Computer Networking

Ace your homework & exams now with Quizwiz!

Persistent Connection

...

Port Number

...

Post Office Protocol-Version 3

...

Proxy Server

...

Pull Protocol

...

Push Protocol

...

Which protocol provides connectionless network service?

In internet protocol suite UDP is the connectionless protocol. There is no initial communiction between client and server.

What is the difference between SMTP and POP3?

"SMTP is a relatively simple, text-based protocol, in which one or more recipients of a message are specified (and in most cases verified to exist) along with the message text and possibly other encoded objects. The message is then transferred to a remote server using a procedure of queries and responses between the client and server. POP is a very simple protocol that only allows downloading of messages from your Inbox to your local computer. Generally, once transferred, the email is then on your local computer and is removed from FastMail.FM."

Distributed Hashing Table

(Distributed Hash Table) A method for storing hash tables in geographically distributed locations in order to provide a failsafe lookup mechanism for distributed computing. Various algorithms have been explored that provide the right balance and speed for storing parts of the tables in different locations. Having been used in the early and mid-1990s for local area network storage, after the turn of the century, DHTs were brought into focus for peer-to-peer computing over the Internet. A DHT provides a fault tolerant storage interface on top of which is layered an application such as music sharing, file sharing or distributed backup. In 2002, the National Science Foundation awarded a grant to the IRIS Project (Infrastructure for Resilient Internet Systems) to develop failure-proof lookup tables for data storage. Five universities and research institutes were involved (for more information, visit http://iris.lcs.mit.edu).

Secure Socket Layer (SSL)

(Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. Look for a lock icon at the top or bottom of your browser when you order merchandise on the Web. If the lock is closed, you are on a secure SSL or TLS connection (see TLS).

(3.5 points, 0.5 point for each part): a. What is a whois database? b. Use various whois databases on the Internet to obtain the names of two DNS servers. Indicate which whois databases you used. c. Use nslookup on your local host to send DNS queries to three DNS servers: your local DNS server and the two DNS servers you found in part (b). Try querying for Type A, NS, and MX reports. Summarize your findings. d. Use nslookup to find a Web server that has multiple IP addresses. Does the Web server of your institution (school or company) have multiple IP addresses? e. Use the ARIN whois database to determine the IP address range used by your university. f. Describe how an attacker can use whois databases and the nslookup tool to perform reconnaissance on an institution before launching an attack. g. Discuss why whois databases should be publicly available.

(a) For a given input of domain name (such as cnn.com), IP address or network administrator name, whois data base can be used to locate the corresponding registrar, whois server, dns server, etc. (f) An attacker can use the whois database and nslookup tool to determine the IP address ranges, DNS server addresses, etc. for the target institution. (g) If under an attack a victim can analyze the source address of packets, the victim can then use whois to obtain information about domain from which attack is coming and possibly inform the administrators of the origin domain.

Consider a short 10-meter link, over which a sender can transmit at a rate of 150 bits/sec in both directions. Suppose that packets containing data are 100,000 bits long, and packets containing only control (e.g., ACK or handshaking) are 2000 bits long. Assume that N parallel connections each get 1/N of the link bandwidth. Now consider the HTTP protocol, and suppose that each downloaded object is 100Kbits long, and that the initial downloaded object contains 10 referenced objects from the same sender. Would parallel downloads via parallel instances of non-persistent HTTP make sense in this case? Now consider persistent HTTP. Do you expect significant gains over the non-persistent case? Justify and explain your answer.

-Parallel downloads would not necessarily make a lot of sense using non persistent HTTP because each download would be sharing the bandwidth. with N connections which in this example is 10, the amount of bandwidth for each download would be only 150k/10, which is 15 bits/sec for each download. Non persistent connection: Since the problem tells us that the packets with data are 100,000 bits long, and the packets containing handshaking are 200 bits long, the time that it takes the first packet to be sent is:(200/150 + 200/150 + 200/150 + 100,000/150)=670.7 seconds after this, the parallel downloads take effect, so the bandwidth is divided between the said downloads: (200/15 +200/15 +200/15 +100,000/15)=6706.7 seconds These two values have to be added to find the total time for the non persistent connection, and the final value is 7377.4 seconds. Persistent connection: The persistent connection is much easier to calculate because the handshake only has to be factored in one time. The first object will take (200/150 + 200/150 + 200/150 + 100,000/150) to be received. After this, the 10 other objects can be calculated by dividing the 100,000 bits by the 150bits/sec speed. Then these are added together for the total time: This means that using a persistent connection is only 40 seconds faster than a non-persistent connection in this problem. This is certainly not negligible, but not a large difference by any means. P15: Read RFC 5321 for SMTP. What does MTA stand for? Considering the following spam email(modified from real spam email). Assuming only the originator of this spam email is malicious and all other hosts are honest, identify the malicious host that has generated this spam email. -According to RFC 5321 for SMTP, MTA stands for Mail Transfer Agents.Also according to the same RFC, MTA's transfer responsibility to MUA's. -The malicious host, is using IP address 58.88.21.177 and the email address inbnd55.exchangeddd.com. The problem is that this guy is disguising himself as [email protected], in attempt to not be caught. This tactic is often used by spammers, because they can hide behind an honest looking email address.

A Single Point of Failure

...

Application Layer Protocol

...

Application Programming Interface (API)

...

Authoritative DNS Server

...

Bandwidth Sensitive Application

...

Base HTML File

...

Canonical Host Name

...

Client

...

Client Server Architecture

...

Conditional GET

...

Content Distribution Network (CDN)

...

Control Connection

...

DNS Caching

...

DNS Servers

...

Data Center

...

Data Connection

...

Distant Centralized Database

...

Distribution Line

...

Domain Name System (DNS)

...

Elastic Applications

...

Entity Body

...

Header Lines

...

Hosting Alias

...

Hostname

...

In Band

...

Iterative Queries

...

Load Distribution

...

Local DNS Server

...

Loss Tolerant Application

...

Mail Box

...

Mail Server

...

Mail Server Aliasing

...

Maintenance

...

Message

...

Message Queue

...

Non Persistent Connections

...

Object

...

Optimistically Unchoked

...

Out-of-Band

...

Read the following paper - "Internet Indirection Infrastructure" by I. Stoica, D. Adkins, S. Zhuang, S. Shenker and S. Surana, ACM Sigcomm Conference, August 2002. (http://eng.ut ah.edu/~cs5480/readings/i3-sigcomm.pdf) Answer the following questions that are based on this paper: 1.(3 points) Consider a model in which data sent from two senders is added together before being sent to a receiver. Show and describe how this could be implemented using the i3 architecture. The combination server will set a timer T. Once T expires, it combine s the data it has received from two sender(s) via (Data_Combine, Combination) together and send it to the receiver via (ID,R). In the figure above, both senders use the id stack and send their data to the id pair (Data_Combine, Combination). The combination server gets its data from (Data_Combine, Combination). And after it processes the data, it sends the data to the tuple pair (ID, R). Receiver R receives all the data sent to (ID, R). 2.(3 points) Consider a model in which multimedia MPEG data sent from a sender must be converted to the JPEG format before it is received at a receiver. The conversion operation is specified by the sender. The receiver wants to ensure that all the data it receives comes through a firewall. Show and describe how this could be implemented using the i3 architecture. Solution (provided by Siddharth Ramesh): •The sender sends all packets with ( (id_MPEG-JPG, id_data) , data ) •i3 would then forward this packet to the conversion server (which serves the identifier, id_MPEG-JPG ). •The conversion server does the necessary conversion, pops off id_MPEG-JPG from the stack. Now the packet contains just the identifier id_data. It is then forwarded by i3 to the server responsible for serving 'id_data' There are 2 ways in which a receiver could enforce a firewall on the converted packet. Method 1: If the firewall is a separate machine •Receiver sends out a trigger (id_data, (id_FIREWALL , recv_addr) ) which resides in the server responsible for serving id_data •When a packet with identifier 'id_data' sent by the conversion server matches the above trigger, the new identifier (id_FIREWALL, recv_addr) is inserted into the packet and forwarded. • This reaches the firewall (which serves the identifier id_FIREWALL). The firewall (after screening) inserts the identifier recv_addr and sends it to the receiver through IP. Method 2: If the firewall is running as a process on t he same machine as the receiver but on a different port •The receiver inserts the (trigger id_data, (recv_firewall_addr, recv_addr) where •recv_firewall_addr consists of (recv_IP_addr, firewall_port_no) and recv_addr consists of (recv_IP_addr, recv_port_no) (NOTE that port numbers can be specified as a part of 'addr' in i3.) •The conversion server sends a packet with 'id_data' which goes to the i3 server serving the identifier 'id_data'. The above trigger is already residing there. •So, the packet is now forwarded (using IP) to 'recv_firewall_addr', so it actually goes to the firewall process. The firewall process gets id_recv from the packet, and sends it to the recv_port on the same machine. 3. (3 points) Explain how mobility can be supported in the i3 architecture. 4.(3 points) Can you use the i3 architecture for preventing Denial-of-service attacks on servers? Discuss.

...

Recur-vice Queries

...

Registrar

...

Reliable Data Transfer

...

Resource Record RRs

...

Round Trip Time (RTT)

...

Server

...

Simple Mail Transfer Protocol (SMTP)

...

Socket

...

State

...

Stateless Protocol

...

Status Line

...

TCP Connection

...

Top-Level Domain (TLD) Servers

...

Traffic Volume

...

Unchoked

...

User Agent

...

Web Browser

...

Web Cache

...

Web Page

...

Web Server

...

List application layer protocols?

1) SMTP- simple mail transfer protocol 2) GMTP- Group mail transfer protocol 3) FTP- File Transfer Protocol 4) TFTP- Trivial File Transfer Protocol 5) User Process

Many networks, including the Internet, provide more than one transport-layer protocol. When you develop an application, you must choose one of the available transport-layer protocols. How do you make this choice? What parameters do you have to take into considerations?

1. Parameters to consider: a) Data loss - can the application tolerate some loss? b) Timing - does the application require low delay? c) Throughput - what is the min. amount of throughput requires or the application can make use whatever throughput they get. d) Security - does the transport layer protocol can provide encryption?

Look over your received emails, and examine the header of a message sent from a user with an .edu email address. Is it possible to determine from the header the IP address of the host from which the message was sent? Do the same for a message sent from a Gmail (or similar) account.

After reviewing an .edu email, I found that it is not possible to determine from the header the IP address of the host. Further it is not possible to determine the IP address of the host on Gmail either.

What are definition of web based application?

A Web based application is one that is accessed over the internet using a web browser. It typically would have a web address like www.yahoo.com or www.google.com

Overlay Network

A logical network that runs on top of another network. For example, peer-to-peer networks are overlay networks on the Internet. They use their own addressing system for determining how files are distributed and accessed, which provides a layer on top of the Internet's IP addressing. A quality of service (QoS) system is also called an overlay network, because it uses an additional addressing mechanism that may change the route normally taken in the underlying network.

What is meant by a handshaking protocol?

A protocol uses handshaking if the two communicating entities first exchange control packets before sending data to each other. SMTP uses handshaking at the application layer whereas HTTP does not.

Why is it that UDP takes the 1s complement of the sum; that is; why not just use the sum

Because when the numbers are added all together it makes the number all ones.

Root DNS Server

A root name server is a name server for the root zone of the Domain Name System of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The root name servers are a critical part of the Internet infrastructure because they are the first step in translating (resolving) human readable host names into IP addresses that are used in communication between Internet hosts. A combination of limits in the DNS and certain protocols, namely the practical size of unfragmented User Datagram Protocol (UDP) packets, resulted in a decision to limit the number of root servers to thirteen server addresses. The use of anycast addressing permits the actual number of root server instances to be much larger, and is 386 as of 25 January 2014

Process

A running software program or other computing operation. A part of a running software program or other computing operation that does a single task.

True or False? a. A user requests a web page that consists of some text and two images. For this page, the client will send one request message and receive three response messages. b. Two distinct web pages (for example, www.mit.edu/research.html and www.mit.edu/students.html) can be sent over the same c. With non-persistent connections between browser and origin server, it is possible for a single TCP segment to carry two distinct HTTP request messages. persistent connection.

A. False. B. True. C. False.

Self-Scalability

Ability to handle growing amount of work Capability of a system to increase total throughput under an increased load when resources are added A scalable system is that whose performance improves after adding hardware, proportionally to the capacity added A routing protocol is considered scalable with respect to network size, if the size of the necessary routing table on each node grows as O(log N), where N is the number of nodes in the network.

What is meant by API?

An application programming interface (API) is a library of functions that a programming language provides for programmers for common tasks like file transfer, networking, and data structures.

What is API reference?

An application programming interface (API) is a set of routines, data structures, object classes and/or protocols provided by libraries and/or operating system services in order to support the building of applications.[1] An API may be: Language-dependent, that is, only available in a particular programming language, utilizing the particular syntax and elements of the programming language to make the API convenient to use in this particular context. Language-independent, that is, written in a way that means they can be called from several programming languages (typically an asm/c-level interface). This is a desired feature for a service-style API which is not bound to a particular process or system and is available as a remote procedure call. The API itself is largely abstract in that it specifies an interface and the behavior of the objects specified in that interface; the software that provides the functionality described by an API is said to be an implementation of the API. An API is typically defined in terms of the programming language used to build an application. The related term ABI is a lower level definition concerning details at the asm-level. For example, the Linux Standard Base is an ABI (Application Binary Interface), while POSIX is an API.[2] The API acronym may sometimes be used as a reference not only to the full interface but also to a single function or even a set of multiple APIs provided by an organization. Thus the scope is usually determined by the person or document that communicates the information. Regards Yashi An application programming interface (API) is a set of routines, data structures, object classes and/or protocols provided by libraries and/or operating system services in order to support the building of applications.[1] An API may be: Language-dependent, that is, only available in a particular programming language, utilizing the particular syntax and elements of the programming language to make the API convenient to use in this particular context. Language-independent, that is, written in a way that means they can be called from several programming languages (typically an asm/c-level interface). This is a desired feature for a service-style API which is not bound to a particular process or system and is available as a remote procedure call. The API itself is largely abstract in that it specifies an interface and the behavior of the objects specified in that interface; the software that provides the functionality described by an API is said to be an implementation of the API. An API is typically defined in terms of the programming language used to build an application. The related term ABI is a lower level definition concerning details at the asm-level. For example, the Linux Standard Base is an ABI (Application Binary Interface), while POSIX is an API.[2] The API acronym may sometimes be used as a reference not only to the full interface but also to a single function or even a set of multiple APIs provided by an organization. Thus the scope is usually determined by the person or document that communicates the information.

(1.0 pt) Overlay Network - Consider an overlay network with N active peers, with each pair of peers having an active TCP connection. Additionally, suppose that the TCP connections pass through a total of K routers. How many nodes and edges are there in the corresponding overlay network? Why? Justify your answer.

Answer N nodes and {Nx(N-1)}/2 edges. The edges of the overlay network are formed by the individual TCP connections. Routers are not part of the overlay network since they operate at the lower network layer.(No justification = No points.)

Consider an HTTP client that wants to retrieve a Web document at a given URL. The IP address of the HTTP server is initially unknown. What transport and application-layer protocols besides HTTP are needed in this scenario?

Application layer protocols: DNS and HTTP Transport layer protocols: UDP for DNS; TCP for HTTP

Application Architecture

Applications architecture is one of several architecture domains that form the pillars of an enterprise architecture or solution architecture. Note that the term "application architecture" (without the s) is commonly used for the internal structure of an application, for its software modularisation. Applications architecture is the science and art of ensuring the suite of applications being used by an organization to create the composite architecture is scalable, reliable, available and manageable. One not only needs to understand and manage the dynamics of the functionalities the composite architecture is implementing but also help formulate the deployment strategy and keep an eye out for technological risks that could jeopardize the growth and/or operations of the organization.

Consider distributing a file of F=15 Gbits to N peers. The server has an upload rate of u_s = 30 Mbps, and each peer has a download rate of d_i = 2 Mbps and an upload rate of u. For N=10, 100, 1000 and u = 300 Kbps, 700 Kbps, and 2 Mbps, prepare a chart giving the minimum distribution time for each of the combinations of N and u for both client-server distribution and P2P distribution.

By using the formulas: Dcs = max{NF/Us , F/Dmin} DP2P =max { F/Us , NF/(US+U1+...UN)}

How do you configure your browser for local caching?

Client browsers can have all options configured manually, or they can be configured to download a autoconfig file (every time they start up), which provides all of the information about your cache setup. Each URL referenced (be it the URL that you typed, or the URL for a graphic on the page yet to be retrieved) is checked against the list of rules.

What is meant by stateless protocol?

Commonly, a stateless protocol refers to protocols which do not save session state between connections. An example of stateless protocol is HTTP.

Why is it said that FTP sends control information "out-of-band"?

FTP uses two parallel TCP connections, one connection for sending control information (such as a request to transfer a file) and another connection for actually transferring the file. Because the control information is not sent over the same connection that the file is sent over, FTP sends control information out of band.

Explain the difference between control and data connection in FTP.

Control connection is used for sending control information between two hosts - information such as user ID, password, commands to change remote directory, and commands to "put" and "get" files. Data connection is used to send file.

What is dns?

DNS stands for Domain Name System: A system of servers located throughout the internet that handle internet connections and the routing of email.

Is email connection oriented or connectionless?

Email runs SMTP (simple mail transfer protocol), where SMTP operates over TCP protocol, so it id connection oriented.

What is the difference between FTP and HTTP?

FTP stands for File Transfer Protocol. HTTP stands for Hyper Text Transfer Protocol FTP, is a protocol used to upload files from a workstation to a FTP server or download files from a FTP server to a workstation. HTTP, is a protocol used to transfer files from a Web server onto a browser in order to view a Web page that is on the Internet. When ftp appears in a URL it means that the user is connecting to a file server and not a Web server and that some form of file transfer is going to take place. When http appears in a URL it means that the user is connecting to a Web server and not a file server. The files are transferred but not downloaded, therefore not copied into the memory of the receiving device. FTP is a two-way system as files are transferred back and forth between server and workstation. HTTP is a one-way system as files are transported only from the server onto the workstation's browser. FTP, where entire files are transferred from one device to another and copied into memory, HTTP only transfers the contents of a web page into a browser for viewing. FTP file uploaded is used in cases when the file size is more than 70 MB HTTP upload is used for smaller files. FTP uses an FTP client server and an FTP client. HTTP is used for all web [ages i.e. it is the standard protocol to transmit hyperlinked documents and files. It is often used in conjunction with HTML. FTP was the original non-GUI file transfer program and could be run from a command line interface like MS-DOS. HTTP is associated with a browser file transfer program like Internet Explorer. The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host or to another host over a TCP-based network, such as the Internet.

Please compare the difference between SMTP and FTP.

FTP vs SMTP FTP and SMTP are two TCP protocols that are not as common as the very popular HTTP. While HTTP works to serve web pages, FTP and SMTP serve totally different purposes; and that is the main difference between FTP and SMTP. FTP stands for File Transfer Protocol, and it is used to send and retrieve files to a remote location. In comparison, Simple Mail Transfer Protocol or SMTP is a protocol used for sending and receiving email; although in most modern examples, it is only used for sending email while the receiving is done by other protocols like POP and IMAP. FTP and SMTP are not really related to each other, so you cannot use one instead of the other. The intended use dictates the protocol that you should use. If you want to download files, you should use FTP, if you want to send emails, then you should use SMTP. Since both are just protocols and not actual applications themselves, there is a need for them to be implemented in an application. This makes it even easier for end-users because they no longer need to worry about the exact protocol that they need to use. If you use an e-mail client like Thunderbird or Outlook, it will automatically support SMTP. If you use downloaders like Download Accelerator Plus or GetRight, it will automatically support FTP as well as other protocols used in downloading files. There is also a major difference between FTP and SMTP if you do not have the appropriate application because you can use FTP even without an application that has a GUI. Most operating systems are able to make use of FTP via the command line. It is fairly easy to use if you are used to command lines like those available on DOS, Linux, Unix, and even Windows. It gets the job done if you just want to move a file or two but gets really tedious if you want to move entire folders and the like. SMTP cannot be used in the command line. It is simply not practical to type your entire message into a single command. It is much easier to use a GUI instead. Summary: FTP is used for the transfer of files while SMTP is used for email FTP can be used in the command line while SMTP cannot Read more: Difference Between FTP and SMTP | Difference Between | FTP vs SMTP http://www.differencebetween.net/technology/protocols-formats/difference-between-ftp-and-smtp/#ixzz3DDr2FzQZ

(True/False); Host A is sending Host B a large file over a TCP connection. Assume Host B has no data to send Host A. Host B will not send acknowledgement to Host A because Host B cannot piggy back the acknowledgments on data

False, host B will send acknowledgement even if does not have data to send

Suppose Host A is sending a large file to Host B over a TCP connection. If the sequence number for a segment of this connection is m, then the sequence number for the subsequent segment will necessarily be m+1

False, if size of the segment is N bytes, the sequence number of next segment will be M+N

The size of the TCP rwnd never changes throughout the duration of the connection

False,TCP RcvWindow is dynamic and keeps changing

Suppose that the last SampleRTT in a TCP connection is equal to 1 sec. The current value of TimeoutInterval for the connection will necessarily be >= 1sec

False,TimoutInterval depends upon EstimatedRTT and DevRTT. Since SampleRTT values are smoothed out while computing EstimatedRTT, so TimoutInterval may be less than SampleRTT

Suppose Host A sends one segment with sequence number 38 and 4 bytes of data over a TCP connection to Host B. In this same segment the acknowledgment number is necessarily 42

False,same segment, which implies the segment that was sent with 4 bytes of data and sequence and seqnum 38

The figure below shows a router and two links which are part of a bigger network. Every time a packet is received at the router it is time - stamped (TA). It is also times-stamped when it is about to leave link L (TB). When 5 packets of the size 500 bytes are transmitted through the link L, (TB-TA) is measured to be 10 ms, 2.8 ms, 2.4 ms, 4 ms, and 5.5 ms. When 5 packets of the size 1000 bytes are transmitted through the link L, (TB-TA) is measured to be 11.0 ms, 10 ms, 2.8 ms, 3.0 ms, and 5.5 ms. Assume that processing delay at the router is negligible. What is the average queuing delay experienced by the 1000 byte packets? What are the reasonable estimates of transmission and propagation delays experienced by a packet of size 600 bytes sent through the link L?

For 500 byte packets: min (TB-TA) = 2.4 ms For 1000 byte packets: min (TB-TA) = 2.8 ms Average queuing delay experienced by the 1000 byte packets = ((11-2.8) + (10-2.8) +(3.0-2.8) + (5.5-2.8) + (2.8-2.8))/5 = 3.66 ms. Let B be the bandwidth and C be the propagation delay of link L. Then, 2.4 = 500/B + C and 2.8 = 1000/B + C. Solving for B and C we get, B = 1.25 Mbytes/sec and C = 2 ms. Thus, the transmission and the propagation delays experienced by a packet of size 600 bytes sent through the link L are 600/B = 0.48 ms, and 2 ms respectively.

For the client-server application over TCP described in Section 2.7, why must the server program be executed before the client program? For the client- server application over UDP described in Section 2.8, why may the client program be executed before the server program?

For the TCP application, as soon as the client is executed, it attempts to initiate a TCP connection with the server. If the TCP server is not running, then the client will fail to make a connection. For the UDP application, the client does not initiate connections (or attempt to communicate with the UDP server) immediately upon execution

What is HTML stateless protocol?

HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it. This is the main reason that it is difficult to implement Web sites that react intelligently to user input. This shortcoming of HTTP is being addressed in a number of new technologies, including ActiveX, Java, JavaScript and cookies.

IP Address

IP address is short for Internet Protocol (IP) address. An IP address is an identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.

Is FTP connectionless or connection-oriented?

If FTP did not have TCP working with it, it could be considered connectionless. TCP is connection oriented and it verifies the FTP transfers have been received. Therefore it is considered Connection Oriented. If FTP used UDP it would be considered connectionless as UDP just sends the data and never checks to see if it all made it to the recipient -

The UDP server described in Section 2.8 needed only one socket, whereas the TCP server described in Section 2.7 needed two sockets. If the TCP server were to support n simultaneous connections, each from different client host, how many sockets would the TCP server need?

If a TCP sever is supposed to support N simultaneous connections, each from different client host, it will need N+1 sockets to do so

Port Number

In TCP/IP and UDP networks, a port is an endpoint to a logical connection and the way a client program specifies a specific server program on a computer in a network. Some ports have numbers that are pre-assigned to them by the IANA, and these are called the "well-known ports" which are specified in RFC 1700.

What is the difference between a connection-oriented protocol and a connectionless protocol?

In connection-oriented protocol, authentication is needed while this is not case in connectionless protocol. In connection-oriented protocol, we have to establish connection between sender and receiver while this is not case in connectionless protocol. Example of connection-oriented protocol is TCP and the example of connectionless protocol is UDP,Internet. TCP is a connection-oriented protocol, it makes a connection and checks whether the data is received, and resends if it is not. UDP is a connectionless protocol, it does not guarantee delivery by first connecting and checking whether data is received.

Suppose that in UDPClient.c, after we create the socket, we add the line: clientSocket_bind (5432) Will it become necessary to change UDPServer.c? What are the port numbers for the sockets in and UDPServer? What were they before making this change?

In the original program, UDPClient does not specify a port number when it creates the socket. In this case, the code lets the underlying operating system choose a port number. With the additional line, when UDPClient is executed, a UDP socket is created with port number 5432 . UDPServer needs to know the client port number so that it can send packets back to the correct client socket. Glancing at UDPServer, we see that the client port number is not "hard-wired" into the server code; instead, UDPServer determines the client port number by unraveling the datagram it receives from the client. Thus UDP server will work with any client port number, including 5432. UDPServer therefore does not need to be modified. Before: Client socket = x (chosen by OS) Server socket = 9876 After: Client socket = 5432

What is Resource Record(RR)

Is a four-tuple that contains(Name,Value,Type,TTL)

What is TTL

Is the time to live of the resources record; it determines when a resource should be removed from cache

Telnet into a Web server and send a multiline request message. Include in the request message IF-modified-since: header line to force a response message with the 304 Not Modified status code.

Issue the following command (in windows command prompt) followed by the HTTP GET message to the "utopia.poly.edu" web server: Telnet utopia.poly.edu 80 Since the index.html page in this web server was not modified since Fri, 18 May 2007 09:23:34:34 GMT the following output was displayed when the above command were issue in Sat. 19 May 2007. Note that the first 4 line are the GET message and header line input by the user and the next 4 line (Starting from HTTP/1.1 304 Not Modified) is the response from the web server.

In what way is instant messaging with a centralized index a hybrid of client- server and P2P architectures?

It is a hybrid of client server and P2P architectures: a) There is a centralized component (the index) like in the case of a client server system. b) Other functions (except the indexing) do not use any kind of central server. This is similar to what exists in a P2P system.

In BitTorrent, suppose Alice provides chunks to Bob throughout a 30-second interval. Will Bob necessarily return the favor and provide chunks to Alice in this same interval? Why or why not?

It is not necessary that Bob will also provide chunks to Alice. Alice has to be in the top 4 neighbors of Bob for Bob to send out chunks to her (or through random selection); this might not occur even if Alice provides chunks to Bob throughout a 30-second interval.

Suppose that in UDPClient.py after we create the socket, we add the line: clientsocket.bind((' ', 5432)) Will it become necessary to change UDPserver.py? What are the port numbers for the sockets in UDPClient and UDP server? What were they before making this change?

It is not necessary to change UDPserver.py because the server should be in communication with the program as to which port is being used. Before making the change, the port numbers are 80.

Is it possible that a 1-bit error will go undetected? How about 2-bit?

It is not possible to have one bit flipped and undetected, but it is if there are 2-bits flipped

What would be the type for RR that contains the hostname of the mail server

MX.

Suppose Alice, with a Web-based e-mail account (such as Hotmail or gmail), sends a message to Bob, who accesses his mail from his mail server using POP3. Discuss how the message gets from Alice's host to Bob's host. Be sure to list the series of application-layer protocols that are used to move the message between the two hosts.

Message is sent from Alice's host to her mail server over HTTP. Alice's mail server then sends the message to Bob's mail server over SMTP. Bob then transfers the message from his mail server to his host over POP3.

What does CGI stand for?

Most often, CGI stands for Common Gateway Interface. Some web servers allow Common Gateway Interface bins (or something of that sort), in which CGI scripts can be placed in, and executed from a brower. "CGI scripts" are common programming langues, such as Python. Less often, a CGI stands for a Computer Generated Image. Computer Generated Images/Imaging.

What is the difference between network architecture and application architecture?

Network architecture refers to the organization of the communication process into layers (e.g., the five-layer Internet architecture). Application architecture, on the other hand, is designed by an application developer and dictates the broad structure of the application (e.g., client-server or P2P)

For a P2P file-sharing application, do you agree with the statement, "There is no notion of client and server sides of a communication session"? Why or why not?

No. As stated in the text, all communication sessions have a client side and a server side. In a P2P file-sharing application, the peer that is receiving a file is typically the client and the peer that is sending the file is typically the server.

Consider a short, 10-meter link, over which a sender can transmit at a rate of 150 bits/sec in both directions. Suppose that a packets containing data are 100,000 bits long, and packets containing only control (e.g ACK or handshaking) are 200 bits long. Assume that N parallel connections each get 1/N of the link bandwidth. Now consider the HTTP protocol, and suppose that each downloaded object is 100 Kbits long, and that the initial downloaded object contains 10 referenced objects from the same sender. Would parallel downloads via parallel instances of non-persistent HTTP make sense in this case? Now consider persistent HTTP. Do you expect significant gains over the non-persistent case? Justify and explain your answer.

Note that each downloaded object can be completely put into one data packet. Let Tp denote the one-way propagation delay between the client and the server. First consider parallel downloads using non-persistent connections. Parallel downloads would allow 10 connections to share the 150 bits/sec bandwidth, giving each just 15 bits/sec. Thus, the total time needed to receive all objects is given by: (200/150+Tp + 200/150 +Tp + 200/150+Tp + 100,000/150+ Tp ) + (200/(150/10)+Tp + 200/(150/10) +Tp + 200/(150/10)+Tp + 100,000/(150/10)+ Tp ) = 7377 + 8*Tp (seconds) Now consider a persistent HTTP connection. The total time needed is given by: (200/150+Tp + 200/150 +Tp + 200/150+Tp + 100,000/150+ Tp ) + 10*(100,000/150+ Tp ) =7337 + 14*Tp (seconds) Assuming the speed of light is 3*108 m/sec, then Tp=10/(3*108)=0.03 microsec. Tp is therefore negligible compared with transmission delay. Thus, we see that persistent HTTP is not significantly faster (less than 1 percent) than the non-persistent case with parallel download.

In the circular DHT example in Section 2.6.2, suppose that peer 3 learns that peer 5 has left. How does peer 3 update its successor state information?

Organize the peers into a circle. In this circular arrangement, each peer only keeps track of its immediate successor(modulo^2n), each peer is only aware of its immediate successor. So peer 3 learns that peer 5 has just left the system.

What is an overlay network? Does it include routers? What are the edges in the overlay network?

Overlay Network is a logical network that runs on top of another network. No, it does not include routers. Edges are connection between Peers. One edge is the connection between two peers, regardless of physical links between them. Therefore, one edge could connect a peer in Lithuania to a peer in Argentina.

P2P Architecture

Peer-to-peer is a decentralized communications model in which each party has the same capabilities and either party can initiate a communication session. Unlike the client/server model, in which the client makes a service request and the server fulfills the request, the P2P model allows each node in a peer-to-peer network to function as both a client and a server. Two computers are considered peers if they are communicating with each other and playing similar roles. End users in a P2P network must first download and execute a peer-to-peer networking program. After launching the program, the user then enters or selects the address of another computer belonging to the network. The address, which may look like a screen name or virtual phone number, is actually an IP address. If the sought-after address is connected to the Internet, the end user's computer will request a connection. Once a connection has been made, each node can request or send files and messages. Messages on a P2P network can be sent in one of two ways: they may be routed to a specific IP address or they may be broadcast to all nodes on the network. Typically, P2P applications allow users to choose how many member connections to seek at one time and which files can be shared. Some P2P applications simply connect to any active node in the network and the end user may have no idea whose computer he is connecting to. In this approach, if one connection drops, the application simply opens a new connection with another node on the network in a seamless manner.

Rarest First

Rarest-first problem Although local availability often is a pretty good approximation, problems can arise due to the local variations. Especially, consider the case of a peer with deciding whether to download a rare piece (low availability) or not, using a rarest-first algorithm. While local availability gives a fair approximation of the global availability of a piece for most peers, there's an important exception--peers with access to a rare piece. To the peers connected to a peer with a rare piece, the availability of the piece will be higher than in the rest of the network; it might even be quite average. Thus, local availability is a bad approximation of global in this situation and, a (globally) less rare might be chosen piece instead, leading to suboptimal behavior.

What is MX

Records allows the host name of mail servers to have simple aliases

How does SMTP differ from HTTP in terms of data format?

SMTP uses a line containing only a period to mark the end of a message body. HTTP uses "Content-Length header field" to indicate the length of a message body. HTTP cannot use the method used by SMTP, because HTTP message could be binary data, whereas in SMTP, the message body must be in 7-bit ASCII format.

Recall that TCP can be enhanced with SSL to provide process-to-process security services, including encryption. Does SSL operate at the transport layer or the application layer? If the application developer wants TCP to be enhanced with SSL, what does the developer have to do?

SSL operates at the application layer. The SSL socket takes unencrypted data from the application layer, encrypts it and then passes it to the TCP socket. If the application developer wants TCP to be enhanced with SSL, she has to include the SSL code in the application

Consider a new peer Alice that joins BitTorrent without possessing any chunks. Without any chunks, she cannot become a top-four uploader for any of the other peers, since she has nothing to upload. How then will Alice get her first chunk

She will get her first chunk as a result of her being selected by one of her neighbors as a result of an "optimistic un-choke" for sending out chunks to her. According to BitTorrent mechanism, Alice may obtain first chunk from other peer which randomly select top four up-loaders of the member's peer list every 30 seconds

HyperText Transfer Protocol (HTTP)

Short for HyperText Transfer Protocol, HTTP is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page. The other main standard that controls how the World Wide Web works is HTML, which covers how Web pages are formatted and displayed.

What does socket means in the Internet context?

Sockets is a method for communication between a client program and a server program in a network. A socket is defined as "the endpoint in a connection." Sockets are created and used with a set of programming requests or "function calls" sometimes called the sockets application programming interface (API). The most common sockets API is the Berkeley UNIX C interface for sockets. Sockets can also be used for communication between processes within the same computer. This is the typical sequence of sockets requests from a server application in the "connectionless" context of the Internet in which a server handles many client requests and does not maintain a connection longer than the serving of the immediate request: socket() | bind() | recvfrom() | (wait for a sendto request from some client) | (process the sendto request) | sendto (in reply to the request from the client...for example, send an HTML file) A corresponding client sequence of sockets requests would be: socket() | bind() | sendto() | recvfrom() Sockets can also be used for "connection-oriented" transactions with a somewhat different sequence of C language system calls or functions.

Consider what happens when a browser (that is, an HTTP client), running on some user's host, requests the URL www.somesite.com/index.html. In order for the user's host to be able to send an HTTP request message to the Web server www.somesite.com, the user's host must first obtain the IP address of www.somesites.com. Explain the steps through which the IP address for such a hostname is obtained by the client.

Steps: a) The browser extract hostname, www.somesites.com, from the URL and passes the hostname to the client side of the DNS application. b) The DNS client sends a query containing the hostname to a DNS server. c) The DNS client receives a reply, which includes the IP address for the hostname. d) Once the browser receives the IP address from DNS, it can initiate a TCP connection to the HTTP server process located at port 80 at the IP address.

Which protocols is transport layer protocol of TFTP?

TFTP uses UDP - TFTP stands for Trivial FTP, and it is called trivial because it does not check to ensure delivery, it uses UDP which makes a best-effort delivery attempt

What information is used by a process running on one host to identify a process running on another host?

The IP address of the destination host and the port number of the destination socket.

Internet Mail Access Protocol (IMAP)

The Internet Message Access Protocol (commonly known as IMAP) is an Application Layer Internet protocol that allows an e-mail client to access e-mail on a remote mail server. The current version, IMAP version 4 revision 1 (IMAP4rev1), is defined by RFC 3501. An IMAP server typically listens on well-known port 143. IMAP over SSL (IMAPS) is assigned well-known port number 993.

What is the difference between MAIL FROM: in SMTP and From: in the mail message itself?

The MAIL FROM: in SMTP is a message from the SMTP client that identifies the sender of the mail message to the SMTP server. The From: on the mail message itself is NOT an SMTP message, but rather is just a line in the body of the mail message.

Why do HTTP, FTP, SMTP, and POP3 run on top of TCP rather than on UDP?

The applications associated with those protocols require that all application data be received in the correct order and without gaps. TCP provides this service whereas UDP does not.

Consider a DHT with mesh overlay topology (that is, every peer tracks all peers in the system). What are the advantages and disadvantages of a circular DHT (with no shortcuts)?

The main disadvantage is there is no privacy for any of the peers because anyone with access to a node in that kind of a network can view another peer's activities if he has the required tools. As an advantage, maybe, there will be no need for a system administrator to handle data and bandwidth allocation, network monitoring and other tedious tasks. Usually networks of this kind use software that acts conditionally. In addition, nodes in a mesh network take slightly shorter time in finding a gateway out of the network.

Suppose Alice, with a Web-based e-mail account (such as Hotmail or Gmail), sends a message to Bob, who accesses his mail from his mail server using POP3. Discuss how the message gets from Alice's host to Bob's host. List the series of application layer protocols that are used to move the message between the two hosts.

The message is first sent from Alice's host to her mail server over HTTP. Alice's mail server then sends the message to Bob's mail server over SMTP. Bob then transfers the message from his mail server to his host over POP3.

Suppose 40 users share a 1Mbps link. Also suppose that each user alternates (independently of the other users) between periods of activity, when the user generates data at a constant rate of 100 Kbps and periods of inactivity when the user generates no data. Suppose further that the user is active (independent of the other users) only 10 percent of the time. 1. When circuit switching is used to allocate resources on the shared link, 10 users can be supported. When pack et switching is used, what is the probability that 11 or more users are active simultaneously? 2. Do you expect the result of part 1 to change when all the 40 users synchronize in their use of the shared link (i.e. all the 40 users generate data or are idle exactly at the same time)? Explain with arguments. No calculations are required for this part of the question.

The probability of r users being active simultaneously, P(r) = 40 C r * (0.1) r * (0.9) 40 - r The probability <= 10 user s being active simultaneously = P(0) + P(1) + ... + P(10) ~ 0.999 The probability of 11 or more users being active simultaneously = 1 - 0.999 = 0.001. When 40 users are active at the same time none of the users is likely to get the desired 100 Kbps. This example shows that packet switching is useful when users are active independent of each other. However, when they are active in a cor related manner, packet switching does not help and one might need to revert to circuit switching to allow at least 10 users to get the desired bandwidth

Suppose within your web browser you click on a link to obtain a web page. The IP address for the associated URL is not cached in your local host, so a DNS lookup is necessary to obtain the IP address. Suppose that n DNS servers are visited before your host receives the IP address from DNS; the successive visits incur an RTT of RTT1,...,RTTn. Further suppose that the web page associated with the link contains exactly one object, consisting of a small amount of HTML text. Let RTT0 denote the RTT between the local host and the server containing the object, Assuming zero transmission time of the object, how much time elapses from when the client clicks on the link until the client receives the object?

The problem tells us that to get the IP address it takes RTT1+RTT2+...RTTn. Also, RTT0 represents the RTT between the local host and the server. This means that it takes RTT0 for the connection to be set up, plus another RTTO to request and send the object since it takes RTTO to send. Given this information, we know that it takes 2*RTTO+RTT1+RTT2+...RTTn. The reason why you multiply RTTO by 2, is because the value is used twice. Once, when the connection is being set up/obtained, and twice when the request is being sent and received.

For a communication session between a pair of processes, which process is the client and which is the server?

The process which initiates the communication is the client; the process that waits to be contacted is the server.

How does the receiver detect errors

The receiver checks for errors by looking at the sum of all the numbers.

Suppose within your Web browser you click on a link to obtain a Web page. The IP address for the associated URL is not cached in your local host, so a DNS lookup is necessary to obtain the IP address. Suppose that n DNS servers are visited before your host receives the IP address from DNS; the successive visits incur an RTT of RTT1, . . ., RTTn. Further suppose that the Web page associated with the link contains exactly one object, consisting of a small amount of HTML text. Let RTT0 denote the RTT between the local host and the server containing the object. Assuming zero transmission time of the object, how much time elapses from when the client clicks on the link until the client receives the object?

The total amount of time to get the IP address is RTT1 + RTT2 +L+ RTTn . Once the IP address is known, RTTO elapses to set up the TCP connection and another RTTO elapses to request and receive the small object. The total response time is RTTo + RTT1 + RTT2 +L+ RTTn 2

Referring to Figure 2.4, we see that none of the applications listed in Figure 2.4 requires both no data loss and timing. Can you conceive of an application that requires no data loss and that is also highly time-sensitive? [Justify the need for the requirements] <3 points for each good application, up to 9 points>

There are no good existing examples of an application that requires no data loss and timing. However, one can imagine that some future applications may have such requirements: Telemedicine (remote surgery): time sensitive and loss sensitive Remote vehicle control (breaking a car remotely over the network) Remote rescue (e.g., controlling a robot (or robotic arm) to disable a moving harmful device). Navigating a museum (or rare objects using a robot) over the Internet .... Or other reasonable examples. [Every reasonable example with brief justification of why the requirements of no-loss and delay-sensitivity is worth 3 points, up to max 9 points]

What are some advantages and disadvantages of mesh topology?

There are several advantages to a mesh network topology. First, it is fault tolerant; since there is no gateway, nodes can connect to each other with no regard to the state of the rest of the network. In addition, nodes can create their own paths through the network because there is no gateway computer. One disadvantage to a mesh topology is that setup time can be quite time consuming.

The TCP segment has a field in its header for rwnd

True

Suppose Host A is sending Host B a large file over a TCP connection. The number of unacknowledged bytes that A sends cannot exceed the size of the receive buffer

True, the number of unacknowledged that A sends cannot exceed the size of the receive buffer

Suppose you can access the caches in the local DNS servers of your department. Can you propose a way to roughly determine the Web servers (outside your department) that are most popular among the users in your department? Explain.

We can periodically take a snapshot of the DNS caches in those local DNS servers. The Web server that appears most frequently in the DNS caches is the most popular server. This is because if more users are interested in a Web server, then DNS requests for that server are more frequently sent by users. Thus, that Web server will appear in the DNS caches more frequently. For a complete measurement study, see: Craig E. Wills, Mikhail Mikhailov, Hao Shang "Inferring Relative Popularity of Internet Applications by Actively Querying DNS Caches", in IMC'03, October 27-29, 2003, Miami Beach, Florida, USA

Describe how Web caching can reduce the delay in receiving a requested object. Will Web caching reduce the delay for all objects requested by a user or for only some of the objects? Why?

Web caching can bring the desired content "closer" to the user, perhaps to the same LAN to which the user's host is connected. Web caching can reduce the delay for all objects, even objects that are not cached, since caching reduces the traffic on links.

Consider an e-commerce site that wants to keep a purchase record for each of its customers. Describe how this can be done with cookies.

When the user first visits the site, the site returns a cookie number. This cookie number is stored on the user's host and is managed by the browser. During each subsequent visit (and purchase), the browser sends the cookie number back to the site. Thus the site knows when this user (more precisely, this browser) is visiting the site.

From a user's perspective, what is the difference between the download - and - delete mode and the download - and - keep mode in POP3?

With download and delete, after a user retrieves its messages from a POP server, the messages are deleted. This pose s a problem for the nomadic user, who may want to access the messages from many different machines (office PC, home PC, etc.). In the download and keep configuration, messages are not deleted after the user retrieves the messages. This can also be inconvenient, as each time the user retrieves the stored messages from a new machine, all of non-deleted messages will be transferred to the new machine (including very old messages).

Can you configure your browser to open multiple simultaneous connections to a Web site?

Yes

Is it possible for an organization's Web server and mail server to have exactly the same alias for a hostname (for example, foo. com)? What would be the type for the RR that contains the hostname of the mail server?

Yes an organization's mail server and Web server can have the same alias for a host name. The MX record is used to map the mail server's host name to its IP address.

Is it possible for an organization's Web server and mail server to have exactly the same alias for hostname(for example, foo.com)

Yes it is possible.In such case the difference lies in the canonical host name

Suppose Bob joins a BitTorrent torrent, but he does not want to upload any data to any other peers (so called free-riding). a. Bob claims that he can receive a complete copy of the file that is shared by the swarm. Is Bob's claim possible? Why or why not? b. Bob further claims that he can further make his "free-riding" more efficient by using a collection of multiple computers (with distinct IP addresses) in the computer lab in his department. How can he do that?

Yes. His first claim is possible, as long as there are enough peers staying in the swarm for a long enough time. Bob can always receive data through optimistic unchoking by other peers. His second claim is also true. He can run a client on each machine, and let each client do "free-riding", and combine those collected chunks from different machines into a single file. He can even write a small scheduling program to let different machines only asking for different chunks of the file. This is actually a kind of Sybil attack in P2P networks.

Suppose you wanted to do a transaction from a remote client to a server as fast as possible. Would you use UDP or TCP? Why?

You would use UDP. With UDP, the transaction can be completed in one roundtrip time (RTT) - the client sends the transaction request into a UDP socket, and the server sends the reply back to the client's UDP socket. With TCP, a minimum of two RTTs are needed - one to set-up the TCP connection, and another for the client to send the request, and for the server to send back the reply.

What is the difference between the download-and-delete mode and the download-and-keep mode in POP3?

Your e-mail is stored on your e-mail provider's domain server until you download it to your computer. Download and delete means the e-mail message is deleted from the server once you have it on your computer. If you delete the message on your computer, the message is gone. Download and keep means a copy of the e-mail message remains on the server after it is downloaded to your computer. If you delete the message on your computer, the copy remains on the server.

Referring to problem P7, suppose the HTML file references three very small objects on the same server. Neglecting transmission times, how much time elapses with: a. Non-persistent HTTP with no parallel TCP connections? <3 points> b. Non-persistent HTTP with parallel connections? <3 points> c. Persistent HTTP? <3 points>

a) RTT1 + RTT2 + ... + RTTn +2RTT0 + 3. 2RTT0 = RTT1 + RTT2 + ... + RTTn +8RTT0 Or D + 6RTT0 where D is the delay incurred in P7 (the students should not get penalized twice for mistakes done in P7). b) RTT1 + RTT2 + ... + RTTn +2RTT0 + 2RTT0 = RTT1 + RTT2 + ... + RTTn +4RTT0 Or D + 2RTT0 where D is the delay incurred in P7 (the students should not get penalized twice for mistakes done in P7). c) RTT1 + RTT2 + ... + RTTn +2RTT0 + RTT0 = RTT1 + RTT2 + ... + RTTn +3RTT0 Or D + RTT0 where D is the delay incurred in P7 (the students should not get penalized twice for mistakes done in P7).

List at least four different applications that are naturally suitable for P2P architectures. (Hint: File distribution and instant messaging are two.)

a) File Distribution b) Instant Messaging c) Video Streaming d) Distributed Computing

Consider accessing your email with POP3. a. Suppose you have configured your POP mail client to operate in the download- and -delete mode. Complete the following transaction: b: Suppose you have configured your POP mail client to operate in the download-and-keep mode. Complete the following transaction: c: Suppose you have configured your POP mail client to operate in the download-and-keep mode. Using your transcript in part (b), suppose you retrieve messages 1 and 2, exit POP, and then five minutes later you again access POP to retrieve new e-mail. Suppose that in the five-minute interval no new messages have been sent to you. Provide a transcript of the second POP session.

a) C: List S: 1 498 S: 2 912S: . C: retr 1 S: blaah blah ... S: .............blah S: . C: dele 1 C: retr 2 S: blaah blah ... S: .............blah S: . C: dele 2 C: quit S: +OK POP3 Server signing off Download-and-delete mode is when a message is erased from the server once you have downloaded it. This is why "dele 2″ is necessary in the transaction. b) C: list S: 1 498 S: 2 912 S: . C: retr 1 S: blah blah.... S: ...........blah S: . C: retr 2 S: blah blah ..... S: ............blah S: . C: quit S: + OK POP3 Server signing off -Download-and-keep mode is when the message is saved to both the server and the computer so if the message is deleted on the computer, it is still accessible on the server. This is why the "delete" line is not in the transaction in part b, as it is in a. The message is staying on the server. c) C: list S: 1 498 S: 2 912 S: . C: retr 1 S: blah blah.... S: ...........blah S: . C: retr 2 S: blah blah ..... S: ............blah S: . C: quit S: + OK POP3 Server signing off The second transcript is the same as the first because the POP client has been closed, therefore the process has to happen again to access the said mail.

Consider Figure 2.12, for which there is an institutional network connected to the Internet. Suppose that the average object size is 900,000 bits and that the average request rate from the institution's browsers to the origin servers is 1.5 requests per second. Also suppose that the amount of time it takes from when the router on the Internet side of the access link forwards an HTTP request until it receives the response is two seconds on average. Model the total average response time as the sum of the average access delay (that is, the delay from Internet router to institution router) and the average Internet delay. For the average access delay, use Δ/(1- Δβ), where Δ is the average time required to send an object over the access link and β is the arrival rate of objects to the access link. [We call Δβ the 'traffic intensity' on the access link.] a. Find the total average response time. <5 points> b. Now suppose a cache is installed in the institutional LAN. Suppose the hit rate is 0.4. Find the total response time. <5 points> [Hint: the traffic intensity on the access link will be reduced by 40%. Assume a response time of zero if the object is found in the cache (which occurs 40% of the time)]. c. Discuss the gain you get by installing the cache. <3 points>

a) (a) The Total Average Response Time From the question, we have InternetDelay = 2 sec, And, , β=1.5 request/sec So, Therefore, the TotalAverageResponseTime =AverageAccessDelay + InternetDelay = 0.06593 sec + 2 sec = 2.06593 sec (b) The Cache Hit Ratio: 0.4 In this question, we can calculate the TotalAverageResponseTime, considering the Cache-Hit case and the Cache-miss case. (i) In case of Cache-Miss: β'=1.5 request/sec * (1-0.4) = 0.9 request/sec So, the TotalAverageResponseTime = 0.06342 sec + 2 sec = 2.06342 sec (ii) In case of Cache-Hit: It is assumed that the response time is zero when the object is found in the cache. Therefore, the TotalResponseTime = 0.4 * 0 sec + (1-0.4) * 2.06342 sec = 1.2381 sec (c) Thus the average response time is reduced from 2.06539 sec to 1.2381 sec.

a)What is a whois database? b) Use various whois datbases on the internet to obtain the names of two DNS servers. Indicate which whois databases you used. c)Use nslookup on your local host to send DNS queries to three DNS servers: your local DNS server and the two DNS servers you found in part (b). Try querying for type a, NS, and MX reports. Summarize your findings. d) use nslookup to find a web server that has multiple IP addresses. Does the web server of your institution(school or company) have multiple IP addresses? e) Use the ARIN whois database to determine the IP address range used by your university. f)Describe how an attacker can use whois databases and the nslookup tool to perform reconnaissance on an institution before launching an attack. g)Discuss why whois databases should be publicly available.

a) A whois database stores the users of certain applications on the web. It does this by finding information like the IP address, and domain name a user is on. b) http://www.dawhois.com/ For walmart.com a DNS server is: NS1-137.AKAM.NET For Target.com a DNS server is: NS1-AUTH.SPRINTLINK.NET c) Local host: walmart.com: Network-tools.com gives a very nice chart for all different varieties of reports: target.com: d) Walmart.com has multiple IP addresses, ECSU only has one. e) The IP address range for Eastern is: 149.152.0.0-149.152.255.255 f) Whois can be used to look up a huge IP range, which would give the attacker a huge amount of people to target. After this, by using nslookup for those IP addresses, this attacker could obtain even better info about any of those people, and better target the attack. g) Whois databases should be publicly available becasue they make finding information about domains much easier. Without whois databases, it would be very difficult to find any domain information without contacting people.

Obtain the HTTP/1.1 specification (RFC 2616) a)Explain the mechanism used for signaling between the client and server to indicate that a persistent connection is being closed. Can the client, the server, or both signal the close of a connection? b)What encryption services are provided by HTTP? c)Can a client open 3 or more simultaneous connections with a given server? d)Either a server or a client may close a transport connection between them if either one detects the connection has been idle for some time? Is it possible that one side starts closing a connection while the other side is transmitting data via this connection? Explain.

a) According to the RFC I read, either the client or server can signal the close of a connection. This is possible by using the connection heading field, according to RFC 8.1.2. Also, it works by not allowing the client to send any more requests on the connection after the close is signaled.(below is a screenshot of the RFC, it can be enlarged by clicking on it). b) HTTP actually does not provide encryption. c) According to the RFC, it is recommended that only 2 or less simultaneous connections are opened on a server. So technically yes, 3 or more can be open, but it is not recommended. d) It is possible for one side to close the connection while something is being sent, if the client and server aren't in communication. The connection has to be able to reopen if this data is being sent. According to RFC 8.1.2.1, "all messages on the connection MUST have a self-defined message length." This means that it is not only a suggestion, but a requirement for the message length to be known in this connection.

True or false? a. A user requests a Web page that consists of some text and three images. For this page, the client will send one request message and receive four response messages. b. Two distinct Web pages (for example, www. mit.edu/research.html and www. mit. edu/students. html) can be sent over the same persistent connection. c. With nonpersistent connections between browser and origin server, it is possible for a single TCP segment to carry two distinct HTTP request messages. d. The Date: header in the HTTP response message indicates when the object in the response was last modified. e. HTTP response messages never have an empty message body.

a) F b) T c) F d) F e) F

Say you have installed and compiled the programs TCPClient and UDPClient on one host ad TCPServer and UDPServer on another host. a) Suppose you run TCPClient before you run TCPServer. What happens? Why? b) Suppose you run UDPClient before you run UDPServer. What happens? Why? c) What happens if you use different port numbers for the client and server sides?

a) If you run TCPClient first, then the client will attempt to make a TCP connection with a non-existent server process. A TCP connection will not be made. b) UDPClient doesn't establish a TCP connection with the server. Thus, everything should work fine if you first run UDPClient, then run UDPServer, and then type some input into the keyboard. c) If you use different port numbers, then the client will attempt to establish a TCP connection with the wrong process or a non-existent process. Errors will occur.

Obtain the HTTP/1.1 specification (RFC 2616). Answer the following questions: a. Explain the mechanism used for signaling between the client and server to indicate that a persistent connection is being closed. Can the client, the server, or both signal the close of a connection? b. What encryption services are provided by HTTP? c. Can a client open three or more simultaneous connections with a given server? d. Either a server or a client may close a transport connection between them if either one detects the connection has been idle for some time. Is it possible that one side starts closing a connection while the other side is transmitting data via this connection? Explain.

a) Persistent connections are discussed in section 8 of RFC 2616 (the real goal of this question was to get you to retrieve and read an RFC). Sections 8.1.2 and 8.1.2.1 of the RFC indicate that either the client or the server can indicate to the other that it is going to close the persistent connection. It does so by including the including the connection-token "close" in the Connection-header field of the http request/reply. b) HTTP does not provide any encryption services. c) (From RFC 2616) "Clients that use persistent connections should limit the number of simultaneous connections that they maintain to a given server. A single-user client SHOULD NOT maintain more than 2 connections with any server or proxy." d) Yes. (From RFC 2616) "A client might have started to send a new request at the same time that the server has decided to close the "idle" connection. From the server's point of view, the connection is being closed while it was idle, but from the client's point of view, a request is in progress."

Consider the scenario introduced in the previous problem. Now suppose that the link is shared by Bob with four other users. Bob uses parallel instances of non-persistent HTTP, and the other four users use non-persistent HTTP with-out parallel downloads. a. Do Bob's parallel connections help him get Web pages more quickly? Why or why not? b. If all five users open five parallel instances of non-persistent HTTP, then would Bob's parallel connections still be beneficial? Why or why not?

a). Yes, because Bob has more connections, so he can proportionally get more aggregate bandwidth share out of the total link bandwidth. b) Yes, Bob still needs to perform parallel download, otherwise he will get less bandwidth share than other four users. In fact, all users might tend to open more connections in order to gain more bandwidth share.

List the four broad classes of services that a transport protocol can provide. For each of the service classes, indicate if either UDP or TCP (or both) provides such a service.

a. .Reliable data transfer TCP provides a reliable byte-stream between client and server but UDP doesn't. b. A guarantee that a certain value for throughput will be maintained a. Neither c. A guarantee that data will be delivered within a specified amount of time a. Neither d. Security a. Neither

(a) (4 points) Consider distributing a file of F bits to N peers using a client - server architecture. Assume a fluid model where the server can simultaneously transmit to multiple peers, transmitting to each peer at different rates, as long as the combined rate does not exceed u(s). a. Suppose that u(s)/N≤d(min). Specify a distribution scheme that has a distribution time of NF/u(s). b. Suppose that u(s)/N≥d(min). Specify a distribution scheme that has a distribution time of F/d(min). c. Conclude that the minimum distribution time is in general given by max{NF/u(s), F/d(min)}.

a. Consider a distribution scheme in which the server sends the file to each client, in parallel, at a rate of a rate of u(s)/N. Note that this rate is less than each of the client's download rate, since by assumption u(s)/N≤d(min). Thus each client can also receive at rate u(s)/N. Since each client receives at rate u(s)/N, the time for each client to receive the entire file is F/{u(s)/N}=NF/u(s). Since all the clients receive the file in NF/ u(s), the overall distribution time is also NF/u(s). b. Consider a distribution scheme in which the server sends the file to each client, in parallel, at a rate of d(min). Note that the aggregate rate,N d(min), is less than the server's link rate u(s) , since by assumption u(s)/N≥d(min). Since each client receives at rate d(min), the time for each client to receive the entire file is F/ d(min) Since all the clients receive the file in this time, the overall distribution time is also F/d(min). c. From Section 2.6 we know that D CS ≥ max {NF/u(s), F/d(min)} (Equation 1) Suppose that u (s)/N ≤ d(min). Then from Equation 1 we have D CS ≥ NF/u (s). But from (a) we have DCS≤NF/u(s). Combining these two gives: DCS=0NF/u(s) when u(s)/N≤ d(min).(Equation 2) We can similarly show that: D(CS)=F/d(min) when u(s)/N ≥ d(min) (Equation 3). Combining Equation 2 and Equation 3 gives the desired result.

(b) (4 points) Consider distributing a file of F bits to N peers using a P2P architecture. Assume a fluid model. For simplicity, assume that d(min) is very large, so that peer download bandwidth is never a bottleneck. a. Suppose that u(s) ≤ {u(s)+u(1) + ... + u(N)}/N. Specify a distribution scheme that has a distribution time of F/u(s). b. Suppose that u(s) ≥ {u(s)+u(1)+ ... +u(N)}/N. Specify a distribution scheme that has a distribution time of NF/{u(s)+u(1)+ ... +u(N)}. c. Conclude that the minimum distribution time is in general given by max{F/u(s), NF/{u(s)+u(1)+ ... +u(N)}

a. Define u = u(1)+ u(2)+ ..... + u(N). By assumption u(s)<= {u(s)+u}/N Equation 1 Divide the file into N parts, with the i(th) part having size {u(i)/u} F. The server transmits the i(th) part to peer i at rate r(i)= {u(i)/u}u(s). Note that r(1)+ r(2)+ ..... + r(N)= u(s), so that the aggregate server rate does not exceed the link rate of the server. Also have each peer i(forward) the bits it receives to each of the N-1 peers at rate r(i). The aggregate forwarding rate by peer i is (N-1)r(i). We have (N-1)r(i)= (N-1){u(s)u(i)}/u <= u(i) , where the last inequality follows from Equation 1. Thus the aggregate forwarding rate of peer i is less than its link rate u(i). In this distribution scheme, peer i receives bits at an aggregate rate of Thus each peer receives the file in F/u(s). b. Again define u = u(1) + u(2) + ..... + u(N). By assumption u(s) >= {u(s)+ u}/N Equation 2 Let r(i) = u(i)/(N-1) and r(N+1) = {u(s)-u/(N-1))/N In this distribution scheme, the file is broken into N+1 parts. The server sends bits from the i(th) part to the i(th) peer (i = 1, ...., N) at rate r(i). Each peer i forwards the bits arriving at rate r(i) to each of the other N-1 peers. Additionally, the server sends bits from the (N+1)(st). part at rate r(N+1) to each of the N peers. The peers do not forward the bits from the (N+1)(st) part. The aggregate send rate of the server is r(1) + .... + r(N)+ N(r) N+1 = u/(N-1) + u(s) -u/(N-1) = u(s) Thus, the server's send rate does not exceed its link rate. The aggregate send rate of peer i is (N-1)r(i)= u(i) Thus, each peer's send rate does not exceed its link rate. In this distribution scheme, peer i receives bits at an aggregate rate of Thus each peer receives the file in NF/(u s +u). (For simplicity, we neglected to specify the size of the file part for i = 1, ...., N+1. We now provide that here. Let Δ = (u s +u)/N be the distribution time. For i = 1, ..., N, the i(th) file part is F(i) = r(i) Δ bits. The (N+1)(st) file part is F(N+1) = r(N+1) Δ bits. It is straightforward to show that F(1) + ..... + F(N+1)= F.) c. We know from section 2.6 that Combining this with (a) and (b) gives the desired result.0 (c) (2 points) Consider an overlay network with N active peers, with each pair of peers having an active TCP connection. Additionally, suppose that the TCP connections pass through a total of M routers. How many nodes and edges are there in the corresponding overlay network? There are N nodes in the overlay network. There are N(N-1)/2 edges.

In this problem we explore designing a hierarchical overlay that has ordinary peers, super peers, and super-duper peers.

a. Suppose each super-duper peer is roughly responsible for 200 super peers, and each super peer is roughly responsible for 200 ordinary peers. How many super-duper peers would be necessary for a network of four million peers? <3 points> b. What information might each super peer store? What information might each super-duper peer store? How might searchers be performed in such a three-tier design? <5 points> a) Each super-duper peer is responsible for roughly 2002 = 40,000 nodes. Therefore, we would need about 100 super-duper peers to support 4 million nodes. b) Each super peer might store the meta-data for all of the files its children are sharing. A super-duper peer might store all of the meta-data that its super-peer children store. An ordinary node would first send a query to its super peer. The super peer would respond with matches and then possibly forward the message to its super-duper peer. The super-duper peer would respond (through the overlay network) with its matches. The super-duper peer may further forward the query to other super-duper peers.

List five nonproprietary Internet applications and the application-layer protocols that they use.

a. The Web: HTTP; b. file transfer: FTP; c. remote login: Telnet; d. Network News: NNTP; e. e-mail: SMTP.

(a)(2.5 points, 0.5 point for each question) Consider the following string of ASCII characters that were captured by Wireshark when the browser sent an HTTP GET message (i.e., this is the actual content of an HTTP GET message). The characters<cr><lf>are carriage return and line-feed characters (that is, the italized character string<cr>in the text below represents the single carriage-return character that was contained at that point in the HTTP header). Answer the following questions, indicating where in the HTTP GET message below you find the answer. GET /cs453/index.html HTTP/1.1 <cr><lf>Host: gaia.cs.umass.edu<cr><lf>User-Agent: Mozilla/5.0 (Windows;U; Windows NT 5.1;en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)<cr><lf> Accept:ext/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 <cr><lf>Accept-Language: en-us,en;q=0.5<cr><lf>Accept-Encoding: zip,deflate<cr><lf>Accept -Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7<cr><lf> Keep-Alive: 300<cr><lf>Connection:keep-alive <cr><lf><cr><lf> a. What is the URL of the document requested by the browser? b. What version of HTTP is the browser running? c. Does the browser request a non-persistent or a persistent connection? d. What is the IP address of the host on which the browser is running? e. What type of browser initiates this message? Why is the browser type needed in an HTTP request message? f. What type of browser initiate the message? Why is the browser type needed in an HTTP request message.

a. The document request was http://gaia.cs.umass.edu/cs453/index.html. The Host : field indicates the server's name and /cs453/index.html indicates the file name. b. The browser is running HTTP version 1.1, as indicated just before the first <cr><lf>pair. c. The browser is requesting a persistent connection, as indicated by the Connection:keep-alive. d. This is a trick question. This information is not contained in an HTTP message anywhere. So there is no way to tell this from looking at the exchange of HTTP messages alone. One would need information from the IP datagrams (that carried the TCP segment that carried the HTTP GET request) to answer this question. e. Mozilla/5.0. The browser type information is needed by the server to send different versions of the same object to different types of browsers.

b) (2 point, 0.5 point for each question) The text below shows the reply sent from the server in response to the HTTP GET message in the question above. Answer the following questions, indicating where in the message below you find the answer. HTTP/1.1 200 OK<cr><lf>Date: Tue, 07 Mar 2008 12:39:45GMT<cr><lf>Server:Apache/2.0.52 (Fedora)<cr><lf>Last-Modified: Sat, 10 Dec2005 18:27:46 GMT<cr><lf>ETag: "526c3-f22-a88a4c80"<cr><lf> Accept-Ranges:bytes<cr><lf>Content-Length: 3874 <cr><lf>Keep-Alive:timeout=max=100 <cr><lf>Connection:Keep-Alive<cr><lf> Content-Type: text/html;charset=ISO-8859-1<cr><lf><cr><lf><!doctype html public "-//w3c//dtd html 4.0 transitional//en"><lf><html><lf><head><lf><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"><lf><meta name="GENERATOR" content="Mozilla/4.79 [en] (Windows NT 5.0; U) Netscape]"><lf><title>CMPSCI 453 / 591 /NTU-ST550A Spring 2005 homepage</title><lf></head><lf><much more document text following here (not shown)> a. Was the server able to successfully find the document or not? What time was the document reply provided? b. When was the document last modified? c. How many bytes are there in the document being returned? d. What are the first 5 bytes of the document being returned? Did the server agree to a persistent connection?

a. The status code of 200 and the phrase OK indicate that the server was able to locate the document successfully. The reply was provided on Tuesday, 07 Mar 2008 12:39:45 Greenwich Mean Time. b. The document index.html was last modified on Saturday 10 Dec 2005 18:27:46 GMT. c. There are 3874 bytes in the document being returned. d. The first five bytes of the returned document are : <!doc. The server agreed to a persistent connection, as indicated by the Connection: Keep-Alive field.

(a) (3 points) Execute the traceroute command to two destinations of your choice, at least 12 hops away, from a source. Compute the average delay (averaged over the three delay values) for each hop and plot it in a graph with x-axis showing the hop number and y-axis the average delay corresponding to that hop. Run the same experiment a few hours later and show the new results on the same graph. In all, your graph should have four curves. How many hops are common along the paths to the two destinations? Attach the traceroute outputs. (If the traceroute command does not work on your machine, try using the service at traceroute.org.) (b) (2 points) Suppose one of the three traceroute delay values between the source and a given router hop turns out to be unusually high. What are two possible causes for this unusually high delay? (c) (1 point) How would you change the traceroute program to find the IP address of every third hop instead of every hop (i.e., it finds the address of the 3rd hop, the 6th hop,..., you can assume that the destination is a multiple of 3 hops away from the source)?

b) •Network congestion-resulting in high queuing delay. •Slow path queuing delay at routers. c) Increment the time-to-live field in the IP header by 3 instead of 1.

List the various network-application user agents that you use on a daily basis?

for daily basis you could be using the below Web browser E-mail application user agent File Transfer user agent P2p user agent audio/video user agent and many more depend on your everyone uses hope it was helpful

In the circular DHT example in Section 2.6.2, suppose that peer 3 learns that peer 5 has left. Which peer is now its first successor? Its second successor?

peer 3 makes its first successor, which is peer 4, the identifier of its immediate successor peer 8. Then peer 3 will make peer 8 as its second successor.

Difference between stateless protocol and state full protocol?

stateless Protocol:- 1).When stateless protocol is used between a server and the client, the server does not remember anything. It treats any message from a client as the client's first message and responds with the same effects every time 2). A stateless server does not keeps state between connections.=>So,When you send a request to a stateless server, it does not create any objects that track information regarding your requests. If you "open" something on the server, the server retains no information at all that you have something open. A "close" operation would make no sense, since there would be nothing to close. 3). A stateless system can be seen as a box ,where at any point in time the value of the output(s) depends only on the value of the input(s) after a certain processing time. 4). A stateless protocol does not require the server to retain session information or status about each communications partner for the duration of multiple requests. 5). stateless sessinobean:can not maintain the state,cannot maintain the persistance(data base),onece sutdown machine,we cannot see that data,cannot have the passivate,activate states. ex:atm mini statements. Example = UDP(User Datagram Protocol) , HTTP, NFS Statefull Protocol :- 1). Stateful protocol means the server remembers what a client has done before. 2). .A stateful server keeps state between connections.=> when you send a request to a stateful server, it may create some kind of connection object that tracks what information you request. When you send another request, that request operates on the state from the previous request. So you can send a request to "open" something. And then you can send a request to "close" it later. In-between the two requests, that thing is "open" on the server. 3). a stateful system is like a state machine with "memory" as the same set of input(s) value can generate different output(s) depending on the previous input(s) received by the system. 4). a protocol which requires the keeping of internal state is known as a stateful protocol. 5). statefull Protocol :- maintain the state,but cannot maintain the persistance,once we shutdown the system the values stored in local hard disc,can have the passivate and activate states. ex:shopping cardExample = SMB, FTP,Telnet


Related study sets

Chapter 8 - Groups and Teams - OB

View Set

Integumentary: Saunders NCLEX Review, Burn Injuries

View Set

Chapter 49: Assessment and Management of Patients With Hepatic Disorders

View Set

Term 1 V.T.5 Breed Identifications (Canine)

View Set

Sociology Ch. 10 Gender Inequality

View Set

what does the body system consist of

View Set