CIS 656, Fall 2004. Dr Ott. All homework is assigned on this page. Homework must be done before / is due on the date stated. Homework to be handed in: Unless stated differently, and unless you make a different arrangement with the TA (Mr Rahul Jain), homework must be handed in on the day stated, before 1:00 pm, by putting it in the envelope on the door of the Internet Laboratory. That is GITC 4325. If you want a special arrangement for handing in homework, ask Mr Jain. Don't ask Dr Ott. He always says no. I try to assign homework at least 6 days in advance (on Sunday for the next Saturday) but sometimes I do not succeed. Also, sometimes I change my mind. So check this page frequently. Use ``reload'' or ``refresh'', or you will get the version you looked at last time. Students are encouraged to discuss homework at the ``idea'' level (``how would you start on this problem''), but doing homework together and handing in essentially the same copy is absolutely not permitted and leads to reduced credit or worse. --- September 11, 2004 (lecture 2): Read Forouzan pp 1 - 40 (Ch 1 and 2). Read Forouzan pp 47 - 53 (ethernet). Read Forouzan pp 89 - 93 (Start of ``adressing''). IETF stands for ``Internet Engineering Task Force''. RFC stands for ``Request for Comments''. IETF RFCs can be obtained on the web. Find out how. (For example, first use GOOGLE to find IETF). Get IETF RFC 1700 and read page 1. (The whole RFC is too long and too out-dated to read). Get IETF RFC 3232 and read the whole thing. (2 pages). 1. Use the mechanism described to find out what the content of the ``Frame Type Field'' (see below) in an ethernet frame header is, in case the ethernet frame contains an IP version 4 (IP v4) packet. (The answer is 0800 in hexadecimal, 0000 1000 0000 0000 in binary, 2048 in decimal). To prove you found the answer in the location I want you to know about, copy 5 lines from the page you found: the line with the answer, two lines above it, two lines below it (five lines total). Hand in these 5 lines. Note: What I usually call the ``frame type field'' in the ethernet header, other people sometimes call the `ether type field''. (And sometimes I do that, too). Forouzan p 50 calls it the ``Length PDU'' field. That is old-fashioned. Nowadays it is almost always used as ``frame type'', i.e., as descriptor of the next higher protocol. More about this in class. While doing the homework you may have to search for ``ethernet numbers'' or ``ether type''. --- Sept 18 (lecture 3): Read Forouzan pp 53 - 79 (Most of this is ``the other LANs'' that you must be aware of but that are not of further relevance in this course.) Read Forouzan pp 94 - 110. Read Forouzan pp 119 - 137. (CIDR etc). Read Forouzan pp 147 - 161. (In class I called this ``forwarding''). Read the ``nslookup and dig'' page on this website. Go to http://www.clickz.com/stats/big_picture/demographics/article.php/3398361 to find out something about Internet Traffic. What percentage of americans say that the Internet plays an important role in their daily routines? What percentage of the americans are not plugged into the the Internet at all? Can you explain the discrepancy? Hand in your response. (I found this page by typing ``Internet Traffic Patterns'' into Google and then going with the flow). --- Sept 25 (lecture 4). Read Forouzan pp 169 - 185 (ARP and RARP). Read Forouzan pp 191 - 219 (IP Protocol). There are (at least) three groups of computers at NJIT you can access: A. afs1 - afs36, afs58, afs59 (remote and ``on the spot''). B. afs48 - afs57 (remote only). C. lafite.njit.edu and mouton.njit.edu (remote only). Find out which ones are telnet servers, which ones are ssh servers. Do NOT hand in. Access at least one from each of these groups and do ``ifconfig -a'', ``arp -a'', ``arp -n'', ``netstat -r'', ``netstat -a'', ``netstat -n''. Study the outputs. Do NOT hand in. Now first telnet to one of afs48 - afs57 and then from there to another from afs48 - afs57. Make sure both are sgi machines. Repeat the ``arp'' experiments. Make sure to understand what you see. Do NOT hand in. On one computer from each group, play with ping. Find out how to set the number of data bytes in a ping packet. Find out how to set the number of ping packets in a sequence. Do NOT decrease the time between ping packets below 1 second. Do NOT hand in. 1. For afs4, for afs50, for lafite, find the physical address. (If there is more than one port: the physical address of the port that has a configured IP address). Hand in. 2. For the same computers, find the IP address, the network mask, and the network address. (Really: I should say ``subnetwork'' but I always say ``network''.) Hand in. 3. Use ping to find (approximately) the datarate (bits/sec, NOT bandwidth, which is in Hz or KHz or MHz) between lafite and one of the afs1 - afs36 machines. Make the plot I showed in class. Is it linear? Do this a few times, with several hours in-between. Try to do it when no other student is doing it! Hand in. 4. Find out what the time-out algorithm is for the arp caches in the three groups of computers. Hint: do ``arp -a'' or so once every 30 or 40 seconds for 5 or 6 minutes. Hand in a description of the time-out mechanism. Make it BRIEF! AT MOST three sentences should be enough. Go to the afs48 - afs57 group and do ``arp '', where is the name or IP address of one of the other computers in the same group. Sometimes the response is `` ... -- no entry ''. If that happens, ping the machine for which you got no entry, and try ''arp '' again. Make sure you understand what you see. Do NOT hand in. --- Oct 02 (lecture 5) Midterm. All material thus far, including reading and homework for 10/02, classnotes including 09/25. Read Forouzan pp 227 - 246 (ICMP) To prepare for the midterm, do as many of the problems from the page ``Standard Exam Questions'' as you can. Also look at midterms in previous semesters. The last few semesters I put midterms on the web. (Go to the CIS656 pages for those semesters.) Do (Hand in) Forouzan p 247 problem 2. Forouzan p 248 problem 8. Forouzan p 221 problem 3. Forouzan p 224 problem 25. --- Oct 09 (lecture 6) Read Forouzan pp 253 - 266 (IGMP) Read Forouzan pp 273 - 289 (UDP) Do (Hand in) Forouzan p 270 problems 24, 25, 26. Forouzan p 270 problems 27, 28, 29. Forouzan p 250 problems 30, 31, 32. In the last problem: Inlude pre-amble and CRC. More to be assigned (use of nslookup, dig, traceroute). --- Oct 16 (lecture 7) Hand in code for Project A. Read Forouzan pp 297 - 321. (Start of TCP) --- Oct 23 (lecture 8) Hand in composition of team for project B. (Tell us who your partner is.) Read Forouzan pp 322 - 341. (Finish TCP) Find the name of a computer in Asia (NOT one of those I use as example in my ``Computer Access'' (etc) pages) and use both nslookup and dig to find the IP addresses of that computer. Hand in. Find the IP address(es) of the computer(s) www.yahoo.com Write a SHORT ! paragraph on what you see. What does it mean? Hand in. Find the IP address AND physical address AND network address of afs10. Same for lafite, same for afs54 . Hand in. Use traceroute to find out whether there is a router ``in-between'' lafite and afs54. If there is such a router: find two of its IP addresses. (Do traceroute in both directions). Hand in. Reminder: You can log in to lafite and mouton only by using ssh. You can log in to afs54 (etc) only by using telnet. You can log in to afs10 (etc) by both telnet and ssh. Send me ONE example packet for project B. (input in one of the interfaces A2, A3, A6, A7, A8, A9, A10, A11) In ``pseudo zero-one'' format, as the examples for project A. The packet ``must make sense'': It ``could'' actually come in on that port. For example, no packet with both source address and destination address outside 10.0.0.0/8 . Either no options, or only No-Op and SSR. Throw a die: with probability 1/6 make it a packet that must be ``thrown on the floor''. With probability 5/6 make it a legal packet that will be routed, possibly after fragmentation. Or throw a coin three times, with probability 1/8 make it a packet that must be dropped, with probability 7/8 make it a packet that must be routed. (I will use this to create an example file for project B.) --- Oct 30 (lecture 9) Re-read Forouzan Ch 12 (TCP) and compare with classnotes. Ask questions if there are unexplained discrepancies. Start on project B! Read Forouzan pp 353 - 366 (RIP). Remark: In class I forgot to mention that the window scale factor can be at most 14. Even though (with 1 byte) you could give it a value of 255. Why is there a max of 14? (Do not hand in, I will discuss this 10/30.) 1. A file of 500 GBytes must be sent from the Pittsburg SCC (Super Computer Center) to the San Diego SCC. The two sysad people have talked and think they can manage to transport at a rate of roughly 640 Mbits/sec (probably a bit more). They have measured the RTT and found it to be just below 50 msec. a. How large must the send_buffer in Pittsburg be to make this possible? b. How large must the receive_buffer in San Diego be to make this possible? c. What Window Scale Factor (what I called ScF in class) must San Diego use to make this possible? d. Roughly, how long will it take to transfer this file from Pittsburg to San Diego? (Assume no packets ever get lost :-) ). Hand in. 2. a. In the problem above, how often will the TCP Sequence Number cycle? (Pass by the initial sequence number?) b. How long (in seconds) will each cycle (roughly) be? Hand in. 3. In the example above, we now have loss. (To simplify arithmetic I assume the MSS is 1000 Bytes.) San Diego has received all bytes with sequence number before 1,234,567,000 (``Before'' counted modulo 2^32), but did not receive byte number 1,234,567,000 yet. Now it receives two packets in quick succession. One has Seq = 1,234,569,000 and contains exactly 1000 data bytes. The other has Seq = 1,234,571,000 and also contains exactly 1000 data bytes. Describe the SACK option San Diego sends to Pittsburg. What is the Ack sequence number in that TCP packet? Hand in. Remark: Those SCCs probably use ``Internet II'' and probably have MUCH larger MSSs than 1000 Bytes. I used 1000 to facilitate arithmetic. Remark: While optical connections (OC1, OC3, OC6, ... , OC192) can transmit at speeds approaching 10 Gbit/sec, individual computers can not send or receive at that speed yet. Several years ago TCP connections were clocked at 800 Mbit/sec. It is probably higher now. --- Nov 06 (lecture 10) Read (again!) Forouzan Ch 12 (TCP). Review your TCP notes. If you find discrepancies between book and notes, make sure to ask question. Read (again) Forouzan pp 353 - 366 (RIP). Fig 12.17 in Forouzan (p 318) is wrong. Figure out what is wrong. (Then remind me to explain in class.) Read the tcpdump material on my web page. Do Forouzan p 348 problems 38, 39, 40. Hand in. Go to the ``TCPdump and NTP, hexadecimal output'' page. For the two packets timestamped (tcpdump timestamp) 18.35.18.397430 and ....397590 , Draw the whole frame (ethernet and ARP packet). (Go back to the ARP packet layout in book and notes!) and give the values of all fields (Ethernet and ARP). If the tcpdump output had not told you these are ARP packets, how would you have known? Note: the second of the two packets has 18 Bytes of ``padding'', all zero. I think this is ``ethernet padding''. Don't worry about it. Explanation: The tcpdump is taken in the computer with address 10.7.0.1. In that computer, tcpdump sees outgoing frames before the linecard or driver adds the ethernet padding (to make the frame at least 46 + 14 = 60 Bytes). However, for incoming packets the previous interface had added the padding and tcpdump sees the frame before the padding is taken off. If you have a better explanation, give it. Hand in. Must be VERY LEGIBLE ! Good excercise: Do the same thing with the packet timestamped 18.35.18.397788 . (Go back to ICMP Packet in book and notes, also IP header). Do NOT hand in. --- Nov 13 (lecture 11) Second Midterm ALL material covered thus far. Incl reading and homework for 11/13. There will almost certainly be: Question on TCP header, Question on TCPdump output. Homework: Go to the tcpdump pages. Print the ``TCPDump and File Transfer Protocol'' page. Study that page. Among other things: Computer ``10.7.0.1'' opens an ``FTP'' connection to computer ``128.235.32.243''. ``10.7.0.1'' uses port number 36868 at its own side and port number 21 (the port number for the ftp control channel) at the other side. This connection is the ftp control channel. If you want to, you can read Forouzan Chapter 20 (FTP), but that is NOT necessary for this homework. Next, the human at ``10.7.0.1'' does an ftp ``get'': moves a file toward himself. (It was me, Teun Ott). FTP put: send file to other side. FTP get: get file from other side. To do the ``get'', computer ``10.7.01'' opens an FTP transport connection to ``128.235.32.243''. It uses port 36869 (the next available port) on its own side, and port 2079 at the other side. This portnumber 2079 was carried in the data in the control channel. (You can not see that, because I did not use the option -x to give the whole packet). (Can you guess why I did not do that?) Study the packets with time stamps (tcpdump(!) timestamps) 12:26:47.059425 and ... .059478 . The first is a FIN packet. 1. What is the tcpdump timestamp of the first (``original'') SYN of the connection (pair of flows) that the packet at 12:26:47.059425 is a FIN for? How can you tell? Hand in. 2. Make a drawing (IP header and TCP header, incl options) of the packet with tcpdump time stamp 12:26:47.059478. Where possible, give the numerical value of the fields (per byte, or per field or per bit, whatever is easiest or more logical). When you can not give the numerical value, give the name of the field. Don't worry about checksums. Exactly what does this packet say (or mean)? Hand in. 3. How can you tell the transport was a ``get''? Hand in. 4. How large was the file that was ftp-ed over? Explain how you get the answer. Hand in. Do the next three, but do not hand in: Find all three-way handshakes and four-way handshakes in this tcpdump. Determine which ones belong together (being of the same connection). Make sure to figure out what happens in the one ``unusual'' termination. ``128.235.32.243'' uses a ``clock'' that ticks roughly once every 10 msec (for the tcp time stamps). ``10.7.0.1'' uses a clock that ticks roughly once every 1 msec. How can you tell? These are the ``jiffie'' clocks, not the hardware clocks! The tcpdump timestamp (as far as I know) uses the hardware clock. The tcp timestamp uses the ``jiffies'' clock. There must be a NAT router in-between 10.7.0.1 and 128.235.32.243. Why is that obvious? Read Forouzan pp 366 - 393 (OSPF) --- Nov 20 (lecture 12) Project B is due on Sunday 11/21/2004, 9:00 am. This is a hard constraint! Mr Jain will be grading that Sunday. --- No class Nov 27 Read Forouzan Ch 13 (RIP, OSPF, BGP) Forouzan Ch 15 (OSI model) Forouzan Ch 17 (BOOTP and DHCP), Forouzan Ch 18 (DNS) Forouzan Ch 26 (ATM) Forouzan Ch 31 (IPng, IPv6). --- Dec 04 (lecture 13) Last class session of CIS 656. Read: same as for 11/27. Do: From the page ``Standard Exam Questions'' do problems 66 and 67. Hand in. --- Dec 11, 2004: Final Exam. Comprehensive! Strongly recommended: Do ALL problems in the list of ``Standard Exam Questions''. --- Homework for the academic break (Dec 2004 / January 2005): Read all chapters of Forouzan you have not read yet! (Priority: Ch 19 (Telnet and Rlogin), Ch 20 (FTP), Ch 30 (VPN etc), then the others in any order.)