ICS 451 Midterm 2

what is a header?

supplemental data at the neginning of a packet to ensure it reaches the right destination

what is a TCP header?

a 20-60 byte control block preceding data is a TCP packet

what are the key TCP header fields?

source/destination port

sequence number

ack number

checksum

length

control flags

TCP 3-way handshake

SYN: the client sends a SYN to the server.

SYN-ACK: the server receives the SYN from the client, and sends back an ACK.

ACK: The client sends an ACK packet back to the server, and the connection is established

checksum

a numerical value calculated to detect errors: a header field

what is the purpose of the HTTP header?

HTTP headers let the client and server pass information with a message in a reauest or response.

HTTP request header

contains information about the resource to be fetched, or about the clint requesting the resource

HTTP response header

holds additional information about the response, like its location, or about the server providing it.

Accept request header

specifies the media type acceptable for response

User-Agent request header

provides information about the client software

Cache-Control response header

dictates how and for how long browsers and CDNs store a resource

IP header fields

TTL

version

source and destination address

protocol

IP Header Length

TTL in IP header

the number of hops a packet can go through in a network

What is the purpose of TTL in IP headers?

To prevent infinite circulation of packets in a network

What is the difference between TTL in IP and HTTP?

IP uses TTL to track the number of hops- it has nothing to do with cache.

What is the function of IP headers

routing

IPv4

uses 32 bit addresses

varying header sizes

utilizes checksum

IPv6

fixed header size

no checksum 128-bit

why is IPv6 better than IPv4?

it has much more address space, thus eliminating the need for Network Address Translation

it enables direct end-end connectivity.

it offers faster, more efficient routing

how does a network work?

any time a device sends a message, every host in the network sees it. it transmits packets between devices through routers and switches

what is a CIDR block?

a method for allocating IP addresses: represented by an IP address followed by a slash and prefix number

how do routers send data?

the router takes the message, and sends out to the next network until it gets to the right location.

hops

the number of routers that are gone through to get to the destination

network address

the very first IP in CIDR notation, AKA the lowest number

all 0s on the host side

broadcast address

the very last IP in CIDR notation, AKA the highest number

all 1s on the host side

how WERE IPs specified to different machines?

static Ips: every machine on network has an IP

how are IPs specified to different machines currently?

dynamic IPs: Dynamic Host Configuration Protocol

DHCP

Dynamic Host Configuration Protocol

automatically assigns IP addresses and config details to devices

DHCP server

server that assigns a computer an IP when it connects to a network

what are the steps of DHCP?

Discover

Offer

Request

Acknowledge

Discover step of DHCP

client broadcasts a DHCPDISCOVER message to locate available DHCP servers on the local network

Offer step of DHCP

DHCP servers receive the request and respong with a DHCPOFFER message, proposing an IP address, subnet mask, etc.

Request step of DHCP

client selects one offer and broadcasts a DHCPREQUEST message, indicating acceptance of the offer, notifying other servers to reclaim their unused offers

Acknowledge step of DHCP

the selected server sends a DHCPACK message to finalize, confirming the IP address is assigned to that specific client

where is the DHCP server located?

router

routing table

a database in routers and devices that stores paths to network destinations, enabling efficient data forwarding

what algrithms are used to set up the routing table?

Open Shortest Path First

Border Gateway Protocol

Border Gateway Protocol

Primary routing protocol: relies on each next edge: “can you take the packet there?” Looks at path to minimize hops

RTT

the time TCP was sent to the time where the ACK for the same packet is received

flow control

prevents receiver overload

done on the receiver side

congestion control

prevents network overload

done on the network side

congestion control algorithms

slow start

congestion avoidance

fast retransmit

pipelining

sending multiple packets before waiting to receive an ACK

why does RTT matter?

it affects time delay, TCP performance, throughput

timeout interval length

the amount of time a system waits for a response before ending an operation

pros vs cons of small timeout interval

faster interactions, but may cause extra resends and waste bandwidth

slow start congestion control

start with a small congestion window, and double exponentially each RTT until threshold

congestion avoidance

above threshold, grows by 1mss per RTT linearly

what is the purpose of pipelining?

to maximize throughput, making the best use of the space

Go Back N pipelining

sender sends up to N unacked packets

receiver accepts in order

if packet is lost: receiver discards everything after, and sender retransmits starting from the lost packet.

what are the pros and cons of GBN pipelining?

it is simple and uses cumulative ACKS, but wastes bandwidth.

Selective Repeat pipelining

receiver accepts out of order packets, and only missing packets are resent.

what are the pros and cons of selective repeat?

it is efficient and uses individual ACKS, but is complex and needs buffering.

what is the difference between flow and congestion control?

flow control ensures the sender sends enough data for the receiver to accomadate. congestion control ensures that the sender reduces the amount of sent packets to avoid overflow.

network layer forwarding

the moving of packets from a sending host to a receiving host

is network layer forwarding done in hardware or software?

hardware

contents of a router

input port

output port

encryption

the hiding/changing of information

plaintext vs ciphertext

real info vs altered

symmetric key

using the same secret key for both encryption and decryption

why are symmetric keys preferred over asymmetric?

they are faster and require less operations. the faster you can encrypt, the faster you can see. asymmetric works only one way

what is the purpose of certificates?

to confirm a requested site is who it says it is

certificates

bytes that ensure you are an actual site, that include information about the site, including the private key

DNS architecture

root server

TLD server

Auth server

DNS host file

checked before DNS query

what is inside a certificate?

public key

domain name

certificate Authority (CA)

signature

SSL

secure sockets layer: a protocol that encrypts data, providing privacy, authentication, and integrity to internet comms between server and browser

how does SSL work?

establishes a secure channel by authenticating the server, then encrypting data exchanged.

begins with a handshake to open a connection

exchange certificates and validate them

exchange keys

digitally signs data to prove data integrity

SSL certificate

a digital document that verifies the indentity of a client and server, enables encrypted communication

types of SSL certificates

single domain

wild card

multi domain

what are SSL certificates commonly used for?

protecting login credentials

securing transactions

securing transfers

What do Certificate Authorities do?

responsible for issuing SSL certificates to verify identities of websites, devices, or individuals

How are SSL certificates linked back to CAs?

the chain of trust makes it traceable back to the trust root it was signed off of

Root certificate

a digital certificate belonging to the issuing CA

intermediate certificate

branches off root certificates and acts as a middle man between protected root certificates and public server certificates

server certificate

issued to the specific domain a user is requesting

how doe the chain of trust work?

The Chain of Trust starts with the installation of the SSL certificate. You are sent an intermediate root certificate, and when a browser downloads your website's certificate, it chains it back to the root. Following the chain to the intermediate, it traces back until it reaches a trusted root certificate. If valid, it will be trusted. If not, the browser issues a warning.

Server Name Indication

a TLS extension that allows a server to host multiple SSL certificates on a single IP address and port

what does Server Name Indication allow a client device to do?

to specify the domain name it is trying to reach in the first step of handshake: many web servers host multiple domain names in addition to IPs, so SNI solves problem of server not knowing which SSL certificate to show.

A connection has a high RTT. What happens to performance?

Slower communication, longer waiting for ACKS, and lower throughput (unless pipelining is used).

Why are both congestion control and flow control needed?

Flow control protects the receiver, and congestion control protects the network.

If a sender transmits data but receives no ACK, what happens?

A timeout occurs, the packet is retransmitted, and the congestion window is reduced.

Why is pipelining more beneficial when RTT is high?

It prevents idle waiting, and keeps the network busy while waiting for ACKS.

What does seeing many duplicate ACKs in wireshark indicate?

Packet loss, and congestion is likely

True or False: flow control prevents congestion

false: it only protects the receiver

A packet arrives with TTL = 1. What happens next?

router decrements TTL, packet is dropped

Why are port numbers needed if we already have IP addresses?

IP identifies device

Port identifies application/process

What is the subnet mask for /26?

255.255.255.192

why is CIDR better than class-based addressing?

it is more flexible and reduces wasted IP space.

Why is DHCP useful?

automatic configuration

no manual IP assignment

what does a routing table store?

destination network

next hop

interface

what happens when a certificte is invalid?

broswer shows a warning that the connection is not secure.

why is symmetric encryption faster?

it uses simpler math operations

what happens when you type a URL into a browser?

DNS lookup

TCP handshake

TLS handshake(if https)

HTTP request

server response