• Course introduction. Note: The first two weeks are probably the heaviest in the course due to the number of potentionally new terms and concepts. Also, since there will minimal new material at the end of the course, we will move quite quickly in the early weeks of the semester.
• Chapter 1 concepts. 1.1 - 1.3

• Read chapter 1 sections 1.1 through 1.5.
• Chapter 1 Page 67ff: R1, R4, R5, R8, R10,

• Review homework.
• Chapter 1 concepts: 1.4 - 1.5

• Read chapter 1 sections 1.6-1.8.
• Chapter 1: R12, R13a,b,c (Hint: Answer to 13c is trivial), R14, R16(the word "variable" means variable depending on the nature of the particular packet, time of day, and what is happening in the network). R18 (Notice there are multiple questions here). R19 a,b,c,

• Review homework
• Chapter 1 concepts: 1.6 - 1.8.

• R23(just list the layer names), R25 (note there are multiple questions). R26, R28(list two things).

• Review homework.
• Finish chapter 1 topics.
• RFCs
• Introduce Wireshark

• Use traceroute (in Windows the tracert command from a DOS command line, CMD.EXE). Use it for these sites and answer the questions:
  • www.malone.edu - How many hops?
  • cpsc.rodd.us - How many hops. Try to identify a tier 1 ISP along the path.
  • unimelb.edu.au - At what hop (from what IP to what IP) did the link cross the Pacific Ocean? (the .au means Australia).
  Note: From some locations (e.g. Malone guest wifi), you will not get meaningful results. If you get results of all "*" lines, try using a Malone lab machine.
• Quantitative problems. You may print this sheet and work the problems neatly by hand on the sheet.
• Read Wireshark lab page 77-78 of text

• Review Homework.
• Introduce Wireshark.
• Introduce Wireshark lab (INTRO)
• Filters:
  • A summary of capture filters is at:
    https://wiki.wireshark.org/CaptureFilters
    This summary has a link to the Wireshark User's Guide pages https://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
  • A summary of display filters is at:
    https://wiki.wireshark.org/DisplayFilters
    For our early labs, using a display filter of "http" will be very effective.
• Start chapter 2 if time

• Problems page 70ff: P3, P6(a-g), P8a
• Read chapter 2: pages 83-97

• Start 2.2 HTTP
• Sample sockets programs can be seen here.

• First Wireshark lab (INTRO). Note: Wireshark labs will often take considerable time to work on the various cases. Even though there might not be a lot to turn in for each lab, the labs are designed to lead students to understand how network protocols operate. Exams will assume students understand the concepts in the labs. Also exams will include wireshark traces with questions about them.

  BEST PRACTICE: Close browser(s) and other applications. Start the browser. Start Wireshark capture and let it settle down a while. Stop capture, then restart it. Then do the action you want to trace. This initial lab can be done with NO capture filter and a display filter of "http" for all questions except #1 which can be answered with no display filter.

  The Firefox in the CL24 lab seems to be very zealous about caching recent web pages. This is why it is best to stop/start Firefox before initiaing an action you want to capture in Wireshark.

  HINT: When you run Wireshark, it is best if you have as few applications running on your machine as possible. Also, it is best to not have other browswer windows running. Other applications and tabs may litter your traces making them hard to read.

  HOWEVER: Even if you have a fairly "clean" system, there can be a lot of stray traffic that Wireshark will pick up. Wireshark has two sets of filters: Capture filters which filter what packets are captured and Display filters to filter what is displayed after capturing is done.

  A common filter is to filter only things to and from your ethernet (or wifi ) adaptor. This avoids seeing "broadcast" traffic. Use the Windows "ipconfig /all" command or the LINUX "ipconfig" command to find your ethernet address (a series of 6 two digit hex numbers separated by ":" or "-" or ".".) Then a capture filter would be:

  ether host 01:02:03:ba:5c:23
  

  except use your actual ethernet address.

  For the INTRO lab, we can enter a capture filter which will ONLY collect DNS queries and traffic to the host we are going to. The filter will be:

  port 53 or host gaia.cs.umass.edu
  

  HOWEVER: note that for question 1 of the INTRO lab, you need to use at most a "ether host" filter or else you won't see all the other traffic with different protocols. Or just collect the data unfiltered.

• Read sections 2.2 and 2.3

• Review homework
• Examine third party cookies in action.
  1. Use Web Developer Tools to look at cookies.
     Firefox: Menu -> Developer Options -> Storage Inspector -> Cookies
     If you have menu toolbar: Firefox: Tools->Web Developer -> Storage Inspector -> Cookies
     
     Chrome: Menu -> More Tools -> Developer Tools -> Application Panel -> Cookies
  2. Run showcook.php on cpsch.rodd.us to see what cookies my browswer sent to cpsch.rodd.us. Showcook is simpler than using Web Developer Tools, but requires me to have placed showcook.php on the site!
  3. Run cook3.php on cpsc.rodd.us (will set a third party cookie without telling you!.)
  4. Run showcook.php again on cpsch.rodd.us to see that a cookie was set by running cook3.php on cpsc.rodd.us.
• Study Wirestark trace of cookies to review how cookies work and what is in the HTTP headers.
• Finish 2.2 HTTP. Start 2.3 Mail.

• Read through section 2.5
• Chapter 2 review questions: R3, R6, R8 (see section 2.1.3), R11, R13

• https://www.grc.com/ - Shields Up Browser Headers Look at what is in our browser header - what we reveal to servers.
• Look at a trace of HTTP header.
• Section 2.4 DNS.

• Review questions chapter 2: R16, Problems: P1, P4, P5

• Hand out take-home open book quiz on chapter 1. You will need a calculator! This is take, but must be completed on your own.
• Section 2.4. DNS. Look at nslookup command.
• Introduce HTTP Wireshark lab. Note that using a display filter of "http" makes this lab much more practical.

• Take-home quiz.
• Review questions chapter 2: R18, R19.
• HTTP Wireshark lab (Warning: this is quite a substantial lab)

• Review HTTP Wireshark lab.
• Peer to Peer section 2.5. We will cover the concepts of scalability, but not the math.
• Briefly introduce sockets.
• Introduce Wireshark lab for DNS. Where the lab questions say to "Provide screen print", you do not need to hand in screen prints. For questions 1-3, where it says "write down the results", that means write down the DNS name and the IP address.
  To clear the Firefox cache: Edit->Preferences->PrivacyandSecurity ->CookiesandSiteData -> ClearData and check only "Cached Web Content".

  Important notes on the Wireshark DNS lab.

• Discuss sockets programming - but we won't be doing it now.

• Chapter 2 review questions: R21, R22.
• Wireshark DNS lab. You do not need to provide screen prints where the questions ask you to do so. Note: To find out your local DNS server in Windows, use the command "ipconfig /all".

• Review quiz.
• Review DNS lab.
• Start chapter 3.

• Exam 1 over chapters 1 and 2 and labs. Open book, open note. Not open Internet. However, IF you finish the exam before the end of the period, you may consult the Internet to check on things you were unsure of. This strategy ensures that you don't waste long periods of time on one question.

  Bring a calculator (the one on your phone is OK) - There are quantitative questions. Remember a byte has 8 bits!

• Chapter 3 review questions: R3, R5, R6 (be specific), R7, R8.
  Problems: P1, P5 (Careful!)
  Note: For simplicity, if there are any ephemeral port numbers needed, use simple ones like 11111, 22222, 33333 etc.
• Wireshark Lab: UDP. Use the instructor provided trace file
  href="https://cpsc.rodd.us/udptrace.pcapng
  and load it into Wireshark. You can also create the same trace yourself by downloading the programs
  https://cpsc.rodd.us/sockets/udpserv.class
  https://cpsc.rodd.us/sockets/udpcli.class
  (Java class files). They can run on the same machine. However, Wireshark cannot trace local sockets activity in Windows. So on Windows, you would need to run on different machines. So after downloading them:
  • In a DOS command window:

    java udpserv 
    

  • Start Wireshark
  • In another DOS command window:

    java udpcli ip-address-of-server
    

    And follow onscreen instructions.
  • Stop the Wireshark capture. You could then use a display filter of "udp".

• Review exam
• Review homework
• Principles of reliable data transport. See these notes to know what you are responsible for which is a subset of the text section 3.4

• Quantitative Problems II - Analysis

• TCP

• Review questions Chapter 3: R9, R10, R11. Problems: P14, P15. NOTE: P15. The reference to Figure 3.17 is incorrect. It refers to the discussion on page 219 i.e. RTT=30ms (i.e. propagation delay = 15ms). Note that in P15, the packet size is 1500 bytes, not 1000 bytes as in the discussion on page 219.
• Read sections 3.5.5 and 3.5.6.

• Flow Control
• TCP Connection Management

• Review questions chapter 3: R14(a-g), R15, R16(refers to figure 3.31 on page 240). Problems: P25, P26a.
• Read 3.5 Note: We will cover the basic rinciples of congestion control, but not the detailed scenarios.

• Introduce TCP Wireshark lab. See notes for Wednesday about this assignment!
• TCP well known ports https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
• Look at trace where RecWin changes
• Congestion and TCP mechanisms

• Wireshark lab: TCP. Notes:
  • The lab mentions that you can get a pre-packaged trace file to load into Wireshark from the textbook web site. It is also available on the instructor web site:
    https://cpsc.rodd.us/resources/wireshark/tcp-ethereal-trace-1
  • If you use your own trace, please print just the first page with just the "Summary" selected.
  • Sending the whole file is a single application "message" from the browswer to the server. However, TCP breaks it into many segments. Wireshark shows the HTTP in an interesting way: The first segment actually has the HTTP headers in it. But Wireshark shows the HTTP analysis with the last segment.
  • Question 7 is optional. It is tricky and messy. If you do it, it is a BONUS and can get a grade over 100. You can get a 100 without it.

• Review homework
• Finish TCP issues
• CLOSED book quiz on TCP: ports, the LOGIC (not the exact formulas) of TCP timeouts, the use of sequence numbers and ACKs, Connection setup/teardown, and well known ports.

• Chapter 3 review questions: R17(don't overthink!), R18. Problem P27(a,b,c)

• Review quiz
• Network layer - Routers: Data Plane and Control Plane
  Forwarding/Routing, Network Service

Problems: P28, P29(a,b), P33 (to answer this, consider what might have happened to the "lost packet"), P55(a,b)
BONUS: (can get over 100% on assignment): P29c, P30 (note that this is a theoretical question with fixed timeouts rather than actual TCP which uses variable timeouts according to the RTT).

• Inside a Router: Forwarding, Switching, Queues

Due:

• Chapter 4 review questions: R1, R2, R3, R4, R6(first question only).

• Router Scheduling
• IP: DHCP, NAT

• Chapter 4 review questions: R7, R11, R12, R13, P1a,b, P2(a,b,c)

Note: List of decimal->hex->binary helpful in subnetting. Click here

• DHCP
• NAT

• Chapter 4 review questions: R17, R18, R21, R22, R25--Note: Remember the terminology:
  • A "message" is the application message given to the transport layer.
  • A "segment" includes the TCP header and given to the network layer.
  • A "datagram" includes the IP header and given to the link-layer.
  • A "frame" includes the link-layer header.
  R26. P14--Notes: A) The 2400 datagram size includes the IP and TCP headers - these will also be present in the first segment. B) Fragments past the first do not have TCP headers. The TCP header is part of the "payload" from the perspective of IP.

• IPV6
• SDN (Software Defined Networking)
• Routing
• Hand out trace on TCP for Wireshark Exam (a Wireshark trace reading exercise). Counts 1/2 of other exams. Due 10/22.
  Study guide for both the Wireshark exam and the general exam is here.

• Chapter 4: R29, R30(Really 2 distinct questions.
  • Which fields have common function.
  • Do they have the same length or coding.
  Problem P15.
• Read chapter 5: 5.1 and 5.2. However, note that you are not responsible for the math details of how the algorithms (LS and DV) work, only the concept of the traits of the routes defined.

• Hand out Wireshark exam. Will count as 1/2 of an exam. The exam on 10/26 will count as a full exam.
• Link State vs. Distance Vector