Anda di halaman 1dari 60

chapter 1:

15. MBI Corporation uses airmail, which is not Internet standard. The company also uses Novell LAN. Novell has Internet Exchange Protocol, IPX (connectedness datagram service) as its equivalent to Internet TCP/IP. As you know well, most of the global a-mail traffic on the Internet uses SNMP as the mail protocol. Figure 1.27 shows the high-level configuration of the two network connected through a gateway. Fill in the protocol layers of the gateway.

16. Picture a scenario where you are downloading a file from a server located in Europe, which has an X.25 protocol based on the OSI Reference Model. Its physical medium interface is X.21. Your client machine is connected to the Internet with Ethernet as the physical medium. a. Draw the details of the communications network in Figure 1.28(a) using priors, routers, and a gateway between the Server and client. b. Complete the protocol architecture in Figure 1.28(13) for the intermediate gateway system.

1|Page

2|Page

17. As a network engineer in an NOC, you are following up on the following two trouble tickets. You do not have a network management system and you have to use the basic network tools to validate the problems before you can resolve them. Please explain what tools you would use in each case and how it would validate the customer's complaint. Trouble Ticket 100: Customer says that periodically the messages he receives are missing some characters. Trouble Ticket 101: A customer in Atlanta complains that when She tries to log into the System seztpez./zntlqsfr|rtec.com in New York, she gets disconnected ' with a time-out. However, her colleague in her New York office reports that he is able to access the system.

(a) TT 100: Telnet into user workstation from NOC. You suspect packet loss and intermittent operation. Ping destination from the user workstation. Measure % packet loss and verify. (b) TT 101: Telnet into user workstation from NOC. You suspect loss of connection. Trace route to the NY. Find the connection is broken.
3|Page

chapter 2:
2-1 The maximum allowed Segment for Ethernet is 500 meters and number of segments that can be connected to repeater is limited to five. The minimum length of the frame that can be transmitted is the sum of the round-trip delay and the repeater delays. Assume the speed of transmission on the cable is 200 meters per microsecond and the total round-trip delay in traversing all the repeaters is 25micro second. Show that the minimum frame size (number of bits per frame) of an Ethernet frame is 64 bytes. Note: The maximum frame size is 1,518 bytes. Minimum frame size is the same as the maximum round-trip delay on the LAN. Maximum round-trip delay = (2 x max. I-way propagation delay) + repeater delay = (500 x 5 x 2)/200) + 25 seconds = 50 seconds At 10 Mbps, generated bytes = 50 Mbps x 10 sec = 500 bits ~ 64 bytes, which is the minimum frame size. 2-2. The Engineering Department of twelve persons in a Small corporation is on a regular 10Base-T Ethernet LAN hub with 16 ports. The busy group started complaining because of the slow network performance. The network was operating at 50% utilization, whereas 30% utilization is acceptable. if you are the corporation's Information Technology Engineer and have to resolve the problem technically, a. Describe four choices for resolving the problem, maintaining the LAN as an Ethernet LAN. b. State the advantages and disadvantages of each approach.

1. Choice 1: Switched Ethernet - Replace regular hub to switched hub. This will increase the maximum capacity to about 6 times. No modifications need to workstations. Easy to install. Switch the hub and plug the cables into the new hub. Choice 2: Full duplex - Convert NICs on the 12 workstations and replace the hub to full duplex operation. This requires hardware and configuration changes to the hub and workstations. Will double the capacity. However, this is a dead-end approach. Choice 3: Convert the network to 100Bast-T Fast Ethernet. Need to replace the NICs in the workstations and replace hub for 100BaseT. Increases capacity by ten times. The speed at each workstation increases ten times. Requires 12 NICs for the workstation and a new hub. Choice 4: Split the workstation into multiple (n) LANs. Approximately increases the capacity by n times. Some hubs have the capacity to split LANs. If not, additional hubs need to be added.

4|Page

External bridge or a workstation acting in the capacity of a bridge will bridge the split LANs. This is a scalable architecture and would allow for future growth. No hardware changes need to be made to the workstations. IP address needs to be changed in the workstations that now belong to new subnets.

2-3 In previous Exercise, the IT meager says the problem is to be solved by using bridges and the existing hub that could be configured for four subnets. A good rule of thumb is that LAN utilization of 20% yields good and satisfactory performance. Assume that twelve workstations are functioning at peer-to-peer level with distribution of traffic between any two Stations being the Same. What would be your new configuration?
The twelve stations are divided between three subnets, with four stations in each. We need to add one 3-port bridge (in practice, a 4-port bridge), a simple version being one workstation with NICs, each connected to one of three subnets. Ports 5, 10, and 15 for the three LANs, LAN1,LAN2, and LAN3 respectively are connected to the bridge. The fourth port of the bridge is depicted as connected to external network.

The traffic in each subnet will be about 1.7 Mbps, i.e., utilization factor of 17%

2-4: Design an Ethernet LAN using a 10/100 mbps Switched Ethernet hub to handle

the following specifications: Number of clients = 16 operating at 10 maps Number of Server = 1 50% of the traffic is directed to the server Draw the configuration and indicate the transmission modes (half-duplex or duplex) on the ports.
Traffic on the hub I/O of server = 16 x 10 x 0.5 Mbps = 80 Mbps. Hence, use a 100 Mbps half-duplex mode of operation for the server as shown .

5|Page

2-6. Repeat Exercise 5 if the traffic to the server increases to 80 percent.


Traffic on the server I/O of the hub = 100x 16 x 0.8 = 128 Mbps In this case the server is connected to the hub using a full duplex 100 Mbps NIC. An alternative is to split the hub into two subnets and have two half-duplex 100 Mbps I/O's to the server, each one serving one of the two subnets.

2-7. two virtual cans, 145.50.50.1 belonging to NM lab, and 145.50.60.1 belonging to Networking lab, each have three workstations. The former has workstations 145.50.50.11-13, once the latter 145.50.60.21-23. They are connected to a Switched hub (as shown in Figure 2.9) on ports 2 through 7. The N1Cs (network interface cards) associated with ports are made by Cabletron and their MAC addresses start with the vendor's global prefix 00-00-1D (hexadecimal notation) and end with 11, 12, 13, 21, 22, and 23 (same as the courtly decimal position of IP addresses). a. Create a conceptual matrix table, as shown below, that would be generated my the hub that relates the IP address, MAC address, and port number.

b. The workstation 23 is moved from Networking lab to NM lab. Show the appropriate parameter changes on the hub and the workstation.
5. (a) IP Address MAC Address Port Number

6|Page

145.50.50.11 145.50.50.12 145.50.50.13 145.50.60.11 145.50.60.22 145.50.60.23 (b) IP Address 145.50.50.11 145.50.50.12 145.50.50.13 145.50.50.23 145.50.60.21 145.50.60.22

00-00-ID-00-00-0B 00-00-ID-00-00-0C 00-00-ID-00-00-0D 00-00-ID-00-00-15 00-00-ID-00-00-16 00-00-ID-00-00-17

11 12 13 21 22 23

MAC Address 00-00-ID-00-00-0B 00-00-ID-00-00-0C 00-00-ID-00-00-0D 00-00-ID-00-00-17 00-00-ID-00-00-15 00-00-ID-00-00-16

Port Number 11 12 13 23 21 22

8. In Exercise 7, port 1 of the hub is connected to a router (as shown in Figure 2.9). The IP and MAC addresses associated with the NIC on the hub interfacing to the router are 145.50.10.1 and 00-00-100-00-00-01, and that with the NIC on the router interfacing with the Switched hub of 130.30.40.1 and 00-00-10-00.00-64. Extend the matrix of Exercise 7(a) to include port 1, using the Same convention for MAC addresses
IP Address 130.30.40.1 MAC Address 00-00-ID-00-00-64 Port Number 1

7|Page

145.50.50.11 145.50.50.12 145.50.50.13 145.50.60.11 145.50.60.22 145.50.60.23

00-00-ID-00-00-0B 00-00-ID-00-00-0C 00-00-ID-00-00-0D 00-00-ID-00-00-15 00-00-ID-00-00-16 00-00-ID-00-00-17

11 12 13 21 22 23

9. In Exercise 8, the router is connected to the switched hub by a Single physical cable. The router maintains two Sets of tables, one to determine the subnets on its network and the other to determine the host on the subnet, as shown below. 'The third decimal of the IP address is allocated to subnet designation.

a. What is the mask used by the router to filter the subnet? b. Show how two packets arriving in the router and addressed to 145.50.50.11 And 145.50.60.21 are directed to the Switched hub by using the above table.

8|Page

9. (a) Subnet is determined by the third decimal (bits 17-24) position of the IP address. The subnet mask is defined with the network and subnet work bit positions being 1 and host positions zero. Thus the subnet mask is 255.255.255.0 or 1111 1111 1111 1111 1111 1111 0000 0000 (b) Packet addressed to 145.50.50.11 145.50.50.11 XOR 255.255.255.0 = 145.50.50.0 The subnet address table of 145.50.50.0 identifies host 11 as interface port 1. The hub, in turn, directs the packet to its port 11. Packet addressed to 145.50.60.11, similarly yields the subnet 145.50.60.0 and addresses the host 21 to same port 1 of the router. The hub, in turn, switches it to its port 21.

10. Design a client/server network with two Servers operating at 100Base-T Fast Ethernet speed and the clients operating at regular 10Base-T Ethernet speed using a 10/100 Mbps NIC. The hub is located in a wiring closet, but the servers and clients are not. Assume that a satisfactory performance is achieved at 30% utilization of the LAN

Limitations: 1) Maximum distance to a server from the hub = 100 m; 4 pairs half-duplex mode (100Base-T4). Maximum distance to a client from the hub = 100 m with CAT-5 cable, half-duplex mode(100Base-T).

2) at 30% utilization, the LAN data rate is 30 Mbps. At 10 Mbps - clients, only three clients can be accommodated for satisfactory performance.

9|Page

11. Which of the following is correct? The maximum throughput of an 8-port switched hub over an 8 port nonswitched hub is a. the same b. 2 times c. 4 times d. 8 times
(c) is the correct answer. Four pairs of conversations can simultaneously occur with 8 ports.

12. It is assumed in Exercise 11 that the LAN operates at maximum utilization. How- ever, a regular LAN can degrade in performance to an intolerable level at 50% utilization. What is the approximate (ignore the contention of more than one station trying to reach the same destination at the same time) percentage utilization improvement of a l2-port switched-hub Ethernet LAN over a none switched-hub Ethernet LAN?
For a 12-port hub at 50% utilization, maximum data rate is 5 Mbps. For a switched hub, the twelve ports can carry 6 simultaneous conversations with a data rate capacity of 60 Mbps. Thus, the percentage utilization improvement is 1200%.

13. The minimum Size of the frame is determined by the token size, which is 3 bytes long and should be contained in the ring under idle condition. Assume a 16Mbps LAN and transmission of 200 meters per microsecond. a. What should be the minimum length of the ring in meters? b. Each station normally adds a bit delay in processing the data. What is the additional length gained by adding one station at a time?
A bit occupies 200 x 106 m/sec = 12.5 meters/bit 16 x 106 bits / sec For the token of 3 bytes or 24 bits, the minimum length of the ring is 12.5 m/bit x 24 bits = 300 meters

14. Repeat Exercise 3 for an FDDI ring. Assume the Speed of transmission is 300 meters per microsecond.
Minimum length = 300 x 106 x 24 = 72 meters 100 x 106

15. Explain why the performance of an Ethernet LAN decreases with an increase
10 | P a g e

in the number of Stations on the LAW, whereas it increases (at least initially) with the increase in the number of Station in a token-ring LAN.
In Ethernet configuration, as number of stations increase, collision increases and stations have to abort transmission and try again. Thus utilization / performance decreases. In Token Ring configuration, when token is passed from one station to the next, the time it takes to travel is simply overhead. As number of stations increase, time to travel between adjacent stations is less, thus improving the utilization / performance of the LAN.

16. Draw a network configuration and the protocol-layer interface architecture for a multiprotocol bridge that connects an Ethernet LAN and a token-ring LAN.

11 | P a g e

chapter 3:
3-1 What are the standards used for the various layers in an Ethernet-based network that is managed by the Internet management protocol? Assume that the Ethernet runs on 10 mbps on an unshielded twisted-pair cable.
Physical Layer: Data Link Layer Network Layer Transport Layer Application Layer 10Base-T IEEE 802.3 IP UDP SNMP IEEE IEEE IETF IETF IETF

3-2 considers a network of multi-vender components. Hubs are made by Cabletron and are managed by Cabletron's Spectrum NMS. Routers are made by Cisco and are managed my CiscoWorks NMS. The entire network is managed by a generalpurpose NMS such as HP Open View Network Node Manager. Draw a two-tier management network that performs configuration and fault management. Explain the rationale for your configuration.

Vendor-specific NMS has detailed information about the vendor's components. Hence, it is better suited to do configuration management and detailed trouble shooting in fault management, such as hardware board failure. General purpose NMS, such as HP OpenView, can monitor several vendors' components and do an overall fault monitoring. In addition, intelligence is built into the system to localize the fault.

3.3. Redraw the management network configuration of Exercise 2 as a three-tier configuration. What are the requirements on the three-tier network management system?

12 | P a g e

Spectrum and CiscoWorks behave as agents to MOM (HP OpenView) as well as managers to the managed components. For unified presentation, they utilize the user interface of HP OpenView

4. Explain succinctly the difference between the database of a: network management system and its MIB. How do you implement each in a network management System?
A database of an NMS is a physical database containing the network objects and values. It is implemented using any proprietary database software. MIB is a virtual database that is used by network management and agent applications to exchange information about the network objects. It has a hierarchical structure and the schema of the MIB is compiled into the management and agent management software.

5. You have been assigned the responsibility of aiding a new vendor's components with its own NMS to an existing network manager lay a different NMS. Identify the three sets of functions that you need to do to fulfill your task.
(i) Compile the MIB(s) of the new components on the existing NMS. (ii) Assign IP addresses (instances of managed objects) to the new components. Also, configure them on the network to communicate with the existing NMS. (iii) Configure the new NMS for configuration management and detailed fault management.

13 | P a g e

6. Write an ASN.1 module that defines Days Of Week as a SEQUENCE type with each day of the week (dayl, days, ...) as the type VisibleString. Write the ASN.1 description (a) for the structure and (b) for the value.
(a) ASN.1 Structure:DaysOfWeek ::= SEQUENCE { day1 VisibleString day2 day7 VisbleString VisibleString

(b) ASN.1 record value: day1 day2 day7 "Sunday" "Monday" "Saturday"

7. Write an ASN.1 module that defines daysOfWeek as all ENUMERATED data type, with values from 0 to 6.
daysOfWeek ENUMERATED ::= { sunday (0) monday tuesday (2) wednesday thursday friday saturday } (3) (4) (5) (6) (1)

8. The following is the informal record structure of my home address: Name Mani M. Subramanian
14 | P a g e

Address 1652 Harts Mill Road City Atlanta State GA Zip Code 30319 Write for your record: a. the informal record structure b. an ASN.I description of the record structure c. the record value for your home address
a) Informal Record Structure Name Mani M. Subramanian Address 1652 Harts Mill Road City Atlanta State GA Zip Code 30319 (b) ASN.1 Structure: MyAddress ::= [ APPLICATION 0 ] IMPLICIT { name address Address city [0] State zip [2] } Name ::= SEQUENCE { first middle last } Address ::= [ APPLICATION 1 ] IMPLICIT SEQUENCE { number INTEGER street VisibleString VisbleString VisibleSring DEFAULT { } VisibleString [1] VisibleString VisibleString INTEGER Name

15 | P a g e

} (c) ASN.1 Record value: { { first middle last { number street city state zip30319 "Mani", "M', "Subramanian" }, 1652, "Harts Mill Road" }, "Atlanta", "GA",

9. Given the definition class : := SET { name VisibleString size INTEGER graduate Boolean } which of the following set(s) of values is (are) compatible with the ASN.1 record structure in Exercise 8? a. CS4803B'', FALSE, 28 b. CS8113B, TRUE, 28 c. CS4803B'' 28, TRUE d. CS4803B, 28, TRUE
Correct solutions: 1 and 3

10. a. Describe a list and an ordered list in ASN.1 syntax. b. Identify the differences between them. c. Using examples, differentiate between list construction and repetitive construction.

16 | P a g e

(a) List: SET {<type1>, <type2>,} Ordered list: SEQUENCE {<type1>, <type2>,} (b) Data types in SET are distinctly different and could be transmitted in any order Data types in SEQUENCE need not be different from each other, but should be transmitted in the order in which the data is inputted. (c) List construction is done using SET and SEQUENCE and is used when data types need to be grouped. Repetitive construction is done using SET OF and SEQUENCE OF and is used when grouped data types are to be defined as an array or a table. The rules for ordering of data are the same as for SET and SEQUENCE.

11. In a ballroom dance class, the instructor asks the guests to form couples made up of a male and a female (order does not matter) for a lance. Write an ASN.1 module for danceGroup with data type danceGroup) that is composed of data type Couple; Couple is constructed using male and female.
danceGroup DanceGroup ::= SET OF { Couple } Couple ::= SET { Male, Female } male VisibleString female VisibleString

12. A high school class consists of four boys and four girls. The names of the keys with their heights are Adam (65''), Chang (63.'), Eduard (72''), and Gopal (62..). The names of the girls are Beth (68), Dipa (59'') Faye (61''), and Keisha (64''). For each of the following cases, write an ASN.1 description for the structure and record values my selecting appropriate data types. Start with data type Studentlnfo, listing information on each student. a. a random list of the Students b. an alphabetized list of students c. a sorted line up of students with increasing height d. any one student to be a class representative to the faculty meeting e. two groups, one of boys and one of girls
(a) RandomList ::= SET OF StudentInfo

StudentInfo ::= SEQUENCE { name male height VisibleString BOOLEAN INTEGER }

17 | P a g e

Record:

{"Adam", TRUE, 65 }, {"Chang"' TRUE, 63 }, ... {"Beth", FALSE, 68 }, ... }

(b) AlphabatizedList ::= SEQUENCE OF StudentInfo

Record:

{ "Adam", TRUE, 65 }, { "Beth", FALSE, 68 }, ... { "Ho", FALSE, 64 } }

(c) IncreasingHeight ::= SEQUENCE OF StudentInfo

Record:

{ "Dipa", FALSE, 59 }, { "Faye", FALSE, 61 }, ...

18 | P a g e

(d) Representative ::= { {"Adam", TRUE, 65 } | { "Chang", TRUE, 63 } | ...

or

Representative ::= CHOICE { student1 student2 ... student8 Student8 } Student1 ::= SEQUENCE { VisbleString, BOOLEAN, INTEGER } Record: {"Adam", TRUE, 65 } Student2 ::= SEQUENCE { VisbleString, BOOLEAN, INTEGER } Record: {"Chang", TRUE, 63 } .... Student1 Student2

(e) Group1 ::= SET OF StudentInfo Record: { {"Adam", TRUE, 65 }, { "Chang", TRUE, 63 }, . } Group2 ::= SET OF StudentInfo

19 | P a g e

Record: { {"Beth", FALSE, 68}, {"dipa", FALSE, 59 }, }

13. In Section 3.6.2, we defined the tag for Chapter-number type as APPLICATION [2] Encode this chapter (3) in TLV format.
0100010 00000001 00000011

14. You are establishing a small company. Give an example of each of the five functional applications that you would implement in your network management System.
Configuration Management: Set the IP address and system description identify components, set up subnets, links to external network, etc. Fault Management: Component failures, network alarms, etc. Performance Management: Traffic on the LANs, packet loss on components and links, traffic delay, .. Security Management: Set up security parameters, password and other security administration, security break-ins, etc. Account Management: Utilization of the network resources by different users.

20 | P a g e

Chapter 4 :
1. Refer to Figure 4.3 to answer the following questions: a. What are the classes of the networks shown in Figure 4.3(a)? b. Explain the function of a net-work mask. c. In Figure 4.3(c), network addresses 172.16.x.0 are subnets thrived from the network address 172.16.0.0. Explain how the IP address bits are split between subnet and host addresses.

(a) 172.16.46.2 is Class B address 192.168.101.1 Class C address (b) a network mask is used to create subnets and route packets to them. The IP address for a network is assigned by a centralized organization, NIC (Network Information Center). The router with an assigned node address can subdivide all the bits allocated to its hosts into subnets by applying the subnet mask and route the packets to the appropriate subnets. Each subnet maintains the address of its hosts for routing purpose. (c) The last sixteen bits are assigned as host addresses by NIC. The local network has split the first eight bits (17-24) for subnet and the last bits (25-32) for hosts. The subnet mask is 255.255.255.0.

2. Access the Simple Gateway Monitoring Protocol (SGMP) RFC 1028 on the Internet. Describe the four message types defined in the document. (You (to not have to present the structure of the message.)

21 | P a g e

The four SGMP messages and their functions are: (1) The "get request message type", get_req_message_type requests the values of a sequence of variables from a managed (protocol) entity by a manager (protocol) entity. (2) The "get response message type", get_rsp_message_type is sent by a managed entity in response to a get request message type. It responds with values for the list of variables requested. (3) The "trap request message type", trap_req_message_type, is generated by a managed object. The trap messages generated are cold start, warm start, link failure, authentication failure, and EGP neighbor loss. (4) The "set request message type", set_req_message_type is issued by a manager (Protocol) entity to set the values in a managed entity.

3. Present the OBJECT IDENTIFIER for the object Sun.proclucts in two formats, one mnemonic and the other numeric.
sun OBJECT IDENTIFIER::={internet.private.enterprises.sun.products} sun OBJECT IDENTIFIER::={1.3.6.1.4.1.42.2}

4. Represent the objects as OBJECT IDENTIFIERS Starting from the root for the three network components in Figure 4.2. a.hub in Figure 4.2(a) in hybrid format b. hub in Figure 4.2(b) in numeric format c. router in Figure 4.2(c) in hybrid format
(a) iso.org.dod.internet.private.enterprises.43.1.8.5 (b) 1 . 3 . 6 . 1 . 4 . 1 .43.1.8.5 (c) 1 . 3 . 6 . 1 . 4 . 1 .46.ciscoProducts.cisco7000

5. Encode IP address 10.20.30.40 in TLV format.


01000000 00000100 00001010 00010100 00011110 00101000

6. Refer to RFC 1213 for the following exercise: a. Write the ASCII specifications for sysServices. b. Illustrate the Specifications with values for a bridge. c. Illustrate the specifications with values for a router.

22 | P a g e

a) sysServices OBJECT-TYPE SYNTAX INTEGER (0..127) ACCESS read-only STATUS mandatory DESCRIPTION "The value is a sum. This sum initially takes the value zero, Then, for each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly: layer functionality 1 physical (e.g., repeaters) 2 datalink/subnetwork (e.g., bridges) 3 internet (e.g., IP gateways) 4 end-to-end (e.g., IP hosts) 7 applications (e.g., mail relays) For systems including OSI protocols, layers 5 and 6 may also be counted." ::= { system 7 }

7. Write the object DESCRIPTOR and syntax of the following SNMP manager entities: a. IP address b. A row in the Interfaces table (the row specifications only, not the objects in the row) c. 'The MAC address of an interface card
(a) DESCRIPTOR ipNetToMediaNetAddress SYNTAX IpAddress (b) DESCRIPTOR ifEntry SYNTAX IfEntry (c) DESCRIPTOR ipNetToMediaPhysAddress SYNTAX PhysAddress

8. In Exercise 4 of Chapter 1, you measured the percentage of packet loss using ping tool, which depends on the ICMP group. Name the MIB object's that are used in the procedure encl present the macros for the OBJECT TYPE.
23 | P a g e

9. The two MIB objects are icmpOutEchos and icmpInEchoReps. The OBJECT-TYPE macros are shown below. icmpOutEchos OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of ICMP Echo (request) messages sent." ::= { icmp 21 } icmpInEchoReps OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "The number of ICMP Echo Reply messages received." ::= { icmp 9 }

9. Explain how you would determine whether a device is acting as a host or as a router using an SNMP command.
Use get-request command for ipForwarding. A value of 1 indicates that it is a router or gateway. A value of 2 indicates that it is acting as a host.

10.Refer to the IP Address Translation table Shown in Figure 4.32 and Table 4.10 as well as the numbering convention Shown in Figure 4.22 to answer the following questions: a. List the columnar objects under ipNetToMediaEntry. b. Draw the object instance table for ipNetToMediaTable as in Figure 4.23(b) without the row column. Fill three rows of data using MIB Specifications. c. Redraw the table in (b), now filling each cell in the table with object instance identifiers. Use N = 1.3.6.1.2.1.4.22.1 for ipNet-ToMediaEntry in the table.
a) ipNetToMediaTable {ip 22} 24 | P a g e

ipNetToMediaEntry (1) Four columnar objects under ipNetToMediaEntry: ipNetToMediaIfIndex (1) ipNetToMediaPhysAddress (2) ipNetToMediaNetAddress (3) ipNetToMediaType (4) (b)
ipNetToMediaIfIndex ipNetToMediaPhysAddress ipNetToMediaNetAddress ipNetToMediaType

1 2 3

0x00000C3920AC 0x00000C3920AF 0x00000C3920B0

172.16.46.1 172.16.49.1 172.16.52.1

4 4 4

(c)
ipNetToMediaIfIndex N.1.1.172.16.46.1 N.1.2.172.16.49.1 N.1.3.172.16.52.1 ipNetToMediaPhysAddress N.2.1.172.16.46.1 N.2.2.172.16.49.1 N.2.3.172.16.52.1 ipNetToMediaNetAddress N.3.1.172.16.46.1 N.3.2.172.16.49.1 N.3.3.172.16.52.1 ipNetToMediaType N.4.1.172.16.46.1 N.4.2.172.16.49.1 N.4.3.172.16.52.1

You own a specialty company, ABC (Atlanta Braves Company) that sells hats and jacket. You obtained an OBJECT IDENTIFIER 5000 under enterprises node from IANA. You have two branch locations. Each has an inventory system that can be accessed by the IP address; they have the following OBJECT DESCRIPTORS: branch1 - 100.100.100.15
11.

branch2 - 100.100.100.16 Each branch has two types of products whose inventory are hats jackets Hats are all of the same Size and the inventory is a scalar value, hat Quantity.

25 | P a g e

Jackets come in different sizes and the inventory is maintained in a table, jacket- table, whose columnar objects are jacketsize (index) jacketQuantity Create a MIB module for your company. The objective is to find the inventory of any specific product while sitting in your once as president of the company. a. Draw a MIB subtree. b. Write a MIB module.

(b) <abc> DEFINITIONS ::= BEGIN

26 | P a g e

abc OBJECT IDENTIFIER ::= { enterprises 5000 } -- Only Products group is defined in this module. -- Products Group abcProducts OBJECT IDENTIFIER ::= { abc 1 } -- the Products group hats OBJECT-TYPE SYNTAX DisplayString (SIZE(0..256)) ACCESS read-only STATUS mandatory DESCRIPTION "Hats are all made in one size and adjustable." ::= {abcProducts 1 } hatQuantityOBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Quantity of hats in the inventory." ::= {hats 1 } jackets OBJECT-TYPE SYNTAX DisplayString (SIZE(0..256)) ACCESS read-only STATUS mandatory DESCRIPTION "Jackets are made in different sizes." ::= {abcProducts 2 } -- the Jackets table jacketTable OBJECT-TYPE SYNTAX SEQUENCE OF JacketTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of jacket entries." ::= {jackets 1 } jacketTableEntry OBJECT-TYPE SYNTAX JacketTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A row in the Jackets table." INDEX { jacketSize } ::= {jacketTable 1 } JacketTableEntry ::= SEQUENCE { jacketSize INTEGER, jacketQuantity INTEGER

27 | P a g e

jacketSize OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Size of jacket." ::= {jacketTableEntry 1 } jacketQuantity OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Quantity of jackets of a given size in the inventory." ::= {jacketTableEntry 1 } END

12. A network manager discovers that a network component is performing poorly and issues an order to the technician to replace it. Which MIB group contains this information for the technician to find out the physical location of the component?
SysLocation in System group

13. How would you use one of the standard MIB objects to determine which of the stations in a LAN is functioning as a bridge to the external network?
Use the ifIndex MIB in the get-request command. The bridge will have a value of 2

14. TCP is a connection-oriented protocol and UDP is a connectionless protocol. Identify differences in the two MlBs that exemplify this difference.
TCP connection table has local and remote addresses as indices. UDP Table is only a listener table and has only the local address and port as listening port and does not keep track of the remote address and port.

15. What OBJECT TYPE would you use to identify the address of the neighboring gateway from your local gateway?
egpNeigAddr in the egpNeighTable.

28 | P a g e

16. An IT manager gets complaints from the users that there is excessive delay in response over the Ethernet LAN. The manager suspects the cause of the problem is excessive collisions on the LAN. She gathers statistics on the collisions using the dot3statsTable and localizes the problem to a single faulty network interface card. Explain how she localized the problem. You may use RFC 2358 to answer this exercise.
Gather statistics by making get-request command on the variable dot3StatsExcessiveCollisions, which maps to aFramesAbortedDueToXSColls on IEEE 802.3 managed object in the dot3StatsTable for each station on the LAN and discovered that only the counter with the defective NIC was changing.

17. FDDI is heavily used as a backbone network in a corporate complex. a. Draw a MIB tree for FDDI MIB. Limit your tree to the top five groups. b. Develop a three-column table presenting entity OID, arts brief descriptions of the groups and the tables under each group.

(b) Entity fddi OID transmisssion 3 Brief Description FDDI transmission medium

29 | P a g e

fddiMIB fddimibSMT

fddi 73 fddiMIB 1

FDDI MIB SMT (Station Management) table listing SMT entries MAC table listing MAC entries MAC counters table Table of all PATHs across all SMTs Table of all PORTs across all SMTs

fddimibMAC fddimibMACCounters fddimibPATH fddimibPORT

fddiMIB 2 fddiMIB 3 fddiMIB 4 fddiMIB 5

30 | P a g e

Chapter 5 :
l- Three managed hubs with interface id 11-13 (fourth decimal position value) in subnetwork 200.100.100.1 are being monitored by a network management system for mean time between failures using the SysUpTime in system {internet.mgmt.mib2.system} group. 'The NMS periodically issues the command get-request object-instance community OBJECT IDENTIFIER Fill the operands in the three set of requests that the NMS sends out. Use public for the community variable.
get-request 200.100.100.11 public system.sysUpTime get-request 200.100.100.12 public system.sysUpTime get-request 200.100.100.13 public system.sysUpTime

2- You are assigned the task of writing specifications for configuring SNMP managers and agents for a corporate network to implement the access policy. The policy defines a community profile for all managed network components where a public group (community name public) can only look at the system group, a privileged group (community name privileged) that can look at all the MIB objects, and an exclusive group (community name exclusive) that can do a read-write on all allowed components. Present a figure (similar, but not identical, to the flowchart in Figure 5.2) showing the paths from the SNMP managers to manager objects of a network component.

31 | P a g e

3. Fill in the data in the trap PDU format shown in Figure 5.9 for a message sent by the hub shown in Figure 4.2(a) one second after it is reset following a failure. Treat the trap as generic and leave the specific trap fields blank. The only varBind that the trap sends is the sysUpTime. (Refer to RFC 1157 and RFC 1215.)

4. An SNMP manager sends a request message to an SNMP agent requesting sysUp time at 8:00 A.M. Fill in the data for the fields of an SNMP PDU Shown in Figure 5.5. Please use ('SNMP'' for the application header, enumerated INTEGER 0 for version1) and public'' for community name.

5. In Exercise 4, if the SNMP manager sent the request at 8:00 A.M. and the SNMP agent was reset at midnight after a failure, fill in the fields for the SNMP PDU on the response received.

6. An SNMP manager sends a request for the values of the sysUpTime in the System group and ifType in the interfaces group for ifNumber value of 3. Write the PDUS with the fields filled in for
32 | P a g e

a. the get-request PDU, and b. the get-response PDU with noSuchName error message for ifType.

7. The following data response information is received my the manager for a getrequest with a varBindList. Compose a. the get-request PDU, and b. the get-response PDU.

33 | P a g e

8. Draw the message Sequence diagram Similar to the one in Figure 5.10 for the hub example given in Figure 4.2(a). Assume that a separate get-request message is sent for each data value.

34 | P a g e

9. Repeat Exercise 7 with a VarBindlist. Use the format of Figure 5.16.

35 | P a g e

10. For the UDP Group MIB in Figure 4.38, assume that there are three rows for the columnar objects in the udpTable. Write OBJECT IDENTIFIER for all the objects in the lexicographic order. Answer:
T = mib-2.7.5 E = mib-2.7.5.1 E.1.1. E.1.2 E.1.3 E.2.1 E.2.2 E.2.3

11. Draw the message sequence diagram for the following ipNetToMediaTable, retrieving all the values objects in each row with single get-next-request commands, similar to the one Shown in Figure 5.16. The indices are ipNetToMediaIfIndex and ipNetToMediaNetAddress. Ignore obtaining sysUpTime.

Reordering the table in lexicographic order, we get: ipNetToMedia IfIndex 16 2 IpNetToMediaPhys Address 00000C3920AF 00000C39209D ipNetToMediaNet Address 172.16.49.1 172.16.56.1 ipNetTo MediaType 4 4

36 | P a g e

25 9

00000C3920B4 00000C3920A6

192.168.252.15 172.16.55.1

4 4

Now we can draw the message sequence diagram.

12. Compose the data frames for SNMP PDUS for the example in Figure 5.16 for the following two cases: a. the first GetNextRequest (sysUpTime, atPhysAddress) and the GetResponse b. the second GetNextRequest And GetResponse with values obtained in part (a) .

37 | P a g e

13. A data analyzer tool is used to look at a frame of data traversing a LAN. It is from the station noc3 in response to a request from noc1. Use the following system status to answer this question: Version = 0 Community = netMan

38 | P a g e

Compose the expected data frames for SNMP PDU types. Your frames should look like the frames in Figure 5.17. a. GetRequest from manager to manager object b. GetResponse from managed object to manager
12. The get-request message from noc1 to noc3 looks like:

39 | P a g e

noc3 > noc1 Community = public GetRequest Request ID = 100 system.sysUpTime.0 udp.udpInDatagrams.0 udp.udpNoPorts.0 udp.udpInErrors.0 udp.udpOutDatagrams.0

(a) Get-Request Message from Manager-to-Agent

The get-response message from noc3 to noc1 looks like: noc1 > noc3 Community = public GetResponse Request ID = 100 system.sysUpTime.0 = 1000000 udp.udpInDatagrams.0 = 500000 udp.udpNoPorts.0 = 1000 udp.udpInErrors.0 = 5000 udp.udpOutDatagrams.0 = 300000

(b) Get-Response Message from Agent-to-Manager

40 | P a g e

Chapter 8:
1. An NMS connected to an Ethernet LAN is monitoring a network of 10,000 nodes comprising routers, hubs, and workstations. It sends an SNMP query to each station once a minute and receives a response when the Stations are up. Assume that an average frame Size is 1000 bytes long for get-request and response messages. a. What is the traffic load on the LAN that has the NMS? b. If the Ethernet LAN operates at a maximum efficiency of 40% throughput, what is the overhead due to network monitoring?
Number of get-request and responses sent per minute = 20,000 Load on the NMS LAN = (20,000*1000*8)/60 = 2.7 Mbps

2. In Exercise 1, assume the network comprises ten subnetworks, with an RMON monitoring each subnet. a. Design a heartbeat monitoring system, using RMONs, that indicates failures to the NMS within a minute of a failure. b. What is the monitoring load on each subnet? c. lf the NMS is Still expected to detect any failure within one minute of occurrence, what is the overhead on the LAN to which the NMS is connected clue to this traffic?
(a) Each RMON monitors the heartbeat of its own nodes by polling the stations every minute. Whenever an RMON detects a failure, it sends a trap to the NMS. (b) Load on each subnet due to monitoring of RMON = (2,000*1000*8)/60 = 267 kbps (c) Each RMON sends a trap indicating the failure to the NMS once every minute. Thus, the NMS receives 10 frames every minute. Load on the NMS LAN = (10*1000*8)/60 = 1.33 kbps.

3. a.Describe qualitatively how the utilization (number of frames offered|/number of frames transmitted) repents on frame size. b. How would you measure the distribution of the frame Size on the LAN?
(a) The larger the frame size (compared to the propagation time on the LAN), the better is the utilization on an Ethernet LAN. This is due to decrease in the collision rate. (b) RMON1 Statistics Group has six objects that measure packet size of 64 (etherStatsPkts64Octets), 65-127 (etherStatsPkts65to127Octets), 128-255 (etherStatsPkts127to255Octets), 256-511 (etherStatsPkts256to511Octets), 512-1023 (etherStatsPkts512to1023Octets), and 1024-1518 (etherStatsPkts1024to1518Octets) bytes. These counters will be read every second and the difference between consecutive readings of each will give the distribution of packet size.

41 | P a g e

4. a. Describe the two methods of measuring collisions on an Ethernet LAN. b. Compare the two methods in terms of what you can measure.
(a) The two methods of collision measurements are using 802.3 MIB and RMON1 Statistics Group. (b) 802.3 MIB provides the following parameters: dot3StatsSingleCollisionFrames Number of frames successfully transmitted after single collision Number of frames successfully transmitted after more than one collision Number of frames failed to be transmitted to excessive collisions

dot3StatsMultipleCollisionFrames

dot3StatsexcessiveCollisions

RMON MIB Statistics Group has etherStatsCollisions that gives the best estimate on the total number of collisions.

5. Two identical token rings with the Same number of Stations operate at different efficiencies (the ratio of time spent in data transmission to total time). One operates at a higher efficiency than the other. You suspect that this difference is due to the different frame sizes of the data frames in the two rings. a. Why would you suspect the frame size? b. How would you use RMON to prove your suspicion?
(a) The time taken by the token to travel from one station to the next is the idle time of the ring. The ring with small frames spends more time passing the token relative to the time spent on sending data frames. The Token Ring with large frames spends more time sending data frames. (b) The Token Ring Promiscuous group contains data on the sizes of the frame. It can be used to verify the suspicion.

6.How would you measure the types and distribution of flames in a token ring lAN?
The distribution statistics on the size and type of packets is obtained using the Token Ring Promiscuous group. There are MIB objects in the Promiscuous group that monitors the total non-MAC data packets, the number of broadcast packets, and the number of multicast packets. There are counts of nine packet sizes of the following range of octets: 18-63, 64-127, 128-255, 256-511, 512-1023, 1024-2047, 2048-4095, 4096-8191, 8192-18000, and greater than 18000.

7. An RMON probe in a network measures Ethernet packets on hub interfaces (inldex) 1 and 2. The counters were set to zero as the measurements started, and
42 | P a g e

interface 1 has counted 1000 1500-byte packets and interface 2 has measured 100 64-byte packets. These counts are stored in rows 1 and 2 of the protocolDistStatsTable. They are indexed by the protocolDistControlIndex of 1 and 2 and the protocolDirLocalIndex of 11 and 12. a. Draw the conceptual rows of the tables involved with the relevant columnar objects and values. b. Write each instance of the columnar object of the data with its associated index and value.

(a)

(b) protocolDistStatsPkts.1.11 = 1000 protocolDistStatsPkts.2.12 = 100 protocolDistStatsOctets.1.11 = 1500000 protocolDistStatsOctets.2.12 = 6400

43 | P a g e

Chapter 12:
1. Execute the commands nslookup and dig on a host IP address and present your results. a.Compare the two results for the common information and present it. b.What kinds of additional information do you get from dig?
1. Execution of nslookup for host noc4 yields: nslookup noc4 Server: cicada.btc.gatech.edu Address: 199.77.147.28

Name:

noc4.btc.gatech.edu

Address: 199.77.147.144

Execution of dig for host noc4 yields: dig noc4|more

; <<>> DiG 8.2 <<>> noc4 ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; noc4, type = A, class = IN

;; AUTHORITY SECTION: . 9m17s IN SOA hostmaster.INTERNIC. 44 | P a g e A.ROOT-SERVERS.NET.

NET. ( 1999071500 30M 15M 1W 1D ) ; serial ; refresh ; retry ; expiry ; minimum

;; Total query time: 2 msec ;; FROM: noc2 to SERVER: default -- 199.77.147.28 ;; WHEN: Fri Jul 16 06:24:37 1999 ;; MSG SIZE sent: 22 rcvd: 95 (a) Both utilities provide the DNS as 199.77.147.28 (b) Dig (domain information groper) is a flexible command line tool which can be used to gather information from the Domain Name System servers with numerous query options (See RFC 1035). An extract of a print out of the command is given as an example here. It has four parts: query, answer, authority, and additional. The answer section contains answers to specific query. The authority section lists the authoritative domain name servers and the additional section lists additional domain name server information. noc2% dig -x 199.77.147.28

; <<>> DiG 8.2 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 45 | P a g e

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUERY SECTION: ;; 28.147.77.199.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION: 28.147.77.199.in-addr.arpa. 22h52m52s IN PTR cicada.btc.gatech.edu.

;; AUTHORITY SECTION: 147.77.199.IN-ADDR.ARPA. 22h52m52s IN NS eagle.gcatt.gatech.edu.

;; ADDITIONAL SECTION: eagle.gcatt.gatech.edu. 12H IN A 199.77.146.19

;; Total query time: 5 msec ;; FROM: noc2 to SERVER: default -- 199.77.147.28 ;; WHEN: Fri Jul 16 07:24:57 1999 ;; MSG SIZE sent: 44 rcvd: 144

2. Use dig to determine the authoritative domain name delivers for the zone associated with altavista.com
All the answers given below are correct since they are all nameservers that maintain information about the zone: ns1.altavista.com. ns2.altavista.com. ns3.altavista.com. cr1.dec.com ns.dec.com

3. Using dig, list all the hosts associated with the zone of altavista.com.
46 | P a g e

The output of the dig command contains the following hosts in a try: altavista.com. 7200 NS ns3.alta-vista.net. altavista.com. 7200 NS crl.dec.com. altavista.com. 7200 NS ns.dec.com. altavista.com. 7200 NS ns1.alta-vista.net. altavista.com. 7200 NS ns2.alta-vista.net. altavista.com. 7200 MX 100 av-ops4.alta-vista.net. altavista.com. 7200 MX 200 mail1.digital.com. altavista.com. 7200 MX 200 mail2.digital.com. altavista.com. 7200 MX 50 av-ops3.alta-vista.net. altavista.com. 7200 A 209.162.76.11 altavista.com. 7200 A 209.162.76.5 altavista.com. 7200 A 204.152.190.18 altavista.com. 7200 A 204.152.190.69 altavista.com. 7200 A 204.152.190.70 altavista.com. 7200 A 204.152.190.71 altavista.com. 7200 A 204.152.190.72 altavista.com. 7200 A 204.152.190.14 altavista.com. 7200 A 204.152.190.19 altavista.com. 7200 A 204.152.190.13 altavista.com. 7200 A 204.152.190.16 altavista.com. 7200 A 204.152.190.11 safari.altavista.com. 7200 CNAME crawl7.av.pa-x.dec.com. ads.altavista.com. 7200 A 204.123.9.72 loghost.altavista.com. 7200 CNAME localhost.altavista.com. babelfish.altavista.com. 7200 A 204.123.9.67 babelfish.altavista.com. 7200 A 204.123.9.65 localhost.altavista.com. 7200 A 127.0.0.1 c-ns1.altavista.com. 7200 A 204.152.191.250 images.altavista.com. 7200 CNAME image.altavista.com. my.altavista.com. 7200 A 204.123.9.121 my.altavista.com. 7200 A 204.123.9.79 my.altavista.com. 7200 A 204.123.9.80 cpq.my.altavista.com. 7200 A 204.123.9.80 cpq.my.altavista.com. 7200 A 204.123.9.121 cpq.my.altavista.com. 7200 A 204.123.9.79 finance.altavista.com. 7200 A 208.221.32.66 research.finance.altavista.com. 7200 A 216.34.1.31 investing.finance.altavista.com. 7200 A 216.34.1.30 adbid.altavista.com. 7200 A 199.95.206.28 zip2.altavista.com. 7200 NS ns2.zip2.com. zip2.altavista.com. 7200 NS auth00.ns.uu.net. 47 | P a g e

zip2.altavista.com. 7200 NS ns3.alta-vista.net. zip2.altavista.com. 7200 NS ns1.zip2.com. family.altavista.com. 7200 CNAME jump.altavista.com. image.altavista.com. 7200 A 204.152.190.74 image.altavista.com. 7200 A 204.152.190.75 thumbnail.image.altavista.com. 7200 A 204.152.190.23 thumbnail.image.altavista.com. 7200 A 204.152.190.24 jump.altavista.com. 7200 A 204.152.190.8 jump.altavista.com. 7200 A 204.152.190.9 jump.altavista.com. 7200 A 204.152.190.7 ns1.altavista.com. 7200 CNAME ns1.alta-vista.net. ns2.altavista.com. 7200 CNAME ns2.alta-vista.net. ns3.altavista.com. 7200 CNAME ns3.alta-vista.net. survey.altavista.com. 7200 A 204.123.9.151 discovery.altavista.com. 7200 A 204.123.9.114 forum.discovery.altavista.com. 7200 CNAME discovery2.av.pa-x.dec.com. ie.altavista.com. 7200 A 204.123.9.127 ie.altavista.com. 7200 A 204.123.9.125 shopping.altavista.com. 7200 CNAME olympian.doubleclick.net. maps.altavista.com. 7200 CNAME avmaps.zip2.com. ww2.altavista.com. 7200 A 204.123.2.67 www.altavista.com. 7200 CNAME altavista.com. affiliate.altavista.com. 7200 A 204.152.190.25 affiliate.altavista.com. 7200 A 204.152.190.26 careers.altavista.com. 7200 A 204.123.9.98 add-url.altavista.com. 7200 A 204.123.9.76 video.altavista.com. 7200 A 204.123.9.59

4.Using dig, determine the domain name that corresponds to the IP address198.116.142.34.
Use -x option $ dig x 198.116.142.34 yields 34.142.116.198.in-addr.arpa. 900 PTR foundation.hq.nasa.gov; i.e. foundation.hq.nasa.gov is what the IP address resolves to.

5. a. As a network engineer, you are required to aid and configure a nomanaged network component that has multiple interfaces remotely. What network utility would you use? 5. b. Discover the details on interfaces available on a host that has already been configured.

48 | P a g e

(a) The utility to be used is ifconfig. (b) Answer varies from machine to machine, because of difference in settings and hardware. The answer was generated on a machine that runs FreeBSD v.2.8RELEASE: ifconfig a ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 194.44.x.30 netmask 0xfffffff0 broadcast 194.44.x..31 inet 194.44.x.202 netmask 0xfffffff0 broadcast 194.44.x..207 ether 00:20:78:07:8c:74 tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 296 inet 194.44.x.30 --> 194.44.x.195 netmask 0xfffffff0 ppp2: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 296 inet 194.44.x.30 --> 194.44.x.193 netmask 0xfffffff0 ppp4: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 296 inet 194.44.x.30 --> 194.44.x.194 netmask 0xfffffff0 ppp6: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp7: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp8: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp9: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp10: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 ppp11: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 49 | P a g e

6. AS a network manager, you are responsible for the operation of a network. You notice heavy traffic in a host that is on a TCP/IP network and want to find out the details. a. What basic network monitoring tools) would you use? b. What would you look for in your results?
(a) The most useful tool is tcpdump, which can be used to analyze the packets across each interface. (b) Look for the source and destination hosts, incoming or outgoing traffic, and the type of protocols. The data could be filtered to yield information on the source and destination hosts and the protocols. Various expressions of filtering could be used to probe into as much detail as to identify the culprit causing the traffic.
7. .

Using tcpdump on an Ethernet interface on a host, capture ten IP packets.

6. The command to be invoked is tcpdump i ed0 c 10 Answer varies from machine to machine, because of difference in settings and hardware. The answer was generated on a machine that runs FreeBSD v.2.8RELEASE: tcpdump: listening on ed0 18:08:58.930277 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 4144893661:4144893705(44) ack 2549605032 win 17520 (DF) [tos 0x10] 18:08:59.202250 somehost2.lviv.ua.625 > somehost1.cv.ua.ssh: . ack 44 win 17520 (DF) [tos 0x10] 18:08:59.490162 somehost3.on.home.com.15680 > somehost1.cv.ua.http: . ack 4259952313 win 49152 (DF) 1:1461(1460) ack 0 win 17520 (DF) 18:08:59.491398 somehost1.cv.ua.http > somehost3.home.com.15680: . 1461:2921(1460) ack 0 win 17520 (DF) 18:08:59.908582 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 44:668(624) ack 1 win 17520 (DF) [tos 0x10] 18:09:00.930373 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 668:768(100) ack 1 win 17520 (DF) [tos 0x10] 18:09:00.930435 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 768:800(32) ack 1 win 17520 (DF) [tos 0x10] 50 | P a g e

18:09:01.013198 somehost2.lviv.ua.625 > somehost1.cv.ua.ssh: . ack 668 win 17520 (DF) [tos 0x10] 18:09:01.137734 somehost3.on.home.com.15680 > somehost1.cv.ua.http: . ack 1461 win 49152 (DF)

8. a. What are the five major forms of display formats available in the netstat command? Give one or two sentence description of each. 8.b. Cite an application for each of the display formats mentioned in part (a) in the daily network operations.
8. (a) The six groups of options for the netstat utility yield information on: (1) network connections, (2) routing table, (3) interface statistics, (4) masquerade connections, and (5) multicast memberships. Network connections ( option) provide the details on the network connections including active sockets, local and remote address, etc. The routing table provides the contents of the routing table similar to arp. The interface statistics consists of interface name, maximum packet size (MTU), input and output number of packets and errors. Masquerade connections are associated with the unofficial host addresses that are hidden from external network. Multicast membership is associated with multicast routing statistics. (b) Network connections provide enormous information and a good place to start with a trouble on a network or host. For example we could see the status of the TCP sockets to troubleshoot TCP problems. The routing table, which has a finite life could be used to trace the active hosts that there was communication within the last purge cycle. Problems associated with interfaces is tracked using interface option, This is similar to ifconfig. Masquerade option is used with security considerations. Multicast member ship presents multicast routing and is used to track the multicast problems.

9. Execute the three options (a) -N, (b) -r, and (c) -i of netstat on a host and explain your results.
(a) noc2% netstat -N Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address tcp tcp 0 0 Foreign Address State

0 199.77.147.142:23 130.207.160.11:13918 ESTABLISHED 128 199.77.147.142:23 205.152.8.138:3405 ESTABLISHED

51 | P a g e

tcp

0 199.77.147.142:23 130.207.8.31:36047

ESTABLISHED

We notice that three tcp connections that are established

(b) noc2% netstat -r Kernel IP routing table Destination 199.77.147.183 199.77.147.142 199.77.147.0 127.0.0.0 default Gateway * * * * Genmask Flags MSS Window irtt Iface 0 0 0 0 0 0 0 0 0 0 0 ppp0 0 0 0 0 eth0 eth0 lo eth0

255.255.255.255 UH 255.255.255.255 UH 255.255.255.0 255.0.0.0 U U UG

main-rtr.gcatt. .0.0.0

The default gateway is main-rtr.gcatt. Two hosts and two network connections are in the current routing table.

(c) noc2% netstat -i Kernel Interface table


Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg

eth0 1500 0 13856531 0 lo 3924 0 276700 0

0 0

0 0

10046835 0 276700 0

0 0

0 0

BRU LRU

ppp0 552 0 24 0 0 0 22 0 0 0 OPRU Three interfaces - Ethernet, loop back and PPP exist with the packet traffic statistics associated with them.

10. Compare the results of routing tables obtained from using the arp and netstat utilities.
noc2% /sbin/arp n Address 52 | P a g e HWtype HWaddress Flags Mask Iface

199.77.147.28 199.77.147.1 199.77.147.144 199.77.147.183

ether 00:60:4E:00:56:FE ether 00:60:3E:C0:24:40 ether 00:A0:24:48:86:81 * *

C C C MP

eth0 eth0 eth0 eth0

noc2% netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window 199.77.147.183 * 255.255.255.255 UH 0 0 199.77.147.142 * 255.255.255.255 UH 0 0 199.77.147.0 * 255.255.255.0 U 0 0 127.0.0.0 * 255.0.0.0 U 0 0 default main-rtr.gcatt. .0.0.0 UG 0 0

irtt 0 0 0 0 0

Iface ppp0 eth0 eth0 lo eth0

We notice common addresses in the two tables. The main-rtr is the same as 199.77.147.28. Host 199.77.147.144 address in the arp table is missing from the routing table - purged?

11. Ping an international site 100 times and determine the percentage packet loss.
The following solution is for 10 packets. noc2% ping -c 10 205.152.8.138 PING 205.152.8.138 (205.152.8.138): 56 data bytes 64 bytes from 205.152.8.138: icmp_seq=0 ttl=18 time=65.3 ms 64 bytes from 205.152.8.138: icmp_seq=1 ttl=18 time=47.3 ms 64 bytes from 205.152.8.138: icmp_seq=2 ttl=18 time=45.3 ms 64 bytes from 205.152.8.138: icmp_seq=3 ttl=18 time=50.9 ms 64 bytes from 205.152.8.138: icmp_seq=4 ttl=18 time=47.3 ms 64 bytes from 205.152.8.138: icmp_seq=5 ttl=18 time=45.3 ms 64 bytes from 205.152.8.138: icmp_seq=6 ttl=18 time=39.0 ms 64 bytes from 205.152.8.138: icmp_seq=8 ttl=18 time=218.1 ms 64 bytes from 205.152.8.138: icmp_seq=9 ttl=18 time=39.9 ms --- 205.152.8.138 ping statistics --10 packets transmitted, 9 packets received, 10% packet loss round-trip min/avg/max = 39.0/66.4/218.1 ms

12. Execute traceroute to a well-known host name and measure the effective throughput for one of the point-to-point links in the path using bing. (hint; Vary the packet size in bing if your results do not look right.)
Execute the following steps. (1) Obtain a list of hops and select one of them for measurements using traceroute; for 53 | P a g e

example, $ traceroute www.altavista.com. (2) Measure the effective bandwidth of one of the hops (point-to-point links): $ bing v L1 L2 where L1 and L2 are the respective IP addresses of the point-to-point link that was selected for measurements. (3) It might happen that the results of measurements do not seem realistic (Negative or very large throughput values). In this case we might need to increase the packet size and re-run the command: $ bing S 3000 v L1 L2 *** Note: BING package must be installed, see http://spengler.econ.duke.edu/~ferizs/bing.html#install

13.In diagnosing poor network performance-for example, delay-you need to know where the bottleneck is. Use traceroute to an international Site on another continent arts isolate the belay in the path.
The site chosen is a host in BanglaDesh. (Also the students could try president.gov.al. traceroute ns1.bangla.net traceroute to ns1.bangla.net (203.188.252.2), 30 hops max, 40byte packets 1 cc-cisco1-comm.cc.gatech.edu (130.207.8.1) 2 ms 1 ms 1 ms 2 130.207.251.1 (130.207.251.1) 2 ms 2 ms 2 ms 3 f1-0.atlanta2-cr99.bbnplanet.net (192.221.26.2) 4 ms 3 ms 4 ms 4 f1-0.atlanta2-br2.bbnplanet.net (4.0.2.90) 6 ms 4 ms 3 ms 5 s4-0-0.atlanta1-br2.bbnplanet.net (4.0.1.149) 5 ms 5 ms 4 ms 6 core4-hssi5-0-0.Atlanta.cw.net (204.70.10.169) 6 ms 4 ms 5 ms 7 corerouter2.SanFrancisco.cw.net (204.70.9.132) 65 ms 65 ms 65 ms 8 xcore2.SanFrancisco.cw.net (204.70.150.137) 68 ms 69 ms 68 ms 9 cwusa-mciworldcom.SanFrancisco.cw.net (166.63.53.230) 233 ms 233 ms 230 ms 10 f5-0.tmh02.hkt.net (205.252.128.194) 247 ms 240 ms 239 ms 11 fddi2-0.yck06.hkt.net (210.176.133.25) 238 ms 239 ms 239 ms 12 f5-1.hk-T3.hkt.net (205.252.130.239) 246 ms 247 ms 247 ms 13 202.84.133.114 (202.84.133.114) 249 ms 270 ms 247 ms 14 cgw2.pacific.net.hk (202.14.67.177) 250 ms 252 ms 252 ms 15 202.64.247.6 (202.64.247.6) 1365 ms 1095 ms 1232 ms 16 * ns1.bangla.net (203.188.252.2) 1204 ms 1044 m

14. Execute the arp command on a host or router in your network multiple times. Comment on the content and size of your results. (Your network may keep you
54 | P a g e

from exercising this utility).


Executing arp with option a, we get: arp a netman Net to Media Table Device IP Address Mask Flags Phys Addr --------------------------------------- ------------------hme0 morticia.cc.gatech.edu 255.255.255.255 08:00:20:75:f5:3a hme0 cc-cisco1-comm.cc.gatech.edu 255.255.255.255 00:10:2f:ff:70:00 hme0 appalachian.cc.gatech.edu 255.255.255.255 08:00:20:1d:26:0f hme0 lurch.cc.gatech.edu 255.255.255.255 08:00:20:0f:12:78 hme0 netman.cc.gatech.edu 255.255.255.255 SP 08:00:20:9a:19:ff hme0 aphasia.cc.gatech.edu 255.255.255.255 08:00:20:87:99:5a hme0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:00:5e:00:00:00 arp a netman Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------hme0 morticia.cc.gatech.edu 255.255.255.255 08:00:20:75:f5:3a hme0 cc-cisco1-comm.cc.gatech.edu 255.255.255.255 00:10:2f:ff:70:00 hme0 appalachian.cc.gatech.edu 255.255.255.255 08:00:20:1d:26:0f hme0 vipper.cc.gatech.edu 255.255.255.255 08:00:20:96:1f:34 hme0 fagus.cc.gatech.edu 255.255.255.255 00:60:08:05:90:0d hme0 adsl1.cc.gatech.edu 255.255.255.255 08:00:20:93:df:3a hme0 netman.cc.gatech.edu 255.255.255.255 SP 08:00:20:9a:19:ff hme0 grandmama.cc.gatech.edu 255.255.255.255 08:00:20:75:db:14 hme0 mayzie.cc.gatech.edu 255.255.255.255 08:00:20:89:f0:75 hme0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:00:5e:00:00:00 The arp cache table has changed between the readings. The list contains the information on the hosts reached by / via netman host. The port (single in this case) is an Ethernet interface (hme0). The IP address, mask, and MAC address are included.

15. From a workstation in a segment of your institute's network, discover all other workstations in your segment, using a network tool. Substantiate your result with the gathered data.
Use broadcast ping to discover the other hosts in the segment. ping a.b.c.255 for a class C segment. assuming your subnet is class C. A bridged neighboring segment would appear in the result with a different subnet ID, say a.b.d.x.

55 | P a g e

16. If your network Segment is bridged to another subnet, you would have noticed it in Exercise 15. Using network tools, discover the workstations on the neighboring segment if there is one. Substantiate your result with the gathered data.
Broadcast ping to the neighboring subnet, ping a.b.d.255 (See solution for Exercise 15).

56 | P a g e

Chapter 13:
1. You are asked to do a study of the use pattern of 24,000 workstations in an academic institution. Make the following assumptions. You ping each Station periodically. 'The message size in both directions is 128 bytes long. The NMS that you are using to do the study is on a 10Mbps LAN, which functions at 30 percent efficiency. What would be the frequency of your ping if you were not to exceed 5 percent overhead?
The normal load on the LAN at 30 % efficiency is 3 Mbps. At 5% overhead, the load due to the study should not exceed 150 kbps. Each round of ping for 24,000 stations at 2*128 bytes is 49,152,000 bits. Therefore, duration of each round is 49152/150 is 327.68 seconds or 5.46 minutes. To be within the constraint of overhead, the periodicity of pinging should be greater than 5.46 minutes

2. List and contrast the tools available to discover network components


The techniques used to do discover network components include: - arp/rarp: By looking up the ARP table in your host or router Gives the IP address to MAC address for hosts in the subnet - netstat or route: Looking up routing table that contain all hosts since last update - ping a.b.c.255:By broadcast pinging. If configured, gives all the hosts in the subnet on host from which ping is executed - tcpdump: by looking at the local traffic in promiscuous mode using protocol analyzers or tcpdump

3. The autodiscovery in Some NMSs is done by the network management system starting with an arp query to the local router. a. How would you determine the IP address of the local router? b. Determine the local router of your workstation.
(a)The arp query on the local host of NMS would contain the router IP-MAC address. The router could also be discovered by doing traceroute, and identifying the gateway out of the subnetwork. (b) arp -a noc3.btc.gatech.edu (199.77.147.143) at 00:60:97:DD:F4:D4 [ether] on eth0 cicada.btc.gatech.edu (199.77.147.28) at 00:60:4E:00:56:FE [ether] on eth0 main-rtr.gcatt.gatech.edu (199.77.147.1) at 00:60:3E:C0:24:40 [ether] on eth0 noc4.btc.gatech.edu (199.77.147.144) at 00:A0:24:48:86:81 [ether] on eth0 noc6.btc.gatech.edu (199.77.147.183) at * PERM PUP on eth0 The router is 199.77.147.1 (the last decimal also gives it as router due to convention). traceroute netman.cc.gatech.edu traceroute to netman.cc.gatech.edu (130.207.8.31), 30 hops max, 40 byte packets 1 main-rtr.gcatt.gatech.edu (199.77.147.1) 1.244 ms 1.463 ms 1.057 ms

57 | P a g e

2 130.207.251.2 (130.207.251.2) 2.487 ms 1.836 ms 1.623 ms 3 netman.cc.gatech.edu (130.207.8.31) 2.346 ms * 1.982 ms Same router 199.77.147.1 is identified as in the arp command.

4. You are responsible for designing the auto discovery module of an NMS. Outline the procedure and the software tools that you would use.
There are many alternative approaches to this problem, one of which is given here. 1. Execute broadcast ping or hosts to discover the hosts in the local subnet. 2. Execute arp to discover the router. 3. Execute route to discover the addresses in the routing table. 4. Identify the new hosts and routers and keep increasing the scope one additional hop at a time.

5. Redraw Figures 13.4 and 13.5 for WAN, based on IP address.

58 | P a g e

6. You are the manager of a NOC. Set up a procedure that would help your operators track the failure of a workstation that is on a virtual LAN.
Make sure that the location field is filled in the MIB System group has location filled. It is a good practice. When there is a failure, immediately identify the arp table in the switched hub which will identify the address to port that would contain the port of the failed host. If the trouble is tracked after sometime, you can use Interfaces MIB on the hubs to trace the failed port.

7. What MIB object would you monitor for measuring the collision rate on an Ethernet LAN?
Use Ethernet-like Interface MIB, RFC 1398. The MIB object is dot3CollFrequencies, which is described as: "A count of individual MAC frames for which the transmission (successful or otherwise) on a particular interface is accompanied by a particular number of media collisions.

8. Ethernet performance degrades when the collision ratio reaches 30 to 40 percent. Explain. How you would use the 802.3 MIB IRFC 1398) to measure the collision ratio of an Ethernet LAN. The collision ratio of the LAN is the total number of collisions divided lay the number of packets offered to the LAN, measured on the Ethernet interface
Total number of collisions, C, can be calculated form dot3collTable in which the number of frames which had 1, 2 ..,16 collisions. Each row contains the histograms of number of frames with collisions 1 to 16. Frames with 16 collisions are discarded due to excessive collisions. Number of frames offered to the LAN, T, is ifOutUcastPkts, (in Interfaces MIB) which is the number of packets to the Ethernet layer by higher layer. Collision rate is C/T.

9. Repeat Exercise 7, using an icon MIB


The etherStatsCollisions in the Ethernet Statistics group gives the best estimate on the total number of collisions on the Ethernet segment. Use this for C defined in Exercise 8.

10 a. The trap alarm thresholds are set at two levels-rising and falling. Explain the reasoning behind these Settings. b. Define all the RMON parameters to be set for generating and resetting alarms when the collision rate on an Ethernet LAN exceeds 120,000 collisions per second and falls below 100,000 collisions per second. Use eventIndex values of 1 and 2 for event generation for the rising and falling thresholds.

59 | P a g e

(a) The reason for having a high and low threshold is to provide a hysteresis in generating the alarm. Thus, if the alarm is generated while crossing the high end in the upward direction, it will not be generated until it crosses the lower threshold at least once before crossing upper threshold again. For sustained alarm, the alarm could be turned on while crossing the high threshold in the upward direction and off when crossing the low threshold in the downward direction. (b)For the particular interface, define the values in the RMON Alarm table alarmInterval = 1 alarmVariable = etherStatsCollisions alarmSampleType = 2 alarmStartupAlarm = 3 alarmRisingThreshold = 120000 alarmFallingThreshold = 100000 alarmRisingEventIndex = 1 alarmFallingEventIndex = 2

60 | P a g e