CPSC 341 Exam 2 Study Guide

CPSC 341 - Study Guide for Exam 2
Earl Rodd

Overview

This study guide includes studying for the Wireshark take home exam and the inclass exam.

Wireshark Trace Emphasis

The trace analysis emphasizes:

Identifying the TCP connection setup and teardown
Distinguishing client and server port numbers
Following the sequence numbers and acks in both directions
Following the receive buffer size

You may study the trace prior to starting the Wireshark take-home exam. Once you start the exam, you must work alone and in one sitting.

The trace can be studied from the paper version or by opening the actual trace in Wireshark. To load the trace into Wireshark, download the file below and load it into Wireshark:
https://cpsc.rodd.us/ex2servtrc7777

To view the summary trace which will be attached to the exam, Click here

Concepts to Review

Items marked (**) mean there may be very detailed questions with actual numbers and field values.

Contents of the TCP header
Definitions:
- MSS
- Segment
- Checksum
- RTT
- IP Datagram
The difference between "Stop and Wait" and "Go back N"
Which applications use UDP vs. TCP
Functions of TCP not available with UDP (**)
The use of port numbers (**)
TCP reliability protocols:
- Timeout - what can cause a timeout? (**)
- Sequence numbers and acks (**)
Algorithm for computing Estimated RTT (see page 241-243)
Setting the timeout value: Effects of too small or too large a timeout.
Receive buffer size operation in flow control
Detection of congestion (via missing acks)
TCP SYN/SYN/ACK connection setup sequence and FIN/ACK/FIN/ACK teardown sequence. (**)
The difference in services provided by IP and theoretically possible with some other network layer.
The theory of ECN (section 3.7.2) and what layers/hosts/routers must support it to be effective.
Router queues including HOL.
IP header functions.
IP addresses and subnets. (**). You might find it handy to have this Table of decimal/hex/binary with you. For example, (not the ones used on the exam), be able to determine which of these IP addresses are in the same subnet:
```
  10.2.24.233/20
  10.2.34.100/20
  10.2.31.10/20
  10.2.35.3/20
```
The first and third are one subnet, the second and fourth are another.
Fragmentation basics.
NAT operation (**)
DHCP operation
Basics of IPV6 functions.

Scenarios

The following scenario will be on the exam. Be sure you understand what is going on so you are able to quickly answer questions. It might help to improve my crude drawing with solid lines and colors.

          A                                  B      Application
	  
            ---seq=200 len=80----                   
	                        \      
                                 \    
				  \--------->       
				      ------    
				     / 
	                            /                
            ---seq=280 len=60--    /   
	                       \  /   
            <--ack=280 len=0----+/   
		                 \  
			          \
			           \-------->      
            ---seq=340 len=20----     /-----      
	                         \   /
			         /+--
			        /  \-------->
          		       |
                               |        ----     
   TIMEOUT		       |        /
   Resend   ---seq=280 len=60--+-      /
			       | \    /
			       |  \  /
            <--ack=340 len=0--/    \/
	                           /\------->
            <--ack=360 len=0------/      
	                               ------      
				      /
            <--ack=360 len=0---------/

There will be a question similar to the following, but different (i.e. the numbers and flow will be different). You will be asked to fill in the missing sequence numbers. This one has answers provided. Be sure you know how to get them!

     A                                            B
        Seq     Ack     Len      Flags
	---     ---     ---      -----

  <---  700     ---     0        SYN     

        150     701     0        SYN,ACK  --->

  <---  701     151     0        ACK     

        151     701     10       ACK     --->

  <---- 701     161     20       ACK     

        _____   _____   300      ACK       ----->

 <----  _____   _____   400      ACK      

        _____   _____   600      ACK       -----> 

 <----  _____   _____   2000     ACK       

        _____   _____   800      ACK       ---->

 <----  _____   _____   0        ACK       

Answers:
   161   721
   721   461
   461  1121
   1121 1061
   1061 3121
   3121 1861

Consider this network with R1 as a router implementing NAT and consider what IP addresses/ports might be used as well as how datagrams are forwarded. The netmask for 10. addresses is 255.255.255.0 i.e /24.

Router at ISP
 75.4.1.4
   |
   |          (10.100.100.51)
   ----atm1--R1-eth0--------Switch-----------50 hosts IP addresses:
    75.4.1.5  |                              10.100.100.1 - 10.100.100.50
              |
              |eth2(10.100.99.200)
	      |
	      |--------Switch-----10 Servers
	                |      10.100.99.1-10.100.99.10
			|
			|-------30 hosts IP addresses:
			               10.100.99.100 - 10.100.99.129

Note: The names "atm1", "eth0", and "eth3" are the names of the 3 links

Consider the following scenarios and how various mechanisms such as flow control and congestion control we have learned may be needed to cope with them.

A computer is attached to the network via a 100Mbps LAN connection. Most of its traffic is feeding data from an application to a specialized computer attached via a 10Mbps link. However, due to application processing time, this particular application can only supply data to the network at 2.5 Mbps.
Private network with 300 hosts, each with a 100Mbps LAN connection to a set of 6 routers in the 6 campus buildings. Links between routers are also 100Mpbs. Hosts often transfer huge image files between each other, sometimes with multiple hosts sending to the same host simultaneously.
A company has 200 PCs doing light Internet work (average 100,000 bytes/hr each PC). The company's router connects to its ISP with a 10Mbps link.
A modest speed printer is on a 100Mbps Ethernet LAN, but the printer can only process data at a rate of several thousand bytes per second. It has a 1Megabyte buffer.
Circuit switching is used for a dedicated 512Kbps connection between two hosts.

Consider this point in time with two TCP connections from Host B to Host A and one connection from Host C to Host A. What ports might be availble to use for further connections to the server port 80?

     Host B     Host C (P2P listener      Host A(Server) listening on 
                        port 9099)           port 80 and 8080
     ------     ------                    ------        
port 29000--------------------------------80
port 33000--------------------------------80
               port 44000-----------------80