CIS 656, Spring 2005. All homework is assigned on this page. Homework must be done before / is due on the date stated. Homework to be handed in: Unless stated differently, and unless you make a different arrangement with the TA (Mr Rahul Jain), homework must be handed in on the day stated, before 1:00 pm, by putting it in the envelope on the door of the Internet Laboratory. That is GITC 4325. If you want a special arrangement for handing in homework, ask Mr Jain. Don't ask Dr Ott. He always says no. I try to assign homework at least 6 days in advance (on Sunday for the next Saturday) but sometimes I do not succeed. Also, sometimes I change my mind. So check this page frequently. Use ``reload'' or ``refresh'', or you will get the version you looked at last time. Students are encouraged to discuss homework at the ``idea'' level (``how would you start on this problem''), but doing homework together and handing in essentially the same copy is absolutely not permitted and leads to reduced credit or worse. --- 01/29/2005 (lecture 2) I got my copy of the third edition of Forouzan on 01/19, so it should appear in the bookstore any day now. Homework for 01/29/2005: On my website, CIS 656 General Remarks, read the ``Computer Access at NJIT'' page. Do those excercises that are not old hat to you. Do not hand in. On the same website, read the ``CIS 656 Content'' page. Remember this page: later you need the ``man pages'' listed there. On the same website, read the ``Networking Books'' page. Remember this page: you may need to read RFCs listed there, or books listed there. In the CIS 656 Spring 2005 site, read the README file. Read Forouzan pp 1 - 40 (Ch 1 and 2). Read Forouzan pp 43 - 54 (ethernet). Read Forouzan pp 81 - 95 (Start of ``adressing''). IETF stands for ``Internet Engineering Task Force''. RFC stands for ``Request for Comments''. IETF RFCs can be obtained on the web. Find out how. (For example, first use GOOGLE to find IETF). Get IETF RFC 1700 and read page 1. (The whole RFC is too long and too out-dated to read). Get IETF RFC 3232 and read the whole thing. (2 pages). 1. Use the mechanism described to find out what the content of the ``Frame Type Field'' (see below) in an ethernet frame header is, in case the ethernet frame contains an IP version 4 (IP v4) packet. (The answer is 0800 in hexadecimal, 0000 1000 0000 0000 in binary, 2048 in decimal). To prove you found the answer in the location I want you to know about, copy 5 lines from the page you found: the line with the answer, two lines above it, two lines below it (five lines total). Hand in these 5 lines. Note: What I usually call the ``frame type field'' in the ethernet header, other people sometimes call the `ether type field''. (And sometimes I do that, too). Forouzan used to call this the ``Length PDU'' field. That was outdated. In the third ed p 46 he calls it the ``length/type'' field. Nowadays it is almost always used as ``frame type'', i.e., as descriptor of the next higher protocol. More about this in class. While doing the homework you may have to search for ``ethernet numbers'' or ``ether type''. --- 02/05/2005 (lecture 3): Read Forouzan pp 55 - 79 (Most of this is ``the other LANs'' that you must be aware of but that are not of further relevance in this course.) Read Forouzan pp 95 - 110. Read Forouzan pp 115 - 128. (CIDR etc). Read Forouzan pp 131 - 155. (In class I called this ``forwarding''). Read the ``Domain Names'' page on this website. Read the ``nslookup and dig'' page on this website. Go to my web site, to the page for ``CIS 656 Fall 2004'' Go to ``Information on the Project''. Read the ``README'' page. This will give you an idea for the project this semester. (The network will be different). Look at the ``Example output 1 for Project B'' page, in particular the packets with ``simple fragmentation'': packets 1 , 5 , 22 , 23 . Also look at packet 19. DSCP (Differentiated Services Code Point) is the first 6 bits of the ToS field. ECT and CE are the first and second bits of the ECN field (the last two bits of the ToS field). Checksums are not checked! Packets 4 and 6 also have fragmentation, but not simple: they combine fragmentation with other complications still to be done in class. The following was an excercise in Fall 2004. I did not modify it yet for this semester: { Go to http://www.clickz.com/stats/big_picture/demographics/article.php/3398361 to find out something about Internet Traffic. What percentage of americans say that the Internet plays an important role in their daily routines? What percentage of the americans are not plugged into the the Internet at all? Can you explain the discrepancy? Hand in your response. (I found this page by typing ``Internet Traffic Patterns'' into Google and then going with the flow). } In Spring 2005: 1. Get the URL of the Univ of Adelaide in Australia. Get the IP address of the computer that supports that URL. Hand in that IP address. 2. An IP packet, without options, arrives at Router R. It has TL = 2500. (TL: Total Length. TTL: Time to Live.) a. How many header bytes does it have? How many data bytes does it have? It has TTL = 12 , DF = 0 , M = 0 , Frag_Offset = 0 . The router finds it has to forward the packet, and finds the next LAN has an MTU of 1500 Bytes. b. How many fragments will result? c. For each of these fragments, compute TL, TTL, DF, M, and Frag_Offset. Hand in. --- 02/12/2005 (lecture 4). Read Forouzan pp 159 - 176 (ARP and RARP). Read Forouzan pp 179 - 209 (IP Protocol). If you have not yet done so: Download and install ssh (Secure Shell) into your computer at home. Telnet from your computer at home to a computer at NJIT. SSH from your computer at home to a computer at NJIT. Do: man arp , man netstat , man ifconfig (in microsoft: ipconfig). (In microsoft, ``man'' is called ``help'', but is not as much help as man. Make sure you do all this on afs computers. Plus others, if you want to.) Try to make sense out of these. Do not spend more than 90 minutes on these three together. Do: man ping . Make sense out of the output. (You can do it!). There are (at least) three groups of computers at NJIT you can access: A. afs1 - afs36, afs58, afs59 (remote and ``on the spot'', in GITC). B. afs48 - afs57 (remote only). C. lafite.njit.edu and mouton.njit.edu (remote only). (You will get access by about ... . There was a delay. It will be soon.) Find out which ones are telnet servers, which ones are ssh servers. Do NOT hand in. Access at least one from each of these groups and do ``ifconfig -a'', ``arp -a'', ``arp -n'', ``netstat -r'', ``netstat -a'', ``netstat -n''. Study the outputs. Do NOT hand in. Now first telnet to one of afs48 - afs57 and then from there to another from afs48 - afs57. Make sure both are sgi machines. Repeat the ``arp'' experiments. Make sure to understand what you see. Do NOT hand in. On one computer from each group, play with ping. Find out how to set the number of data bytes in a ping packet. Find out how to set the number of ping packets in a sequence. Do NOT decrease the time between ping packets below 1 second. Do NOT hand in. 1. For afs4, for afs50, for lafite, find the physical address. (If there is more than one port: the physical address of the port that has a configured IP address). Hand in. 2. For the same computers, find the IP address, the network mask, and the network address. (Really: I should say ``subnetwork'' but I always say ``network''.) Hand in. 3. Find out what the time-out algorithm is for the arp caches in the three groups of computers. Hint: do ``arp -a'' or so once every 30 or 40 seconds for 5 or 6 minutes. Hand in a description of the time-out mechanism. Make it BRIEF! AT MOST three sentences should be enough. 4. Suppose we have a (sub)-network 128.235.32.0/21 Which of the following addresses can be the address of a host on that network? Which ones can be the source address in a packet on that network? Which ones can be the destination address in a packet on that network? (Each yes (it can) or no (it can not), with SHORT explanation. Like: ``first difference is in the bit number 27, and 27 < 32''. Or a drawing with arrows and/or circles. Bits are numbered 0 , 1 , ... , 31 . Convince Mr Jain you did not just guess.) (i) 129.235.32.1 (ii) 128.234.32.2 (iii) 128.235.33.3 (iv) 128.235.34.4 (v) 128.235.35.5 (vi) 128.235.35.255 (vii) 128.235.39.254 (viii) 128.235.40.253 (ix) 255.255.255.255 (x) 128.235.39.255 (xi) 128.235.32.0 (xii) 0.0.0.0 (xiii) 224.0.0.1 (xiv) 225.1.2.3 (xv) 0.0.7.7 (Look in Forouzan!) (What did I say in class?) (xvi) 127.0.0.3 (Look in Forouzan: I forgot to mention this in class). (xvii) 172.17.17.17 (Tricky!) (The answer is (No, No, No), explain why.) Hand in. Make it clear and concise. Example: The answer to (xiii) is (No, No, Yes) because 224.0.0.1 is a multicast address. The answer to (ii) is (No, Yes, Yes). It can not be an interface in the (sub)network because there is a difference in the second octet. It can be a source address or destination address because the packet could be in transit through 128.235.32.0/21 . Go to the afs48 - afs57 group and do ``arp '', where is the name or IP address of one of the other computers in the same group. Sometimes the response is `` ... -- no entry ''. If that happens, ping the machine for which you got no entry, and try ''arp '' again. Make sure you understand what you see. Do NOT hand in. --- 02/19/2005 (Lecture 5) I plan to have ``midterm 1'' on 02/19/2005. ``Everything'', including reading and homework for 02/19. Read Forouzan pp 211 - 235 (ICMP) Do: man nslookup , man dig . Try to make sense out of these. Do not spend more than 60 minutes on these two together. By now you have found out that, with ping, afs1 - afs36 give the ``round trip time'' in whole msec (rounded to the nearest integer), while (most of?) the other computers I mentioned in the homework for 02/12 give the RTT in microseconds. (If you did not find out yet: shame on you. Check it now.) 1. Among afs48 - afs57, find two that are up and in the same LAN, then use ping to estimate the data rate (bits/sec) of the link between them. BRIEFLY describe what you measure and what it means. Hand in. --- 02/26/2005 (Lecture 6) The due date for project A has been postponed to 03/05/2005. But make sure you have started well before 02/26 or you will get into time trouble. Read Forouzan pp 237 - 252 (IGMP) Read Forouzan pp 255 - 272 (UDP) do man traceroute and make sense out of the output. Go to Google and search for ``traceroute''. You will find a large number of ``public traceroute sites''. Some work as advertised, some don't. www.traceroute.org contains lists of such traceroute sites. (One list for ``every'' country.) Some work as advertised, some don't. Try a few. Find some IP adresses to traceroute to by finding websites for various organizations and topics. Make sure some are on other continents. Some of these addresses you can reach. Some you can not. Think about what that means. Do not hand in. A public traceroute site that works is www.net.princeton.edu/traceroute.html . Try it. Do not hand in. 1. From the Princeton U traceroute site, traceroute to the www site of the Univ of Adelaide. Explain what you see. Hand in the traceroute output and your BRIEF! explanation. 2. Do the same from the Princeton U site to the www site of Stanford U. Hand in the traceroute output and your BRIEF explanation. 3. Try to find a computer in Asia (or European part of Russia) that you can reach using traceroute. Do not hand in. You now have access to three subnetworks in NJIT. One of these contains afs1 - afs36, the second contains afs48 - afs57, the third contains lafite and mouton. 4. For each of these subnetworks, find the network address in ``slash notation''. Hand in, with a SHORT explanation of how you got it. (Name of computer(s) you were logged in to, name of command(s) you used, output you got, plus one sentence.) 5. In the IANA Database, find the IP Multicast Address for NTP (Network Time Protocol). Hand in 5 lines: the line itself, two above, two below. If you want to know more about the Network Time Protocol: Go to the IETF RFC pages and search for NTP. You get 13 matches. The best for your purpose probably are RFC 1129 and RFC 1305. This will not be handled in class. Note that 5 of the 13 RFCs are ``obsoleted''. 6. In the IANA Database, find the ethernet physical multicast address for ``DEC LanBridge Copy packets (All bridges)''. Hand in 5 lines: the line itself, two lines above, two below. 7. Do traceroute between lafite and mouton. Do ping between lafite and mouton. What options do you choose for traceroute and for ping to make the results ``as comparable as you can''? Compare the outputs. Do not hand in. 8. Do traceroute between one of (lafite, mouton) and one of (afs48 - afs57). Do ping between the same two computers. What options do you choose for traceroute and for ping to make the results ``as comparable as you can''? Compare the results. Do not hand in. --- 03/05/05 (Lecture 7) Project A is due. Read Forouzan pp 275 - 305. (Start of TCP). SIP Stands for ``Session Initiation Protocol''. I do not plan to cover it in class. It is a ``lightweight'' protocol for setting up sessions, for example VoIP sessions. If you want to read up on it: go to the IETF RFC pages and search for ``SIP''. (Even though it is ``obsoleted'' you might want to start by reading RFC 2543, then read a few of the later ones.) There is an IP Multicast Address associated with SIP. 1. Suppose a SIP Multicast packet moves through an ethernet. What is the physical destination address of the ethernet frame? Hand in. In order to find more homework for you, I went to Google and asked for ``Internet Traffic Patterns''. After a few more clicks I found something on the market share of Firefox. 2. What is the current market share of Firefox (in the browser world)? Hand in. In the process, I saw a few other items that might be of interest to you. Have a look. (Do not hand in.) 3. Do Forouzan p 273 problem 16. Hand in. --- 03/12/05 (Lecture 8) Read Forouzan pp 305 - 340. (More TCP). 1. Do Forouzan p 252 problem 5. Hand in. 2. Do Forouzan p 341 problem 3. Hand in. (How does the TCP source figure out what is wrong, from the ICMP message? Draw the ICMP error message the source receives, and explain.) --- NO class on 03/19/2005 Spring break 03/13/2005 - 03/20/2005. Make sure to use it for ``project B''. I recommend you also read ahead (Forouzan Ch 19, Ch 12, Ch 13, man FTP, this web page on Snooper Tools, tcpdump tutorial, etc.) --- 03/26/05 (Lecture 9) The Saturday between Good Friday and Easter is NOT Good Saturday! There IS class on 03/26/2005! Read Forouzan Ch 19 (pp 519 - 544) (FTP and TFTP) Read the pages on ``Snooper Tools'' and on ``tcpdump tutorial'' and on ``ftp tutorial'' on this web page. Go to a Unix or Solaris or Linux system. Log on and do ``man tcpdump''. Get a printout of ``man tcpdump''. Try to make sense out of it. Keep the copy. (Spend 1 hour on this, not more.) Go to a Unix or Solaris or Linux system. Log on and do ``man ftp''. Get a printout of ``man ftp''. Try to make sense out of it. Keep a copy. (Spend 1 hour on this, not more.) ftp a file over from one computer to another. Do not hand in. Look at the tcpdump outputs in the ``tcpdump examples and homework'' pages in my ``CIS 656 Spring 2005'' pages. Play with the files. Get them in the formats you like best. Do not hand in. Note that the packet with tcpdump timestamp 16:23:02.187258 (packet 6) has tcp timestamps (forward and return) 621284438, 630600818. Compare with packets before and after. Do not hand in. Look through the tcp options in the packets ``5, 6, 7, 8''. What do you find out? Do not hand in. Look at the ttls in the same packets. Does that make sense? Do not hand in. 1. Completely reconstruct (ethernet headers, ARP packets, padding, but not pre-amble or CRC) the packets with tcpdump time-stamps 16:23:02.184419 , 16:23:02.184461 . (Packets 1 and 2). Hand in. I will explain in class why for one you see the padding and for the other you don't. Describe the packets as you see them (in terms of the fields you learned about in class). 2. For the ``ftp control channel'' in the tcpdump outputs, find the packets in the ``final handshake''. How man are there? Hand in the tcpdump timestamps (not the tcp timestamps!) of these packets. 3. Compare the tcpdump timestamps with the tcp timestamps. Based on that information, what are the units of time franklin uses in its tcp timestamps? What are the units of time hawking uses in its tcp timestamps? Hand in. Give a BRIEF! explanation. 4. Find the login and password I use in the Internet Laboratory. Hand in the part of the tcpdump output that tells you what they are, with a BRIEF! explanation. Try to reconstruct the file I ftp-ed over from franklin to hawking. (or just the first few and last few characters). Do not hand in. --- 04/02/05 (Lecture 10) Midterm 2. Forouzan Chapters 1 - 12 (pp 1 - 344), all classnotes including 03/26, all homeworks including for 04/02. Make sure to understand FTP as in Ch 19, but do not memorize details. Do Forouzan p 341 problem 9. Hand in. --- 04/09/05 (Lecture 11) Starting 04/09/05 we will meet every Saturday from 9:00 am until 12:15 pm. Be on time! Have breakfast before class! No parties Friday night! Project B is due. Read Forouzan Ch 13 (pp 345 - 382) (SCTP) Read Forouzan pp 385 - 398. (RIP). Internet II is an association of universities, research labs, etc. that has built a ``very high data rate'' network. NJIT is a member. Internet II is connected to the ``ordinary'' (commercial) Internet. The Pittsburgh Supercomputer Centre and the San Diego Supercomputer Centre both are member of Internet II. Suppose the Pittsburgh SCC has a file of half a Terabyte (500 GBytes, 5 x 10^{11} Bytes) that must be sent to the San Diego SCC. ``Internet II'' has promised to make sure the connection has a data rate of at least 400 Mbits/sec asvailabe for this transport. In preparation of the transfer, the sysad people in the SCCs have measured the RTT between the two SCCs and found it is close to 100 Msec. Questions: a. How large must the send buffer in the Pittsburgh SCC be (in Bytes) to make it possible to utilize the data rate of 400 Mbit/sec? b. How large must the receive buffer in the San Diego SCC be (in Bytes) to make it possible to utilize the data rate of 400 Mbit/sec? c. What must the window scale shift (I prefer to call it shift, instead of factor) the San Diego SCC uses at least be to make it possible to utilize the data rate of 400 Mbit/sec? d. If the two sysad groups do things right, how long will it take to transmit this file? (Assume the Internet II people are on the dot with their estimate.) e. If the San Diego sysad person sits on the beach too long and forgets to modify the window scale shift (keeps it at zero), how long will it take, at least, to transfer the file? d. How often will the TCP sequence number in Pittsburgh rotate back to the original value (to the initial seqence number)? e. At the data rate the SCCs expect to achieve, how much time does it take for the TCP sequence number to rotate? Hand in. (Don't forget the factor 8 between bits and Bytes! :-) ) (I had almost asked this question instead of problem 4 in midterm 2.) --- 04/16/05 (Lecture 12) Read Forouzan pp 398 - 432 (OSPF and BGP). Read Forouzan pp 689 - 722 (IPv6 and ICMP v6). Do Forouzan p 382 problem 5. (The chunks are NOT in the order in which they ``should have arrived''.) Hand in. In the problem due 04/09: If the two supercomputer centers indeed succeed in maintaining almost exactly 400 Mbits/sec almost all the time, at a RTT of of 100msec: f. How many bytes are there, almost all the time, in the send buffer in Pittsburgh, that have been sent but have not been acknowledged yet? g. How much ``unused space'' is there, almost all the time, in the receive buffer in San Diego? Hand in. Answers could be: ``almost exactly x Bytes'', or ``roughly y Bytes'' or ``at least z Bytes'' or ``at most u Bytes'' or ... etc. Make sure your answer contains a CLEAR and CONCISE explanation in CLEAR and CONCISE english and based on a CLEAR and CONCISE and LOGICAL argument. The correct answer not supported by a clear and correct explanation will not get credit. --- 04/23/05 (Lecture 13) Read Forouzan pp 457 - 468 (BOOTP and DHCP) Read Forouzan pp 471 - 495 (Domain Name System) I plan to have a ``make-up exam'' on Sat 04/23/05, NOT during class time. (Probably 2:00 pm - 3:00 pm or so). Details will be provided. --- 04/30/05 (Lecture 14) There is homework (create your own web page in the afs directory) I should have assigned but did not. Please do it soon after May 13! See below. Read Forouzan pp 437 - 454 (Multicast Routing) Read Forouzan pp 499 - 516 (Telnet) Do Forouzan p 433 problem 14. Hand in. Do Forouzan p 433 problem 16. Only: Pretend you send a RIP Routing Advertisement to Router B while you are using Split Horizon. Then pretend you send a RIP Routing Advertisement to Router B while you are using Poison Reverse. (Use the layout and format I used in class: no need to mimmick actual RIP packets.). Hand in. And that's it! --- 05/07/05 (Final Exam) --- There is homework I should have given but never did: Create your own web page in the afs system. Please do it (unless you already did!) In your afs home directory (for me that is maan-2152 ott>: pwd /afs/cad.njit.edu/u/o/t/ott create a directory called public_html and cd there: maan-2153 ott>: cd public_html /afs/cad/u/o/t/ott/public_html In that directory, create an html file index.html . In my case that would be /afs/cad.njit.edu/u/o/t/ott/public_html/index.html . Once you are in ``your'' version of public_html you can create your version of index.html using emacs or vi or any other editor. Go to Google and find an html tutorial to help you create a .html file. (For example index.html ). Or just copy and modify my example, below: (in my directory) /afs/cad.njit.edu/u/o/t/ott/public_html/CIS656/CIS656.S.05 maan-2160 CIS656.S.05>: ls -lt total 302 -rw-r--r-- 1 ott 30 22399 Apr 26 18:19 #Assignments.txt# drwxr-xr-x 2 ott 30 2048 Apr 26 13:42 Exams -rw-r--r-- 1 ott 30 8770 Apr 18 15:53 Model_solutions.txt -rw-r--r-- 1 ott 30 2142 Apr 18 14:24 index.html -rw-r--r-- 1 ott 30 8655 Apr 18 14:21 Model_solutions.txt~ -rw-r--r-- 1 ott 30 21677 Apr 12 15:59 Assignments.txt -rw-r--r-- 1 ott 30 21631 Apr 12 15:53 Assignments.txt~ -rw-r--r-- 1 ott 30 2070 Apr 4 10:36 index.html~ -rw-r--r-- 1 ott 30 3784 Mar 31 22:29 handshakes_resolved.txt drwxr-xr-x 2 ott 30 2048 Mar 31 15:54 Project -rw-r--r-- 1 ott 30 1811 Mar 27 15:35 handshakes.txt -rw-r--r-- 1 ott 30 2379 Mar 27 13:05 midterm_2.txt drwxr-xr-x 2 ott 30 2048 Mar 25 15:22 TCPdumps -rw-r--r-- 1 ott 30 1770 Mar 25 12:00 ftp_short -rw-r--r-- 1 ott 30 4065 Mar 13 14:19 ftp_tutorial.txt -rw-r--r-- 1 ott 30 537 Mar 8 19:53 schedule.txt -rw-r--r-- 1 ott 30 1126 Feb 18 15:43 traceroute_njit.txt -rw-r--r-- 1 ott 30 1385 Feb 18 15:41 traceroute_stanford.txt -rw-r--r-- 1 ott 30 3663 Feb 18 15:07 ping.txt -rw-r--r-- 1 ott 30 3863 Feb 16 12:55 snoopers.txt -rw-r--r-- 1 ott 30 321 Feb 12 18:09 SSRR.txt -rw-r--r-- 1 ott 30 289 Feb 12 17:42 Max_Packet_Size.txt -rw-r--r-- 1 ott 30 388 Feb 11 17:13 Grading.txt -rw-r--r-- 1 ott 30 5199 Jan 15 14:11 README.txt -rw-r--r-- 1 ott 30 7377 Jan 15 13:55 nslookup.txt -rw-r--r-- 1 ott 30 2529 Jan 15 13:26 arp.txt -rw-r--r-- 1 ott 30 3263 Jan 15 13:26 types.txt -rw-r--r-- 1 ott 30 2289 Jan 15 13:25 domain_names.txt maan-2161 CIS656.S.05>: more index.html : CIS 656, Spring 2005 In the spring of 2005, CIS 656-102 and CIS 656-104 will be Saturday 9:15 am - 12:10 pm.
For the time being, see General CIS656 pages for information on CIS 656 in the spring of 2005.
If you want to start reading: read the ``CIS 656 Content'' page for advice on what to read.
See Schedule Spring 2005 for the schedule of class sessions and exams.
Students who want to can read the files on Domain Names, nslookup, and ping (below) before classes start.
The URL to see this web page is web.njit.edu/~ott (etc). --- Homework for the summer (after May 13) Read Forouzan Ch 20, 21, 22, 23, 24, 25, 26, 28. On your own computer, get a sniffer going. (tcpdump, ethereal, snoop, ...). Monitor your own traffic. See it makes sense. (Get your own computer if you did not have one.) Keep Forouzan (do not sell your copy) and use it to look up things.