Chapter 3 Questions

Question #5: Suppose that the UDP receiver computes the Internet checksum for the received UDP segment and finds that it matches the value carried in the checksum field.Can the receiver be absolutely certain that no bit errors have occurred? Explain

No, the receiver can no be absolutely certain that no errors have occurred. As discussed in class, a checksum will always detect the error if only one occurs, however, multiple errors are tough for a checksum to detect due to its lack of advanced checking capabilities. For example if a packet sends  [3|5], the checksum a combination of the two would be 8, therefore the entire sent packet is [8|3|5]. However, because checksum is very limited, as long as the checksum value (in this case 8) is correct, then it will assume the packet is correct. The binary codes for 3 and 5 are 011 and 101 respectively, if only one bit is changed in each of these codes, the binary codes can then become 111 and 001 or 7 and 1. If this were to happen, 7+1 still equals 8, therefore the checksum value would be correct and the computer would assume that no bit errors have occurred although as you can see the packet has been changed greatly from [3|5] to [7|1].

Question #10: Consider a channel that can lose packets but has a maximum delay that is known. Modify protocol rdt 2.1 to include sender timeout and retransmit. Informally argue why your protocol can communicate correctly over this channel.

In order to modify the above protocol to include a sender timeout and retransmit, we must add a timer. An example that seems to solve this issue is the RDT 3.0 Sender. It is much the protocol for RDT 2.1, but includes a timeout. This protocol would communicate correctly because it doesn’t require anything but a resend without the acknowledgement. It doesn’t require that a message be received, just that if a message is not received the message must be resent.

Question #15: Consider the cross-country example shown in Figure 3.17. How big would the window size have to be for the channel utilization to be greater than 98 percent? Suppose that the size of a packet is 1,500 bytes, including both header fields and data.

If we assume that the transmission rate is the same as the example (or 1 Gbps), then it takes 12 Microseconds (or .012 ms) in order to send the packet.

If we also assume that the RTT is 30 milliseconds as it is in figure 3.17, then the utilization of the link can be shown as U = (.012*n)/30.012, where n is the number of packets necessary to be in the window to equal the desired utilization.  Therefore if we set this equation equal to the desired utilization or 0.98, the equation is as follows U=.98=(.012*n)/30.012 and solve for n, we find that 2451 packets must be being sent in order for 98% utilization to occur.

Question #22: Consider the GBN protocol with a sender window size of 4 and a sequence number range of 1,024. Suppose that at time t , the next in-order packet that the receiver is expecting has a sequence number of k. Assume that the medium does not reorder messages. Answer the following questions:

a.What are the possible sets of sequence numbers inside the sender’s window at time t ? Justify your answer.

• We are told that we have a window size of N=4. Assuming that the receiver has received up to packet K-1, because it is now expecting k, and has Acked all off these previous packets. Assuming now that the sender has received all of these acked messages, then the senders window can be represented as [K, K+N-1]. If none of the Acks have been received by the sender, then the window can be represented as [k-N, K-1]. Based on these arguments and the senders window being of size 4 begins somewhere in the range of [k-4,k].

b.What are all possible values of the ACK field in all possible messages currently propagating back to the sender at time t  ? Justify your answer.

•  If the receiver is waiting for packet with sequence number K, then it has received the packet before that (k-1) and all packets leading up to that point as well (N-1). Because the sender has already sent packet [K-N, K-1] then the sender must have already received the ack for K-N-1. Once the receiver has sent the ack for K-N-1, it will not resend this ack, assuming no that the ack message is not lost resulting in retransmission, therefore it will not send an Ack lower than K-N-1, meaning the current value of ack messages propagating across the network is K-5, K-1.

Question #26: Consider transferring an enormous file of  L bytes from Host A to Host B.Assume an MSS of 536 bytes.

a.What is the maximum value of  L such that TCP sequence numbers are not exhausted? Recall that the TCP sequence number field has 4 bytes.

• For this, we must convert the 4 bytes of the number field to 32 bits. Therefore, L can be denoted as 2^32 meaning that L is equal to 4,294,967,296 bits.

b.For the L you obtain in (a), find how long it takes to transmit the file. Assume that a total of 66 bytes of transport, network, and data-link header are added to each segment before the resulting packet is sent out over a 155 Mbps link. Ignore flow control and congestion control so A can pump out the segments back to back and continuously

• Each packet is total is 536 bytes, we are told that 66 bytes are needed for transport, network, and data link headers. Therefore, 470 bytes of each packet contain data.  We can then divide the total number of bits that need to be sent from part A (4,294,967,296)  by the amount of data we can send in each packet(470*8) to find the total number of packets we need to send. 1,142,279 packets need to be sent in order to send all the data. Because each packet holds 536 bytes, we will be sending a total of  4,898,090,363 bits at a rate of 155 Mbps, for a total of 31.6 seconds to transmit the entire file.

Question #28: Host A and B are directly connected with a 100 Mbps link. There is one TCP connection between the two hosts, and Host A is sending to Host B an enormous file over this connection. Host A can send its application data into its TCP socket at a rate as high as 120 Mbps but Host B can read out of its TCP receive buffer at a maximum rate of 50 Mbps. Describe the effect of TCP flow control.

• Based on the information above, we know that host A is sending data faster (120 Mbps) than host B can receive it (50 Mbps). The rate of sending versus the ability to receive is over two time as much, this means that the buffer will fill relatively quickly. Once this buffer fills up, Host B will signal host A to stop sending until it is ready again by setting the RCVWindow down to 0. Host A will then send at the rate that Host B specifies in the RCVWindow messages, this is the benefit of flow control as offered by TCP.

Question #29: SYN cookies were discussed in Section 3.5.6.

a.Why is it necessary for the server to use a special initial sequence number in the SYN ACK?

• According to wikipedia, a special initial sequence number is necessary in the SYN ACK in order for TCP to be able to reassemble the data steam in the appropriate order.

b.Suppose an attacker knows that a target host uses SYN cookies. Can the attacker create half-open or fully open connections by simply sending an ACK packet to the target? Why or why not?

• The attacker can no longer create a half-open circuit by sending packets to a server. Unlike before the use of SYN cookies when a server could receive a SYN message and then sit in limbo waiting for an ACK in response to its SYNACK to the message, since the introduction of cookies this is much more difficult, Clients must now return ACK segments that the server will verify belong to an earlier SYN, creating a fully open connection. If no ACK is returned, the the server doesn’t allocate any resources to the original SYN. In conclusion, a server must receive a SYN message, reply with a SYN ACK, then receive an ACK for resources to be consumed by a user, therefore,  no an attacker could not bring down a host simply by sending ACK packets.
• I referenced “Computer Networking: A Top Down Approach” Section 3.5 Focus on Security pg 283 (Int’l Ed.) for this question on 3/12/2013

c.Suppose an attacker collects a large amount of initial sequence numbers sent by the server. Can the attacker cause the server to create many fully open connections by sending ACKs with those initial sequence numbers? Why?

• The attacker could  not attack this way either, the server checks Ack messages not only by using the initial sequence number, but also checks for a corresponding SYN message from the same sender by using a hash function to check for the same source and destination IP addresses and port numbers from the original SYN message.
• I referenced “Computer Networking: A Top Down Approach” Section 3.5 Focus on Security pg 283 (Int’l Ed.) for this question on 3/12/2013

Question #32: Consider the TCP procedure for estimating RTT. Suppose that (alpha)= 0.1. Let SampleRTT1 be the most recent sample RTT, let SampleRTT2 be the next most recent sample RTT, and so on.

a.For a given TCP connection, suppose four acknowledgments have been returned with corresponding sample RTTs: Sample RTT4, Sample RTT3, Sample RTT2, and Sample RTT1. Express EstimatedRTT in terms of the four sample RTTs.

• Estimated RTT =( (1-alpha)ERTT1 +(alpha)SRTT1)+ ( (1-alpha)(alpha)ERTT2 +(alpha)SRTT2)+ ( (1-alpha^2)(alpha)ERTT3 +(alpha)SRTT3)+( (1-alpha^3)(alpha)ERTT4 +(alpha)SRTT4)

b.Generalize your formula for n sample RTTs.

• ERTT =( (1-alpha)^(n-1))(alpha)ERTT + (alpha)SRTTn

c. For the formula in part (b) let n approach infinity. Comment on why this averaging procedure is called an exponential moving average.

• This procedure is called an exponential moving average because as each RTT is added, the weight of the earlier RTTs in terms of the overall formula decays exponentially.

Question #55: In this problem we investigate whether either UDP or TCP provides a degree of end-point authentication.

a.Consider a server that receives a request within a UDP packet and responds to that request within a UDP packet (for example, as done by a DNS server). If a client with IP address X spoofs its address with address Y, where will the server send its response?

• The server would send to the client with address X because it is unconcerned with the IP address, it simply sends back to the corresponding port number.

b.Suppose a server receives a SYN with IP source address Y, and after responding with a SYN ACK, receives an ACK with IP source address Y with the correct acknowledgment number. Assuming the server chooses a random initial sequence number and there is no “man-in-the-middle,” can the server be certain that the client is indeed at Y(and not at some other address X that is spoofing Y)?

• The server can be certain that the client is indeed at Y because not only does the server check to ensure that the ACK includes the correct acknowledgement number, it also checks the senders IP and port number against previously received SYN messages  to ensure that the sender of the ACK is the one who sent the initial SYN message if the server uses SYN Cookies.