Keep all your responses BRIEF and CONCISE !! Checksums: Explain what it is for, and over what bytes it is computed (data only, or header only, or Pseudo-Header, or ...), whether it is voluntary or compulsory (and why), but do NOT explain HOW it is computed. Typical questions: 1. Draw an ethernet packet. For each field, give the size (in bits or bytes, and make sure to say which one you use). BRIEFLY explaim meaning, and use of all fields, where appropriate say what units it is expressed in. (Bits, Bytes, kg, seconds, meters, miles, hops, 32 bits words, coulombs, etc.) 2. Draw the header of an IPv4 packet without options. Further same as question 1. 3. Draw the header of an ICMP echo request. Further same as question 1. 4. Draw the header of and ICMP error reporting message reporting a packet was dropped because the TTL expired. Further same as question 1. 5A. Draw the header of a TCP packet without options. Further same as question 1. 5B. Draw the header of a UDP packet. Further same as question 1. 5C. Draw the header of an IPv6 base header. Further same as question 1. 5D. Same as 5A, 5B, but now include the pseudo-header. 6. ARP and RARP: I expect ``passive'' knowledge. For example: Suppose ARP is used to help find Physical Addresses in the case IPv4 over Ethernet. What is the Hardware Length? What is the Protocol Length? I will not ask to draw the header or enumerate the fields. But you must know meaning and function of the fields. Addendum 02/21/2006 : Same holds for ICMP headers. Make sure you can handle question 1 above: It WILL be on the midterm. 7. IPv6 has Version number 6, Protocol Identifier 41, and Frame Type (also called Ether Type) 86DD (in hexadecimal). Give examples of how each of these identifiers is used. BRIEFLY (!!) explain your answer. 8. (A) When the ARP software in a computer broadcasts an ARP request, does it use an IP broadcast address? If yes, which one? (B) Or does it use an address for a physical broadcast? (C) Or both? (D) or neither? BRIEFLY explain your answer. Harder question: Suppose that in question 8 your answer is ``physical broadcast only''. What additional information do you need to be able to find out the actual physical broadcast address? (answer: you have to know the hardware type! You should not simply assume the hardware type is ethernet! *IF* it is ethernet, the physical broadcast address is 48 ones). 9. Explain what the ``10'' and ``2'' and ``5'' and ``T'' mean in 10Base2, 10Base5, 10Base-T . 10. BRIEFLY explain the difference between a repeater and a bridge. 11. In the ``classfull'' scheme, what is the class of 128.235.204.127 ? (Any address could be used!). 12. Describe the mask of the network (or subnetwork) 170.170.0.0/20 . 13. Given a network address x.y.z.u/k , which of the following ... IP addresses are in that network? 14. Suppose you did not know that the Ether Type of IPv6 is 86DD (hex). How would you find out? Give enough detail that ``anybody'' can follow your directions. Hint for this Monday: Do it, and memorize the names of the URLs you use, items you click on, patterns you search for. This is one of the few cases where I encourage memorizing! 15. Given a specific packet, and an MTU, describe how the packet will be fragmented to satisfy the MTU. (I COULD be tricky and give you a packet with DF = 1). 16. Suppose we have an IPv6 packet inside an IPv4 packet, inside an ethernet packet. Sketch the system of headers. Give the Frame Type in the ethernet header, the version numbers in the IPV4 and IPv6 headers, and the protocol identifier in the IPv4 header. Roughly indicate locations of the fields I ask for. Problems ``like'' 16 are quite likely. Make sure you only answer questions I ask! Do not sketch locations of, or give information about, fields I did not ask for! That takes time, which will be in short supply! Alternative: Telnet inside TCP inside IPv4 inside IPv6 inside ethernet. etc. Possibilities galore! 17. Describe how a host gets the physical address of a different host on the same subnet, of which it knows the IP address. 18. Look at the following output: berman-41 ott>: ping -s ftp.nl.net 100 10 PING ftp.nl.net: 100 data bytes 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=0. time=111. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=1. time=108. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=2. time=115. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=3. time=88. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=4. time=113. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=5. time=120. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=6. time=116. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=7. time=102. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=8. time=109. ms 108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=9. time=90. ms ----ftp.nl.net PING Statistics---- 10 packets transmitted, 10 packets received, 0% packet loss round-trip (ms) min/avg/max = 88/107/120 What is the meaning of the numbers 100 and 10 in the command line? What is the meaning of the number 108 on the next lines? Give another name for the computer ftp.nl.net . What is the IP address of ftp0.svc.ops.eu.uu.net ? What is the size of the whole IP packets? (include ICMP and IP headers, but exclude frame headers, because you do not know the hardware type: probably is different on the multiple hops anyhow). Make a plausible guess for the distance from berman to ftp.nl.net in km. Assume there is no congestion (no queueing delay). (With that assumption your answer will be way off, it is the method that counts!). Show your reasoning. (c = 300,000 km/sec, for the speed of light in glass and for the speed of electrical signal in coax etc take c x .7 ). Do not confuse one way delay and round trip time! (factor 1/2). 19. Questions about nslookup, ping, traceroute . 20. Questions about encapsulation. All questions above are good examples also for the second midterm. Some more examples: 21. Draw the header of a TCP packet without options. BRIEFLY describe the size, meaning, and use of all fields. 22. Suppose a TCP receiver is SACK competent and knows the sender also is SACK competent. Suppose this receiver receives a data packet, and after the data have been inserted the receive window contains the following bytes (sequence numbers). (description). Does the receiver include a SACK option in its next acknowledgement? If yes, describe the SACK Option sent. 23. Describe the functions of the ECT and CE flags in the IP header. 24. Describe the functions of the ECE and CWR flags in the TCP header. 25. What do Internet People mean when they talk about the ``Silly Window Syndrome''? Is it good or bad? Why? 26. Describe ``Nagle's Algorithm''. 27. Describe ``Delayed acknowledgements''. Why are they used? 28. Explain how ``Nagle's Algorithm'' and ``Delayed acknowledgements'' separately are only mildly effective to prevent or minimize the Silly Window Syndrome, but together are quite powerful. 29. What is a Duplicate Acknowledgement? In TCP Reno (also in newReno), how many Duplicate Acknowledgments must a sender receive to cause it to re-transmit? In that case, what packet does it re-transmit? 30. In the network in the drawing given, (for example the one now in Dr Ott's website, spring 2004), a host in network XI wants to send an IP packet to a host on network VI, and it wants to make sure the packet passes through exactly the routers R9, R12, R10, R1, R3. (And not for example R8, R1, R2). Is this legal? If yes: Describe the Strict Source Route IP Option attached to the IP header of this packet as it leaves the source host. Also: Describe the Strict Source Route IP Option attached to the IP header of his packet as it enters R1, and as it leaves R1. Instead of IP addresses, us S for the address of the source host, D for the address of the destination host, and the port names (e.g. A1, A27) for the addresses of the Router Interfaces. 31. Over what fields is the TCP checksum computed? Is use of this checksum voluntary or compulsory? Why? 32. Similar for the IP checksum, UDP checksum. 33. Describe the TCP three-way handshake for connection establishment. 34. Describe the TCP four-way handshake for connection termination. 35. Describe Karn's algorithm. 36. Give a way to estimate RTT for which at any point in time there is at most one ``timed packet'' outstanding. 37. Give a way to detect lost packets by a time-out mechanism for which at any point in time there is at most 1 time-out timer outstanding. 38. What does MSS stand for? What is it used for? 39. What does MTU stand for? What is it used for? 40. What is window scaling? What is it good for? 41. Is IP address 229.128.15.15 a multicast address? Why, or why not? 42. Suppose an ethernet packet carries an IP packet with the address 229.128.15.15 as destination address. If there is no other header in-between, what is the physical destination address of the ethernet packet? 43. In question 42, why is the correct response not ff:ff:ff:ff:ff:ff ? 44. Questions about tcpdump, nslookup, ping, traceroute are extremely likely. 45A. Describe the mask of the (sub-)network 128.128.128.0/20 . 45B. Which of the following IP addresses is in that (sub-)network? For each, answer yes or no and give a brief explanation. (1) 128.129.128.10 (2) 128.128.144.170 (3) 128.128.129.160 (4) 128.128.128.144 46. A host receives, on one of its ethernet ports, an ethernet packet with an IPv4 packet inside. (i) How does the Data Link Layer in the host find out that the data in the ethernet packet must be handed over to the IPv4 software? (ii) What does the IPv4 software do to check whether what it gets is indeed an IPv4 packet? 47. One of the (sub-)networks directly connected to router R is 170.170.16.0/20. That network has an MTU of 4464 bytes. There are no complications with host-specific routes. (i) Describe what Router R does when it receives (on a different interface than that to 170.170.16.0/20) the packet: VERS = 4, HLEN = 5, ToS = 0, TL = 1500 Ident = 21845, Flags = 0, FragOffset = 0 TTL = 31, PROT = 17, CheckS = 0 SourceAddr = 170.170.129.17 DestAddr = 170.170.17.17 (Do not worry about checksums). If a packet, or packets, are sent out by Router R, describe the packet or packets. As long as it is CLEAR, a "differential description" is OK. (e.g., "the same, only now VERS = 6"). BRIEFLY motivate your answer. (ii) Same question, now the input packet is VERS = 4, HLEN = 5, ToS = 0, TL = 5376 Ident = 21845, Flags = 0, FragOffset = 0 TTL = 31, PROT = 17, CheckS = 0 SourceAddr = 170.170.129.17 DestAddr = 170.170.17.17 (iii) Same question, now the input packet is VERS = 4, HLEN = 5, ToS = 0, TL = 5376 Ident = 21845, Flags = 2, FragOffset = 0 TTL = 31, PROT = 17, CheckS = 0 SourceAddr = 170.170.129.17 DestAddr = 170.170.17.17 (iv) Same question, now the input packet is VERS = 4, HLEN = 5, ToS = 0, TL = 5376 Ident = 21845, Flags = 0, FragOffset = 0 TTL = 1, PROT = 17, CheckS = 0 SourceAddr = 170.170.129.17 DestAddr = 170.170.17.17 (v) Can a router (legally) ever receive the packet VERS = 4, HLEN = 5, ToS = 0, TL = 4460 Ident = 21845, Flags = 3, FragOffset = 0 TTL = 1, PROT = 17, CheckS = 0 SourceAddr = 170.170.129.17 DestAddr = 170.170.17.17 Why? or Why not? For some of the following questions you may need the following outputs of nslookup: maan-719 ott>: nslookup 128.235.251.39 Server: dns1.njit.edu Address: 128.235.251.10 Name: www-proxy.njit.edu Address: 128.235.251.39 maan-720 ott>: nslookup 128.235.32.243 Server: dns1.njit.edu Address: 128.235.251.10 Name: maan.njit.edu Address: 128.235.32.243 maan-784 ott>: nslookup 128.235.35.169 Server: dns1.njit.edu Address: 128.235.251.10 Name: front.njit.edu Address: 128.235.35.169 maan-785 ott>: nslookup 128.235.32.6 Server: dns1.njit.edu Address: 128.235.251.10 Name: cisnet-gw6.njit.edu Address: 128.235.32.6 48. While the standards allow ``non-contiguous'' masks, no sane administrator will ever allow use of a non-contiguous mask. Which of the following addresses are allowed as mask? A. 0.0.0.0 B. 255.255.255.255 C. 192.0.0.0. D. 155.255.0.0 E. 96.0.0.0 F. 255.255.192.0 G. 255.255.64.0 H. 192.192.0.0 I. 255.255.252.0 J. 255.255.253.0 For those of the adresses above that can be used as ``sane'' masks, give the length of the mask and give the hexadecimal representation (as given by ifconfig in afs1 - afs36 and afs48 - afs59). Those of you who have tried ``netstat -r'' and ``netstat -rn'' have seen that routing tables as reported are not as presented in class. For homework, quizes, etc, use the ``stylized'' format as done in class. 49. Generic Question: Given the following Routing Table, what would the router do with a packet with the following destination address? (See homework for 02/17. Since the topic was covered on 02/06, it may very well be asked on the next quiz). 50. Generic Question: for the following drawing of a network, design a ``sensible'' forwarding table for router R1. 51. Describe the mask of the (sub-)network 128.128.128.0/20 . 52. Which of the following IP addresses is in that (sub-)network? For each, answer yes or no and give a BRIEF explanation. (1) 128.129.128.10 (2) 128.128.144.170 (3) 128.128.129.160 (4) 128.128.128.144 53. A host receives, on one of its ethernet ports, an ethernet frame with an IPv4 packet inside. How does the Data Link Layer in the host find out that the data in the ethernet packet must be handed over to the IPv4 software? 54. A host receives, on one of its ethernet ports, an ethernet frame with an ARP response inside. What is value, in DECIMAL (!) of the frame type field in that ethernet frame? (see top of file for help: henceforth you always automatically look at the top of the file for help with this kind of questions). 55. A host receives, on one of its ethernet ports, an ethernet frame with an ARP Request for an IPv4 address inside. Give values of Hardware Type, Protocol Type, HLEN, PLEN, Operation in the ARP request. 56. (Sneaky!) Can the ``Protocol Type'' field in an ARP packet ever be 0806 (in hexadec)? 57. Draw the header of an IP packet (without options). For each field, give the size and a SHORT description of what it means or is used for. Where appropriate, give the units in which the content of the field is expressed. 58. A network has network address and mask 128.235.32.0/21 Which of the following addresses can be the address of an interface on that network? Why, or why not? 129.235.32.1 128.234.32.2 128.235.31.3 128.235.32.4 128.235.32.0 128.235.33.5 128.235.34.6 128.235.34.255 128.235.35.7 128.235.35.255 128.235.36.8 128.235.36.255 128.235.37.9 128.235.37.255 128.235.38.10 128.235.38.255 128.235.39.11 128.235.39.255 128.235.40.12 128.235.40.255 128.235.41.13 255.255.255.255 224.0.0.1 0.0.0.0 59. Which of the addresses above can occur in a packet on this network? Why? If yes, can it occur as source address? As destination address? Both? Neither? 60. A router R has forwarding table Num Mask Network Action Interface Next_Hop 1 255.255.255.255 128.235.223.7 DD eth0 2 255.255.240.0 128.235.176.0 F eth0 128.235.184.0 3 255.255.248.0 128.235.168.0 F eth1 128.235.170.1 4 255.255.248.0 128.235.176.0 F eth2 128.235.178.1 5 255.255.252.0 128.235.172.0 F eth3 128.235.172.1 6 0.0.0.0 0.0.0.0 F eth2 128.235.178.1 (The ``Num'' column does not exist in real routers). a. What kind of route is route number 1? b. What kind of route is route number 6? c. Which routes are prefixes to which routes? For the following addresses, explain what router R does with a packet with that address as destination address. (Carefull: Use longest prefix routing). 127.235.178.2 128.236.179.3 128.235.223.7 128.235.223.8 128.235.179.9 128.235.186.10 128.235.171.11 128.235.173.12 61. Router R receives an IP packet without options, with total length 3148 bytes, M = 0 , DF = 0 , TTL = 37. After looking in the forwarding table, R decides th packet must be forwarded through port eth1, which opens on a LAN with MTU = 1500 Bytes. a. How many databytes does this packet have? Answer: Since there are no options, HLEN = 5 and there are 5*4 = 20 Bytes in the header. Therefore, there are 3148 - 20 = 3128 databytes in the original packet. b. Will this packet be routed? Or will it be thrown on the floor? Answer: The incoming TTL equals 37. R decreases this to 36: still positive. OK thus far. The packet is larger than the MTU, but DF = 0, so fragmentation is allowed. This packet will be routed. (Unless there is something wrong with the address, or so). c. Will this packet be fragmented? Answer: yes, it will be fragmented. d. How many fragments will there be? Answer: Probably 3, but i have to check more carefully. e. For each of the fragments, give the TTL, DF bit, More bit, Total Size, Fragmentation Offset, and number of Data Bytes. Response: Each of the fragments will have TTL = 36. Each of the fragments will have DF = 0. The last fragment will have M = 0. All other fragments will have M = 1. Further: The first fragment will not contain the last data byte. Therefore, the first fragment has a number of data bytes that is a multiple of 8. Say 8*k. The first fragment will have a header of 20 bytes. The first fragment will have at most a total length of 1500 bytes. Therefore, 20 +8*k .LEQ. 1500. 8*k .LEQ. 1480. k .LEQ. 1480/8 = 185. The largest integer value of k that is OK is k = 185. Hence, fragment 1 will have 185*8 = 1480 data bytes, and a header of 20 bytes. It will have a Total Length of 1480 + 20 = 1500 Bytes. The Fragmentation Offset of the first fragment is zero. The second fragment: It will have Fragmentation offset = 185, header 20 bytes, 1480 data bytes (since 1480 + 1480 = 2960 < 3128), Total Length 1480 + 20 = 1500. It will have TTL = 36, DF = 0, M = 1 , The third fragment: Since 1480 + 1480 + 1480 = 4440 > 3128, the third fragment will have 3128 - 2960 = 168 databytes. It will have a header of 20 bytes and thus a Total length of 188 bytes. It will be the last fragment, so it has M= 0. It has TTL = 36, DF = 0. It has fragmentation offset 185 + 185 = 370. (The number of preceding databytes is 370*8 = 2960). Indeed: there are exactly three fragments. Do this one yourself: 62. Router R receives a packet without options, with TL (Total length) 3920 bytes, TTL = 19, M = 0, DF = 0, FragOffset = 0. R finds this packet must be routed and that the next LAN has MTU = 1500. How many fragments will there be? For each fragment compute TTL, DF, M, TL, FragmentationOffset, number of databytes. 63. An ethernet packet gave the following output in TCPDump: 18:30:45.631507 0:d0:3:70:5f:fd ff:ff:ff:ff:ff:ff 0806 60: arp who-has 128.235.35.169 tell 128.235.32.6 63A. Give a short explanation of every field in this tcpdump output (above). 63B. What do you know about the physical address of front.njit.edu ? What do you know about the physical address of vlan12-gw6.njit.edu ? What do you know about the physical address of dns1.njit.edu ? 64. Suppose we have an HTTP packet, and suppose the IP packet that carries the HTTP packet is an IPv4 packet which itself is encapsulated in another IPv4 packet, which is carried inside an ethernet frame. Draw this system of packets, in particular the various headers (in the right locations). Give all ethertypes, version numbers, protocol identifiers, and port numbers, indicating where they are located. Do not give other information about the headers (like header lengths, flags, locations and sizes of other fields, etc). 65. Given the following output from traceroute: alizarin-44 ott>: traceroute 129.105.5.186 traceroute to 129.105.5.186 (129.105.5.186), 30 hops max, 40 byte packets 1 128.235.204.6 (128.235.204.6) 1.101 ms 0.452 ms 0.406 ms 2 external-242-gw (128.235.242.2) 0.866 ms * 1.159 ms 3 njit-border-gw (128.235.249.254) 2.085 ms 1.688 ms 1.519 ms 4 Serial2-8.GW5.EWR1.ALTER.NET (157.130.11.85) 29.728 ms 16.892 ms 20.728 m s 5 119.ATM5-0.XR1.EWR1.ALTER.NET (146.188.180.26) 29.641 ms 21.214 ms 33.732 ms 6 193.at-1-0-0.XR1.NYC9.ALTER.NET (152.63.17.218) 48.318 ms 48.455 ms 47.67 4 ms 7 0.so-3-1-0.XL1.NYC9.ALTER.NET (152.63.9.58) 52.532 ms 41.507 ms 62.896 ms 8 POS6-0.BR1.NYC9.ALTER.NET (152.63.18.225) 60.640 ms 32.155 ms 45.342 ms 9 p7-2.nycmny1-cr10.bbnplanet.net (4.0.6.141) 34.029 ms 46.212 ms 44.817 ms 10 p1-0.nycmny1-nbr2.bbnplanet.net (4.24.8.169) 46.259 ms 59.226 ms 69.213 m s 11 p15-0.nycmny1-nbr1.bbnplanet.net (4.24.10.209) 71.378 ms 67.299 ms 80.391 ms 12 so-6-0-0.chcgil2-br2.bbnplanet.net (4.24.4.17) 101.834 ms 73.561 ms 70.74 3 ms 13 p1-0.chcgil1-br2.bbnplanet.net (4.0.1.198) 64.945 ms 47.104 ms 51.184 ms 14 p5-0.chcgil1-ba2.bbnplanet.net (4.24.5.238) 39.352 ms 62.902 ms 65.726 ms 15 p2-0.chcgil1-cr4.bbnplanet.net (4.24.5.246) 71.738 ms 39.296 ms 60.583 ms 16 a4-0-3.nuit.bbnplanet.net (4.24.245.6) 73.814 ms 98.819 ms 107.329 ms 17 lev-mdf-6-vln-39.nwu.edu (199.249.169.61) 92.782 ms 88.834 ms 84.173 ms 18 tech-idf-rtr.nwu.edu (129.105.253.166) 98.899 ms 82.675 ms 85.428 ms 19 thelonious.ece.nwu.edu (129.105.5.186) 97.856 ms * 76.901 ms 65A. BRIEFLY (dotted decimal only is OK), what list of intermediates would you expect if you did traceroute 4.0.6.141 (from alizarin)? 65B. What RTT would you expect (roughly) if you did ping -s 4.0.6.141 (from alizarin)? 66. This is a question on RIP. ``infinity'' = 16. DD = Direct Delivery FW.X = Forward to router X All distances are in hopcount 66A. What does RIP stand for? 66B. What class of routing protocols is RIP? Suppose Router R contains the following Routing Table (Output Port identifiers are not needed here and are not given). Network: 1 2 3 4 5 6 7 8 Distance: 1 1 1 3 2 2 3 4 Action: DD DD DD FW.F FW.F FW.E FW.E FW.E 66C. Suppose Router R now gets the following RIP (RIP v1) message from its neighbor, Router G (possibly, G has been down for some time): Network: 4 5 6 7 8 9 Distance: 1 2 3 2 1 1 What does the routing table in R look like after the update? Make sure I can follow your logic. 67A. Suppose this internetwork uses Poisoned Reverse. Suppose router R sends (BEFORE the update in 66C) an update to its neighbor Router E. Construct and give the update message. 67B. Same, now Split Horizon. 68. RTT estimation in TCP. Describe how in TCP the RTT can be estimated in such a way that at any point in time the source needs to ``remember'' the departure time of at most one unacknowledged packet. (Not using TCP time stamps.) 69. Suppose we have an http packet, inside a TCP packet, inside an IPv6 packet, inside an IPv4 packet, inside an ethernet packet. Describe in detail the locations, and where you can the values, of all port numbers, next header identifiers, protocol identifiers, version identifiers, frame types, source addresses, destination addresses. Make a sketch of where the various headers are located, and where various fields mentioned are located in thoise headers. 70. What is the bandwidth of a SONET OC-1 connection? (OC-3 ? OC-6 ? ... OC-192 ?). What is the bandwidth of a DS-0 connection? DS-1 ? DS-3 ? What is the bandwidth of a T-1 connection? a T-3 connection? 10 years ago I might have asked you the difference between T1 and DS-1, but since i have forgotten, I won't :-) . 71. What does EMTU-S and EMTU-R stand for? Where and how are these EMTUs used? More questions may be added if Dr Ott has time. Check this page. --- Don't forget: this was a SAMPLE only. I tried to give examples of the TYPE of questions I may ask. Not examples of specific questions I am likely to ask. A few specific ones are particularly likely: Packet headers, in particular IP, TCP. Interprete outputs of tcpdump, nslookup, ping, traceroute. 72. A 1 TByte file must be transported from the Pittsburg Supercomputer Center to the San Diego Supercomputer Center. The systems people involved think this can be done in about 4 hours, using TCP. The RTT has been measured at 50 msec. a. How large must the transmit buffer in Pittsburg (at least) be to make this possible? b. How large must the receive buffer in San Diego (at least) be to make this possible? c. What window scale factor must be used to make this possible? Other version of the same problem: A large (really large!) file must be transported from the Minnesota Supercomputer Center to the North Caroline Supercomputer Center. Based on contracts with carriers (Internet II etc) it is likely a rate of 800 Mbit/sec can be reached. The RTT is estimated at 50 msec. How large do send_buffer, receive_buffer, and window scale factor need to be to stress the data rate the carrier can offer? Complication (not discussed in class): Suppose the RTT actually is exactly 50 msec for all packets. Suppose the starting ssthresh equals 65535 Bytes, and the starting cwnd equals 1 MSS = 5000 Bytes. How long does it take until we start stressing the rate Internet II promised? 73. Prototype problem: Study the following output of tcpdump. For the packet stamped at time ... , compute the fields ... . Or: What Ip options are present? What TCP options are present? (See the tcpdump output somewhere on my web page). 74. Prototype problem: Study the following outpus of tcpdump, ping, nslookup, traceroute, ... . What can you conclude about ... ? 75. Look through the three tcpdump outputs on this page. Read my inserted comments carefully. It is garanteed there will be a (at least one) tcpdump - type question on the final. ``Taildrop'' is the queueing discipline where if a packet tries to enter a buffer that is already full, the packet trying to enter is dropped. Another queueing discipline is ``drop from front'', where if a packet attempts to enter a full buffer, the packet trying to enter is allowed in, and the packet in the front of the queue (normally the one to be served next) is dropped. 76. Explain how in TCP/IP. if most of ther packets are TCP, ``taildrop'' can lead to ``bad things'' like synchronization between flows, oscillatory behavior, etc. RED (Random Early Detection, also know as Random Early Drop) is the mechanism where routers, when a buffer is ``kind of full'' but not quite full yet drop arriving packets with a certain probability. 77. Describe (in no more than half a page, preferably less!) how RED prevents or at least significantly decreases synchronization between flows, and oscillatory behavior. ECN (Explicit Congestion Notification) is the mechanism where routers, when a buffer is ``kind of full'' but not full yet, mark packets (``congestion experienced'') but not drop them unless ... . 78. Where are the CE , ECT , CWR , ECE bits located? 79. Describe (in no more than half a page, preferably less!) how ECN works. Describe the role of the CE , ECT , CWR , ECE bits. 80. Why are the CEc and ECT bits in the IP header, while the CWR and ECE bits are in the TCO header? 81. What is flow control? Give an example of flowcontrol in TCP. 82. What is overload control? Give an example of overload control in TCP. 83. What does MTU stand for? What is it? What does MSS stand for? What is it? What is MTU discovery? Who does it? cwnd stands for congestion window. In BSD Unix, cwnd is expressed in bytes. Let W stand for the congestion window expressed in MSSs, thus W = cwnd/MSS . In BSD Unix, if a ``good acknowledgement'' arrives at the source (one that increases the ``next expected byte'' number), W increases by 1/W (MSSs). (At least, that is the plan. Some implementations do not quite do it that way). 84. If a ``large file'' is transfered (say using http or ftp), and no ``delayed acknowledgent'' are used, and practically all packets are 1 MSS in size, then, once the systems is in ``congestion avoidance'' and W is ``kind of large'', W increases by one MSS once every RTT. (At least, by close approximation). Explain how come. (An example is OK). The standard is indeed that every ``good'' acknowledgement increases W by an amount that depends on W (as above) but does not depend on how large the increase in ``next excpected'' is. Show how a destination can ``cheat'' by sending many acknowledgements, each for a couple of bytes, instead of one ``large'' acknowledgement. 85. In the situation of problem 84: show that if the destination uses ``delayed acknowledgements'' W increases (roughly) by one MSS every two RTTs. Study the following output: maan-143 ott>: arp -a Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- hme0 vlan12-gw 255.255.255.255 00:00:0c:07:ac:01 hme0 schist 255.255.255.255 00:c0:4f:47:1d:5f hme0 pcc07 255.255.255.255 00:50:04:74:36:a6 hme0 silk 255.255.255.255 08:00:20:72:59:6e hme0 pcc02 255.255.255.255 00:50:04:75:90:2c hme0 hadlock 255.255.255.255 08:00:69:0d:18:a1 hme0 above 255.255.255.255 00:c0:4f:58:ec:f0 hme0 vlan12-gw7 255.255.255.255 00:d0:03:70:5b:fc hme0 vlan12-gw5 255.255.255.255 00:d0:03:70:5f:fc hme0 denton 255.255.255.255 00:01:e6:3a:f5:b8 hme0 dhcp34-202 255.255.255.255 00:07:e9:ec:3e:e6 hme0 dhcp34-197 255.255.255.255 00:04:5a:71:89:5e hme0 dhcp34-196 255.255.255.255 00:50:56:48:a4:aa maan-144 ott>: arp -an Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- hme0 128.235.32.1 255.255.255.255 00:00:0c:07:ac:01 hme0 128.235.33.82 255.255.255.255 00:c0:4f:47:1d:5f hme0 128.235.32.107 255.255.255.255 00:50:04:74:36:a6 hme0 128.235.33.108 255.255.255.255 08:00:20:72:59:6e hme0 128.235.32.101 255.255.255.255 00:50:04:75:90:2c hme0 128.235.35.103 255.255.255.255 08:00:69:0d:18:a1 hme0 128.235.33.121 255.255.255.255 00:c0:4f:58:ec:f0 hme0 128.235.32.7 255.255.255.255 00:d0:03:70:5b:fc hme0 128.235.32.5 255.255.255.255 00:d0:03:70:5f:fc hme0 128.235.33.22 255.255.255.255 00:01:e6:3a:f5:b8 hme0 128.235.34.202 255.255.255.255 00:07:e9:ec:3e:e6 hme0 128.235.34.197 255.255.255.255 00:04:5a:71:89:5e hme0 128.235.34.196 255.255.255.255 00:50:56:48:a4:aa (I manually edited the outputs to throw out computers occurring in one output but not the other. In an exam I may not do that). 86. What is the IP address of hadlock.njit.edu? 87. Which of the computers listed are you sure will have the same IP address if turned off (power off) for a day or so, then turned back on? Explain your answer. 88. Explain why an ATM VC is likely to have different VCI/VPIs on the different links it traverses. 89. Explain why ``address binding'' is much harder in an ATM network than in an ethernet subnet. (No more than a quarter page!). 90. What does NBMA stand for? What does it mean? 91. ATM cells have a payload of 48 bytes. Yet, the MTU of an ATM network (for IP over ATM) is 9180 Bytes. Explain how the MTU can be larger than the cell size. (No more than a quarter page!) 92. What does AAL stand for? Give a short description of AAL 5. (No more than a quarter page!). 93. What does SAR stand for? Give a short description of SAR. (No more than a quarter page!). 94. What is IP over IP tunnelling? (No more than a quarter page!). 95. Why is IP over IP tunnelling needed in Multicast? 96. What does VPN stand for? 96. Explain how IP over IP tunnelling can be used to implement a VPN. 97. What is traffic analysis? How can IP over IP tunnelling be used to make traffic analysis harder? Actually, ``traffic analysis'' has at least two meanings. Both mean ``to analyze the traffic'', but the intents are different. When Dr Gottlieb talked about ``Traffic Analysis'' he meant to analyze the traffic on the ATT network, to improve engineering, increase capacity in the right places and at the right times, etc. When a ``spy'' talks about ``Traffic Analysis'', she means analyzing the traffic to figure out what the enemy is up to. Or at least to figure out that the enemy is up to something special. Methods: try to measure traffic intensity between special sources, destinations. Even if you can not decrypt the traffic. 98. What other methods are there to implement VPNs? 99. What does NAT stand for? 100. Give a BRIEF description of how NAT works. (It is OK to assume the simplest case: one public address for the whole private network). 101. What is the bandwidth of the main long-haul trunks in the ATT network? (OC-192, that is about 192 x 51.84 Mbit/sec, say 9953.28 Mbit/sec. Of this, users can get about 9510.912 Mbit. Let's call it 9.5 Gb/s). (From Dr Gottlieb's talk). 102. I will look through Dr Gottlieb's VGs and see whether I can extract another question. 103. What is a ``shim-header''? What is it used for? 104. What does MPLS stand for? 105. What did we, do we, think MPLS is good for?