Midterm, CIS 656. Nov 13, 2004. Dr Ott.          Name on every sheet!

Remember: 127.0.0.0/8 are all loop-back addresses.
          10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 are set aside
          for addresses in private networks.
In IP multicast over Ethernet, the magic word is 01:00:5E:, plus a zero bit.
The ethertype of IPv4 is 0800 (in hexadecimal).
The protocol numbers for TCP and UDP are 6 and 17 (in decimal).
The port number for http is 80 (in decimal).
 

1. Draw the header of a TCP packet, without options.
   For each field, give size (in bits) and a brief, concise 
   explanation of its use or meaning.
   Where relevant, give the units it is expressed in. 
   (Like liters, bits, km, Amperes, ...). 
   Try to have the flags in the right order. But the order is less 
   important than the meaning.

2. The following is an IPv4 packet, in the representation obtained from
   tcpdump. (The last several bytes have been dropped from the
   representation, to hide the length!)

A. What is the total length of the packet, in bytes? Explain.
B. What are the values of the M (more) and DF bits? Explain.
B. What is the transport protocol? Explain.
C. What is the Transport Header length? Explain.

                         4508 0077 bb4f 4000 3f06 6c0d 0a0d 0001
                         0a0e 0001 2885 943f a8d9 0a52 a98d 244a
                         8018 16a0 b066 0000 0101 080a 0002 b11d
                         0545 76bd 2d72 772d 7277 2d72 2d2d 2020
                         2020 3120 3530 3220 2020 2020 2035 3032
                         2020 2020 2020 2020 2020 2020 3438 2053
                         6570 2032 3320 3039 3a31 35

3. There are 6 pages of tcpdump output attached.

A. For the first packet, give the source ethernet address, the destination 
   ethernet address, and the ethertype.
B. For the F (FIN) at time 19:03:46.619718 , give the time of the 
   ``original SYN'' that started this TCP flow. (Or pair of flows, I am
   not consistent in the use of the word ``flow'' or ``pair of flows''.)
C. What computer initialized this flow? Give the name.
D. For the same F, give the time of the last Ack of the flow. 
E. For this pair of flows, how many data bytes were moved from
   128.235.251.39 to 128.235.32.243? How many in the opposite direction?
   (Briefly) explain. 

   Study the F at time 19:03:44.174878 and the next few packets.

E. Explain the role of all packets from that F until the last Ack of 
   that pair of flows.











4. A subnet has address  128.235.32.0/20
   For each of the following addresses:
   Can it be the address of an interface on the subnet?
   Can it be the source address of a packet traveling in the subnet?
   Can it be the destination address of a packet traveling in the subnet?
   Give your answers in the form (y/y/y or ... etc).
   Where appropriate, add something like a single word of explanation.

i     128.235.32.0
ii    128.235.32.1
iii   128.235.31.255
iv    128.235.33.255
v     128.235.47.254
vi    128.235.47.255
vii   128.235.48.1
viii  0.0.0.0
ix    255.255.255.255
x     224.0.0.1
xi    10.0.0.99
xii   127.0.0.1

5. Suppose an IPv4 packet with destination address 224.254.253.252 
   travels over an ethernet LAN. What is its ethernet address?

6. Give a BRIEF! and CONCISE! explanation of how a NAT Router works.