Chap567HW
docx
keyboard_arrow_up
School
University of Texas, Arlington *
*We aren’t endorsed by this school
Course
3303
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
26
Uploaded by MegaTreeAnteater20
Chapter 5
1.
What does the transport layer do?
The transport layer links application software in the application layer with the network
and is responsible for the end-to-end delivery of the message. The transport layer sits
between the application layer and the network layer. The transport layer accepts messages
from the application layer and packetizes them. Packetizing means to take one outgoing
message from the application layer and break it into a set of smaller packets for
transmission through the network. Conversely, it also means to take the incoming set of
smaller packets form the network layer and reassemble them into one message for the
application layer.
2.
What does the network layer do?
The network layer performs three important functions: addressing, routing, and breaking
long messages into smaller packets for transmission by the data link layer. The network
layer sits between the application layer and the data link layer. The network layer accepts
messages from the application layer and formats and addresses them for transmission by
the data link layer. The network layer also accepts individual messages from the data link
layer and organizes them into coherent messages that it passes to the application layer.
3.
Compare and contrast the three types of addresses used in a network.
When users work with application software, they typically use the application layer
address (e.g., entering an Internet address into a browser, such as www.cba.uga.edu).
When a user types of an Internet address into a Web browser, the request is passed to the
network layer as part of an application layer packet formatted using the HTTP standard.
The network layer software translates this application layer address into a network layer
address. The network layer protocol used on the Internet is TCP/IP, so this Web address
(www.cba.uga.edu) is translated into an TCP/IP address (usually just called an IP address
for short) which is four bytes long when using IPv4 (e.g., 128.192.78.5).
The network layer then determines the best route through the network to the final
destination. Based on this routing, the network layer identifies the data link layer address
of the next computer to which the message should be sent. If the data link layer is running
Ethernet, then the network layer IP address would be translated into an Ethernet address
(e.g., 00-0F-00-81-14-00).
4.
How does TCP establish a session?
TCP sets up a virtual circuit between the sender and the receiver. The transport layer
software sends a special packet (called a SYN, or synchronization characters) to the
receiver requesting that a connection be established. The receiver either accepts or rejects
the connection, and together, they settle on the packet sizes the connection will use. Once
the connection is established, the packets flow between the sender and the receiver,
following the same route through the network.
5.
What is a subnet and why do networks need them?
Each organization must assign the IP addresses it has received to specific computers on
its networks. In general, IP addresses are assigned so that all computers on the same local
area network have a similar address. For example, suppose a university has just received
a set of Class B addresses starting with 128.184.x.x. It is customary to assign all the
computers in the same LAN numbers that start with the same first three digits, so the
Business School LAN might be assigned 128.184.56.x while the Computer Science LAN
might be assigned 128.184.55.x (see Figure 6-8). Likewise, all the other LANs at the
university and the backbone network that connects them would have a different set of
numbers. Each of these LANs are called a TCP/IP subnet because they are logically
grouped together by IP number. Knowing whether a computer is on your subnet or not it
very important for message routing.
6.
How does TCP/IP perform address resolution from URLs into network layer
addresses?
It Uses one or more Domain Name Service servers to resolve the address.
7.
How does TCP/IP perform address resolution from IP addresses into data link layer
addresses?
It uses ARP to identify the MAC address of the next node(that packet must be forward)
8.
How does static routing differ from dynamic routing? When would you use static
routing? When would you use dynamic routing?
With static routing, the routing table is developed by the network manager, and changes
only when computers are added to or removed from the network. For example, if the
computer recognizes that a circuit is broken or unusable (e.g., after the data link layer
retry limit has been exceeded without receiving an acknowledgment), the computer will
update the routing table to indicate the failed circuit. If an alternate route is available, it
will be used for all subsequent messages. Otherwise, messages will be stored until the
circuit is repaired. When new computers are added to the network, they announce their
presence to the other computers, who automatically add them into their routing tables.
Static routing is commonly used in networks that have few routing options. For example,
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
most LANs are connected to the backbone network in only one place. There is only one
route from the LAN to the backbone, so static routing is used.
Dynamic routing (or adaptive routing) is used when there are multiple routes through a
network and it is important to select the best route. Dynamic routing attempts to improve
network performance by routing messages over the fastest possible route, away from
busy circuits and busy computers. An initial routing table is developed by the network
manager, but is continuously updated by the computers themselves to reflect changing
network conditions, such as network traffic. Routers can monitor outgoing messages to
see how long they take to transmit and how long it takes for the receiving computer to
acknowledge them. Based on this monitoring the router can effectuate table updating.
9.
Suppose that a client computer (128.192.98.130) in Building B in Figure 5-17
requests a large Web page from the Web server 2 in the Data Center
(www2.anyorg.com). Assume that the client computer has just been turned on and
does not know any addresses other than those in its configuration tables. Assume
that all gateways and Web servers know all network layer and data link layer
addresses. Explain what messages would be sent and how they would flow through
the network to deliver the Web page request to the server.
When a client computer (128.192.98.130) in Building A requests a large web page from
Web server 2 (www2.anyorg.com) in the Data Center, the process involves several steps.
This process illustrates how network messages flow through the network to deliver a web
page request to the server, with various devices and protocols involved in routing and
communication.
10. Hands-on activity 5D in the book.
Deliverable:
Binary representation of a byte
Decimal
10000000
128
11000000
192
11100000
224
11110000
240
11111000
248
11111100
252
11111110
254
11111111
255
Deliverables:
1.
Number of
subnets
required
Number of
borrowed bits
Maximum
number of
hosts per
subnet
Subnet mask in binary and decimal
2
1
128
11111111.11111111.11111111.10000000
=> 255.255.255.128
5
3
32
11111111.11111111.11111111.11100000
=>255.255.255.224
12
4
16
11111111.11111111.11111111.11110000
=>255.255.255.240
24
5
8
11111111.11111111.11111111.11111000
=>255.255.255.248
40
6
4
11111111.11111111.11111111.11111100
=>255.255.255.252
2.
Number of
subnets
required
Borrowed bits
Max number
of hosts
Subnet mask
5
3
8192
11111111.11111111.11100000.00000000
=> 255.255.224.0
8
3
8192
11111111.11111111.11100000.00000000
=> 255.255.224.0
35
5
2048
11111111.11111111.11111000.00000000
=> 255.255.248.0
200
8
256
11111111.11111111.11111111.00000000
=> 255.255.255.0
400
9
128
11111111.11111111.11111111.10000000
=> 255.255.255.128
3.
Subnets
required
Borrowed bits
Max number
of hosts
Subnet mask
10
4
1048576
11111111.11110000.00000000.00000000
=> 255.240.0.0
20
5
524288
11111111.11111000.00000000.00000000
=> 255.248.0.0
80
7
131072
11111111.11111110.00000000.00000000
=> 255.254.0.0
400
9
32768
11111111.11111111.10000000.00000000
=> 255.255.128.0
2000
11
8192
11111111.11111111.11100000.00000000
=> 255.255.224.0
TCPIP Utilities: please refer to
INSY 5343 TCPIP Utilities Lab.docx
Actions
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
1.
ping
- The PING utility tests connectivity between two hosts. PING uses a special
protocol called the Internet Control Message Protocol (ICMP) to determine whether the
remote machine (website, server, etc.) can receive the test packet and reply.
Simply ping a website by typing “ping espn.com” or “ping www.google.com”
You can also type “ping 127.0.0.1” in order to test your own computer’s network
interface card and TCP/IP setup.
How many packets were returned from the address/website pinged? 4
How long did it take to receive the response? 0ms
2.
pathping
- The PATHPING tool traces the route a packet takes to a destination and
displays information on packet losses for each router in the path.
Type “pathping espn.com” or choose another website, such as hk.science.museum
for the Museum of Science in Hong Kong.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3.
tracert
- The TRACERT command tool is very similar to Ping, except that Tracert
identifies the route, or pathways, taken along each hop (tracert traces the route taken),
rather than the time it takes for each packet to return (ping).
Can you trace the route taken to get to The Louvre museum in Paris or the New
York Times in New York City? Yes
How many hops did it take the packet to reach the website? 12
4.
route
- The ROUTE command line tool is designed to display and modify the entries in
the local computer routing table. Your computer keeps a local routing table to assist in
getting back to gateways you frequently visit. If you delete the entries in this table, your
computer will rebuild the table over time.
You can see your computer’s routing table by typing “route print”.
How many lines does your computer have in its routing table? 11
What is the most unusual entry in your routing table? 224.0.0.0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
5.
nslookup
- The NSLOOKUP command line utility provides a command-line utility for
diagnosing DNS problems. In its most basic usage, NSLookup returns the IP address with
the matching host name.
Typing “nslookup” will display information about your default server and local IP
address.
Find the IP address of a website of your choice.
2600:9000:2341:4e00:d:ac18:e2c0:93a1
6.
netstat
- The NETSTAT (Network Statistics) command tool displays network
connections (both incoming and outgoing), routing tables, and a number of network
interface statistics.
Simply typing “netstat” in the command line will display current protocols in use
(mostly TCP) and ports in use. Why do some of the IP addresses have additional
information, such as 192.168.1.1:60748? What does the “:60748” mean?
The additional information in IP addresses, such as "192.168.1.1:60748,"
represents both the IP address and the port number.
7.
ipconfig
- The IPCONFIG command line utility will show detailed information about the
network you are connected to.
Typing “ipconfig” will show you the basic information about your computer’s IP
address, subnet mask and default gateway. Typing “ipconfig /all” will give more
information.
What is your default gateway’s IP address? 192.168.1.1
What is the Mac of your computer? 8C-AE-4C-D6-74-5C
What is the subnet mask of your computer? 255.255.255.0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
8.
arp
- The ARP command line utility can be used for Address Resolution Protocol to map
MAC addresses for hosts in your local network.
If you type “arp –a” you will see the ARP table for your computer. It will contain
IP addresses resolved to MAC addresses. Do you see any IP addresses with interesting or
peculiar MAC addresses?
No, the ARP table links IP addresses to MAC addresses in your local network.
Unusual MAC addresses in the table may indicate non-standard setups, virtualization, or
network bridging, requiring further investigation of your network configuration.
Protocol Analysis with Wireshark. Please refer to
INSY 5343 Wireshark Lab.docx
Actions
Step 1: Observing a TCP connection
1.
Ensure that your capture options are set as before and begin another capture session.
2.
After the capture session has begun, open a web browser on your workstation, allow the
web page to finish loading, and then stop the packet capture session.
3.
Look for the first three TCP packets in the packet list pane.
TCP packets have a green
background color (depending on your settings) and are easily recognized.
These three packets should be listed as [SYN], [SYN, ACK] and [ACK].
This 3-packet
interchange builds a connection between two computers.
You should notice that the
destination port for the [SYN] packet is 80, indicating a web request.
The second two
packets should provide you with a sequence/acknowledgement analysis.
Step 2: Observing a DNS request/response
1.
Ensure that your capture options are set as before and begin a fresh Wireshark capture
session.
You can discard the previous session or save it to a file.
2.
Begin a Command Prompt window. Next, to release the existing IP address, enter the
ipconfig /release command at the command prompt. See Figure 5. (Note: if your computer
has IPv6 configured, you will see the configured IPv6 address; you can release these using
the ipconfig /release6 command.)
3.
As soon as you see that your IP address was released (shown as empty or 0.0.0.0,
depending on your system) enter the ipconfig /renew command at the command prompt.
See Figure 6.
4.
Wait until the renewal process has completed (you receive an IP address). Then, stop the
packet capture in Wireshark. Next, click on the column in the Packet List pane marked,
“Protocol.”
This will sort the entries in order of protocol.
5.
Locate the DHCP packets and select the first one. (There should be 5.)
The first of these packets is from your computer to the DHCP server telling it to release the
lease on your IP address.
The next 4 packets renew that lease.
Note that the source address
on the “DHCP Discover” and “DHCP Request” packets is 0.0.0.0.
This indicates that your
computer does not actually use its new IP address until the interchange has completed.
Also
note that the destination address in each of the 4 packets is a broadcast address
1
.
It should be
obvious to you why the first two packets are broadcasted, but what about the last two?
Can
you explain this?
1 You may see a unicast (your IP address) target for the DHCP Offer / ACK from the DHCP server. This may happen
if your DHCP Discover request has Option 50 set to a preferred IP address (e.g., your old IP address).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
A)
Systems create an ARP lookup table where details about what IP addresses are
paired with what MAC addresses are kept. The machine would first consult this
table while attempting to submit a packet to an IP address to see if it already
recognizes the MAC address. ARP is not used if a cached attribute occurs.
B)
"When the IP address is not contained in the ARP row, the device would then use
the ARP protocol to transmit a transmitted packet to the network to inquire "who
has 192.168.1.1.
C)
As it is a transmitted packet, it is sent to a specific MAC address that allows it to
be processed by all devices on the network. Every computer with the requested IP
address can respond with an ARP packet that says "I am 192.168.1.1", and this
includes the MAC address which will accept packets for that IP.
Step 3: Following an HTTP Stream
1.
Ensure that your capture options are set as before and begin another capture session.
You
can discard the previous session or save it to a file.
2.
Open Internet Explorer on your workstation, return to Wireshark and begin a packet
capture session.
3.
Type in a URL and after the page loads, return to Wireshark and stop the packet capture.
4.
Find the packet with comments in the “Info” column saying “GET / HTTP/1.1” and select
it.
Right click this packet and click “Follow TCP stream” from the popup menu. See
Figure 7.
5.
A new window will open with the details of the http exchange.
The request and
acknowledgements from your workstation are in red, and the responses are in blue and
should resemble Figure 8.
6.
At the bottom of this window are some options for saving this file for later reference.
Click the “Close” button to return to the main window and you will notice that only the
TCP and HTTP packets have been retained, since a filter was created based on your action
of following the TCP stream.
Now select File > Export >
Objects > HTTP. See Figure 8.
In the resulting window, find the Hostname you visited (second column; in our case, it
was www.java.com) and the content-type corresponding to text/html. Then, click the
“Save As” button.
Save the file (with a “.html” extension) on your desktop.
7.
Minimize all windows and find the file you just saved on the desktop and open it with a
web browser.
If the web page contains several secondary files, such as image, CSS, or
flash files (as many web sites do), what you see won’t be very impressive; however, Figure
10 shows
http://search.frontier.com
on the left side, while its TCP stream produces the
page shown on the right side of the figure.
Although you can’t see the graphics in the
rendered file, you can easily determine its main theme.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Questions
1.
Close your browsers and send a ping request to a server. Identify the packets
related with your ping command. It should be ICMP Echo Request and ICMP
Echo Response.
2.
Packet sniffing can be a controversial subject.
Discuss any issues related to
ethics that might arise when an organization monitors the electronic activity of
its employees.
Packet sniffing is a contentious topic because it raises ethical questions about
workplace trust and privacy. Employees may perceive a company's monitoring of
their online behavior as a violation of privacy, especially if they are unaware of it.
Additionally, constant monitoring can foster a culture of mistrust, which can have a
negative impact on productivity and employee morale. Organizations, on the other
hand, have a legitimate interest in preventing unauthorized access to or misuse of
their resources, including data and network equipment. Packet sniffing is justifiable in
these situations as a security precaution. Organizations must create explicit packet
sniffing policies and guidelines, explain the intent and extent of the monitoring to
staff, and implement these policies and guidelines consistently. And ensuring that any
collected data is used for legitimate purposes only.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3.
You looked at packets captured during a web page request.
What might this be
useful for?
There are a number of uses for looking into packets obtained during a web page
request, including diagnosing network performance problems, examining website
traffic trends, and discovering security flaws. The source and destination of the
traffic, the kind of protocol being used, the amount of data being carried, its size, its
content, and any problems or delays that occurred throughout the request-response
cycle can all be found out by analyzing the packets. Network administrators and web
developers can use this information to improve user experience, identify and mitigate
security concerns, and optimize network and website performance
4.
Most computers are connected with switches (rather than hubs).
How does this
affect the packet capturing process?
The majority of computer connections use switches rather than hubs, which has an
impact on the packet capture procedure. Switches simply forward traffic to the port
where the intended recipient is connected, as opposed to hubs, which broadcast all
data to all ports. As a result, a packet sniffer connected to a switch port will only pick
up data meant for that port and not the entire network. By configuring the switch to
copy all traffic to a specific port to which the packet sniffer is connected, a method
known as port mirroring or switch port monitoring can be used to record all traffic on
a switch.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
5.
Discuss how sniffing packets from wireless networks might differ from wired
networks.
Use the Internet to search for wireless packet sniffers.
Where might
someone go to sniff wireless packets and possibly obtain some “juicy”
information?
There are a number of ways sniffing packets from wireless networks can be different
from wired networks. First off, since radio waves are used by wireless networks to
convey data, anyone within range of the signal can intercept the traffic. Second,
unlike wired networks, wireless networks employ various protocols and technologies,
such Wi-Fi and Bluetooth, necessitating the deployment of specialized packet sniffers
that can decode and analyze these protocols. Finally, because it necessitates being in
close proximity to the target device or the wireless access point, wireless packet
sniffing can be trickier than wired packet sniffing. Using wireless packet sniffers or
network analyzers, which are widely available online, one could sniff wireless
packets and obtain sensitive information. Such actions, however, are against the law
and unethical, and anyone caught doing so could face severe legal and professional
consequences.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Chapter 6
1.
How does the traditional approach to network design differ from the building-block
approach?
Traditional network designs used a very structured approach for the analysis and design.
This is built in limitations to the growth and need to change network designs as the needs
of the organization and technology change.
Chapter 7
1.
Describe the basic components of a wired LAN.
Client computer and the server, network interface card, network cables and hubs, the
network operating system.
2.
Briefly describe how CSMA/CD works.
Like all contention-based techniques, is very simple in concept: wait until the bus is free
(sense for carrier) and then transmit. Computers wait until no other devices are
transmitting, and then transmit their data.
The solution to this is to listen while transmitting, better known as collision detection
(CD). If the NIC detects any signal other than its own, it presumes that a collision has
occurred, and sends a jamming signal.
3.
How do Ethernet switches know where to send the frames they receive? Describe
how switches gather and use this knowledge.
Ethernet switches operate with the destination MAC address to determine which port to
pass on each packet for the transmission. Ethernet switches learn and store in memory in
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
the form of a forwarding table, the specific port location of each MAC address for every
device connected to any of its ports.
4.
Explain how CSMA/CA DCF works.
Computers listen before they transmit and if no one else is transmitting, they proceed
with transmission. Detection collisions is more difficult in radio transmission than in
transmission over wired networks, so Wi-Fi attempts to avoid collision to a greater extent
than traditional Ethernet.
5.
What is a site survey, and why is it important?
A site survey means going to a physical location to survey it, look at it in person and
possibly with some measuring tools.
The issues of concern may be that the land is as described to you before you purchase it,
to see what building may be on it. Other reasons to do site surveys include inspection of a
site before constructing an industrial facility there, from shopping center to mine to oil
well. People working in the natural sciences will survey plant life at a site or animal life,
or both together if the whole habitat and ecosystem is the concern. A site survey is done
in person and on the site.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help