Chapter 13

Ethernet and TCP/IP Networking

13.1(BL1+) Obviously there are a lot of possible answers to this question. Here are some of the most probable student choices:

ftp: file transfer protocol; used to move files from one system to another

smtp: simple mail transfer protocol; used by mail servers to relay mail messages; by mail clients to send mail to a mail server

pop3: post office protocol; used by a mail client to receive mail messages from a mail server

imap: internet message access protocol; used by a mail client to receive mail messages from a mail server

ssh: secure shell; used to connect to a server securely

finger: finger user information protocol; used to retrieve information about a user from a remote system

rtp: real-time transport protocol; used to deliver streaming audio and video over the Internet

It should be noted that ping is NOT an application level protocol; rather, it is a utility connected to ICMP, which is an IP level protocol used for providing control information on a netowrk.

13.2(BL2) The DNS is arranged in a hierarchy, similar to a directory tree, with a root at the top. Each member of the tree consists of a server or cluster of servers whose contents consist of a directory of IP addresses representing entry points for the next lower level on the hierarchy. The IP addresses are used to access the directory servers at the next lower level. A DNS search involves working down the tree until the entry containing the desired IP address is obtained.

13.3(BL2) An authoritative domain server is one that holds officially registered domain names with the corresponding addresses for the domain host and its subdomain hosts, if any. As such it represents the last lookup required to determine the IP address for a particular domain name.

A local domain DNS server is simply a server responsible for locating a required IP address and serving it to a DNS client, and then to the HTTP client application.

13.4(BL1+) The DNS root server is the master directory for the entire Internet. The root server contains IP address entries for each of the top-level domains, both generic and country-code.

13.5(BL2-) One obtains a URL from one of a number of registrars authorized to assign domain names by the Internet Corporation for Assigned Names and Numbers (ICANN).

13.6(BL2) A large site will have many IP addresses associated with a single domain name. The DNS database will maintain a list of all the IP addresses for the domain name, and will respond to a request with the entire list. However, the list will be ordered differently for each request. Assuming that a DNS client normally accepts the IP address at the top of the list, the IP addresses used will be distributed approximately evenly over a large number of requests, providing load balancing.

13.7(BL3) This problem requires external research, since it goes beyond the discussion in the text. Data in TCP flows in both directions, therefore each TCP header has both a sequence number and an acknowledgment number, which operate identically. Considering only one direction, the sender generates a random 32-bit number and places it in the header of the packet that is used to establish the connection. This number establishes a starting point for the data to follow. The connection packet uses the first number, so the starting point number actually starts at the next larger number. All the data that follows is numbered by byte, starting from the pre-established starting point. Each subsequent packet contains a sequence number that corresponds to the byte number of the first byte in the packet. Thus, the receiving TCP knows exactly how many bytes should have been received prior to receipt of this packet, as well as the sequence order of each packet.

In acknowledgment, the receiving TCP sends the number of the last byte successfully received, plus one. This corresponds to the next byte that it expects to receive, which allows the sender to determine errors and missing packets, and to resend those packets.

13.8(BL2-) The IP datagram requires separate fields for header-length and total length because both the header and the data fields are of variable size. The header size can vary between 20 and 60 bytes, and the data can vary between 0 and 65515 (i.e. 65535 minus the minimum header) bytes.

13.9(BL2) IP domain addresses are assigned in batches, rather than as a single IP address. Thus, part of a 32-bit IP address identifies the domain, the remainder of the bits in the address identify a particular host within the domain network. An IP address mask allows separation of the domain part of the IP address from the individual host address within the network.

The address 222.44.66.88/24 indicates that the first 24 bits of the address are the domain, the remaining eight bits identify the host address within the network. The domain is thus 222.44.66.nn, where nn is any address from 0 to 255. This mask indicates that the IP address supports a network of up to 256 machines. The particular machine in this case is machine 88.

Similarly, the address 200.40.60.80/26 indicates that the domain is 26 bits long; the domain identifier is thus 200.40.60.[the first two bits of the last octet]. Since the given address is 80, the host address must begin with 01, (i.e. 0 x 128 + 1 x 64) and therefore the domain address is 200.40.60.64. The remaining six bits support 64 addressable hosts, with IP addresses ranging from 200.40.60.64 to 200.40.60.127.

13.10(BL2) A DHCP lease is an agreement in which a network node, or client, negotiates and accepts an IP address from a DHCP server for a fixed period of time. The DHCP server contains a pool of IP addresses for this purpose. When the lease expires, the client must either negotiate for extension or renewal of the lease or must stop using the leased IP address. This process is known as dynamic address allocation.

13.11(BL2+) The purpose of the Address Resolution Protocol is to establish a match between an IP address and a MAC address. Communication at the data link layer requires the use of physical addresses. To obtain the physical address corresponding to an IP address, the sender broadcasts an ARP request packet to all the nodes on the network. The ARP request packet contains the sending node's IP address and physical address, plus the IP address for which the physical address is requested. All nodes receive the request, but the node with the corresponding IP address is the only one to respond. It sends an ARP response packet with its MAC address directly to the sender's physical address. The sending node will cache the matching pair of addresses for a period of time to eliminate the need to repeat the ARP request for subsequent packets with the same destination address.

13.12(BL3) Note: this is a difficult problem. The successful transmission of data requires that any combination of bits be transmittable as data. If a particular sequence of bits is used as a synchronization sequence, then there must be a way to distinguish the synchronization sequence from an identical bit pattern within the data. This concept is called transparency. The usual way is to have the sending system modify the pattern when it is seen in the data sequence by augmenting a subset of the sequence with a bit that makes the pattern different. This technique is called bit stuffing. (Neither transparency nor bit stuffing are defined in the book.) For example, the data pattern 11001001 could be changed to 110010010 every time it occurs. This guarantees that the pattern 110010011 can never occur in the transmitted data. The actual data pattern 110010011 would be transmitted as 1100100101. At the receiving end, the extra bit is removed, and the original data is restored. There are other subsets that could be used. Bit stuffing and unstuffing take place at the data link layer, since these processes are directly concerned with the physical transmission of data between the nodes.

13.13(BL2+) The fundamental concepts incorporated in ALOHANet are very similar to those of Ethernet. Each allows a station to initiate a request at any time the channel is open. Each requires the transmitting station to listen to the channel for collisions. When a collision occurs, each requires a station to cease transmission and to wait a random amount of time before attempting transmission again. The primary differences between ALOHANet and Ethernet are in the medium, in the signaling method, and in the distances between stations. Ethernet is multidrop bus based, using digital signaling. ALOHANet is radio based, using analog signaling. This difference is not important operationally. The distance between stations is a more serious consideration. Because the distances are large, there is a considerable length of time during which a collision is possible. This means that collisions are more likely, lowering performance capability. ALOHANet could be expected to perform satisfactorily under light traffic conditions, but unsatisfactorily when traffic is heavy.

13.14(BL2) The primary use for bus-based Ethernet operation is in wireless networking, where the nature of the medium makes this methodology necessary. Bus-based Ethernet is also occasionally used for short term temporary networking when a network switch is not readily available. In older systems, bus-based Ethernet is occasionally seen because the cost of a hub used to be much less expensive than the cost of a switch, but this is no longer the case.

Bus-based Ethernet requires that all nodes share the bus; thus the speed of the bus is, at best, inversely proportional to the number of nodes. With collisions, the actual speed may be somewhat less; in the worst case, traffic can make the network essentially unavailable. There is also an inherent6 security issue, since all traffic on the bus is available throughout the bus, making packet sniffing easy.

Therefore, except for wireless networking, most modern systems use switched Ethernet. Switched Ethernet provides full connection speed to every pair of communicating nodes, eliminates collision and traffic issues, and makes packet sniffing more difficult.

13.15.This is a project exercise.

13.16(BL2+) Since only the token holder may place a message on the bus, the possibility of a collision is eliminated. Furthermore, an NIU is guaranteed access to the bus to transmit a message regardless of the level of traffic and the maximum delay before access is granted can be calculated. Every NIU must be able to access the bus before any other NIU gets repeat access. In contrast, performance of a CSMA/CD-based Ethernet bus deteriorates rapidly with increasing traffic, because the probability of collisions increases as more NIUs attempt to access the bus and fail, causing multiple retries. Therefore, under heavy network loads, the token bus approach is preferable because it provides an orderly approach to the use of the bus.

Under light load, the 5token bus introduces unnecessary delays because of the overhead. To access the bus, an NIU has to wait for the token to be passed around, even if no other NIU is attempting to access the bus. Thus, CSMA/CD is preferable under light loads.

13.17 (BL3) This is a research exercise, with a number of possible solutions. One viable solution is to use the Internet as a wide area network, with each branch and the headquarters connected to the Internet through an appropriately sized connection to an ISP. It is also possible to use one of the alternative technologies presented in Chapter 12 illustrated in the discussion of MANs and WANs, and revisited in Section 13.8 of the text.

13.19(BL2) TCP offers a reliable connection for the transmission of messages. Messages are transmitted as virtual byte streams, in both directions. UDP transmits packets independently, with no guarantee of delivery and minimal error checking. UDP also limits packet size to the size of a UDP packet, since each packet is independent with no method for sequencing multiple packets that fcontain an extended message. As such, TCP is strongly preferred for this type of communication.

11.20(BL3) QoS is concerned primarily with the consistent and smooth transmission of streaming data requiring high bandwidth, such as video or high quality audio. The necessary "qualities" for this capability are sufficient bandwidth, preferential treatment for the packets that make up the stream, and consistent time delay from packet to packet.

One approach is to transmit the packets over virtual circuits, with priorities built in to the circuits that allow streaming packets first access to the circuits. This approach is utilized in such protocols as ATM. It is not suitable for normal Internet use, because the Internet is based on packet switching, and there are limited means for controlling priorities at the various routers. An alternative approach is to use the upgraded facilities offered by some Internet services, and known as differentiated service. In DS, an application establishes a class of service, and routes packets through routers that are designed to prioritize packet transmission on the basis of a DS field set by the application.

These methods may be categorized as similar attempts to reserve and prioritize channel capacity for packets requiring QoS. In addition, contracts with carrier services may be designed to include guarantees of throughput, delay, and jitter.

13.21(BL3) In network security, nonrepudiation is defined as the ability of the receiver of a message to prove that the sender did, indeed, send the message, so that a sender cannot deny that (s)he actually sent a message. To establish nonrepudiation, it is necessary to establish both message authentication and message integrity. Authentication verifies the identities of both sender and recipient; message integrity assures that the message received is the same as the message sent, i.e. the message has not been tampered with or altered during transmission through the network.

In a typical business scenario, authentication verifies the identity of someone making an online purchase of a product from a seller. Nonrepudiation makes it possible for the seller to verify that the buyer actually ordered the product; this prevents the buyer from making a claim later that (s)he did not actually order the product, and refusing to pay for the product.

13.22(BL2+) This is a laboratory project. Among other features that a student should note about , WireShark are the following:

WireShark can distinguish and sort packets from different sources, from different network applications.

WireShark can reassemble packets into messages.

WireShark can decrypt a substantial percentage of packets that are not well encrypted.

These capabilities and others make it possible to read a sender's messages. The security implications are obvious: stolen passwords that allow access to supposedly secure systems, stolen identities that can be used to undermine a person's financial stability and privacy, stolen trade secrets and work, and much more.