Midterm II, CIS 656
April 12, 2003. 9:15 - 11:15.
Closed Book.
Use only the paper provided by Dr Ott.
Put your name on every sheet.
Keep margin free!

Be SHORT and CONCISE.
Write legibly!

1. Draw the header of a TCP packet without options.
   Describe the size, meaning and use of every field.
   Where appropriate, say what units the field is expressed in.
   (Liters, meters, bits, bytes, words, kilograms, etc).
   Try to get the flags in the right order, but do not worry if you  
   get them in the wrong order.


2. Study the TCPdump output that comes with this exam. (6 pages).
   There are two three-way handshakes and two four-way handshakes in 
   this output.

2a. Find all occurrences of handshakes in this output. Describe each
    in terms of packets that are part of the handshake (identified by
    timestamp), participating computers, ports, protocol. 

2b. There is one pair of flows (same computers, same ports, same protocol, 
    but opposite directions) that begins and ends within the time span 
    of this TCPdump. What pair is that? (give computers, ports, protocol).

2c. At times 12:26:01.721351 and 12:26.01.724298 there are packets 
    with the same ``next expected byte''. Is the second a duplicate 
    acknowledgement? why, or why not?

2d. Which of the two computers maan.njit.edu and www.njit.edu 
    understands  SACK ? (both? none? one? the other?). 
    Explain your conclusion. 

2e. For the pair of flows you obtained in 2b, roughly (estimate within
    a few bytes accuracy) how many good databytes arrived at each 
    endpoint? Briefly explain how you got this.

2d. Find and give the IP address of www.njit.edu . Briefly explain how
    you got it.


3. We have a TELNET packet, inside a TCP packet, inside an IP packet, 
   inside an ethernet packet. Draw (less detail than in question 1 !)
   this system of headers and packets. Roughly indicate locations 
   of ethertype fields, port number fields, version numbers, protocol 
   identifiers, physical and logical address fields. Where possible, 
   give the values.  


4a. Briefly describe the ``Silly Window syndrome''.
4b. Briefly describe the mechanisms used to prevent or minimize
    the silly window syndrome.


5.  What do EMTU-R and EMTU-S stand for?

6.  What does RIP stand for?

7. In a network using RIP, router A uses Poisoned Reverse. 
   At some point router A has ``Routing Table'' (abbreviated)

   SubNetwork: 1    2    3    4    5    6    7    8    9
   distance:   0    2    3    0    1    5    0    2    3
   Next Hop:  DD    B    C   DD    B    E   DD    E    E

7a.   At that point, A receives from E the route advertisement

   SubNetwork: 1    2    3    4    5    6    7    8    9   10
   Distance:   0    1    1    2    2    3    1    4    2    4

   Construct the new routing table in A. (abbreviated).

7b. Alternatively, BEFORE receiving the advertisement in 7a, 
    Router A sends an advertisement to B. Give that advertisement.

8.  A Network has address   128.235.32.0/22 .
8a. Describe the mask of this network.

    Which of the following addresses can occur in a packet on this network?
    Give 5 seperate responses. If no, briefly explain. If yes, describe 
    under what circumstances.

8b  128.235.35.0
8c  128.235.32.0
8d  128.235.35.255
8e  255.255.255.255
8f  0.0.0.0