NPNS

LAN / WAN (6 Marks)

Difference between LAN and WAN based on the following points - Topology, Interfaces
and Protocol
Introduction to LAN
Router -
Gateways
Introduction to WAN
OSI
Describe the following characteristics of OSI Layers: Information format, Addressing,
Flow control and error checking
OSI Layer
TCP/ IP
Introduction
TCP (6 Marks)
How does the connection establishment and tear down takes place between TCP client
and server nodes? Describe using time line diagram
What is the significance of ISN?
Link Layer (6 Marks)
What is Link Layer
Ethernet & 802.3
SLIP
PPP
IP Layer (7 Marks)
Internet Protocol
Internet Protocols Introduction
IP - General
What are the functions performed at IP Layer (5 marks)
Assume an Ethernet and a UDP datagram with 2000 bytes of user data. How many
fragments are transmitted and what is the offset and length of each fragment? (5 marks)
For example, consider an IP message 12,000 bytes wide (including the 20 byte IP
header) that needs to be sent over a link with MTU 3,300 bytes.
What is MTU
References
IPv4 Address
IP Packet structure
References:
ICMP
ARP / RARP
Converting IP Address to MAC Address using ARP
ARP
RARP
 Differentiate between RARP and BOOTP
IPv6:
IPv6: IPv4 Conversion OR What are the modifications required to port the IPv4
applications to work on IPv6 network?
IPV4 Tunneling
Dual Stack
Routing
IP Routing
Explain the operation of Routing Information protocol (RIP). State some of the problems
in RIP V1.0
Explain OSPF Protocol of the Internet
Routing Table
SNMP
What is SNMP
How does the SNMP agent represent the data variable? How does a router inform to a
manager about the failure of a link? Show the messages exchanged between them.
Firewall
What is firewall, explain two types of firewall
Types of Firewalls
What is IP packet filtering?
How does filtering mechanism work
Malicious Programs
Explain the following malicious program - Trojan Viruses
Trojans
Viruses
Worm
IPSec
Differentiate SSL with SET Protocol
How does the SSL work
What are IPSEC
Encryption
State the two problems in symmetric key encryption? (5 marks)
What are the three requirements for public-key encryption? (5 marks)
Explain the RSA algorithm by giving an example? (6 marks)
Appendix
MAC Address
IPV6
Basics

LAN / WAN (6 Marks)

Difference between LAN and WAN based on the
following points - Topology, Interfaces and Protocol
LAN WAN

Topology Ethernet and Token Ring, FDDI ATM, Frame Relay and X.25

Interface network interface card (NIC), a switch Modem (cable or DSL) and a router

s and a hub

Protocol Ethernet and Token Ring, ARCNET ATM, Frame Relay and X.25,
MPLS

Example Network within an organization Internet

Max 1000 megabits per second 150 megabits per second

Speed

Netw Ethernet standard T1 standard

orking
Standard

Introduction to LAN
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oZjI4MWYyYWQtOTlkYi00MzMxLWJhNGUtMzg3NGZkYjczZmYy&hl=en

1. Three LAN implementations are used most commonly

2. Ethernet/IEEE 802.3,
3. Token Ring/IEEE 802.5, and
4. Fiber Distributed Data Interface (FDDI)

Router -
A node that sends network packets in one of many possible directions to get them to their
destination. It can also take decision in which route the information should take. It operates at
network layer.

Gateways
It is a generic term that refers to an entity used to interconnect two or more networks
that have different rules of communication.
Introduction to WAN
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oMzY5YThmOTAtYmFmMC00NmFlLWJlMTItODVhMGEwNzYzYzU5&hl=en

OSI
Describe the following characteristics of OSI Layers:
Information format, Addressing, Flow control and
error checking

OSI Layer Addressing

Data Link Layer A data link layer address uniquely identifies each physical network
connection of a network device. Data-link addresses sometimes are
referred to as physical or hardware addresses
1. End systems generally have only one physical network
connection and thus have only one data-link address.
2. Routers and other internetworking devices typically have
multiple physical network connections and therefore have multiple data-
link addresses.

Data Link Layer MAC Address:

1. MAC addresses identify network entities in LANs that
implement the IEEE MAC addresses of the data link layer
2. MAC addresses are unique for each LAN interface.
3. MAC addresses are 48 bits in length and are expressed as 12
hexadecimal digits

Network Layer A network layer address identifies an entity at the network layer of the
OSI layers.
1. Network addresses usually exist within a hierarchical address
space and sometimes are called virtual or logical addresses.
2. Routers and other internetworking devices require one network
layer address per physical network connection for each network layer
protocol supported. E.g. for TCP/IP Protocol, the network layer address
is IP
OSI Layer Flow Control & Error Checking

Data Link Layer 1. One common error-checking scheme is the cyclic redundancy
check (CRC), which detects and discards corrupted data.
2. Error-correction functions (such as data retransmission) are left to
higher-layer protocols.
3. Sliding window protocol for Flow control

Transport Layer ● Use a fixed sliding-window protocol

● Use a credit scheme

OSI Layer Information Format

The data and control information that is transmitted

through internetworks takes a variety of forms. The
terms used to refer to these information formats are not
used consistently

Data Link Layer Frames

Cells - used in switched environments,
such as Asynchronous Transfer Mode
(ATM)

Network Layer Packet

Datagram - usually refers to an
information unit whose source and
destination are network layer entities
that use connectionless network
service.

Transport Layer Segment

Application Layer Message

OSI Layer
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oMDFjYTE1NTQtNTdlZi00ODM2LTljMDMtYjYyMGVjYjYwZWMx&hl=en

1. (Open Systems Interconnection) model defined by the International Organization for

Standardization.

2. The OSI reference model is a conceptual model composed of seven layers, each
specifying particular network functions. The model was developed by the International
Organization for Standardization (ISO) in 1984, and it is now considered the primary
architectural model for inter-computer communications.

3. The basic idea of a layered architecture is to divide the design into small pieces. Each
layer adds to the services provided by the lower layers in such a manner that the
highest layer is provided a full set of services to manage communications and run the
applications.

4. The benefits of the layered models are

a. Modularity and clear interfaces, i.e. open architecture and
b. Comparability between the different providers' components.

5. The basic elements of a layered model are services, protocols and interfaces. A
service is a set of actions that a layer offers to another (higher) layer. Protocol is a
set of rules that a layer uses to exchange information with a peer entity. These rules
concern both the contents and the order of the messages used. Between the layers
service interfaces are defined. The messages from one layer to another are sent
through those interfaces.

6. A set of layers and protocols is known as network architecture.

TCP/ IP
Introduction
The TCP/IP communication stack (OSI levels 3 and 4) is at the heart of most modern
industrial communication stacks

Internet protocol suite is the set of communications protocols that implements the protocol
stack on which the Internet and many commercial networks run. It is part of the TCP/
IP protocol suite, which is named after two of the most important protocols in it: the
Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first
two networking protocols defined.

The Internet protocol suite - like many protocol suites - can be viewed as a set of layers
and can be compared to the OSI model. Each layer solves a set of problems involving the
transmission of data, and provides a well-defined service to the upper layer protocols based
on using services from some lower layers. Upper layers are logically closer to the user and
deal with more abstract data, relying on lower layer protocols to translate data into forms that
can eventually be physically transmitted. The original TCP/IP reference model consists (see
Figure 5.1, “The TCP/IP protocol stack”) of 4 layers, but has evolved into a 5-layer model.
Figure 5.1. The TCP/IP protocol stack
TCP (6 Marks)

How does the connection establishment and tear

down takes place between TCP client and server
nodes? Describe using time line diagram
What is the significance of ISN?
The sequence numberidentifies the byte in the stream of data fromthe sending TCP to
the receiving TCP that the first byte of data in this segment represents.
When a new connection is being established, the SYN flag is turned on. The
sequence number field contains the initial sequence number(ISN) chosen by this
host for this connection. The sequence number of the first byte of data sent by
this host will be the ISN plus one because the SYN flag consumes a sequence
number.
The acknowledgment numbercontains the next sequence number that the sender of
the acknowledgment expects to receive.

Link Layer (6 Marks)

What is Link Layer

1. This is one of the TCP/IP layer
2. Send/Receive IP datagrams for IP Module
3. Link Layer Protocols
a. ARP Requests and Replies
 b. RARP Requests and Replies
4. Different link layers –
a. Ethernet,
b. Token ring,
c. FDDI
d. Serial Lines
i. SLIP &
ii. PPP
e. Loopback driver
5. Two standards:
a. Ethernet
b. IEEE 802
6. MTU and path MTU
a. There is a limit on the size of the frame for both Ethernet and 802.3
encapsulations. This limits the number of bytes of data to 1500 and 1492,
respectively. This characteristic of the link layer is called the MTU, its maximum
transmission unit.

b. When two hosts on the same network are communicating with each other, it is the
MTU of the network that is important. But when two hosts are communicating across
multiple networks, each link can have a different MTU. The important numbers are not
the MTUs of the two networks to which the two hosts connect, but rather the smallest
MTU of any data link that packets traverse between the two hosts. This is called the
path MTU.

Ethernet & 802.3

https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oNWE1ZTUwODMtZmI4YS00Njk3LTg3ZmUtMDJhNzI0NTY1Yjcy&hl=en

1. Ethernet was developed by Xerox Corporation’s Palo Alto Research Center (PARC) in
the 1970s.

2. Ethernet was the technological basis for the IEEE 802.3 specification, which was
initially released in 1980.

3.Shortly thereafter, Digital Equipment Corporation, Intel Corporation, and

XeroxCorporation jointly developed and released an Ethernet specification (Version
2.0) that is substantially compatible with IEEE 802.3.
4. Ethernet/IEEE 802.3 Similarity
a. Both are CSMA/CD LANs. Stations on a CSMA/CD (Carrier Sense Multiple
Access / Collision Detection) LAN can access the network at any time.
b. Both Ethernet and IEEE 802.3 LANs are broadcast networks.
c. Ethernet and IEEE 802.3 are implemented in hardware.
d. Both of these protocols specify a bus topology

5. Differences between Ethernet and IEEE 802.3 LANs are subtle.

a. Ethernet provides services corresponding to Layers 1 and 2 of the OSI
reference model, while IEEE 802.3 specifies the physical layer (Layer 1) and
the channel-access portion of the link layer (Layer 2), but does not define a
logical link control protocol.

b. IEEE 802.3 specifies several different physical layers, whereas Ethernet defines
only one.

c. Ethernet is most similar to IEEE 802.3 10Base5.

d. In the case of Ethernet, the upper-layer protocol is identified in the type field.
In the case of IEEE 802.3, the upper-layer protocol must be defined within the
data portion of the frame, if at all.

e. Note:- In IEEE 802.3 frames, the 2-byte field following the source address is a
length field, which indicatescthe number of bytes of data that follow this field
and precede the frame check sequence (FCS) field.
SLIP
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oY2RiZWQ2NGYtZjdhNC00YTg5LTk4MzEtMjRjMWQ0M2E3NjFi&hl=en

1. The Serial Line Internet Protocol (SLIP) is a mostly obsolete encapsulation of the
Internet Protocol designed to work over serial ports and modem connections.

2. It is documented in RFC 1055.

3. SLIP modifies a standard Internet datagram by appending a special SLIP END

 character to it, which allows datagrams to be distinguished as separate.

4. SLIP has been largely replaced by the Point-to-Point Protocol (PPP), which is better
engineered, has more features and does not require its IP address configuration to be
set before it is established.

PPP
1. The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for
transporting IP traffic over point-to-point links.

2. RFC 1548 and RFC 1332

3. PPP provides a method for transmitting datagrams over serial point-to-point links,
which include the following three components:
a. A method for encapsulating datagrams over serial links
b. An extensible LCP to establish, configure, and test the connection
c. A family of NCPs for establishing and configuring different network layer
protocols
4. Six fields make up the PPP frame.

5. The PPP LCP provides a method of establishing, configuring, maintaining, and

terminating the point-to-point connection

IP Layer (7 Marks)

Internet Protocol
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oMzRjMjJjODEtYjk0NS00ZTJkLTk2MTAtYjAxOTY3MzU1MmU3&hl=en

Internet Protocols Introduction

The Internet protocols are the world’s most popular open-system (nonproprietary) protocol
suite because they can be used to communicate across any set of interconnected networks
and are equally well suited for LAN and WAN communications.

The Internet protocols consist of a suite of communication protocols, of which the two
best known are the Transmission-Control Protocol (TCP) and the Internet Protocol
(IP).

Internet protocols span the complete range of OSI model layers

IP - General

● The purpose of IP is to provide unique global computer addressing

to ensure that two computers communicating over the Internet can
uniquely identify one another.

● The current and most popular network layer protocol in use today is
IPv4;

● IPv4 RFC-791

● IPv4 is a data-oriented protocol to be used on a packet switched

internetwork. It is a best effort protocol in that it doesn't guarantee
delivery.
○ It doesn't make any guarantees on the correctness of the data;
it may result in duplicated packets and/or packets out-of-order.
These aspects are addressed by an upper layer protocol (e.g.,
TCP, and partly by UDP).

● All TCP, UDP, ICMP data transmitted as IP datagrams.

● Provides unreliable, connectionless datagram delivery service.

● Hosts and routers have a routing table used for all routing decisions.

● Three types of routes:

○ Host specific,
○ network specific and
○ default routes

What are the functions performed at IP Layer (5

marks)
The internet protocol implements two basic functions:

● Addressing and

§ The internet modules use the addresses carried in the internet header
to transmit internet datagrams toward their destinations. The selection of a
path for transmission is called routing.

● Fragmentation

§ Fragmentation of an internet datagram is necessary when it originates

in a local net that allows a large packet size and must traverse a local net
that limits packets to a smaller size to reach its destination. The internet
fragmentation and reassembly procedure needs to be able to break a
datagram into an almost arbitrary number of pieces that can be later
reassembled.

§ The internet modules use fields in the internet header to fragment

and reassemble internet datagram when necessary for transmission
through "small packet" networks..

Assume an Ethernet and a UDP datagram with

2000 bytes of user data. How many fragments are
transmitted and what is the offset and length of each
fragment? (5 marks)

Data @ IP layer: = Given user data: 2000 bytes + UDP header length: 8 bytes = 2008 bytes
IP header - 20 byte

Max Ethernet frame data size (MTU): 1500 bytes

So, we have an IP message 2028 bytes (including the 20 bytes of IP header) that needs to be sent
over a link with MTU 1,500 bytes
MF Offset Data

0 0 2,008 bytes

First Fragmentation 1500 MTU

MF Offset Data

0 0 1480 bytes

Fragment 1; Data bytes 0-1479

MF Offset Data

0 185 528 bytes

Fragment 2; Data bytes 1480-2,007

For example, consider an IP message 12,000 bytes wide

(including the 20 byte IP header) that needs to be sent over a
link with MTU 3,300 bytes.

MF Offset Data

0 0 11,980 bytes

First Fragmentation 3300 MTU

MF Offset Data

1 0 3,280 bytes

Fragment 1; Data bytes 0-3,279

MF Offset Data

1 410 3,280 bytes

Fragment 2; Data bytes 3280-6,559

MF Offset Data

1 820 3,280 bytes

Fragment 3; Data bytes 6,560-9,839

MF Offset Data

1 1,230 2,140 bytes

Fragment 4; Data bytes 9,840-11,979

Reference:
http://www.tcpipguide.com/free/t_IPMessageFragmentationProcess-2.htm

http://www.tcpipguide.com/free/t_IPMessageFragmentationProcess-3.htm
What is MTU
Each device on an IP internetwork, must know the capacity of its immediate data link layer
connection to other devices. This capacity is called the maximum transmission unit (MTU) of the
network.

If an IP layer receives a message to be sent across the internetwork, it looks at the size of
the message and then computes how large the IP datagram would be after the addition of the
20 or more bytes needed for the IP header. If the total length is greater than the MTU of the
underlying network, the IP layer will fragment the message into multiple IP fragments. So, if a
host is connected using an Ethernet LAN to its local network, it may use an MTU of 1,500 for
IP datagrams, and will fragment anything larger. Figure 88 shows an example of differing MTUs
and fragmentation.

References
http://www.tcpipguide.com/free/t_IPDatagramSizetheMaximumTransmissionUnitMTUandFrag-
2.htm

IPv4 Address

Every interface on an internet must have a unique Internet Address, (called

IP address). These addresses are 32-bit numbers.
IP Packet structure
An IP packet consists of two sections:

o Header- The header consists of 13 fields, of which only 12 are

required. The 13th field is optional

o Data
References:
· http://www.consultants-online.co.za/pub/itap_101/html/ch05s03.html#tcp_ip.sec_3.2

ICMP
1. Internet Control Message Protocol (ICMP) is a network-layer Internet protocol

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet
protocol suite. It is chiefly used by networked computers' operating systems to send error
messages - indicating, for instance, that a requested service is not available or that
2. a horeachedst or router could not be
3. Acted on by IP or higher layer TCP, UDP

4. ICMP Messages - ICMPs generate several kinds of useful messages, including

a. Destination Unreachable
i. When an ICMP destination-unreachable message is sent by a router,
it means that the router is unable to send the package to its final
destination. The router then discards the original packet.

ii. Destination-unreachable messages include four basic types: network

 unreachable, host unreachable, protocol unreachable, and port
unreachable

b. Echo Request and Reply

i. An ICMP echo-request message, which is generated by the ping
command, is sent by any host to test node reach-ability across an
internetwork. The ICMP echo-reply message indicates that the node can
be successfully reached.

c. Redirect
i. An ICMP Redirect message is sent by the router to the source host to
stimulate more efficient routing.

ii. ICMP redirects allow host routing tables to remain small

d. Time Exceeded
i. An ICMP Time-exceeded message is sent by the router if an IP packet’s
Time-to-Live field (expressed in hops or seconds) reaches zero

e. Router Advertisement and Router Solicitation

i. ICMP Router-Discovery Protocol (IDRP) IDRP uses Router-
Advertisement and Router-Solicitation messages to discover the
addresses of routers on directly attached subnets.

ii. Each router periodically multicasts Router-Advertisement messages

from each of its interfaces. Hosts then discover addresses of routers on
directly attached subnets by listening for these messages. Hosts can
use Router-Solicitation messages to request immediate advertisements
rather than waiting for unsolicited messages.

f. Address Mask Request/ Address Mask Reply

i. The ICMP address mask request is intended for a diskless system
to obtain its subnet mask at bootstrap time. The requesting system
broadcasts its ICMP request.

g. Timestamp / Timestamp Reply

i. The ICMP timestamp request allows a system to query another for the
current time. The recommended value to be returned is the number of
milliseconds since midnight, Coordinated Universal Time (UTC).

5. If an ICMP message cannot be delivered, no second one is generated. This is to avoid

an endless flood of ICMP messages.

6. ICMP is documented in RFC 792.

7. The version of ICMP for Internet Protocol version 4 is also known as ICMPv4, as it is
part of IPv4

8. ICMP differs in purpose from TCP and UDP in that it is usually not used directly by user
network applications. One exception is the ping tool, which sends ICMP Echo Request
messages

9. Many commonly-used network utilities are based on ICMP messages.

a. The traceroute command - The traceroute command is implemented by

transmitting UDP datagrams with specially set IP TTL header fields, and
looking for ICMP Time to live exceeded in transit (above) and "Destination
unreachable" messages generated in response.

b. The related ping utility is implemented using the ICMP "Echo request"
and "Echo reply" messages.

10. ICMP messages encapsulated within an IP datagram

ARP / RARP
Converting IP Address to MAC Address using ARP

ARP
1. Address Resolution Protocol (ARP) is a link-layer Internet protocol
2. (rfc 826)

3. Provides mapping between 32 bit IP address and 48 bit MAC address

4. An ARP cache is maintained on each host. ARP cache is maintained to store recent
mappings. Normal expiration time is 20 min

5. We can examine the ARP cache with the arp command. The -a option displays all
entries in the cache: % arp-a

6. For two machines on a given network to communicate, they must know the other
machine’s physical (or MAC) addresses. By broadcasting Address Resolution
Protocols (ARPs), a host can dynamically discover the MAC-layer address
corresponding to a particular IP network-layer address. After receiving a MAC-
layer address, IP devices create an ARP cache to store the recently acquired IP-to-
MAC address mapping, thus avoiding having to broadcast ARPS when they want to
recontact a device. If the device does not respond within a specified time frame, the
cache entry is flushed.

7. Proxy ARP - Proxy ARP lets a router answer ARP requests on one of its networks for a host on
another of its networks. This fools the sender of the ARPrequest into thinking that the router
is the destination host, when in fact the destination host is "on the other side" of the router.
The routeris acting as a proxy agent for the destination host, relaying packets to it from other
hosts.
RARP
1. Link Layer Protocol

2. In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-
layer addresses to IP addresses. RARP, which is the logical inverse of ARP, might be
used by diskless workstations that do not know their IP addresses when they boot.
RARP relies on the presence of a RARP server with table entries of MAC-layer-to-IP
address mappings.

3. RFC 903

4. RARP is used to obtain IP address when bootstrapping

5. Packet format same as ARP

6. RARP req. is broadcast asking for sender’s IP address, MAC address provided.

7. Reply is normally unicast. It is optional in TCP/IP implementation

Differentiate between RARP and BOOTP

RARP (Reverse ARP) BOOTP (BOOTstrap Protocol)

It translates a MAC (Medium Access BOOTP was created at a later time to

Control) address, which is the address
hard-wired into network interface
cards, into the IP address that has been
assigned to the system with the MAC
address.
enhance what RARP provides. BOOTP
obtains an IP address, a gateway
address, and a name server address
from the server running the BOOTP
protocol.

The primary limitations of RARP are that RARP is now obsoleted by BOOTP and
each MAC must be manually configured the more modern DHCP, which both
on a central server, and that the protocol support a much greater feature set than
only conveys an IP address and this RARP.
leaves configuration of subnetting,
gateways, and other information to other
protocols or the user
IPv6:
IPv6: IPv4 Conversion OR What are the modifications
required to port the IPv4 applications to work on IPv6
network?
Why and where we need the change
● Numerical addresses – IPv4, 32 bit address / IPv6, 128 bit address
● Typical IPv4 & IPv6 code sequence from server side and client side is exactly same
● The size of the IP address is visible to an application through the socket interface
● Changes required to:
○ Parts of the API that exposes the size of the IP address (new data structures
required)
○ Parts of the application that manipulates the IP address
IPV4 Tunneling
Two IPv6 nodes are separated by an IPv4 network.

By using dual-stack routers, a tunnel is dug by encapsulating an IP packet within

the payload of another packet.

The dual-stack router on one end of the communication takes IPv6 packets from
the sender, encapsulates them within IPv4 packets, then forwards the packets
across the IPv4 packets, extracts the IPv6 packets inside and forwards the IPv6
packets to their proper destination.

Dual Stack
Node has both IPv4 and IPv6 stacks and addresses
• DNS resolver
– Returns IPv6, IPv4 or both to application
• IPv6 application can use IPv4 mapped addresses to communicate with IPv4
nodes

Routing
IP Routing
IP routing is simple, especially for a host. If the destination is directly connected
to the host or on a shared network, then the IP datagram is sent directly to the
destination. Otherwise the host sends the datagram to a default router, and lets
the router deliver the datagram to its destination. This simple scheme handles most
host configurations.
IP performs following steps when it searches its routing table.
● Search for a matching host address.
● Search for a matching network address.
● Search for a default entry.
IP performs the routing mechanism while a routing daemon normally provides the routing policy.
● Routing mechanism (Done by IP)-
● Searching the routing table and decide which interface to send a packet out.
● Routing policy (provided by routing daemon) - A set of rules that decides which routes go into the routing table
● IP performs following steps when it searches its routing table.
● Search for a matching host address.
● The information contained in the routing table drives all the routing decisions made by IP.
● Initialize at boot time
● Simple route table: Flags-U, G, H, D, M
● Search for a matching network address.
● Search for a default entry.
● ICMP redirect error for route table update

Explain the operation of Routing Information protocol

(RIP). State some of the problems in RIP V1.0
Background
Routing protocols implement routing algorithms.
· Interior Gateway Routing Protocol (IGRP): OSPF, RIP.
· Exterior Gateway Protocol (EGP): BGP

Routing Information Protocol (RIP 1.0)

Routing protocols implement routing algorithms. RIP is a distance-vector protocol.
The term distance-vector means the messages sent by RIP contain a vector of
distances (hop counts).Each router updates its routing table based on the vector
of these distances that it receives from its neighbors.

● The RIP messages are carried in IP datagram.

● The specification for RIP is RFC 1058.
● Format of RIP Message

● A command of 1 is a request, and 2 is a reply. A request asks the other

system to send all or part of its routing table. A reply contains all or part of
the sender's routing table.
● The version is normally 1.
● The address family (which is always 2 for IP addresses), an IP address, and
an associated metric.

Normal Operation
Initialization - When the daemon starts it determines all the interfaces that are
up and sends a request packet out each interface, asking for the other router's
complete routing table. On a point-to-point link this request is sent to the other
end. The request is broadcast if the network supports it. The destination UDP port
is 520

Request received - The entire routing table is sent to the requestor.

Response received - The response is validated and may update the routing table.
New entries can be added, existing entries can be modified, or existing entries can
be deleted.
Regular routing updates - Every 30 seconds, all or part of the router's entire routing
table is sent to every neighbor router.

•Triggered updates. These occur whenever the metric for a route changes. The
entire routing table need not be sent -only those entries that have changed must
be transmitted.

RIP1.0 problems
● RIP has no knowledge of subnet addressing.
● RIP takes a long time to stabilize after the failure of a router or a link.
● The use of the hop count as the routing metric omits other variables that
should be taken into consideration.
● A maximum of 15 for the metric limits the sizes of networks on which RIP
can be used.

RIP 2 solves the problem

● Allows more information to be included in RIP Packets.
● The subnet mask for each entry applies to the corresponding IP address
● The route tag exists to support exterior gateway protocol
● A simple authentication scheme is provided
● Supports multicasting in addition to broadcasting

Explain OSPF Protocol of the Internet

Open Shortest Path First (OSPF)

· OSPF is a newer alternative to RIP as an interior gateway protocol.
· OSPF is a link-state routing protocol that calls for the sending of link-state
advertisements (LSAs) to all other routers within the same hierarchical area.

· Each router actively tests the status of its link to each of its neighbors, sends
this information to its other neighbors, which then propagate it throughout the
autonomous system. Each router takes this link-state information and builds a
complete routing table.

· All OSPF packets begin with a 24-byte header

OSPF Features

· A link-state protocol will always converge faster than a distance-vector

protocol.
· OSPF has its own value for the protocol field in the IP header.
· Supports Subnet
· Uses multicasting instead of broadcasting to reduce the load
· A simple authentication scheme can be used
· Load balancing is done

Routing Table
Each entry in the routing table contains the following information:

1. Destination IP address
2. IP address of a next-hop router
3. Flags
4. Specification of which network interface the datagram should be passed to for
transmission.

Flags
1. U The route is up.
2. G The route is to a gateway (router).
3. H The route is to a host
4. D The route was created by a redirect.
5. M The route was modified by a redirect.
Initializing a Routing Table
5. Execute the route command
6. Run a routing daemon
7. Use the newer router discovery protocol
SNMP
What is SNMP
SNMP is a standard for managing Internet Protocol (IP) devices (e.g. routers,
switches)

Manager - network management stations

MIB - (Management Information Base) - specifies what variables are maintained.
SMI- (Structure of Management Information) – a set of common structures &
idnetification

How does the SNMP agent represent the data

variable? How does a router inform to a manager
about the failure of a link? Show the messages
exchanged between them.
Each device (node) maintains one or more variables that describe its state. In the
SNMP literature, these variables are called objects. The collection of all possible
objects in a network is given in a data structure called the MIB (Management
Information Base).

MIB is a set of named items that an SNMP agent understands. To monitor or

control a remote computer, a manager must fetch or store values to MIB variables
(objects).
Firewall
What is firewall, explain two types of firewall

A firewall is a secure and trusted machine that sits between a private network and
a public network. The firewall machine is configured with a set of rules that
determine which network traffic will be allowed to pass and which will be blocked
or refused.
Types of Firewalls

A stateless firewall is one which does not keep any state information between
packets. Each packet is examined and handled based only on the information
contained within that packet.

A stateful firewall keeps track of "sessions" between packets.

· "statefulpacket inspection"
· "protocol inspection“

In the case of FTP, a stateful firewall would monitor the control channel, and look
for the PASV or PORT commands used to open the TCP connection for the data
channel. It would then allow that TCP connection through as well.

A stateful firewall is therefore more secure than a stateless firewall

What is IP packet filtering?

IP filtering is simply a mechanism that decides which type of IP datagrams will be
processed normally and which will be discarded.

Criteria to determine which data grams you wish to filter.

· Protocol type: TCP, UDP, ICMP etc.
· Socket Number (for TCP/UDP)
· Datagram Type: SYN/ACK, data, ICMP Echo
· Datagram source and destination Address

IP filtering is a network layer facility

How does filtering mechanism work

1. The IP datagram is received (1)

a. The incoming IP datagram is examined to determine if it is destined for a

process on this machine.

2. If the datagram is for this machine, it is processed locally. (2)

3. If it is not destined for this machine, a search is made of the routing table for
an appropriate route and the datagram is forwarded to the appropriate interface or
dropped if no more can be found. (3)
4. Datagrams from local processes are sent to the routing software for forwarding
to the appropriate interface. (4)

a. The outgoing IP datagram is examined to determine if there is a valid route for

it to take, if not, it is dropped.

The IP datagram is transmitted. (5)

Malicious Programs
Explain the following malicious program - Trojan
Viruses

The software threats or malicious programs can be divided into two categories
· That need a host program
· That are independent
Trojans
A Trojan horse is an unauthorized program contained within a legitimate program. A
Trojan horse is a static entity: malicious code nested within an otherwise harmless
program.
Trojans cannot travel from machine to machine unless the file that contains the

Trojan also travels with it. Trojans are created strictly by programmers. The
majority of Trojans are nested within compiled binaries.

Trojans represent a very high level of risk, mainly for reasons stated:

· Difficult to detect.

· In most cases, Trojans are found in binaries, which remain largely in non-
human-readable form.

· Can affect many machines.

Viruses
A computer virus is a program, sometimes (but not necessarily) destructive, that
is designed to travel from machine to machine, "infecting" each one along the way.
This infection usually involves the virus attaching itself to other files.

Anti-virus approaches
· Do not allow
· Detection
· Identification
· Removal

Worm
A worm actively seeks out more machines to infect and each machine that is
infected serves as a launching pad for attacks on other machines.

A worm does not perform any destructive actions, and instead, only consumes system
resources to bring it down.

Network programs use network connections to spread from system to system. To

replicate itself, a network worm uses:

· Electronic mail facility

· Remote execution capability

· Remote login capability

IPSec
Differentiate SSL with SET Protocol

The SET (Secure Electronic Transaction) protocol is an open encryption and security
specification designed for protecting credit card transactions on the Internet.

SET services can be summarized as follows:

1. Provides a secure communication channel

2. Provides authentication by use of digital certificates.
3. Ensures confidentiality

SET Vs SSL
SSL and SET are both used for facilitating secure exchange of information, their
purposes are quite different.

· SSL is primarily used for secure exchange of information of any kind

between only two parties (a client and a server)

· SET is specifically designed for conducting e-commerce transactions. SET

involves a third party as a payment gateway, which is responsible for issues such
as credit card authorization, payment to the merchant etc.

How does the SSL work

It is an Internet protocol for secure exchange of information between a Web browser

and a Web server.
Provides two basic security services:
· authentication
· confidentiality

SSL can be conceptually considered as an additional layer in the TCP/IP protocol

.
stack. The SSL layer is located between the application layer and the transport layer

How SSL Work

SSL has three sub-protocols,
· Handshake protocol
· Record protocol
· Alert protocol
Handshake protocol
Consists of a series of messages between the client and the server
The handshake protocol is made up of four phases. These phases are:

1. Establish Security capabilities

2. Server authentication and key exchange

3. Client authentication and key exchange

4. Finish

Record protocol
It takes an application message as input. First it fragments it into smaller blocks,
optionally compresses each block, adds MAC, encrypts it, adds a header and gives
it to the transport layer. This protocol provides two services to an SSL connection
as follows:

Confidentiality: This is achieved by using the secret key that is defined by the
handshake protocol.

Integrity: The handshake protocol defines a shared secret key (MAC) that is used
for assuring the message integrity.

Alert protocol
When either the client or the server detects an error, the decrypting party sends
an alert message to the other party. Action taken
· Immediately close the SSL connection.
· Destroy the session identifiers, secrets and keys associated with this
connection before it is terminated.
· Each alert message consists of two bytes.
o 1st byte - The type of error.
o 2nd byte - The actual error.

What are IPSEC

IPSec is a set of IP extensions developed by IETF( Internet Engineering Task

Force) to provide cryptographic security services compatible with the existing IP
standard (IP v.4).

· IPSec can protect any protocol that runs on top of IP, for instance TCP, UDP,
and ICMP.

· IPsec provides security services at the IP layer by enabling a system

o To select required security protocols,
o Determine the algorithm(s) to use for the service(s),
o Put in place any cryptographic keys required to provide the requested
services.

Goals

1. Privacy to ensure data confidentiality

2. Integrity to guarantee that data has not been tampered with.
3. Authenticity to protect against identity spoofing.
4. Robustness to prevent replay attacks.

Architecture
1. Security Protocols --Authentication Header (AH) and Encapsulating Security
Payload (ESP)
2. Security Associations --what they are and how they work, how they are
managed, associated processing
3. Key Management --manual and automatic (The Internet KeyExchange (IKE))
4. Algorithms for authentication and encryption

Encryption
State the two problems in symmetric key encryption?
(5 marks)

What are the three requirements for public-key

encryption? (5 marks)

Explain the RSA algorithm by giving an example? (6

marks)

Appendix
MAC Address

OSI Services

Layer 1 Hardware used to create the network and transmit

Physical Layer data - twisted pair, coax, fiber optic cables, hubs,
 repeaters, etc.
Layer 2 Divided into 2 sub-layers: Media Access Control
Data Link (MAC) and Logical Link Control (LLC) layers
Layer Physical Addressing - MAC addresses
hardware used: bridges and switches
Layer 3 Switching and Routing, IP addresses
Network Layer uses layer 3 switches, routers
Layer 4 End to end connections and reliability, TCP
Transport Layer protocol
Layer 5 Manages connections between applications -
Session Layer controlling TCP/IP sessions
Layer 6 Transforms data into a form acceptable by layer
Presentation 7; in reverse transforms data so it is acceptable to
Layer lower levels
MIME encoding, encryption, etc.
Layer 7 Applications and end-user processes
Application Email, Telnet, Web Apps, etc.
Layer

IPV6
Basics

Features (IPv6)
· RRFC 2460
· Increase of address size from 32 bits to 128 bits
· Simplified Header
· Improved Support for Extensions and Options
· Flows
· Authentication and privacy

Example
IPv6 represented by 16bit hex separated by colon. For example FF02:0:0:0:0:1:200E:8C6C
 Traffic Class
Ver (4 Bit) (8 Bit) Flow Level (20 Bit)

Next Header
Payload length (16 Bit) (8 Bit) Hop Limit (8 Bit)

Source Address
(128 Bit)

Destination Address
(128 Bit)

RFC2732 states that IPv6 addresses in URIs should be delimited by square brackets [ ].–
http://[3ffe:0b00::1]/index.html