CIS 3329 Midterm
Describe the four concepts of Finite State Machine.
A state, which indicates the status of a protocol at a given time on a machine; a transition, which is the act of moving from one state to another; an event, something that causes a transition to occur; then an action, which is something a device does in response to an event.
What is the difference between a stream and message protocol?
A stream protocol is used by TCP which allows the reading of any sized chunks, receiver can choose to receive 1 byte at a time or 100000 byte, on the other hand when a message protocol is used as in UDP, receiver have to ask for enough bytes to cover entire message or it will be dropped.
What is multiplexing?
A way of sending multiple signals or streams of information over a communications link at the same time in the form of a single, complex signal
What is the difference between bandwidth and throughput?
Bandwidth is the total capacity in bits that a medium can carry, while throughput is the actual capacity achievable in the medium.
Why is UDP a popular vector of attack vs TCP?
Because UDP has no handshake, no flow control, and no congestion control, it is a popular vector of attack - meaning there is little a site can do to prevent a flood of UDP packets hitting their systems, unless they block it at the firewall level, the edge of the network. sort of like stopping them at the gate.
Why does it take four segments in connection termination to terminate a connection?
Because a FIN and ACK are required in each direction, meaning the received FIN must be acknowledged by TCP. Then later, the application that received the end-of-file will close its socket, which causes TCP to send a FIN. Finally, the last segment means that TCP on the system that receives the final FIN acknowledges that FIN.
Why does the server send its SYN along with the client ACK in one segment in a three-way handshake?
Because the server must acknowledge the client SYN, and it must send its own initial SYN containing the initial sequence number.
State and explain some of TCP states
CLOSING waiting for connection termination request acknowledgement from remote host. this state occurred when a close request is received from local app, termination request is sent and received before receiving acknowledgement from remote host.
Purpose of source and destination port number
Identify the sending and receiving application processes
On what TCP port does HTTP communicate?
Port 80
Describe 5 concepts regarding packet switching.
1 Data stream is divided into packets. 2 No dedicated link that represents No end-end resources reserved. 3 No dedicated resources which means "sharing" (resources used as needed). 4 Network resources (bandwidth) are not divided into "pieces", each packet uses full link bandwidth. 5 No guarantee of transmission No ensuring for : data arrival, correct arrival and ordered data).
Which of the following is a true statement about circuit switching 1 No bandwidth is reserved with circuit switching 2 Circuit switching is well suited for bursty data traffic 3 Data follows the same path from sender to receiver 4 Packet loss may occur in a circuit switched network
3 Data follows the same path from sender to receiver
Describe a TCP 3-way handshake
A SYN is sent from the client with a sequence number, the server acknowledges that by sending an ACK message with a SYN in one segment, then the client sends an ACK back. Though each message has a sequence number.
State the messages and state of TCP connection established
A SYN is sent on the listening port of the receiver, receiver then sends a SYN ACK, and the receiver sends an ACK back
What messages are exchanged during the TCP three way handshake protocol.
A client sends a SYN data packet over an IP network to a server on the same or an external network. The objective of this packet is to ask if the server is open for new connections.The target server must have open ports that can accept and initiate new connections. When the server receives the SYN packet from the client node, it responds and returns a confirmation receipt -the ACK packet or SYN/ACK packet.The client node receives the SYN/ACK from the server and responds with an ACK packet.
Define a socket
A combination of destination IP address and a port number
Define the Purpose of the TCP Three-Way Handshake Protocol
A method used in a TCP IP network to create a connection between a local host or client and a server.
What is the difference between a Passive Open and an Active Open in TCP?
A passive OPEN request means that the process wants to accept incoming connection requests rather than attempting to initiate a connection.An active OPEN means the TCP will begin the procedure to synchronize (i.e., establish) the connection at once.
What does a client application select for a TCP or UDP source port number?
A random value in the range of the registered ports. 1024 to 49151
What is a protocol?
A standard that specifies the format of data as well as the rules to be followed during data transmission.
Describe a TCP termination message sequence
Active party sends a FIN with Sequence x. Passive party sends a sequence y with an ACK x+1 along with FIN that contains that same sequence and ACK. The active party finally sends a sequence x+1 with and ACK y+1
What is windowing?
Allows a single acknowledgment of multiple TCP segments. This can be adjusted based upon the host requirements. A means of controlling the flow of data.
Consider an HTTP client that wants to retrieve a web document at a given URL.The IP address of the HTTP server is initially unknown. The web document at the URL has one embedded GIF image that resides at the same server as the original document. What transport and application layer protocols besides HTTP are needed in this scenario?
Application layer protocols: DNS and HTTP Transport layer protocols: UDP for DNS; TCP for HTTP
4) What are some of the various protocols and services in each layer of the TCP IP stack?
Application uses HTTP, SMTP, DNS, RIP. Transport uses TCP and UDP. Internet uses Ipv4 and Ipv6. Physical uses Ethernet, wireless, frame relay, ATM
State the messages and state of TCP connection closed
Client initial FIN WAIT 1 is sent, server now is CLOSED WAIT and LAST ACK sends a ACK and FIN, receiver is now FIN WAIT 2 after server's ACK and TIME WAIT after server's FIN, then sends and ACK. Connection is now closed.
What does the network edge comprised of?
Clients and Servers, which are often in data centers
How do we measure throughput?
Data transmitted over the time taken
What is packet transmission delay?
Delay that corresponds to the time needed to transmit L-bit packet into a link. It is calculated as L over R. L length of the packet in bits and R is the link transmission rate in bits per second
What does processing delay depend on?
Entries in the routing table, execution of data structures, and hardware implementation
State and explain some of TCP states
FIN WAIT 1 waiting for acknowledgement of connection termination request from remote host. FIN WAIT 2 waiting for connection termination request after sending a termination request. CLOSE WAIT received close request from remote host and now waiting for connection termination request from local application.
Suppose we start in the closed state, then call listen, then receive a SYN, then call close. What state will we be in and why?
FIN WAIT 1. We start in the closed state. Then the user program calls listen. We transition to the LISTEN state. Then the socket receives a SYN and we transition to the SYN RECEIVED state. While in the SYN RECEIVED state the user program calls close. So we traverse the edge with close() as an event, to the FIN WAIT 1 state.
Consider a TCP client and a TCP server running on two different machines. After completing data transfer, the TCP client calls close to terminate the connection and a FIN segment is sent to the TCP server. Server-side TCP responds by sending an ACK, which is received by the client-side TCP. As per the TCP connection state diagram in which state does the client side TCP connection wait for the FIN from the server-side TCP and why?
FIN WAIT 2. If Client receives ACK for its FIN, then client will move to FIN WAIT 2 and will wait for matching FIN from server side. After receiving the FIN from server, client will send ACK and move to TIME WAIT state.
True or False. It takes a single bit ten times longer to propagate over a 10Mb/s link than over a 100 Mb/s link
False
State two TCP services and their definition
Flow control, where sender won't overwhelm recever. Congestion control, sender is throttled when network overloads.
What is connectionless demultiplexing?
IP datagrams with same destination and port number but different IP addresses and or source port will be directed to the same destination socket
What is the difference between persistent and non-persistent HTTP?
In persistent HTTP multiple objects can be sent over a single TCP connection, while in non-persistent HTTP, only one object can be sent at a time over the connection, thus downloading multiple objects would require multiple connections
What does it mean by HTTP being stateless?
It means that HTTP does does not maintain information or state about client requests
State and explain some of TCP states
LAST ACK wait for acknowledgement of connection termination request previously sent. TIME WAIT wait enough time to be sure remote host received acknowledgement of connection request
State and explain some of TCP states
LISTEN Wait for connection from remote application. SYN SENT wait for acknowledgement from remote host after sending initial connection request. SYN RECEIVED Connection request is received and acknowledgement is sent, this the result after step 2 of three way handshake. ESTABLISHED connection fully established. OK to start data transfer
State all the TCP connection states
LISTEN, SYN SENT, SYN RECEIVED, ESTABLISHED, FIN WAIT 1 and 2, CLOSE WAIT, CLOSING, LAST ACK, TIME WAIT, CLOSED
What is the purpose of Layer 2 and Layer 3 devices?
Layer 2 controls traffic based on destination addresses within a LAN Layer 3 route traffic between LANs or over a WAN.
What effect does jitter have in a network?
Lost packet occurs when packets do not arrive consistently, which causes the receiving end to make it up, thus causes the end-user to experience the effect of network congestion which can observed in a video become pixelated as the user watches.
In TCP IP, a message at the transport layer is encapsulated in a packet at the blank layer.
Network Layer
In TCP IP, a message belonging to the transport layer is decapsulated from a packet at the blank layer.
Network Layer
What is the main difference between UDP running on the client side compared to server side?
On the client side, a process makes a request for a port, an incoming queue and outgoing queue is created only when the process starts. The queues get destroyed when the process terminates. On the server side, the incoming and outgoing queues are created when the server starts running and the queues are destroyed only when the server shuts down. The queues stay alive even after the process requesting them is terminated.
State some of the well known port numbers and their protocols as well as the application they server.
Port 20 TCP, use for FTP data. 21 TCP, use for FTP control. Port 22 TCP, use for SSH. 23 TCP use for telnet. 443 TCP use for SSL. Port 52 TCP and UDP, use DNS. Port 25 TCP use for SMTP. Port 67 and 68 UDP, use for DHCP. Port 110 TCP use for POP3. Port 80 TCP use for HTTP.
Explain UDP sending process on the client side.
Process requests OS for port number, then OS assign an ephemeral port. The process then uses that port for all communications. Also, an incoming and outgoing queue is usually assigned to the process. The process now sends the messages by queuing them in the outgoing queue using the source port number of the request, UDP attaches a header embeds the UDP datagram into an IP one then send it. When the queue is full the OS ask the process to wait before sending more messages
What is connection-oriented demultiplexing?
Receiver will use source IP and port number as well as destination IP and port number to direct segment to appropriate socket. This is well in the case of non persistent HTTP where a different socket is used for each request
Whatis the purpose of the ESTABLISHED TCP State?
Represents a fully established connection; this is the normal state for the data transfer phase of the connection
Which two TCP header fields are used to confirm receipt of data?
Sequence number and Acknowledgement number
State the different part of a UDP segment header
Source and destination port numbers. The length in bytes of the segment and a checksum followed by the payload, which is the application data.
What is jitter?
Spikes in routing or switching delay in a network
If an application needs to protect the boundaries of its messages, which protocol Should be used, UDP or TCP? Explain your answer and why the other is not
TCP is a byte-oriented protocol. Data is sent byte wise to the sender. The sender reads data byte by byte.Therefore in TCP protocol no boundaries are present to indicate individual messages Separately. UDP is a message oriented protocol that is each message is sent in terms of datagram's. The receiver reads each datagram as an entire message. Therefore UDP protocol provides specific boundaries for each message transferred. Therefore to protect boundaries of a message UDP protocol is more suitable for the application
What are the 5 layers of the TCP IP stack? And what does each composed of in terms of Hardware and Software?
The Application layer, which is composed of applications. The transport and Network layers, which are both composed of the Operating Systems. The Data link layer, which is composed of the network drivers. And the Physical layer, which is composed of the LAN card which is also a part of the link layer in some ways
What does queuing delay depend on?
The amount and the type of traffic, and what kind of queue algorithm is implemented by the router.
Name the header placed in each packet in the encapsulation phase
The application header is a message; the transport header is a segment; the network header is a datagram; and the link header is a frame.
What are the 7 Layers of OSI Reference Model and their purpose?
The application layer provides network services by means of API. Presentation layer converts the data transmitted by the application into a form suitable for transmission over the network. Session layer controls communication between two applications. Transport layer ensures data arrives in the same order it was sent. The network layer determines the path used to transfer data over the network. Data-Link layer provides error checking and creates the packet to be sent over the network. Physical latyer sends data over the wire in the form of bits
What does propagation delay depend on?
The distance traveled by each bit and the speed
What is multiplexing?
The handling of data from multiple sockets and adding transport header
What does the network core comprised of?
The interconnected routers. It is known as the network of networks
What is maximum throughput?
The maximum rate at which data can be transmitted through a network connection. It is expected to be less at each layer above because of the protocol overhead added by each layer.
What is demultiplexing?
The method that a destination computer uses to process an incoming packets by using the header info to deliver received segments to correct socket.
How do you think TCP would handle the problem if an acknowledgement were lost, so that the sender retransmitted the unacknowledged TCP segment and, therefore, the receiving transport process received the same segment twice?
The receiver will simply discard the packet since it can detect that it is a duplicate copy by using the sequence numbers
What is demultiplexing?
The reverse process of multiplexing. It is a process reconverting a signal containing multiple analog or digital signal streams back into the original separate and unrelated signals.
What does transmission delay depend on?
The size of the packet and bandwidth. Does not depend on the distance of the wire
What is a TCP connection uniquely identified by?
The two end sockets
Name several reasons why UDP Connections are stateless
There are several reasons why, mainly because 1 they don't contain any connection establishment or connection closing; 2 most of all they lack sequencing; 3 Receiving two UDP datagrams in a specific order does not say anything about the order in which they were sent.
What is nodal processing?
Time taken by the node itself in order to check bit errors or determine output link.
Why might an application use the loopback interface?
To communicate with other processes running on the host and for security and isolation from the network.
Why is multiplexing important?
To make it possible for any network device to talk to any other network device without having to dedicate a connection for each pair.
State Four components of delay in a network with their definition.
Transmission, which the time taken to transmit data on link; Propagation, time for signal or bit to propagate across a link; Processing, time taken for a device to process data; and Queuing delay, which is the time data spent waiting in queue or memory inside a device.
In TCP IP, a message at the application layer is encapsulated in a packet at the blank layer.
Transport Layer
True or False. Neither TCP nor UDP provides encryption.
True
True or false. At the physical layer, the bandwidth capacity of a medium does limit the maximum throughput possible in that medium
True
True or false. The IP protocol is unreliable.
True
True or False. The TCP STATE SYN_SENT is the TCP state of the connection after a device (normally a client) has sent a synchronize (SYN) message and is waiting for a matching SYN from the other device (usually a server)
True. The device (normally a client) has sent a SYN message and is waiting for a matching SYN from the other device (usually a server).
True or False. The TCP TIME_WAIT state is the state of the TCP connection of a device has now received a FIN from the other device and acknowledged it, and sent its own FIN and received an ACK for it. We are done, except for waiting to ensure the ACK is received and prevent potential overlap with new connections
True. The device has now received a FIN from the other device and acknowledged it, and sent its own FIN and received an ACK for it. We are done, except for waiting to ensure the ACK is received and prevent potential overlap with new connections.
Explain UDP receiving process on the client side.
When a message arrives, UDP checks if an incoming queue is created for the process by looking at the port number specified in the datagram. If there is a queue, the datagram is added to the end of the queue. If there is not a queue the datagram is dropped and an ICMP unreachable message is sent to the sender. This ICMP is also sent in cases when the queue is full
When is the use of UDP preferred over TCP?
When connection establishment and congestion control are irrelevant, need of a small header size and no connection state at sender or receiver
What is encapsulation?
When each layer puts their own header in a packet, thus encapsulates such packet.
What does the access network comprised of?
Wired and wireless communication links
What is the command to see socket connections on Windows?
netstat -an
