The net ID is 114 and host ID is 34.2.8 ii. 19.34.21.5 The net ID is 19 and the host ID is 34.21.5 iii. 23.67.12.1 The net ID is 23 and the host ID is 67.12.1 iv. 127.23.4.0 The net ID is 127 and the host ID is 23.4.0 V. 192.34.5.1 The net ID is 192.34.5 and the host ID is 1

Consider the routing table using CIDR shown in Table 1. The notation /12 in 196.80.0.0/12 denotes a netmask with 12 leading bits namely 255.240.0.0. Explain to what next hop the packets with the following addresses will be delivered: i. 196.94.19.135; ii. 196.94.34.9; iii. 195.65.128.2; iv. 94.67.145.18; v. 196.109.49.46; vi. 196.107.49.46

i. A ii. A iii. E iv. F v. E vi. E

Calculate the total time required to transfer a 1.5 MByte file in the following cases, assuming a RTT of 80 msecs, a packet size of 1 KByte and an initial 2 × RTT of "handshaking" before the data is sent the link allows infinitely fast transmission, but limits the bandwidth such that only 20 packets can be sent per RTT

if 20 packets can be sent per RTT then we take the total number of packets that are sent and divide that by 20 to see how many RTTs we will use. Number of RTTs 1535/20 = 76.75 Time to send RTTs 76.75*RTT 76.75*0.08 = 6.14 seconds Total time = initial RTTs + time to send other RTT's: = 6.14 + 0.16 = 6.3 seconds

What does a 19 bit class B subnet mask imply?

network-id: 16 bit identifier subnet id: 3 bits 2^3 = 8 = 8 subnets host-id: 13 bits: 21^3 = 8192-2 = 8190 hosts

Suppose you are doing RSA encryption. Where p and q are the prime numbers used in the calculation of the keys: Let p = 11 and q = 3 i. find a value for the encryption key (e) ii. find the value of the decryption key (d) iii. encrypt the message m =14 iv. decrypt the message c =5.

p = 11, q=3 n = 11 x 3 = 33 num = (11-1)(3-1) = 20 first prime to not fit num e= 3 (#(num) + 1 )/e = (int) d (1(20)+1)/3 = 7 (is an integer) Therefore d = 7 public <3, 33> private <7, 33> Encrypt m = 14 m^(e)mod(n)= 14^(3)mod33 = 5 Decrypt c = 5 c^(e)mod(n)= 5^(7)mod33 = 14

Suppose you are doing RSA encryption. Where p and q are the prime numbers used in the calculation of the keys: Let p = 3 and q = 7 i. find a value for the encryption key (e) ii. find the value of the decryption key (d) iii. encrypt the message m =14 iv. decrypt the message c =5.

p = 3, q=7 n = 3 x 7 = 21 num = (3-1)(7-1) = 12 first prime to not fit num e= 5 (#(num) + 1 )/e = (int) d (1(12)+1)/5 = 2.6 (not an integer) (2(12)+1)/5 = 5 (is an integer) Therefore d = 5 public <5, 21> private <5, 21> Encrypt m = 14 m^(e)mod(n)= 14^(5)mod21 = 14 Decrypt c = 5 c^(e)mod(n)= 5^(5)mod21 = 17

TCP waits until it receives three duplicate acks before it retransmits a segment using fast retransmit. Why did the designers choose to wait three dup acks and not trigger a retransmit on the first dup ack?

Suppose packets n, n+1, and n+2 are sent, and that packet n is received and ACKed. If packets n+1 and n+2 are reordered along the end-to-end-path (i.e., are received in the order n+2, n+1) then the receipt of packet n+2 will generate a duplicate ack for n and would trigger a retransmission under a policy of waiting only for second duplicate ACK for retransmission. By waiting for a triple duplicate ACK, it must be the case that two packets after packet n are correctly received, while n+1 was not received. The designers of the triple duplicate ACK scheme probably felt that waiting for two packets (rather than 1) was the right tradeoff between triggering a quick retransmission when needed, but not retransmitting prematurely in the face of packet reordering.

Fill in the table using the Karn/Partridge Algorithm: Consider a sequence of six packets where the second & third packets are subject to one & two timeouts respectively.

(look at table in pdf) The first packet is transmitted with scaleFactor C = 1. The first packet is not re-transmitted: C = 1 is passed on to the second packet. The second packet is first transmitted with C = 1 & is re-transmitted with C = 2: C = 2 is passed on to the third packet. ThethirdpacketisfirsttransmittedwithC=2 & then re-transmitted with C=4 & C=8. C=2 is passed on to the fourth packet. The fourth packet is transmitted with C = 8 but, because it is not re-transmitted, C = 1 is passed on to the fifth packet. The fifth & sixth packets are both transmitted with C = 1 & are not subject to timeouts hence they pass C = 1 on to their successors.

Write the following masks in CIDR /n format. 255.255.255.0 255.0.0.0 255.255.224.0 255.255.240.0

/24 /8 /19 /20

Explain what is meant by and the principles behind the following TCP concepts Two-way handshake

A connection establishment calls for the exchange of SYNs, a procedure sometimes referred to as a two-way handshake. Suppose that A issues a SYN to B. It expects to get a SYN back, confirming the connection.

Do you expect a high-speed local area network to have larger or smaller MTU size than a wide area network?

A larger MTU would result in higher efficiency (data to overhead ratio), but lower granularity of traffic control. Since bandwidth is more precious at the WAN level and traffic control is crucial, a smaller MTU for a WAN is more appropriate. A dropped packet will only cause minimal wasted bandwidth. However, with high- speed LANs, these issues are not crucial and there are much lesser users to compete. Thus, these LANs could afford to have larger MTUs Large MTU: more efficient but higher congestion (WAN needs less congestion) Therefore: LAN: large MTU WAN: small MTU

Consider the Random Early Discard (RED) congestion notification algorithm. if AvgLen <= MinThreshold then enqueue packet if AvgLen >= Max Threshold then drop the arriving packet else { calculate propability P drop arriving packet with probability P } Consider a router that is used by many TCP flows. Explain how RED avoids the synchronised back- off/slow-start surges that are a feature of tail drop?

RED looks at the average queue length at the router and if the average queue length is such that the router thinks that although it is not congested now if the queue keeps building up then congestion will occur, then the router will drop their packet with a certain drop probability even though there is space for the packet. This will result in no ACK being sent back and if this happens three times (triple duplicate ACKS) then the source will timeout and adjust its congestion window. my answer: By dropping some packets early rather than waiting until the buffer is full, RED avoids dropping large numbers of packets at once and minimizes the chances of global synchronization

Why does TCP avoid measuring the SampleRTT for re-transmitted segments?

Retransmitted can result in sampleRTT that are outliers. Either the sampleRTT is way too short, as the timer is restarted and then the original ACK arrives immediately, or they can be too long, where the retransmitted segments ACK comes back but the sampleRTT is measured from the time that the original transmission was sent. This can influence the amount of time before a timeout occurs if it is included in the calculation.

Give a brief summary of the differences between the different types of Congestion avoidance strategies

Router Centric: DEC and RED DEC: monitors average queue length sets a congestion bit if the buffer at the router in the recent past was congested. RED: monitors average queue length at the routers and if it thinks it could drop soon then it drops all packets with some probability Host Centric: TCP Vegas TCP Vegas: source host watches for some sign of routers queue building up, it uses BaseRTT.

Difference between hard and soft state

SOFT STATE: information to make resource allocation decisions for packets belonging to different flows. (Each router maintains - TCP uses) HARD STATE: information is created by signalling.

Hosts A and B are communicating over a TCP connection, and Host B has already received from A all bytes up through byte 126. Suppose Host A then sends two segments to Host B back-to-back. The first and second segments contain 80 and 40 bytes of data respectively. In the first segment, the sequence number is 127, the source port number is 302, and the destination port number is 80. Host B sends an acknowledgment whenever it receives a segment from Host A. In the second segment sent from Host A to B, what are the sequence number, source port number, and destination port number?

Sequence number is 207, source port number is 302 and destination port number is 80.

Consider a TCP connection between host A and host B. Suppose that TCP segments travelling from host A to host B have source port number x and destination port number y. What are the source and destination port numbers from the segments travelling from host B to host A?

Simply reverse the source and destination of the A->B relationship: Source = y, Destination = x

Lost TCP acknowledgements do not necessarily force retransmission. Why

Since TCP ACKs are cumulative, the lost ACKs may not trigger retransmission. If a subsequent ACK is received within the timeout of the previous unacknowledged segment, the lost ACK would just go unnoticed.

Consider the three-way handshake authentication negotiation presented below. Explain how the Server can detect a false Client masquerading as the Client.

Suppose the client isn't actually the Client but rather pretending to be (say James is pretending to be john for example). The client sends a message over TCP to the Server lets take a bank for example) saying that it is John along with a random number, but the fake client, James doesn't know what Johns client handshake key is, so he takes a guess. The real Server sees the message is from John but doesn't know that it isn't really John. So the bank looks up John's client handshake key and decrypts the message. The value it gets will be junk, so the bank responds with x+1 but x is the wrong value anyway, and x+1 and y are encrypted with the server handshake key and this message gets back to John who ignores the first part of the message and now needs to extract y. Fake John can't do this since he doesn't know what the server handshake key is, so he makes his own value of y and takes a chance. Fake John then responds to the bank and when the bank decrypts this message and sees that the value of y is incorrect then the bank knows that the client is not John.

Suppose the drop policy at a router is to drop the highest-cost packet whenever queues are full, where the cost of a packet is defined as the product of its size by the time remaining that it will spend in the queue. Let Ni denote the size of packet i. When calculating the cost of packet i? you can use thesumof the sizes of the earlier packets instead of the remaining time. Give an example of a sequence of queued packets for which dropping the highest-cost packet differs from dropping the largest packet.

Suppose the queue contains three packets. The first = size 5 sum = 5*1 = 5 The second = size 15 sum = 15*5 = 75 The third = size 5 sum = 5*20 = 100 Using the sum of the sizes of the earlier packets as the measure of time remaining, the cost of the third packet is 5 ×20 = 100, and the cost of the (larger) second is 15 ×5 = 75. So the third one is dropped but this is not the largest size packet.

Consider the Random Early Discard (RED) congestion notification algorithm. if AvgLen <= MinThreshold then enqueue packet if AvgLen >= Max Threshold then drop the arriving packet else { calculate propability P drop arriving packet with probability P } The packet drop probability P is a function of count which counts the packets which were queued since the last packet drop. Explain how count ensures that closely spaced packet drops are unlikely.

TempP = MaxP * (AvgLen - MinThreshold) / (MaxThreshold - MinThreshold) P = TempP/(1 - count * TempP) Count counts the packets which were queued since the last drop. So if count is zero, then P = tempP, which is a smaller probability of a packet being dropped than when count is greater than zero, which means a packet has been dropped for some time, and this would lead to P increasing as count increases. If count is a large number, you can see that in the formula above P will increase as count increase.

Consider a RED gateway with MaxP = 0.02, and with an average queue length halfway between the two thresholds Find the drop probability Pcount for count = 10 and count = 50.

TempP = MaxP x (AvgLen-MinThreshold)/(MaxThreshold-MinThreshold) AvgLen is halfway between MinThreshold and MaxThreshold, which implies that the fraction here is 1⁄2 and so: TempP = MaxP x 1/2 = 0.01 Pcount = TempP/(1 − count × TempP) = 0.01/(1−(count x TempP)). = 0.01/(1−(count x 0.01)). Count = 10: = 0.01/(1−10*0.01) = 0.0111 Count = 50: = 0.01/(1−50*0.01) = 0.02

TCP sends a segment at 4:30:20. It does not receive an acknowledgment. At 4:30:25, it retransmits the previous segment. It receives an acknowledgment at 4:30:27. What is the new value for RTT according to Karn's algorithm if the previous RTT was 4 seconds?

The RTT is not recalculated because, according to Karn's algorithm, it is only updated based on an acknowledged segment, not a retransmitted one. (other answer) Karn's Algorithm states that when there is retransmission ambiguity, RTT measurements are ignored

Explain what is meant by and the principles behind the following TCP concepts Additive increase/multiplicative decrease

The additive-increase/multiplicative-decrease (AIMD) algorithm is a feedback control algorithm. TCP adjusts the rate at which traffic is offered to the network to adapt to changes in the available capacity at the routers. Additive Increase: It first sends out one segment, it gets to the destination and the destination sends back an acknowledgement. You increase the congestion window by 1 (so the congestion window is now 2) and you send out 2 segments. 2 ACK's come back after one round trip time and the congestion windows in increased by 1 so the congestion window size is now 3 and we send out three segments etc . Multiplicative decrease: So whenever a timeout does occur (eventually occur because you're increasing the Congestion window) so sooner or later an ACK won't come back, so in that case you divide the congestion window by 2. (This is called the multiplicative decrease).

Explain what is meant by and the principles behind the following TCP concepts Three-way handshake

The algorithm used by TCP to establish and terminate a connection is called a three-way handshake. The three-way handshake involves the exchange of three messages between the client and the server. To establish a connection, the three-way (or 3-step) handshake occurs: (a) SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value x. (b) SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. x+1, and the sequence number that the server chooses for the packet is another random number, y. (c) ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. x+1, and the acknowledgement number is set to one more than the received sequence number i.e. y+1. At this point, both the client and server have received an acknowledgment of the connection. The steps 1, 2 establish the connection parameter (sequence number) for one direction and it is acknowledged. The steps 2, 3 establish the connection parameter (sequence number) for the other direction and it is acknowledged.

A subnet mask in class B can have ......... 1s with the remaining bits 0s.

The first 16 bits are network identifier then subnet identifier 255.255 = 11111111.11111111 then a Class B always starts with 10... so it can have 16, 1's for the network ID and then a 10.... so it can have 16+1=17 leading ones.= 17

A subnet mask in class C has twenty-five 1s. How many subnets does it define?

The first 24 bits are network identifier then subnet identifier 255.255.255.128 = 11111111.11111111.11111111.10000000 Therefor 2^1 = 2 in total

Find the host ranges of the following IP address: 150.32.64.34/20

The full hostid range is Network - Broadcast = 150.32.64.0 to 150.32.77.255 The hostid range that is useable is 150.32.64.1 to 150.32.79.254

Why do all the Internet protocols (IP, ICMP, IGMP, UDP, TCP) quietly discard a packet that arrives with a checksum error?

The source IP address, source port number or protocol field might have been corrupted.

Consider the routing table using CIDR shown in Table 1. The notation /12 in 196.80.0.0/12 denotes a netmask with 12 leading bits namely 255.240.0.0. Explain why the last three entries in the routing table cover every address and serve as default routes.

The last 3 entries are default routes because they cover every possible IP address with very short masks. In a shortened notation each of the bottom 3 entries, cover 1....., 01....., 00.....128.0.0.0 = = 10000000.00000000.00000000.0000000064.0.0.0 = 01000000.00000000.00000000.00000000 0.0.0.0 = 00000000.00000000.00000000.00000000So if it doesn't start with a 196 then you find the longest common prefix in binary. For example: 195.65.128.2: 195.65.128.2: 11000011.X.X.XTherefore its longest common prefix is the one that starts with 10000000 = 128. So we find the subnet number of 195.65.128.2 AND 128.0.0.0/1 subnet mask (255.12.0.0) and see which route it takes you one.

What is the main benefit that RED provides when compared to drop tail?

The main benefit of RED is that it tries to be 'proactive' and avoid congestion while tail drop is a congestion control mechanism and more 'reactive'. So RED is congestion avoidance and tail drop is congestion control.

Suppose a host wants to measure the reliability of a TCP connection by sending packets and measuring the percentage that are correctly received. Explain why this method cannot be used to measure the reliability of a TCP connection.

The problem is that there is no way to determine whether a packet arrived on the first attempt or whether it was lost and retransmitted. Having the receiver echo back immediately and measuring the elapsed times would help.

The UDP checksum is computed over the UDP header, the UDP body and the pseudo header. Describe the contents of the pseudo header.

The pseudo header consists of three 32-bit words, the source address the destination address, the protocol number (which is 17 for UDP packets) the length of the UDP data field.

The UDP checksum is computed over the UDP header, the UDP body and the pseudo header. What is the purpose of the pseudo header?

The pseudo header protects against accidental or malicious corruption of the UDP packet contents. It also verifies that the message has been delivered between the correct 2 endpoints.

Why is the IPV4 header and the first 8 bytes of the datagram payload included in the body of an error-reporting ICMPV4 message?

The reason that the IP header and first 8 bytes of a datagram data in the error reporting ICMP message is included is to help you understand what conditions might have created the error message. For example, destination unreachable messages have a few causes that the original header might provide. Sometimes the source IP address is very helpful in determining which router interface the ICMP ping message was sent. Sometimes it's not the interface you would think! Or you might have entered the wrong destination IP to ping. This would be helpful in relentlessly pursuing network or host unreachable messages. (google drive answer). The sender may like to know which one of its packets the ICMP message refers to.

The maximum size of an IP packet is determined by the Maximum Transmission Unit (MTU) of the layer 2 protocol at the source, destination and intermediate networks. TCP knows the MTU of the endpoint networks, but not of the intermediate networks. Describe how TCP discovers the MTU of the intermediate networks.

The source sends an IP packet of maximum size (max of source and destination MTU's) to the destination with the DoNotFragment bit set inside the packet. If the packet makes it to the destination, then the MTU is large enough for all intermediate networks. If one network has an MTU that is smaller than the current MTU, then the packet will have to be fragmented, but since the DoNotFragment bit is set, it can't be fragmented and instead the IP packet is discarded and an ICMP error is sent to the source. The source will the send a smaller packet with an MTU that is half of what it previously was, and if the packet again requires to be fragmented by another router, the MTU will be halved until the packet can get from the source to the destination without any router requiring to fragment the packet.

What is a phishing attack?

The three-way handshake authentication negotiation can all fail if the fake client or fake bank find what the server and client handshake keys are and this is why phishing attacks exist.

Higher TCP throughput can be achieved by using larger windows. However, the size of the field in the TCP segment header that announces the advertised window is 16 bits wide. How does TCP allow larger window sizes?

This is done by specifying a one byte shift count in the header options field. The true receive window size is left shifted by the value in shift count. The window size is advertised to the receiver via the AdvertisedWindow field in the TCP header.

Suppose the drop policy at a router is to drop the highest-cost packet whenever queues are full, where the cost of a packet is defined as the product of its size by the time remaining that it will spend in the queue. Let Ni denote the size of packet i. When calculating the cost of packet i? you can use thesumof the sizes of the earlier packets instead of the remaining time. Give an example where two packets exchange their relative cost ranks as time progresses.

We again measure cost in terms of size; i.e. we assume it takes 1 time unit to transmit 1 size unit. A packet of size 3 arrives at T=0, with the queue such that the packet will be sent at T=5. A packet of size 1 arrives right after. At T=0 the costs are 3 × 5 = 15 and 1 × 8 = 8. At T=3 the costs are 3 ×2 = 6 and 1 ×5 = 5. At T=4 the costs are 3×1 = 3 and 1×4 = 4; cost ranks have now reversed. At T=5 the costs are 0 and 3.

Assume we have a simple network with 5 hosts and a router. The router connects each of the 5 hosts in a star topology. The RTT between each pair of hosts is 10 ms. Each host uses a simple UDP query and response protocol (i.e., each packet sent to a destination results in a single packet being sent back to the sender) to communicate between hosts. Additionally, if a sender does not receive a response within 20 ms, it retransmits the request. Multiple requests can be outstanding at one time, but each request will be retransmitted until a response is received. Assume that the router queue is empty at the beginning. All hosts start sending requests to each other at a very high (fixed) rate. Very shortly thereafter, we notice a congestion collapse. Briefly explain (however, please be precise about your assumptions) how each of the following techniques, if implemented, would affect/prevent the congestion collapse? Double the size of the queue in the router.

This might also help avoid collapse. If the router buffers are currently shallow then increasing the size of the queue can possibly help as it can reduce the number of retransmissions.

Assume we have a simple network with 5 hosts and a router. The router connects each of the 5 hosts in a star topology. The RTT between each pair of hosts is 10 ms. Each host uses a simple UDP query and response protocol (i.e., each packet sent to a destination results in a single packet being sent back to the sender) to communicate between hosts. Additionally, if a sender does not receive a response within 20 ms, it retransmits the request. Multiple requests can be outstanding at one time, but each request will be retransmitted until a response is received. Assume that the router queue is empty at the beginning. All hosts start sending requests to each other at a very high (fixed) rate. Very shortly thereafter, we notice a congestion collapse. Briefly explain (however, please be precise about your assumptions) how each of the following techniques, if implemented, would affect/prevent the congestion collapse? Double the timeout value from 20 ms to 40 ms.

This might help avoid the collapse. If the buffers in the router are deep, then there is a possibility that the packet is still in the router queue when we decide to retransmit the packet. Hence, there is a chance that increasing the timeout may prevent congestion collapse as this can possible give the packet a chance to make it out of the router queue.

Assume we have a simple network with 5 hosts and a router. The router connects each of the 5 hosts in a star topology. The RTT between each pair of hosts is 10 ms. Each host uses a simple UDP query and response protocol (i.e., each packet sent to a destination results in a single packet being sent back to the sender) to communicate between hosts. Additionally, if a sender does not receive a response within 20 ms, it retransmits the request. Multiple requests can be outstanding at one time, but each request will be retransmitted until a response is received. Assume that the router queue is empty at the beginning. All hosts start sending requests to each other at a very high (fixed) rate. Very shortly thereafter, we notice a congestion collapse. Briefly explain (however, please be precise about your assumptions) how each of the following techniques, if implemented, would affect/prevent the congestion collapse? If a query is not answered within a timeout interval, multiplicatively reduce the maximum rate at which the client sends query packets.

This will most definitely help. This is in essence, the multiplicative decrease that TCP uses.

The TCP congestion control policy uses receiver and congestion windows, the slow start algorithm and the threshold parameter. Assuming a maximum TCP segment size of 1 Kbyte, a TCP receiver window of 18 Kbyte and a congestion window set to 30 Kbyte when a timeout occurs, calculate the following, showing your working The new threshold parameter;

Threshold parameter is set to half the current congestion window i.e. Threshold = 15K

Consider a TCP connection to a text editor that reacts to every keystroke. Explain why TCP transfers 162 bytes for each character that is sent to the editor and echoed on the screen.

When a single character is typed, the sender sends one character to the text editor, which is a 41 byte IP packet (IP packet with 20 byte header, payload of IP packet is a TCP segment with a 20 byte header and 1 byte of data). The text editor receives the character and sends an ACK back to the computer which is a 40 byte IP packet (IP packet with 20 byte header and a payload which is a TCP segment with a 20 byte header and no data). Now the text editor will read the one character from the receiver buffer, so the size of the receiver buffer has changed and that change must be sent to the sender in an ACK with an AdvertisedWindow update, which is an IP packet of 40 bytes (IP packet with 20 byte header and payload is a TCP segment with 20 byte header and AdvertisedWindow in TCP segment has been updated). Then the text editor sends the character to the computer to be displayed on the screen, which is another 41 byte IP packet (IP packet with 20 byte header, and a payload which is a TCP segment made up of a 20 byte header and 1 byte of data). Thus total bytes = 41 + 40 + 40 + 41 = 162 bytes.

Suppose an implementation of TCP uses initial sequence number 1 when it creates a connection. Explain how a system crash and restart can confuse a remote system into believing that the old connection remained open.

When crashed node recovers and sends a TCP SYN packet with ISN 1 and same port, the remote system will presume that this SYN packet is a duplicate packet and simply discard it after checking the segment header.

Assume that TCP is sending segments using a maximum window size (64 KBytes) on a channel that has infinite bandwidth and an average round trip time (RTT) of 20 ms. What is the maximum throughput? How does the throughput change if the RTT increases to 40 ms (while the bandwidth remains infinite)?

Window size in bytes = 64 x 1024 = 65536 bytes Window size in bits = 65536 x 8 = 524288 bits RTT in seconds = 20/1000 = 0.02 Speed = distance/time = 524288/0.02 = 26214400 bits per second OR: Max throughput = (64 * 1024 * 8) / (20 * 10^-3 ) = 26,214,400 bps Window size in bits = 524288 bits RTT in seconds = 40/1000 = 0.04 Speed = distance/time = 524288/0.04 = 13107200 bits per second OR: Max throughput = (64 * 1024 * 8) / (40 * 10^-3 ) = 13,107,200 bps

Is it possible for an application to enjoy reliable data transfer even when the application runs over UDP? If so, how?

Yes, by enforcing acknowledgements (ARQ) on an application layer rather than relying on the transport layer. This is done in our project while implementing RBUDP (reliable blast) and requires sequence numbers to be reordered and resent if the packet does not arrive.

Imagine an implementation of TCP that discards segments that arrive out of order, even if they fall in the current window. That is, the imagined version only accepts segments that extend the byte stream it has already received. Does it work? How does it compare to a standard TCP implementation?

Yes, it should work. However, it may cause many retransmissions of properly received out of order segments. This is a pure Go-Back-N scheme. As such, we could expect reduced network throughput.

May timeouts still occur in TCP even when the fast retransmit mechanism is being used? Under what circumstances ?

Yes.We may still lose a batch of packets, or else the window size is small enough that three subsequent packets aren't sent before the timeout. Fast retransmit needs to receive three duplicate ACKs before it will retransmit a packet. If so many packets are lost (or the window size is so small) that not even three duplicate ACKs make it back to the sender, then the mechanism cannot be activated, and a timeout will occur.There may not be enough packets in transit to cause 3 duplicate ACK's 1.) Not enough packets to transfer to get the 3 duplicate ACKS 2.) So many packets are lost that not even 3 duplicate ACKS make it

A host has an IP address of 150.32.64.32 and a subnet mask of 255.255.240.0. a.) What is the address of the subnet? b.) What is the range of IP addresses that a host can have on this subnet?

a) 150.32.64.0 b) The full hostid range is Network - Broadcast = 150.32.64.0 to 150.32.79.255 The hostid range that is useable is 150.32.64.1 to 150.32.79.254

Suppose host A sends two TCP segments back-to-back to host B. The first segment has sequence number 90; the second segment has sequence number 110. a) How much data is in the first segment? b) Suppose the first segment is lost but the second segment arrives at B. In the acknowledgement that host B sends to host A, what will be the acknowledgement number?

a.) 110-90 = 20 b.) The acknowledgment number will be first segment of sequence number, that is 90.

TCP provides reliable transport of user data. Packet losses are detected in two ways: by the reception of three duplicate acknowledgements (DA) or by a re-transmission timeout (TO). The transmissions proceed in five "states": the first visit to slow start (state SSʹ), subsequent visits to slow start (state SS), congestion avoidance (state CA), DA re-transmission (state DR) and TO re-transmission (state TR). Fill in the missing items (suppose window sizes are measured in packets rather than in bytes). A transmission starts in state SSʹ with a congestion window size of ......... packets(s). For each acknowledgement received, w is increased by ......... packets. This means that over one window round trip time (RTT), during which ......... packets are sent, w will increase in size up to wrx packets, which is the window size advertised by the ......... which imposes a maximum limit. The increase in w over time is thus exponential until a packet loss is detected. Subsequent visits to the slow start state SS are similar to the first visit to state SSʹ except the window size starts at size ......... packets(s) and stops growing (exponentially) when it has reached the threshold window size wth packets. At this point the state changes from state SS to state ......... . For each acknowledgement received, w is increased by ......... packet(s). This means that over one window RTT, during which w packets are sent, w will increase by ......... packet(s). The increase in w over time is thus linear until w reaches a size of ......... packets. If a packet loss is detected in any of the states SSʹ, SS or CA, the threshold window size wth is set equal to ......... packets but at least to ......... packets. If a loss is detected bytriple duplicate acknowledgments,the state changesto state ......... and the packet is re-transmitted immediately (the fast re-transmit algorithm). If the retransmission is acknowledged, the state is set to state ......... and w is set to ......... (the fast recovery algorithm), otherwise a timeout will occur and the state will change to state ......... . If a loss is detected by a timeout, the state changes to state TR. The timeout scaling factor is doubled, up to its maximum value of ......... and the packet is re-transmitted. If a retransmission is acknowledged, the state is set to state ......... and w is reset to ......... packet(s), otherwise the procedure is repeated until an acknowledgement is received.

w=1 w 1 w receiver w=2 Wth CA 1/w 1 Wrx 1/2 w 2 DR CA Wth TR 64KB SS 1


Ensembles d'études connexes

Life Insurance: Types of Policies

View Set

Section 1 - Relational Databases

View Set

HUMAN BEHAVIOR 2 FINAL TEST DEC 15 2018

View Set