Final Exam, CIS 656, Dr Ott Dec 11, 2004. Time: 9:00 - 11:30 Name on every Book! 1. Suppose we have an HTTP packet inside a TCP packet inside an IP packet, inside an IP packet (``IP over IP''), inside an ethernet frame. Sketch (sketch, do not make a detailed drawing) the system of headers. Indicate the locations of the various source- and destination fields. Indicate the locations of the various ``next protocol'' fields, such as ethertype, protocol identifiers, portnumbers, etc. Where possible, give the values of the fields. 2. Router R1 (and all routers in the area it is part of) use RIP1 with Poison Reverse. Router R1 has ``Routing Table'' Network: 1 2 3 4 5 6 7 8 9 10 11 12 Distance 1 1 1 2 2 2 3 3 2 2 3 3 Next Hop: DD DD DD R2 R2 R3 R2 R3 R4 R5 R5 R2 R1 has three interfaces: eth1, to N1, through which it reaches R2 and R3. eth2, to N2, through which it reaches R4. eth3, to N3, through which it reaches R5 2A. Formulate the Route Advertisement R1 sends to R2. 2B. Suppose R1 gets the following Route Advertisement from R2: (RIP1 advertises only distances, not next hops): Network: 1 2 3 4 5 6 7 8 9 10 11 12 distance: 16 16 16 3 1 1 2 2 16 16 16 3 Create the new routing table for R1. 3. This is about the attached tcpdump output. Read the ``top''. 3A. Study the first two packets. Explain every field of the first packet. 3B. There is something ``weird'' (seemingly against the rules) with those two packets. What is that? (Don't try to explain why it is not really against the rules, even if you know). 3C. On the basis of this information, can you figure out the ethernet address of 10.11.0.253? If yes: give it, and explain how you got it. If no, explain why you can't. 3D. On the basis of this information, can you figure out the ethernet address of 10.14.0.1? If yes: give it, and explain how you got it. If no, explain why you can't. 3E. For the first ``non-arp'' packet, explain all fields. (BRIEFLY!) 3F. For the flow to and from 10.14.0.1.34595: Find the three packets that constitute the three way handshake. (Give the full time of the first one, the microseconds parts of the other two.) Find the four packets that constitute the four way handshake. (Gives times, the same way). 3G. For the flow to and from 10.14.0.1.34562, how many bytes were transported from the web server to the web client? How many from the web client to the web server? (An error of up to 2 bytes will be forgiven in each case). BRIEFLY explain how you get the answer. 4. BRIEFLY, describe how a ``learning bridge'' works. (Feel free to assume a very old ethernet with coaxial cable.) 5. Study the following ``ping'' output: [ott@hawking ott]$ ping -s 8 -c 4 marconi PING marconi.internet.lab (10.13.0.2) 8(36) bytes of data. 16 bytes from 10.13.0.2: icmp_seq=1 ttl=64 time=0.147 ms 16 bytes from 10.13.0.2: icmp_seq=2 ttl=64 time=0.188 ms 16 bytes from 10.13.0.2: icmp_seq=3 ttl=64 time=0.182 ms 16 bytes from 10.13.0.2: icmp_seq=4 ttl=64 time=0.187 ms --- marconi.internet.lab ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3033ms rtt min/avg/max/mdev = 0.147/0.176/0.188/0.016 ms [ott@hawking ott]$ ping -s 60008 -c 4 marconi PING marconi.internet.lab (10.14.0.2) 60008(60036) bytes of data. 60016 bytes from 10.14.0.2: icmp_seq=1 ttl=64 time=11.1 ms 60016 bytes from 10.14.0.2: icmp_seq=2 ttl=64 time=10.8 ms 60016 bytes from 10.14.0.2: icmp_seq=3 ttl=64 time=10.8 ms 60016 bytes from 10.14.0.2: icmp_seq=4 ttl=64 time=10.8 ms --- marconi.internet.lab ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3034ms rtt min/avg/max/mdev = 10.809/10.900/11.156/0.147 ms Based on the above, give an estimate for the datarate of the link between hawking and marconi. (bits/sec). 6. A router R has forwarding table Num Mask Network Action Interface Next_Hop 1 255.255.255.255 128.235.223.7 DD eth0 2 255.255.240.0 128.235.176.0 F eth0 128.235.184.0 3 255.255.248.0 128.235.168.0 F eth1 128.235.170.1 4 255.255.248.0 128.235.176.0 F eth2 128.235.178.1 5 255.255.252.0 128.235.172.0 F eth3 128.235.172.1 6 0.0.0.0 0.0.0.0 F eth2 128.235.178.1 (The ``Num'' column does not exist in real routers). a. What kind of route is route number 1? b. What kind of route is route number 6? c. Which routes are prefixes to which routes? For the following addresses, explain what router R does with a packet with that address as destination address. (Careful: Use longest prefix routing). d. 127.235.178.2 e. 128.236.179.3 f. 128.235.223.7 g. 128.235.223.8 h. 128.235.179.9 i. 128.235.186.10 j. 128.235.171.11 k. 128.235.173.12