It First Chapter

may-2018 OCT- 2017 done
Q 1)Write a note on TCP/IP protocol suite.

Ans.
TCP/IP Protocol Architecture Model
The OSI model describes idealized network communications with a family of protocols. TCP/IP does
not directly correspond to this model. TCP/IP either
Table 1-2 TCP/IP Protocol Stack
OSI Ref. Layer No. OSI Layer Equivalent TCP/IP Layer TCP/IP Proto
5,6,7 Application, presentation, session Application NFS, NIS, DN
rlogin, rsh, rc
and others
4 Transport Transport TCP, UDP, SC
3 Network Internet IPv4, IPv6, A
2 Data link Data link PPP, IEEE 80
1 Physical Physical network Ethernet (IEE
RS-232, FDD
The table shows the TCP/IP protocol layers and the OSI model equivalents. Also shown are examples
of the protocols that are available at each level of the TCP/IP protocol stack. Each system that is
involved in a communication transaction runs a unique implementation of the protocol stack.
Physical Network Layer

The physical network layer specifies the characteristics of the hardware to be used for the network.
For example, physical network layer specifies the physical characteristics of the communications media.
The physical layer of TCP/IP describes hardware standards such as IEEE 802.3, the specification for
Ethernet network media, and RS-232, the specification for standard pin connectors.
Data-Link Layer
The data-link layer identifies the network protocol type of the packet, in this instance TCP/IP. The
data-link layer also provides error control and “framing.” Examples of data-link layer protocols are
Ethernet IEEE 802.2 framing and Point-to-Point Protocol (PPP) framing.
Internet Layer
The Internet layer, also known as the network layer or IP layer, accepts and delivers packets for the
network. This layer includes the powerful Internet Protocol (IP), the Address Resolution Protocol
(ARP), and the Internet Control Message Protocol (ICMP).
IP Protocol
The IP protocol and its associated routing protocols are possibly the most significant of the entire
TCP/IP suite. IP is responsible for the following:
• IP addressing – The IP addressing conventions are part of the IP protocol. Designing an IPv4
Addressing Scheme introduces IPv4 addressing and IPv6 Addressing Overview introduces IPv6
addressing.
• Host-to-host communications – IP determines the path a packet must take, based on the
receiving system's IP address.
• Packet formatting – IP assembles packets into units that are known as datagrams. Datagrams
are fully described in Internet Layer: Where Packets Are Prepared for Delivery.
• Fragmentation – If a packet is too large for transmission over the network media, IP on the
sending system breaks the packet into smaller fragments. IP on the receiving system then
reconstructs the fragments into the original packet.
Oracle Solaris supports both IPv4 and IPv6 addressing formats, which are described in this book. To
avoid confusion when addressing the Internet Protocol, one of the following conventions is used:
• When the term “IP” is used in a description, the description applies to both IPv4 and IPv6.
• When the term “IPv4” is used in a description, the description applies only to IPv4.
• When the term “IPv6” is used in a description, the description applies only to IPv6.
ARP Protocol
The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet layers.
ARP assists IP in directing datagrams to the appropriate receiving system by mapping Ethernet
addresses (48 bits long) to known IP addresses (32 bits long).
ICMP Protocol
The Internet Control Message Protocol (ICMP) detects and reports network error conditions. ICMP
reports on the following:
• Dropped packets – Packets that arrive too fast to be processed
• Connectivity failure – A destination system cannot be reached
• Redirection – Redirecting a sending system to use another router
Chapter 8, Administering a TCP/IP Network (Tasks) contains more information on Oracle Solaris
commands that use ICMP for error detection.
Transport Layer
The TCP/IP transport layer ensures that packets arrive in sequence and without error, by swapping
acknowledgments of data reception, and retransmitting lost packets. This type of communication is
known as end-to-end. Transport layer protocols at this level are Transmission Control Protocol (TCP),
User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP). TCP and SCTP
provide reliable, end-to-end service. UDP provides unreliable datagram service.
TCP Protocol
TCP enables applications to communicate with each other as though they were connected by a physical
circuit. TCP sends data in a form that appears to be transmitted in a character-by-character fashion,
rather than as discrete packets. This transmission consists of the following:
• Starting point, which opens the connection
• Entire transmission in byte order
• Ending point, which closes the connection.
TCP attaches a header onto the transmitted data. This header contains many parameters that help
processes on the sending system connect to peer processes on the receiving system.
TCP confirms that a packet has reached its destination by establishing an end-to-end connection
between sending and receiving hosts. TCP is therefore considered a “reliable, connection-oriented”
protocol.
SCTP Protocol
SCTP is a reliable, connection-oriented transport layer protocol that provides the same services to
applications that are available from TCP. Moreover, SCTP can support connections between systems
that have more than one address, or multihomed. The SCTP connection between sending and receiving
system is called an association. Data in the association is organized in chunks. Because SCTP supports
multihoming, certain applications, particularly applications used by the telecommunications industry,
need to run over SCTP, rather than TCP.
UDP Protocol
UDP provides datagram delivery service. UDP does not verify connections between receiving and
sending hosts. Because UDP eliminates the processes of establishing and verifying connections,
applications that send small amounts of data use UDP.
Application Layer
The application layer defines standard Internet services and network applications that anyone can use.
These services work with the transport layer to send and receive data. Many application layer
protocols exist. The following list shows examples of application layer protocols:
• Standard TCP/IP services such as the ftp, tftp, and telnet commands
• UNIX “r” commands, such as rlogin and rsh
• Name services, such as NIS and the domain name system (DNS)
• Directory services (LDAP)
• File services, such as the NFS service
• Simple Network Management Protocol (SNMP), which enables network management
• Router Discovery Server protocol (RDISC) and Routing Information Protocol (RIP) routing
protocols
Standard TCP/IP Services
• FTP and Anonymous FTP – The File Transfer Protocol (FTP) transfers files to and from a
remote network. The protocol includes the ftp command and the in.ftpd daemon. FTP enables a
user to specify the name of the remote host and file transfer command options on the local
host's command line. The in.ftpd daemon on the remote host then handles the requests from
the local host. Unlike rcp, ftp works even when the remote computer does not run a UNIX
based operating system. A user must log in to the remote system to make an ftp connection,
unless the remote system has been configured to allow anonymous FTP.
You can obtain an enormous amount of material from anonymous FTP servers that are
connected to the Internet. Universities and other institutions set up these servers to offer
software, research papers, and other information to the public domain. When you log in to this
type of server, you use the login name anonymous, hence the term “anonymous FTP server.”
Using anonymous FTP and setting up anonymous FTP servers is outside the scope of this
manual. However, many books, such as The Whole Internet User's Guide & Catalog, discuss
anonymous FTP in detail. Instructions for using FTP are in System Administration Guide:
Network Services. The ftp(1) man page describes all ftp command options that are invoked
through the command interpreter. The ftpd(1M) man page describes the services that are
provided by the in.ftpd daemon.
• Telnet – The Telnet protocol enables terminals and terminal-oriented processes to

communicate on a network that runs TCP/IP. This protocol is implemented as the telnet
program on local systems and the in.telnetd daemon on remote machines. Telnet provides a
user interface through which two hosts can communicate on a character-by-character or line-
by-line basis. Telnet includes a set of commands that are fully documented in the telnet(1) man
page.
• TFTP – The Trivial File Transfer Protocol (tftp) provides functions that are similar to ftp, but the
protocol does not establish ftp's interactive connection. As a result, users cannot list the
contents of a directory or change directories. A user must know the full name of the file to be
copied. The tftp(1)man page describes the tftp command set.
Q.) Explain role of presentation layer.
Q.) Explain supernetting with example.

Subnetting could not completely solve address depletion problems in classful
address-ing because most organizations did not want to share their granted
blocks with others.Since class C blocks were still available but the size of the
block did not meet therequirement of new organizations that wanted to join the
Internet, one solution wassupernetting. In supernetting, an organization can
combine several class C blocks tocreate a larger range of addresses. In other
words, several networks are combined tocreate a supernetwork. By doing this,
an organization can apply for several class Cblocks instead of just one. For
example, an organization that needs 1000 addresses canbe granted four class C
blocks. Supernet MaskA supernet mask is the reverse of a subnet mask. A subnet
mask for class C has more1s than the default mask for this class. A supernet
mask for class C has less 1s than thedefault mask for this class.
Figure 5.26 shows the difference between a subnet mask and a supernet mask.
Asubnet mask that divides a block into eight subblocks has three more 1s (23= 8)
thanthe default mask; a supernet mask that combines eight blocks into one
superblock hasthree less 1s than the default mask.
Q.)State and explain reassembly module of IP Package.
Q.) Explain unicast, anycast and multicast address in Ipv6.
Unicast AddressA unicast address defines a single interface (computer or router). The packet sent
to aunicast address will be routed to the intended recipient. As we see shortly, IPv6 has des-ignated
a large block from which unicast addresses can be assigned to interfaces.
Anycast Address An anycast address defines a group of computers that all share a single address.
Apacket with an anycast address is delivered to only one member of the group, the mostreachable
one. An anycast communication is used, for example, when there are severalservers that can
respond to an inquiry. The request is sent to the one that is most reach-able. The hardware and
software generate only one copy of the request; the copyreaches only one of the servers. IPv6 does
not designate a block for anycasting; theaddresses are assigned from the unicast block.
Multicast AddressA multicast address also defines a group of computers. However, there is a
differencebetween anycasting and multicasting. In multicasting, each member of the group receives
a copy. As we will see shortly, IPv6 has designated a block for multicastingfrom which the same
address is assigned to the members of the group.
Q 2)What is NAT? How can NAT help in address depletion?

Ans.
Network Address Translation allows a single device, such as a router, to act as an agent between the
Internet (or "public network") and a local (or "private") network. This means that only a single, unique
IP address is required to represent an entire group of computers.
Theoretically, there are 2^32 IPv4 addresses, a little more than 4 billion IPv4 addresses. The number of
IPv4 available addresses is actually less than the theoretical number, since some of the addresses in a
network are reserved for broadcasting, multicasting or other special purposes, they cannot be assigned
to hosts.
With the explosion of devices online, the available IPv4 addresses are just not enough. NAT was
designed as a temporary solution to circumvent this problem and support IPv4 address reusability. NAT
resulted in IPv4 addresses being divided into two broad categories: Public and Private. The range of
private IPv4 addresses can be used by anyone and are unregistered, which means that they cannot be
recognized outside the network in which they are assigned.
Now, when a host with a private IP address wants to communicate with a server outside its private
network, it uses the public IP address of the NAT to do so. This way the internal/private address is
identified as the public address to the outside world because the server needs a unique and routable
address, on the internet, to reply. A NAT device uses the PAT (Port Address Translation) method to
remember the IP address and source port of the private host. It uses these records to translate the
packets received and send them to the original host that requested that info.
Another benefit of using NAT is that it keeps the private hosts hidden from the outside world.
Everyone, outside the private network, could only see the public address and nothing beyond it.
Q. 3)List the layers in OSI model. Explain any two of them in detail.
Ans.
Physical layer is concerned with the actual transmission and reception of raw bits over physical media.
At this level, you can talk about the physical media over which data is moving — ethernet, power lines,
radio signals, telephone wire, etc.
Data link layer is concerned with the correct transmission of data between two nodes over the
physical layer. Here, you're talking about how the network interfaces are actually sending and receiving
data over the physical layer, as opposed to merely observing that data is moving at all.
Network layer is concerned with the way nodes can find and communicate with each other over the
data link layer. After all, if the nodes can't find each other, they can't send or receive messages from
each other. There are different ways to approach this, and one size definitely does not fit all (see
network topologies).
Transport layer is concerned with the reliable transmission of segments of data, including how to deal
with faults and compensating for connection errors, over the network layer. At this level, you are
dealing with the realities of sending data over distance: the message can degrade before it arrives at its
destination.
Session layer is concerned with correctly addressing another network node or being addressed by one
over the transport layer. This makes sure a local node is ready to receive a message without being
interrupted, and that the remote node is ready to receive what the local node wants to send.
Presentation layer is concerned with the representation of information as data, sent over the
transport layer, mediated by the session layer. A major function of this is also making sure that data
going in can be used by the local node, and that data going out can be used by the remote node.
Finally, application layer is concerned with the actual use of data received over the network (by
decoding it, possibly displaying it or passing it on to another program), or allowing users/programs to
input/modify data to send via the presentation layer.
Q. 4)Write a short note on Ipv4. Compare IPV4 with IPV6.Differentiate betwen Ipv4 nd ipv6(IMP)
Ans.
Pv4 has 32-bit address length IPv6 has 128-bit address length
It Supports Manual and DHCP address It supports Auto and renumbering address configuration
configuration
In IPv4 end to end connection integrity is In IPv6 end to end connection integrity is Achievable
Unachievable
It can generate 4.29×109 address space Address space of IPv6 is quite large it can produce
3.4×1038 address space
Security feature is dependent IPSEC is inbuilt security feature in the IPv6 protocol
onapplication
Address representation of IPv4 in decimal Address Representation of IPv6 is in hexadecimal
Fragmentation performed by Sender and In IPv6 fragmentation performed only by sender
forwarding routers
In IPv4 Packet flow identification is not In IPv6 packetflow identification are Available and uses
available flow label field in the header
In IPv4 checksumfield is available In IPv6 checksumfield is not available
It has broadcast Message Transmission In IPv6 multicast and any cast message transmission
Scheme scheme is available
In IPv4 Encryption and Authentication In IPv6 Encryption and Authentication are provided
facility not provided
Q.5)Explain the four levels of addresses are used in the TCP/IP protocols.
Ans.
Four levels of addresses are used in the TCP/IP protocol: physical address, logical address, port
address, and application-specific address as shown in Figure.
Physical Addresses
• The physical address, also known as the link address, is the address of a node as defined by its
LAN or WAN.
• The size and format of these addresses vary depending on the network. For example, Ethernet
uses a 6-byte (48-bit) physical address.
• Physical addresses can be either unicast (one single recipient), multicast (a group of recipients),
or broadcast (to be received by all systems in the network.
• Example: Most local area networks use a 48-bit (6-byte) physical address written as 12
hexadecimal digits; every byte (2 hexadecimal digits) is separated by a colon, as shown below:
A 6-byte (12 hexadecimal digits) physical address 07:01:02:01:2C:4B
Logical Addresses
• Logical addresses are used by networking software to allow packets to be independent of the
physical connection of the network, that is, to work with different network topologies and
types of media.
• A logical address in the Internet is currently a 32-bit address that can uniquely define a host
connected to the Internet. An internet address in IPv4 in decimal numbers 132.24.75.9
• No two publicly addressed and visible hosts on the Internet can have the same IP address.
• The physical addresses will change from hop to hop, but the logical addresses remain the same.
• The logical addresses can be either unicast (one single recipient), multicast (a group of
recipients), or broadcast (all systems in the network). There are limitations on broadcast
addresses.
Port Addresses
• There are many application running on the computer. Each application run with a port no.
(logically) on the computer.
• A port number is part of the addressing information used to identify the senders and receivers
of messages.
• Port numbers are most commonly used with TCP/IP connections.
• These port numbers allow different applications on the same computer to share network
resources simultaneously.
• The physical addresses change from hop to hop, but the logical and port addresses usually
remain the same.
• Example: a port address is a 16-bit address represented by one decimal number 753
Application-Specific Addresses
• Some applications have user-friendly addresses that are designed for that specific application.
• Examples include the e-mail address (for example, forouzan@fhda.edu) and the Universal
Resource Locator (URL) (for example, www.mhhe.com). The first defines the recipient of an e-
mail; the second is used to find a document on the World Wide Web.
Q.6)Explain the Classfull Addressing in the Ipv4

Ans.
Classful addressing divides the entire IP address space (0.0.0.0 to 255.255.255.255) into 'classes', or
special ranges of contiguous IP addresses (no addresses missing between the first and last address in
the range). Classful addressing makes it posible to determine the network portion of the IP address by
looking at the first four bits of the first octet in the IP address. The first four bits are referred to as the
'most significant bits' of the first octet and are used to determin what class of IP address is being
used. The value of the first four bits determines the range of actual numerical values of the first octet
of the IP addresses in that class. From this information, a receiving host can determine which part of
the IP address is being used to identify the specific network on which the host resides, and which
portion of the IP address is used to identify the host.
The different classes of IP addresses (Class A, Class B, Class C, Class D & Class E) were created to
allow for carving up the entire set of all IP addresses into chunks of different sizes that would 'fit' the
number of hosts on the network for which the IP address space was being supplied. The chart below
gives you a breakdown of how the Classful system breaks up the IP address space.
First Octet IP Address Characteristics

Most Value Addr. Network vs. # NETWORKS # HOSTS
Significant Ranges Class Host
BITS
0000 0-126 A N.h.h.h 127 16,777,21
4
-- 127 - - Special - Local Loopback
1000 128-191 B N.N.h.h 65,536 65,534
1100 192-223 C N.N.N.h 16,777,216 254
1110 224 - D Special N/A N/A
239
1111 240 + E Special N/A N/A
It is possible to waste IP addresses by assigning blocks of IP addresses which fall along octet
boundaries (the dots between the numbers in the decimal representation of the IP address). Most often
a class C address was supplied to anyone requesting space, as few networks had more than 256 hosts.
But the networks grew to more than 256 hosts, and needed more space, so Class B addresses were
given out. But if a network has only 500 hosts, and you assign a class B IP address block to that
network, 65,034 addresses will go unused. This is a terribly inefficient use of space, and as networks
grew larger the Internet grew; the need to use the IP address space more and more efficiently became
ever more critical.
One solution that was created for reduce utilization of IP addresses was Network Address Translation.
This involved the use of private IP addresses and a device that translates private IP addresses into
public IP addresses.
As the list of available IP addresses was depleted it became clear that a new solution was needed that
provided more addresses and efforts turned towards developing what is called IP v6
Q.7)Explain the options in IPv4

-S <addr>, --source-ip <addr> (Source IP Address)
Sets the source IP address. This option lets you specify a custom IP address to be used as source
IP address in sent packets. This allows spoofing the sender of the packets. <addr> can be an IPv4
address or a hostname.
--dest-ip <addr> (Destination IP Address)
Adds a target to Nping's target list. This option is provided for consistency but its use is
deprecated in favor of plain target specifications. See the section called “Target Specification”.
--tos <tos> (Type of Service)
Sets the IP TOS field. The TOS field is used to carry information to provide quality of service
features. It is normally used to support a technique called Differentiated Services. See RFC 2474
for more information. <tos> must be a number in the range [0–255].
--id <id> (Identification)
Sets the IPv4 Identification field. The Identification field is a 16-bit value that is common to all
fragments belonging to a particular message. The value is used by the receiver to reassemble the
original message from the fragments received. <id> must be a number in the range [0–65535].
--df (Don't Fragment)
Sets the Don't Fragment bit in sent packets. When an IP datagram has its DF flag set,
intermediate devices are not allowed to fragment it so if it needs to travel across a network with
a MTU smaller that datagram length the datagram will have to be dropped. Normally an ICMP
Destination Unreachable message is generated and sent back to the sender.
--mf (More Fragments)

Sets the More Fragments bit in sent packets. The MF flag is set to indicate the receiver that the
current datagram is a fragment of some larger datagram. When set to zero it indicates that the
current datagram is either the last fragment in the set or that it is the only fragment.
--ttl <hops> (Time To Live)
Sets the IPv4 Time-To-Live (TTL) field in sent packets to the given value. The TTL field specifies
how long the datagram is allowed to exist on the network. It was originally intended to
represent a number of seconds but it actually represents the number of hops a packet can
traverse before being dropped. The TTL tries to avoid a situation in which undeliverable
datagrams keep being forwarded from one router to another endlessly. <hops> must be a
number in the range [0–255].
--badsum-ip (Invalid IP checksum)
Asks Nping to use an invalid IP checksum for packets sent to target hosts. Note that some
systems (like most Linux kernels), may fix the checksum before placing the packet on the wire, so
even if Nping shows the incorrect checksum in its output, the packets may be transparently
corrected by the kernel.
--ip-options <S|R [route]|L [route]|T|U ...>, --ip-options <hex string> (IP Options)
The IP protocol offers several options which may be placed in packet headers. Unlike the
ubiquitous TCP options, IP options are rarely seen due to practicality and security concerns. In
fact, many Internet routers block the most dangerous options such as source routing. Yet options
can still be useful in some cases for determining and manipulating the network route to target
machines. For example, you may be able to use the record route option to determine a path to a
target even when more traditional traceroute-style approaches fail. Or if your packets are being
dropped by a certain firewall, you may be able to specify a different route with the strict or loose
source routing options.
The most powerful way to specify IP options is to simply pass in hexadecimal data as the
argument to --ip-options. Precede each hex byte value with \x. You may repeat certain characters
by following them with an asterisk and then the number of times you wish them to repeat. For
example, \x01\x07\x04\x00*4 is the same as \x01\x07\x04\x00\x00\x00\x00.
Note that if you specify a number of bytes that is not a multiple of four, an incorrect IP header
length will be set in the IP packet. The reason for this is that the IP header length field can only
express multiples of four. In those cases, the length is computed by dividing the header length by
4 and rounding down. This will affect the way the header that follows the IP header is
interpreted, showing bogus information in Nping or in the output of any sniffer. Although this
kind of situation might be useful for some stack stress tests, users would normally want to
specify explicit padding, so the correct header length is set.
Nping also offers a shortcut mechanism for specifying options. Simply pass the letter R, T, or U
to request record-route, record-timestamp, or both options together, respectively. Loose or strict
source routing may be specified with an L or S followed by a space and then a space-separated
list of IP addresses.
For more information and examples of using IP options with Nping, see the mailing list post at
http://seclists.org/nmap-dev/2006/q3/0052.html.
--mtu <size> (Maximum Transmission Unit)
This option sets a fictional MTU in Nping so IP datagrams larger than <size> are fragmented
before transmission. <size> must be specified in bytes and corresponds to the number of octets
that can be carried on a single link-layer frame.
Q.9)Why do you need Subnetting in Classfull Addressing? Explain.

We need a subnet mask for IPv4 addresses because the address doesn't give any information on the
network size. Class sizes are not the network sizes. In practical networks all IPv4 networks are broken
up into subnets that are smaller than the class size.
For example you could break up the class C network 200.200.200.0/255.255.255.0 into two smaller
networks (potentially at separate locations) 200.200.200.0/255.255.255.128 and
200.200.200.128/255.255.255.128 assuming neither needed more than 126 hosts. In reality most
companies only get enough IPv4 addresses for the servers that need to be on the public Internet. I've
personally seen set ups with 32,16, & 8 address networks (that would be masks of 255.255.255.224,
255.255.255.240, & 255.255.255.248 respectively)
Having IP networks only in class size blocks was too restrictive in limited the number of networks that
could be allowed - the 127 class A networks taking half of the space. Not to mention that having a 24
billion node network is completely unmanageable Instead in 1993 Classless Inter-Domain Routing
(CIDR) was introduced to allow the networks to be split up.
Also to be clear the purpose of the subnet mask is to determine which hosts are on the local network
and which are outside of the network. Hosts can talk directly to hosts on the same network, but they
need to communicate with a router to talk to hosts on external networks.
To reduce the wastage of IP addresses in a block, we use sub-netting. What we do is that we use host
id bits as net id bits of a classful IP address. We give the IP address and define the number of bits for
mask along with it (usually followed by a ‘/’ symbol), like, 192.168.1.1/28. Here, subnet mask is found
by putting the given number of bits out of 32 as 1, like, in the given address, we need to put 28 out of
32 bits as 1 and the rest as 0, and so, the subnet mask would be 255.255.255.240.
Some values calculated in subnetting :
1. Number of subnets : Given bits for mask – No. of bits in default mask
2. Subnet address : AND result of subnet mask and the given IP address
3. Broadcast address : By putting the host bits as 1 and retaining the network bits as in the IP address
4. Number of hosts per subnet : 2(32 – Given bits for mask) – 2
5. First Host ID : Subnet address + 1 (adding one to the binary representation of the subnet address)
6. Last Host ID : Subnet address + Number of Hosts
Example : Given IP Address – 172.16.0.0/25, find the number of subnets and the number of hosts per
subnet. Also, for the first subnet block, find the subnet address, first host ID, last host ID and
broadcast address.
Solution : This is a class B address. So, no. of subnets = 2(25-16) = 29 = 512.
No. of hosts per subnet = 2(32-25) – 2 = 27 – 2 = 128 – 2 = 126
For the first subnet block, we have subnet address = 0.0, first host id = 0.1, last host id = 0.126 and
broadcast address = 0.127
Q.10 )List functionalities of Transport Layer. Explain any four.

Transport Layer is the second layer of the TCP/IP model. It is an end-to-end layer used to deliver
messages to a host. It is termed as an end-to-end layer because it provides a point-to-point connection
rather than hop-to- hop, between the source host and destination host to deliver the services reliably.
The unit of data encapsulation in Transport Layer is a segment.
The standard protocols used by Transport Layer to enhance its functionalities are TCP(Transmission
Control Protocol), UDP( User Datagram Protocol), DCCP( Datagram Congestion Control Protocol) etc.
Various responsibilities of a Transport Layer –
• Process to process delivery –

While Data Link Layer requires the MAC address (48 bits address contained inside the Network
Interface Card of every host machine) of source-destination hosts to correctly deliver a frame
and Network layer requires the IP address for appropriate routing of packets , in a similar way
Transport Layer requires a Port number to correctly deliver the segments of data to the correct
process amongst the multiple processes running on a particular host. A port number is a 16 bit
address used to identify any client-server program uniquely.
• End-to-end Connection between hosts –
The transport layer is also responsible for creating the end-to-end Connection between hosts
for which it mainly uses TCP and UDP. TCP is a secure, connection- orientated protocol which
uses a handshake protocol to establish a robust connection between two end- hosts. TCP
ensures reliable delivery of messages and is used in various applications. UDP, on the other
hand, is a stateless and unreliable protocol which ensures best-effort delivery. It is suitable for
the applications which have little concern with flow or error control and requires to send the
bulk of data like video conferencing. It is often used in multicasting protocols.
• Multiplexing and Demultiplexing –
Multiplexing allows simultaneous use of different applications over a network which is running
on a host. The transport layer provides this mechanism which enables us to send packet
streams from various applications simultaneously over a network. The transport layer accepts
these packets from different processes differentiated by their port numbers and passes them to
the network layer after adding proper headers. Similarly, Demultiplexing is required at the
receiver side to obtain the data coming from various processes. Transport receives the
segments of data from the network layer and delivers it to the appropriate process running on
the receiver’s machine.
• Congestion Control –
Congestion is a situation in which too many sources over a network attempt to send data and
the router buffers start overflowing due to which loss of packets occur. As a result
retransmission of packets from the sources increases the congestion further. In this situation,
the Transport layer provides Congestion Control in different ways. It uses open loop
congestion control to prevent the congestion and closed loop congestion control to remove the
congestion in a network once it occurred. TCP provides AIMD- additive increase multiplicative
decrease, leaky bucket technique for congestion control.
• Data integrity and Error correction –
Transport layer checks for errors in the messages coming from application layer by using error
detection codes, computing checksums, it checks whether the received data is not corrupted
and uses the ACK and NACK services to inform the sender if the data has arrived or not and
checks for the integrity of data.
• Flow control –
The transport layer provides a flow control mechanism between the adjacent layers of the
TCP/IP model. TCP also prevents data loss due to a fast sender and slow receiver by imposing
some flow control techniques. It uses the method of sliding window protocol which is
accomplished by the receiver by sending a window back to the sender informing the size of data
it can receive.
Q.11)What are the special addresses used in IPv4?
Address Block Name

0.0.0.0/8 "This host on this network"
10.0.0.0/8 Private-Use
100.64.0.0/10 Shared Address Space
127.0.0.0/8 Loopback
169.254.0.0/16 Link Local
172.16.0.0/12 Private-Use
192.0.0.0/24 [2] IETF Protocol Assignments
192.0.0.0/29 IPv4 Service Continuity Prefix
192.0.0.8/32 IPv4 dummy address
192.0.0.9/32 Port Control Protocol Anycast
192.0.0.10/32 Traversal Using Relays around NAT Anycast
192.0.0.170/32, NAT64/DNS64 Discovery
192.0.0.171/32
192.0.2.0/24 Documentation (TEST-NET-1)
192.31.196.0/24 AS112-v4
192.52.193.0/24 AMT
192.88.99.0/24 Deprecated (6to4 Relay Anycast)
192.168.0.0/16 Private-Use
192.175.48.0/24 Direct Delegation AS112 Service
198.18.0.0/15 Benchmarking
240.0.0.0/4 Reserved
255.255.255.255 Limited Broadcast
/32
Q.12)How is the address space allocated for IPv6 Addresses? Ipv6 addressing.
How Much IPv6 Do We Have?
So how big is the 2000::/3 block, from which allocations are made? That is 1/8 of the total IPv6
address space, or 2125 (about 4.25E+37) addresses. Unless you are a mathematician that is pretty much
a meaningless number. So let’s try to understand it in more meaningful terms.
IANA gave one /12 block of IPv6 to each of the the five RIRs. The RIRs are all still working on their first
allocation, and will be for quite a while. A normal ISP allocation is a /32. Each /12 has 1,048,576 /32
blocks. So each RIR can supply over a million normal ISP allocations before having to ask IANA for
another /12. In 2000 there were an estimated 10,000 or so ISPs in the entire world. Say there are
20,000 now. A single RIR could supply every ISP in the world 50 normal /32 allocations out of their /
12 block. The actual rules for APNIC’s allocations of IPv6 addresses to ISPs can be found here.
How many /12 blocks do we have to supply RIRs?
There are 512 /12 blocks in the 2000::/3 block. At this time, 507 of them are still in stock at IANA. I
will be amazed if any RIR asks for a second allocation anytime this century – well maybe APNIC. If
somehow we did manage to go through all 512 /12s in 2000::/3 (maybe deploying TCP/IP on trillions
of nano-machines?), there are another five /3 blocks in the address space, with 512 more /12 blocks
each, reserved for future use.
So how long does it take an ISP to go through a /32 block?
A normal organization gets a /48 block of IPv6. A typical /32 ISP allocation contains 65,536 /48 blocks,
so an ISP can provision over 65,000 organizations before having to ask their RIR for another /32. Not
many ISPs have that many organizational customers.
How many /48 blocks are there in the 2000::/3 block?
There are 248 /48 blocks in the entire IPv6 address space, so there are 1/8 that number, or 245 /48
blocks in 2000::/3. That is 35,184,372,088,832 /48 blocks. If you use the figure 7 billion for the
current world population, that works out to 5,026 /48 blocks for each man, woman and child alive. And
every one of those is large enough for the largest organization on Earth. The other five /3 blocks we
have in reserve brings that to over 30,000 /48 blocks per person alive.
We are not about to run out of IPv6 addresses. Please don’t deploy NAT66.
IANA IPv6 Allocations to Date
The official IANA allocation history for IPv6 similar to the one above for IPv4 /8 blocks is here.
There have been a number of small allocations in 2001::/16. The allocation that my /48
(2001:470:3d::/48) came from was granted to ARIN on July 1, 1999 (Hurricane Electric was a very
early adopter).
The initial /12 blocks were allocated to the five RIRs on Oct 3, 2006. They were as follows:
2400::/12 – APNIC
2600::/12 – ARIN
2800::/12 – LACNIC
2a00::/12 – RIPE NCC
2c00::/12 – AfriNIC
If you see an IPv6 unicast address starting with 26xx, now you know it likely came from the U.S. or
Canada (Mexico is in LACNIC).
Q.13)Explain IPv6 base header format.
Figure 11-3 IPv6 Basic Header Format
The following list describes the function of each header field.
• Version – 4-bit version number of Internet Protocol = 6.
• Traffic class – 8-bit traffic class field.

• Flow label – 20-bit field.
• Payload length – 16-bit unsigned integer, which is the rest of the packet that follows the IPv6
header, in octets.
• Next header – 8-bit selector. Identifies the type of header that immediately follows the IPv6
header. Uses the same values as the IPv4 protocol field.
• Hop limit – 8-bit unsigned integer. Decremented by one by each node that forwards the packet.
The packet is discarded if the hop limit is decremented to zero.
• Source address – 128 bits. The address of the initial sender of the packet.
• Destination address – 128 bits. The address of the intended recipient of the packet. The
intended recipient is not necessarily the recipient if an optional routing header is present.
Q.14)Explain role of transport layer.
Transport Layer is the second layer of the TCP/IP model. It is an end-to-end layer used to deliver
messages to a host. It is termed as an end-to-end layer because it provides a point-to-point connection
rather than hop-to- hop, between the source host and destination host to deliver the services reliably.
The unit of data encapsulation in Transport Layer is a segment.
The standard protocols used by Transport Layer to enhance its functionalities are TCP(Transmission
Control Protocol), UDP( User Datagram Protocol), DCCP( Datagram Congestion Control Protocol) etc.
Various responsibilities of a Transport Layer –
• Process to process delivery –

While Data Link Layer requires the MAC address (48 bits address contained inside the Network
Interface Card of every host machine) of source-destination hosts to correctly deliver a frame
and Network layer requires the IP address for appropriate routing of packets , in a similar way
Transport Layer requires a Port number to correctly deliver the segments of data to the correct
process amongst the multiple processes running on a particular host. A port number is a 16 bit
address used to identify any client-server program uniquely.
• End-to-end Connection between hosts –
The transport layer is also responsible for creating the end-to-end Connection between hosts
for which it mainly uses TCP and UDP. TCP is a secure, connection- orientated protocol which
uses a handshake protocol to establish a robust connection between two end- hosts. TCP
ensures reliable delivery of messages and is used in various applications. UDP, on the other
hand, is a stateless and unreliable protocol which ensures best-effort delivery. It is suitable for
the applications which have little concern with flow or error control and requires to send the
bulk of data like video conferencing. It is often used in multicasting protocols.
• Multiplexing and Demultiplexing –
Multiplexing allows simultaneous use of different applications over a network which is running
on a host. The transport layer provides this mechanism which enables us to send packet
streams from various applications simultaneously over a network. The transport layer accepts
these packets from different processes differentiated by their port numbers and passes them to
the network layer after adding proper headers. Similarly, Demultiplexing is required at the
receiver side to obtain the data coming from various processes. Transport receives the
segments of data from the network layer and delivers it to the appropriate process running on
the receiver’s machine.
• Congestion Control –
Congestion is a situation in which too many sources over a network attempt to send data and
the router buffers start overflowing due to which loss of packets occur. As a result
retransmission of packets from the sources increases the congestion further. In this situation,
the Transport layer provides Congestion Control in different ways. It uses open loop
congestion control to prevent the congestion and closed loop congestion control to remove the
congestion in a network once it occurred. TCP provides AIMD- additive increase multiplicative
decrease, leaky bucket technique for congestion control.
• Data integrity and Error correction –
Transport layer checks for errors in the messages coming from application layer by using error
detection codes, computing checksums, it checks whether the received data is not corrupted
and uses the ACK and NACK services to inform the sender if the data has arrived or not and
checks for the integrity of data.
• Flow control –
The transport layer provides a flow control mechanism between the adjacent layers of the
TCP/IP model. TCP also prevents data loss due to a fast sender and slow receiver by imposing
some flow control techniques. It uses the method of sliding window protocol which is
accomplished by the receiver by sending a window back to the sender informing the size of data
it can receive.
Q. Ip fragmentation module.
The maximum sized datagram that can be transmitted through the next network is called the maximum
transmission unit (MTU).
If the total length is less than or equal the maximum transmission unit then submit this datagram to the
next step in datagram processing; otherwise cut the datagram into two fragments, the first fragment
being the maximum size, and the second fragment being the rest of the datagram. The first fragment is
submitted to the next step in datagram processing, while the second fragment is submitted to this
procedure in case it is still too large
Q.15)Explain subnetting with example.
n networking,
• The process of dividing a single network into multiple sub networks is called as subnetting.
• The sub networks so created are called as subnets.
Example-
Following diagram shows the subnetting of a big single network into 4 smaller subnets-
Advantages-
The two main advantages of subnetting a network are
• It improves the security.

• The maintenance and administration of subnets is easy.
Subnet ID-
• Each subnet has its unique network address known as its Subnet ID.
• The subnet ID is created by borrowing some bits from the Host ID part of the IP Address.
• The number of bits borrowed depends on the number of subnets created.
Types of Subnetting-
Subnetting of a network may be carried out in the following two ways-

• Fixed Length SubnettinVariable Length Subnetting
1. Fixed Length Subnetting-
Fixed length subnetting also called as classful subnetting divides the network into subnets where-
• All the subnets are of same size.

• All the subnets have equal number of hosts.
• All the subnets have same subnet mask.
2. Variable Length Subnetting-
Variable length subnetting also called as classless subnetting divides the network into subnets where-
• All the subnets are not of same size.

• All the subnets do not have equal number of hosts.
• All the subnets do not have same subnet mask.
Subnetting Examples-
Now, we shall discuss some examples of subnetting a network-
Example-01:
Consider-
• We have a big single network having IP Address 200.1.2.0.
• We want to do subnetting and divide this network into 2 subnets.
Clearly, the given network belongs to class C.
For creating two subnets and to represent their subnet IDs, we require 1 bit.
• We borrow one bit from the Host ID part.

• After borrowing one bit, Host ID part remains with only 7 bits.
• If borrowed bit = 0, then it represents the first subnet.

• If borrowed bit = 1, then it represents the second subnet.
IP Address of the two subnets are-
• 200.1.2.00000000 = 200.1.2.0
• 200.1.2.10000000 = 200.1.2.128
For 1st Subnet-
• IP Address of the subnet = 200.1.2.0

• Total number of IP Addresses = 27 = 128
• Total number of hosts that can be configured = 128 – 2 = 126
• Range of IP Addresses = [200.1.2.00000000, 200.1.2.01111111] = [200.1.2.0, 200.1.2.127]
• Direct Broadcast Address = 200.1.2.01111111 = 200.1.2.127
• Limited Broadcast Address = 255.255.255.255
For 2nd Subnet-

Example-02:
Consider-
• We have a big single network having IP Address 200.1.2.0.

• We want to do subnetting and divide this network into 4 subnets.
Clearly, the given network belongs to class C.
For creating four subnets and to represent their subnet IDs, we require 2 bits.
So,
• We borrow two bits from the Host ID part.

• After borrowing two bits, Host ID part remains with only 6 bits.
• If borrowed bits = 00, then it represents the 1st subnet.

• If borrowed bits = 01, then it represents the 2nd subnet.
• If borrowed bits = 10, then it represents the 3rd subnet.
• If borrowed bits = 11, then it represents the 4th subnet.
IP Address of the four subnets are-
• 200.1.2.00000000 = 200.1.2.0
• 200.1.2.01000000 = 200.1.2.64
• 200.1.2.10000000 = 200.1.2.128
• 200.1.2.11000000 = 200.1.2.192
For 1st Subnet-

For 2nd Subnet-

For 3rd Subnet-

For 4th Subnet-

Q )Explain strategies for transmission from IPv4 to Ipv6.
used to ensure slow and smooth transition from IPv4 to IPv6.
Dual Stack Routers

A router can be installed with both IPv4 and IPv6 addresses configured on its interfaces pointing to the
network of relevant IP scheme.
Image: Dual Stack

Router]
In the above diagram, a server having IPv4 as well as IPv6 address configured for it can now speak
with all the hosts on both the IPv4 as well as the IPv6 networks with the help of a Dual Stack Router.
The Dual Stack Router, can communicate with both the networks. It provides a medium for the hosts to
access a server without changing their respective IP versions.
Tunneling
In a scenario where different IP versions exist on intermediate path or transit networks, tunneling
provides a better solution where user’s data can pass through a non-supported IP version.
Image:
Tunneling]
The above diagram depicts how two remote IPv4 networks can communicate via a Tunnel, where the
transit network was on IPv6. Vice versa is also possible where the transit network is on IPv6 and the
remote sites that intend to communicate are on IPv4.
NAT Protocol Translation

This is another important method of transition to IPv6 by means of a NAT-PT (Network Address
Translation – Protocol Translation) enabled device. With the help of a NAT-PT device, actual can take
place happens between IPv4 and IPv6 packets and vice versa. See the diagram below:
Image: NAT - Protocol

Translation]
A host with IPv4 address sends a request to an IPv6 enabled server on Internet that does not
understand IPv4 address. In this scenario, the NAT-PT device can help them communicate. When the
IPv4 host sends a request packet to the IPv6 server, the NAT-PT device/router strips down the IPv4
packet, removes IPv4 header, and adds IPv6 header and passes it through the Internet. When a
response from the IPv6 server comes for the IPv4 host, the router does vice versa.
Q )Write a note on Classless addressing.
All IP addresses have a network and host portion. In classful addressing, the network portion ends on
one of the separating dots in the address (on an octet boundary). Classless addressing uses a variable
number of bits for the network and host portions of the address.
Deci 192 160 20 48

mal
Bina 1100 1010 0001 00 0000
ry 0000 0000 0100 11
<-------- 28 bits 4 bits
Network-------> host
Classful addressing divides an IP address into the Network and Host portions along octet boundaries.
Classless addressing treats the IP address as a 32 bit stream of ones and zeroes, where the boundary
between network and host portions can fall anywhere between bit 0 and bit 31. The network portion
of an IP address is determined by how many 1's are in the subnet mask. Again, this can be a variable
number of bits, and although it can fall on an octet boundary, it does not necessarilly need to. A subnet
mask is used locally on each host connected to a network, and masks are never carried in IPv4
datagrams. All hosts on the same network are configured with the same mask, and share the same
pattern of network bits. The host portion of each host's IP address will be unique.
Q) frgmentation offset in ipv4
Fragment Offset
This field solves the problem of sequencing fragments by indicating to the recipient device where in the
overall message each particular fragment should be placed. The field is 13 bits wide, so the offset can
be from 0 to 8191. Fragments are specified in units of 8 bytes, which is why fragment length must be a
multiple of 8. Uncoincidentally, 8191 * 8 is 65,528, just about the maximum size allowed for an IP
datagram.
Let's take the same example from above. The first fragment would have a Fragment Offset of 0. The
second would have an offset of 410 (3,280 divided by 8). The third would have an offset of 820 (6,560
divided by 8). The fourth would have an offset of 1230
Unit 2
Q.)cache control module in ARP

The cache-control module is responsible for maintaining the cache table. It periodi-cally (for
example, every 5 s) checks the cache table, entry by entry. If the state of theentry is FREE, it
continues to the next entry. If the state is PENDING, the moduleincrements the value of the
attempts field by 1. It then checks the value of the attemptsfield. If this value is greater than the
maximum number of attempts allowed, the state ischanged to FREE and the corresponding queue is
destroyed. However, if the number ofattempts is less than the maximum, the module creates and
sends another ARP request. If the state of the entry is RESOLVED, the module decrements the value
of thetime-out field by the amount of time elapsed since the last check. If this value is lessthan or
equal to zero, the state is changed to FREE and the queue is destroyed
Q) message format of rip version 2
Route tag. This field carries information such as the autonomous system number. Itcan be used to
enable RIP to receive information from an interdomain routing protocol.❑Subnet mask. This is a 4-
byte field that carries the subnet mask (or prefix). Thismeans that RIP2 supports classless
addressing and CIDR. ❑Next-hop address. This field shows the address of the next hop. This is
particu-larly useful if two autonomous systems share a network (a backbone, for example).Then the
message can define the router, in the same autonomous system or anotherautonomous system, to
which the packet next goes.
Q.) link state routing(IMP)
Link state routing has a different philosophy from that of distance vector routing.
Inlink state routing, if each node in the domain has the entire topology of the
domain—the list of nodes and links, how they are connected including the type,
cost (metric), andthe condition of the links (up or down)—the node can use the
Dijkstra algorithm tobuild a routing table
The figure shows a simple domain with five nodes. Each node uses the same
topol-ogy to create a routing table, but the routing table for each node is unique
because thecalculations are based on different interpretations of the topology.
This is analogous toa city map. Two persons in two different cities may have the
same map, but each needsto take a different route to reach his destination.The
topology must be dynamic, representing the latest situation of each node
andeach link. If there are changes in any point in the network (a link is down, for
example),the topology must be updated for each node.How can a common
topology be dynamic and stored in each node? No node canknow the topology at
the beginning or after a change somewhere in the network. Linkstate routing is
based on the assumption that, although the global knowledge about thetopology
is not clear, each node has partial knowledge: it knows the state (type, condi-
tion, and cost) of its links. In other words, the whole topology can be compiled
from thepartial knowledge of each node.
In link state routing, four sets of actions are required to ensure that each node
has therouting table showing the least-cost node to every other node.
1.Creation of the states of the links by each node, called the link state packet or
LSP.
2.Dissemination of LSPs to every other router, called flooding,in an efficient
andreliable way.
3.Formation of a shortest path tree for each node.
4.Calculation of a routing table based on the shortest path tree.
Q.) Write a note on timers available in RIP.

Periodic Timer The periodic timer controls the advertising of regular update
messages. Although theprotocol specifies that this timer must be set to 30 s, the
working model uses a randomnumber between 25 and 35 s. This is to prevent
any possible synchronization and there-fore overload on an internet if routers
update simultaneously.Each router has one periodic timer that is randomly set to
a number between 25and 35. It counts down; when zero is reached, the update
message is sent, and the timeris randomly set once again.
Expiration Timer The expiration timer governs the validity of a route. When a
router receives updateinformation for a route, the expiration timer is set to 180 s
for that particular route.Every time a new update for the route is received, the
timer is reset. In normal situa-tions this occurs every 30 s. However, if there is a
problem on an internet and no updateis received within the allotted 180 s, the
route is considered expired and the hop countof the route is set to 16, which
means the destination is unreachable. Every route has itsown expiration timer.
Garbage Collection TimerWhen the information about a route becomes invalid,
the router does not immediatelypurge that route from its table. Instead, it
continues to advertise the route with a metricvalue of 16. At the same time, a
timer called the garbage collection timer is set to 120 sfor that route. When the
count reaches zero, the route is purged from the table. Thistimer allows
neighbors to become aware of the invalidity of a route prior to purging.
Explain two-node instability in RIP.

The figure shows a system with three nodes. We have shown only the portions
ofthe routing table needed for our discussion. At the beginning, both nodes A and
B knowhow to reach node X. But suddenly, the link between A and X fails. Node
A changes itstable. If A can send its table to B immediately, everything is fine.
However, the systembecomes unstable if B sends its routing table to A before
receiving A’s routing table.Node A receives the update and, assuming that B has
found a way to reach X, immedi-ately updates its routing table. Now A sends its
new update to B. Now B thinks thatsomething has been changed around A and
updates its routing table. The cost of reach-ing X increases gradually until it
reaches infinity. At this moment, both A and B knowthat X cannot be reached.
However, during this time the system is not stable. Node Athinks that the route
to X is via B; node B thinks that the route to X is via A. If A receives a packet
destined for X, it goes to B and then comes back to A. Similarly, ifB
receives a packet destined for X, it goes to A and comes back to B.
Packets bouncebetween A and B, creating a two-node loop problem.
Q) note on ARP Cases and Process of ARP
Q )What is the purpose of RIP?
Routing Information Protocol (RIP) is a dynamic protocol used to

find the best route or path from end-to-end (source to
destination) over a network by using a routing metric/hop count
algorithm. This algorithm is used to determine the shortest path
from the source to destination, which allows the data to be
delivered at high speed in the shortest time.
RIP plays an important role providing the shortest and best path
for data to take from node to node. The hop is the step towards
the next existing device, which could be a router, computer or
other device. Once the length of the hop is determined, the
information is stored in a routing table for future use. RIP is being
used in both local and wide area networks and is generally
considered to be easily configured and implemented.
Q) Write a short note on ARP
Stands for "Address Resolution Protocol." ARP is a protocol used
for mapping an IP address to a computer connected to a local
network LAN. Since each computer has a unique physical address
called a MAC address, the ARP converts the IP address to the MAC
address. This ensures each computer has a unique network
identification.
The Address Resolution Protocol is used when information sent to a network arrives at the gateway,
which serves as the entrance point to the network. The gateway uses the ARP to locate the MAC
address of the computer based on the IP address the data is being sent to. The ARP typically looks up
this information in a table called the "ARP cache." If the address is found, the information is relayed to
the gateway, which will send the incoming data to the appropriate machine. It may also convert the data
to the correct network format if necessary.
If the address is not found, the ARP broadcasts a "request packet" to other machines on the network to
see if the IP address belongs to a machine not listed in the ARP cache. If a valid system is located, the
information will be relayed to the gateway and the ARP cache will be updated with the new
information. By updating the ARP cache, future requests for that IP address will be much quicker.
While this may seem like a complex process, it usually takes only a fraction of a second to complete. If
only it was just as easy to find old receipts when you need them.
Q) Write a short note on Proxy ARP.

Proxy ARP was implemented to enable devices which are
separated into network segments connected by a router in the
same IP network or sub-network to resolve IP address to MAC
addresses. When devices are not in same data link layer network
but are in the same IP network, they try to transmit data to each
other as if they were on the local network. However, the router
that separates the devices will not send a broadcast message
because routers do not pass hardware-layer broadcasts.
Therefore, the addresses cannot be resolved. Proxy ARP is
enabled by default so the “proxy router” that resides between the
local networks responds with its MAC address as if it were the
router to which the broadcast is addressed. When the sending
device receives the MAC address of the proxy router, it sends the
datagram to the proxy router, which in turns sends the datagram
to the designated device.
Explain the source quench and time exceeded in ICMP error

reporting messages/ Q.) ICMP time exceeded message type
Source quench message :

Source quench message is request to decrease traffic rate for messages sending to the host(destination).
Or we can say, when receiving host detects that rate of sending packets (traffic rate) to it is too fast it
sends the source quench message to the source to slow the pace down so that no packet can be lost.
ICMP will take source IP from the discarded packet and informs to source by sending source quench
message.
Then source will reduce the speed of transmission so that router will free for congestion.
When the congestion router is far away from the source the ICMP will send hop by hop source quench
message so that every router will reduce the speed of transmission.
Time exceeded message :

When some fragments are lost in a network then the holding fragment by the router will be droped then
ICMP will take source IP from discarded packet and informs to the source, of discarded datagram due
to time to live field reaches to zero, by sending time exceeded message.
Explain the different types of Links used in OSPF.(imp) Write a

note on various links available in OSPF.
In OSPF four different types of links are defined:
• Point to Point: These types of links are present in between two routers and as it is point to
point, there lies no hosts, routers in between the two connected routers.
• Transient link: If there lies large number of routers attached to a network. There can be Lan,
wifi, several different routers then this configuration is termed as transient link.It can be
represented with two topology: Realistic and Unrealistic.
• Stub: It is a network that is connected with a single network. The data packets are sent and
received are through the same router.
• Virtual link: There may be some situation arises when link is broken due to some reason. At
that time the network administrator create a virtual link between the two communicating
routers. These types of link are called virtual link.
There are five different types of packet in the OSPF protocol and they are:
• Hello packet
• Database description
• Link state request
• Link state update
• Link state acknowledgement
Q
List different types of BGP Messages and write the purpose of
each. (IMP)
Type Name Functional Overview
1 OPEN Sets up and establishes BGP adjacency
2 UPDATE Advertises, updates, or withdraws routes
3 NOTIFICATION Indicates an error condition to a BGP neighbor
4 KEEPALIVE Ensures that BGP neighbors are still alive

OPEN
The OPEN message is used to establish a BGP adjacency. Both sides negotiate session capabilities
before a BGP peering establishes. The OPEN message contains the BGP version number, ASN of the
originating router, Hold Time, BGP Identifier, and other optional parameters that establish the session
capabilities.
Hold Time
The Hold Time attribute sets the Hold Timer in seconds for each BGP neighbor. Upon receipt of an
UPDATE or KEEPALIVE, the Hold Timer resets to the initial value. If the Hold Timer reaches zero,
the BGP session is torn down, routes from that neighbor are removed, and an appropriate update route
withdraw message is sent to other BGP neighbors for the impacted prefixes. The Hold Time is a
heartbeat mechanism for BGP neighbors to ensure that the neighbor is healthy and alive.
When establishing a BGP session, the routers use the smaller Hold Time value contained in the two
router’s OPEN messages. The Hold Time value must be at least three seconds, or zero. For Cisco
routers the default hold timer is 180 seconds.
BGP Identifier
The BGP Router-ID (RID) is a 32-bit unique number that identifies the BGP router in the advertised
prefixes as the BGP Identifier. The RID can be used as a loop prevention mechanism for routers
advertised within an autonomous system. The RID can be set manually or dynamically for BGP. A
nonzero value must be set for routers to become neighbors. The dynamic RID allocation logic varies
between the following operating systems.
• IOS: IOS nodes use the highest IP address of the any up loopback interfaces. If there is not an
up loopback interface, then the highest IP address of any active up interfaces becomes the RID
when the BGP process initializes.
• IOS XR: IOS XR nodes use the IP address of the lowest up loopback interface. If there is not
any up loopback interfaces, then a value of zero (0.0.0.0) is used and prevents any BGP
adjacencies from forming.
• NX-OS: NX-OS nodes use the IP address of the lowest up loopback interface. If there is not
any up loopback interfaces, then the IP address of the lowest active up interface becomes the
RID when the BGP process initializes.
Router-IDs typically represent an IPv4 address that resides on the router, such as a loopback address.
Any IPv4 address can be used, including IP addresses not configured on the router. For IOS and IOS
XR, the command bgp router-id router-id is used, and NX-OS uses the command router-id router-id
under the BGP router configuration to statically assign the BGP RID. Upon changing the router-id, all
BGP sessions reset and need to be reestablished.
NOTE
Setting a static BGP RID is a best practice.
KEEPALIVE
BGP does not rely on the TCP connection state to ensure that the neighbors are still alive. Keepalive
messages are exchanged every one-third of the Hold Timer agreed upon between the two BGP routers.
Cisco devices have a default Hold Time of 180 seconds, so the default Keepalive interval is 60 seconds.
If the Hold Time is set for zero, no Keepalive messages are sent between the BGP neighbors.
UPDATE
The Update message advertises any feasible routes, withdraws previously advertised routes, or can do
both. The Update message includes the Network Layer Reachability Information (NLRI) that includes
the prefix and associated BGP PAs when advertising prefixes. Withdrawn NLRIs include only the
prefix. An UPDATE message can act as a Keepalive to reduce unnecessary traffic.
NOTIFICATION Message
A Notification message is sent when an error is detected with the BGP session, such as a hold timer
expiring, neighbor capabilities change, or a BGP session reset is requested. This causes the BGP
connection to close.
Q )What is Address Resolution Protocol? What is its use? Explain

the ARP Request and Reply Messages.Draw and explain packet
format of ARP.
Ans. Address Resolution Protocol (ARP) is one of the major
protocol in the TCP/IP suit and the purpose of Address Resolution
Protocol (ARP) is to resolve an IPv4 address (32 bit Logical
Address) to the physical address (48 bit MAC Address). Network
Applications at the Application Layer use IPv4 Address to
communicate with another device. But at the Datalink layer, the
addressing is MAC address (48 bit Physical Address), and this
address is burned into the network card permanently. You can
view your network card’s hardware address by typing the
command "ipconfig /all" at the command prompt (Without double
quotes using Windows Operating Systems).
What is the use of ARP?
A host in an Ethernet network can communicate with another host, only if it knows the Ethernet
address (MAC address) of that host. The higher level protocols like IP use a different kind of
addressing scheme (like IP address) from the lower level hardware addressing scheme like MAC
address. ARP is used to get the Ethernet address of a host from its IP address. ARP is extensively used
by all the hosts in an Ethernet network.
•
The purpose of Address Resolution Protocol (ARP) is to find out the MAC address of a device in your
Local Area Network (LAN), for the corresponding IPv4 address, which network application is trying to
communicate.
Address Resolution Protocol (ARP) Message Format
Address Resolution Protocol (ARP) Message Format

Following are the fields in the Address Resolution Protocol (ARP) Message Format.
Hardware Type: Hardware Type field in the Address Resolution Protocol (ARP) Message specifies the
type of hardware used for the local network transmitting the Address Resolution Protocol (ARP)
message. Ethernet is the common Hardware Type and he value for Ethernet is 1. The size of this field is
2 bytes.
Protocol Type: Each protocol is assigned a number used in this field. IPv4 is 2048 (0x0800 in Hexa).
Hardware Address Length: Hardware Address Length in the Address Resolution Protocol (ARP)
Message is length in bytes of a hardware (MAC) address. Ethernet MAC addresses are 6 bytes long.
Protocol Address Length: Length in bytes of a logical address (IPv4 Address). IPv4 addresses are 4
bytes long.
Opcode: Opcode field in the Address Resolution Protocol (ARP) Message specifies the nature of the
ARP message. 1 for ARP request and 2 for ARP reply.
Sender Hardware Address: Layer 2 (MAC Address) address of the device sending the message.
Sender Protocol Address: The protocol address (IPv4 address) of the device sending the message
Target Hardware Address: Layer 2 (MAC Address) of the intended receiver. This field is ignored in
requests.
Target Protocol Address: The protocol address (IPv4 Address) of the intended receiver.
ARP Request & Reply:
• ARP maintains the mapping between IP address and MAC address in a table in
memory called ARP cache.
• The entries in this table are dynamically added and removed.
• A host will update its ARP cache, only if the ARP request is for its IP address.
• Otherwise, it will discard the ARP request.
• Consider the above figure, in this a Host sends out the Request Message.
• It is looking for the MAC Address of the node with IP Address 192.168.1.220.
• The Node with the IP Address 192.168.1.220 sends out the Reply Message.
• In reply message it sends its MAC Address to the Host.
Q) State and Explain Dijkstra`s Algorithm
What is the use of Query Messages? Explain any one /Q. ICMP
timestamp message type
II) Query:
he query messages, which occur in pairs, help a host or a
network manager get specific information from a router or
another host.
In addition to error reporting, ICMP can diagnose some network problems. This is accomplished
through the query messages, a group of four different pairs of messages, as shown in Figure3
• Echo Request and Reply: The echo-request and echo-reply messages are designed for
diagnostic purposes. Network managers and users utilize this pair of messages to identify
network problems.
• Timestamp Request and Reply: Two machines (hosts or routers) can use the timestamp
request and timestamp reply messages to determine the round-trip time needed for an IP
datagram to travel between them. It can also be used to synchronize the clocks in two machines.
• Address-Mask Request and Reply: If the host knows the address of the router, it sends the
request directly to the router. If it does not know, it broadcasts the message. The router receiving
the address-mask-request message responds with an address-mask-reply message, providing the
necessary mask for the host.
• Router Solicitation and Advertisement: A host that wants to send data to a host on another
network needs to know the address of routers connected to its own network. Also, the host must
know if the routers are alive and functioning. The router-solicitation and router-advertisement
messages can help in this situation.
• Checksum: In ICMP the checksum is calculated over the entire message (header and data).
Draw and explain general format of ICMP messages.
ICMP Common Message Format
The structure of an ICMP message can be generally thought of as having a common part and
a unique part. The common part consists of three fields that have the same size and same
meaning in all ICMP messages (though the values in the fields aren't the same for each ICMP
message type, of course). The unique part contains fields that are specific to each type of
message.
Field Size Description

Name (bytes)
Type 1 Type:Identifies the ICMP message type. For ICMPv6, values from 0
to 127 are error messages and values 128 to 255 are informational
messages. Common values for this field are given in the table in the
topic on ICMP message classes and types.
Code 1 Code:Identifies the “subtype” of message within each ICMP

message Type value. Thus, up to 256 “subtypes” can be defined for
each message type. Values for this field are shown in the individual
ICMP message type topics.
Checksu 2 Checksum:16-bit checksum field that is calculated in a manner

m similar to the IP header checksum in IPv4. It provides error
detection coverage for the entire ICMP message. Note that in
ICMPv6, a pseudo-header of IPv6 header fields is prepended for
checksum calculation; this is similar to the way this is done in TCP.
Message Variable Message Body:Contains the specific fields used to implement each
Body / message type. This is the unique part of the message as I
Data mentioned above.
Explain two-node instability in RIP.
Explain various types of LSA in OSPF.

The type of LSA depends on the different entities that broadcast them.
1.Router LSA -the router announces its presence and lists the links to
other routers or networks in the same area, together with the metrics to
them. Type 1 LSAs are flooded across their own area only.
2.Network LSA -the designated router on a broadcast segment (e.g.

Ethernet) lists which routers are joined together by the segment. Type 2
LSAs are flooded across their own area only.
3.Summary LSA to Network -an Area Border Router (ABR) takes

information it has learned on one of its attached areas and it can
summarize it (but not by default) before sending it out on other areas it
is connected to. This summarization helps provide scalability by
removing detailed topology information for other areas, because their
routing information is summarized into just an address prefix and metric.
4.ASBR-Summary LSA -this is needed because Type 5 External LSAs are

flooded to all areasand the detailed next-hop information may not be
available in those other areas. This is solved by an Area Border Router
flooding the information for the router (i.e. the Autonomous System
Boundary Router) where the type 5 originated.
5.External LSA -these LSAs contain information imported into OSPF from
other routing processes. They are flooded to all areas (except stub areas)
Q)write an algorithm for Input module and output module in Arp
Process(IMP)
ARP Output Module

ARP_Output_Module ( )
Sleep until an IP packet is received from IP software. Check cache table for an entry
corresponding to the destination of IP packet.
If (entry is found)
If (the state is RESOLVED)
Extract the value of the hardware address from the entry. Send the packet and the
hardware address to data link layer.
Return
} // end if
If (the state is PENDING)
Enqueue the packet to the corresponding queue.
Return
}//end if2
}//end if
If (entry is not found)
Create a cache entry with state set to PENDING and ATTEMPTS set to 1.
Create a queue.
Enqueue the packet.
Send an ARP request.
Returnn
}//end if
//end module
ARP Input Module

ARP_Input_Module ( )
{
Sleep until an ARP packet (request or reply) arrives. Check the cache table to find the
corresponding entry.
If (found)
{
Update the entry.
If (the state is PENDING)
{
While (the queue is not empty)
Dequeue one packet.13Send the packet and the hardware address.
}//end if
}//end if
}//end if
If (not found)
{
Create an entry. Add the entry to the table.
}//end if
If (the packet is a request)
{
Send an ARP reply.
}//end if
Return
}//end module
Q) Distance Vector Routing
Distance Vector Routing Algorithm

The Bellman-Ford algorithm can be very well applied to a map of roads between cities
because we can have all of the initial information about each node at the same place.
We can enter this information into the computer and let the computer hold the intermediate
results and create the final vectors for each node to be printed. In other words, the
algorithm is designed to create the result synchronously. If we want to use the algorithm
for creating the routing table for routers in an AS, we need to change the algorithm:
1. In distance vector routing, the cost is normally hop counts (how many networks are
passed before reaching the destination). So the cost between any two neighbors is set to 1.
2. Each router needs to update its routing table asynchronously, whenever it has received
some information from its neighbors. In other words, each router executes part of the
whole algorithm in the Bellman-Ford algorithm. Processing is distributive.
3. After a router has updated its routing table, it should send the result to its neighbors
so that they can also update their routing table.
4. Each router should keep at least three pieces of information for each route: destination
network, the cost, and the next hop. We refer to the whole routing table as
Table, to the row i in the table as Tablei, to the three columns in row i as
Tablei.dest, Tablei.cost, and Tablei.next.
5. We refer to information about each route received from a neighbor as R (record),
which has only two pieces of information: R.dest and R.cost. The next hop is not
included in the received record because it is the source address of the sender.
Table 11.2 shows the algorithm in pseudocode.
Table 11.2 Distance Vector Algorithm Used by Each Router
1
Distance_Vector_Algorithm ( )
2{
3 // At startup
4 for (i = 1 to N) // N is number of ports
5{
6 Tablei.dest = address of the attached network
7 Tablei.cost = 1
8 Tablei.next =• // Means at home
9 Send a record R about each row to each neighbor
10 } // end for loop
11
12 // Updating
13 repeat (forever)
14 {
15 Wait for arrival of a record R from a neighbor
16 Update (R, T) // Call update module
17 for (i = 1 to N) // N is the current table
{
19 Send a record R about each row to each neighbor
20 }
21 } // end repeat
22
23 } // end Distance_Vector
24 Update (R, T) // Update module
25 {
26 Search T for a destination matching the one in R
27 if (destination is found in row i)
28 {
29 if (R.cost + 1 < Ti.cost or R.next == Ti.next)
30 {
31 Ti.cost = R.cost + 1
32 Ti.next = Address of sending router
33 }
34 else discard the record // No change is needed
35 }
36 else
37 // Insert the new router
38 {
39 TN +1.dest = R.dest
40 TN +1.cost = R.cost + 1
41 TN +1.next = Address of sending router
42 Sort the table according to destination address
43 }
44 } // end of Update module
Q.) Explain the concept of path vector routing.

Distance vector and link state routing are both interior routing protocols. They can be
used inside an autonomous system as intra-domain or intra-AS (as sometimes are
called), but not between autonomous systems. Both of these routing protocols become
intractable when the domain of operation becomes large. Distance vector routing is
subject to instability if there is more than a few hops in the domain of operation. Link
state routing needs a huge amount of resources to calculate routing tables. It also creates
heavy traffic because of flooding. There is a need for a third routing protocol which
we call path vector routing.
Path vector routing is exterior routing protocol proved to be useful for interdomain
or inter-AS routing as it is sometimes called. In distance vector routing, a router has a list of networks that can be reached in
the same AS with the corresponding
cost (number of hops). In path vector routing, a router has a list of networks that can be
reached with the path (list of ASs to pass) to reach each one. In other words, the domain
of operation of the distance vector routing is a single AS; the domain of operation of the
path vector routing is the whole Internet. The distance vector routing tells us the distance
to each network; the path vector routing tells us the path.
Q.) infficiency of mobile ip Q home agent and foreign agent

Double CrossingDouble crossing occurs when a remote host communicates with a mobile host
that hasmoved to the same network (or site) as the remote host (see Figure 10.8). When the mobile
host sends a packet to the remote host, there is no inefficiency;the communication is local.
However, when the remote host sends a packet to themobile host, the packet crosses the Internet
twice. Since a computer usually communicates with other local computers (principle oflocality), the
inefficiency from double crossing is significant.
Triangle Routing the less severe case, occurs when the remote host communicateswith a mobile
host that is not attached to the same network (or site) as the mobile host.When the mobile host
sends a packet to the remote host, there is no inefficiency. How-ever, when the remote host sends a
packet to the mobile host, the packet goes from theremote host to the home agent and then to the
mobile host. The packet travels the twosides of a triangle, instead of just one side.
Home AgentThe home agent is usually a router attached to the home network of the mobile
host.The home agent acts on behalf of the mobile host when a remote host sends a packet tothe
mobile host. The home agent receives the packet and sends it to the foreign agent.
Foreign AgentThe foreign agentis usually a router attached to the foreign network. The foreign
agentreceives and delivers packets sent by the home agent to the mobile host. The mobile host can
also act as a foreign agent. In other words, the mobile hostand the foreign agent can be the same.
However, to do this, a mobile host must be ableto receive a care-of address by itself, which can be
done through the use of DHCP. Inaddition, the mobile host needs the necessary software to allow it
to communicate withthe home agent and to have two addresses: its home address and its care-of
address.This dual addressing must be transparent to the application programs. When the mobile
host acts as a foreign agent, the care-of address is called acolocated care-of address.
Q) explain fields in cache table in Arp process

Ans.State. This column shows the state of the entry. It can have one of three values:
FREE, PENDING, or RESOLVED. The FREE state means that the time-to-live forthis entry has expired. The space can be
used for a new entry. The PENDING statemeans a request for this entry has been sent, but the reply has not yet been
received. The RESOLVED state means that the entry is complete. The entry now
has the physical (hardware) address of the destination. The packets waiting to be
sent to this destination can use the information in this entry.
Hardware type. This column is the same as the corresponding field in the ARP packet.
Protocol type. This column is the same as the corresponding field in the ARP packet.
Hardware length. This column is the same as the corresponding field in the ARP
packet.
Protocol length. This column is the same as the corresponding field in the ARP packet.
Interface number. A router (or a multihomed host) can be connected to different
networks, each with a different interface number. Each network can have different
hardware and protocol types.
Queue number. ARP uses numbered queues to enqueue the packets waiting for
address resolution. Packets for the same destination are usually enqueued in the
same queue.
Attempts. This column shows the number of times an ARP request is sent out for
this entry.
Time-out. This column shows the lifetime of an entry in seconds.
Hardware address. This column shows the destination hardware address. It
remains empty until resolved by an ARP reply.
Protocol address. This column shows the destination IP address.
Unit 3
Q.) three -way handshake protocol used by TCP
Q.) Different connectionless services
Q) List different TCP Options and explain any one

End of Option (EOP)
The end-of-option (EOP) option is a 1-byte option used for padding at the end of the
option section. It can only be used as the last option. Only one occurrence of this option is
allowed. After this option, the receiver looks for the payload data. Figure 15.42 shows an
example. A 3-byte option is used after the header; the data section follows this option.
One EOP option is inserted to align the data with the boundary of the next word.
Maximum Segment Size (MSS)

The maximum-segment-size option defines the size of the biggest unit of data that can
be received by the destination of the TCP segment. In spite of its name, it defines the
maximum size of the data, not the maximum size of the segment. Since the field is 16 bits
long, the value can be 0 to 65,535 bytes.
Q.) UDP Services(IMP)

Process-to-Process Communication UDP provides process-to-process
communication discussed in Chapter 13 using sock-ets, a combination of
IP addresses and port numbers.
Port Protocol Description
7 Echo Echoes a received datagram back to the sender
9 Discard Discards any datagram that is received
11 Users Active users
13 Daytime Returns the date and the time
17 Quote Returns a quote of the day
Flow ControlUDP is a very simple protocol. There is no flow control, and hence no window
mecha-nism. The receiver may overflow with incoming messages. The lack offlow controlmeans that
the process using UDP should provide for this service, if needed.
Error ControlThere is no error control mechanism in UDP except for the checksum. This
meansthat the sender does not know if a message has been lost or duplicated. When thereceiver
detects an error through the checksum, the user datagram is silently dis-carded. The lack oferror
controlmeans that the process using UDP should provide forthis service if needed.
Q) two timers in TCP explain RE-TRansmission timer in tcp

Retransmission Timer
To retransmit lost segments, TCP employs one retransmission timer (for the whole connection
period) that handles the retransmission time-out (RTO), the waiting time for an
acknowledgment of a segment. We can define the following rules for the retransmission
timer:
1. When TCP sends the segment in front of the sending queue, it starts the timer.
2. When the timer expires, TCP resends the first segment in front of the queue, and
restarts the timer.
3. When a segment (or segments) are cumulatively acknowledged, the segment (or
segments) are purged from the queue.
4. If the queue is empty, TCP stops the timer; otherwise, TCP restarts the timer
Keepalive Timer: A keepalive timer is used in some implementations to prevent a long idle
connectionbetween two TCPs. Suppose that a client opens a TCP connection to a server,
transferssome data, and becomes silent. Perhaps the client has crashed. In this case, the connec-
tion remains open forever. To remedy this situation, most implementations equip a server with a
keepalivetimer. Each time the server hears from a client, it resets this timer. The time-out is usu-ally
2 hours. If the server does not hear from the client after 2 hours, it sends a probesegment. If there
is no response after 10 probes, each of which is 75 s apart, it assumesthat the client is down and
terminates the connection.
TIME-WAIT Timer: The TIME-WAIT (2MSL) timer is used during connection termination. We
discussedthe reasons for this timer in Section 15.5 (State Transition Diagram).
Q.) Draw and explain client state transition diagram of TCP.
Q.) write and explain psudo code of input module of UDP, Control Block Module and output module of
UDP
Ans. Input ModuleThe input module (Table 14.3) receives a user datagram
from the IP. It searches thecontrol-block table to find an entry having the same
port number as this user datagram.If the entry is found, the module uses the
information in the entry to enqueue the data.If the entry is not found, it
generates an ICMP message.
Input Module
1 UDP_INPUT_Module (user_datagram)
2 {
3 Look for the entry in the control_block table
4 if (found)
5 {
6 Check to see if a queue is allocated
7 If (queue is not allocated)
8 allocate a queue
9 else
10 enqueue the data
11} //end if
12else
13{
14 Ask ICMP to send an "unreachable port" message
15 Discard the user datagram
16 } //end else
17
18 Return.
19 } // end module
Control Block Module

1 UDP_Control_Block_Module (process ID, port number)
2{
3 Search the table for a FREE entry.
4 if (not found)
5 Delete one entry using a predefined strategy.
6 Create a new entry with the state IN-USE
7 Enter the process ID and the port number.
8 Return.
9 } // End module
UDP_OUTPUT_MODULE (Data)
2{
3 Create a user datagram
4 Send the user datagram
5 Return.
6}
c Draw and explain TCP Segment format.
Q. byte number, sequence number, acknowledment number used in TCP

Byte Number TCP numbers all data bytes (octets) that are transmitted in a connection. Numbering
isindependent in each direction. When TCP receives bytes of data from a process, TCPstores them
in the sending buffer and numbers them. The numbering does not necessar-ily start from 0. Instead,
TCP chooses an arbitrary number between 0 and 232− 1 forthe number of the first byte. For
example, if the number happens to be 1,057 and thetotal data to be sent is 6,000 bytes, the bytes
are numbered from 1,057 to 7,056. We willsee that byte numbering is used for flow and error
control.
Sequence Number After the bytes have been numbered, TCP assigns a sequence number to each
segmentthat is being sent. The sequence number for each segment is the number of the first byteof
data carried in that segment
Acknowledgment NumberAs we discussed previously, communication in TCP is full duplex; when a

connectionis established, both parties can send and receive data at the same time. Each party num-
bers the bytes, usually with a different starting byte number. The sequence number ineach direction
shows the number of the first byte carried by the segment. Each partyalso uses an acknowledgment
number to confirm the bytes it has received. However, theacknowledgment number defines the
number of the next byte that the party expects toreceive. In addition, the acknowledgment number
is cumulative, which means that theparty takes the number of the last byte that it has received, safe
and sound, adds 1 to it,and announces this sum as the acknowledgment number. The term
cumulative heremeans that if a party uses 5,643 as an acknowledgment number, it has received all
bytesfrom the beginning up to 5,642. Note that this does not mean that the party has received5,642
bytes because the first byte number does not have to start from 0.
Q.) congestion control used by TCP

Congestion Control
TCP, unlike UDP, takes into account congestion in the network. The amount of data
sent by a sender is not only controlled by the receiver (flow control), but is also determined
by the level of congestion, if any, in the network.
Q.) Half- Close in TCP
Half-CloseIn TCP, one end can stop sending data while still receiving data. This is called a half-close.
Either the server or the client can issue a half-close request. It can occur when theserver needs all
the data before processing can begin. A good example is sorting. Whenthe client sends data to the
server to be sorted, the server needs to receive all the databefore sorting can start. This means the
client, after sending all data, can close the con-nection in the client-to-server direction. However,
the server-to-client direction mustremain open to return the sorted data. The server, after receiving
the data, still needstime for sorting; its outbound direction must remain open.
The first two segments are the same as for a regular close: a FIN by the initiator, followed by an ACK
of the FIN by the recipient. The operation then differs from Figure 13-1, because the side that receives
the half-close can still send data. We show only one data segment, followed by an ACK, but any
number of data segments can be sent. (The exchange of data segments and acknowledgments is
detailed in Chapter 15.) When the end that received the half-close is done sending data, it closes its end
of the connection, causing a FIN to be sent, and this delivers an end-of-file indication to the application
that initiated the half-close. When this second FIN is acknowledged, the connection is completely
closed.
Unit 4
Q.) short note on DNS Protocol
Q) short note SCTP. List SCTP Packets. Explain any two of them
Stream Control Transmission Protocol (SCTP) is a new reliable, message-oriented
transport-layer protocol.SCTP lies between the application layer and the network
layer and serves as the intermediary between the application programs and the
network operations.SCTP combines the best features of UDP and TCP. SCTP is a reliable messageoriented
protocol. It preserves the message boundaries and at the same time detects
lost data, duplicate data, and out-of-order data. It also has congestion control and
flow control mechanisms. Later we will see that SCTP has other innovative features
unavailable in UDP and TCP.
f Explain INIT chunk of SCTP.
How Dynamic Host Configuration Protocol (DHCP) Works? dhcp Explain completely
(IMP)
The Dynamic Host Configuration Protocol (DHCP) client TCP/IP software is not configured with a
static IP address and it is configured to obtain an IP address dynamically from a Dynamic Host
Configuration Protocol (DHCP) Server. When a DHCP client device boots up, it not capable send and
receive network traffic, because TCP/IP is not configured. But it can participate in broadcast traffic.
DHCP Clients and DHCP Servers uses broadcast messages to communicate with each other. The scope
of a broadcast message is only within the local broadcast domain. Broadcast messages will never cross
the router to reach another network, because Routers drop Limited Broadcast IP Address.
Two important IPv4 addresses used in DHCPv4 messages are 0.0.0.0 and 255.255.255.255. IPv4
address 0.0.0.0 is used by an IPv4 device, when it has not yet been assigned an IPv4 address. When a
DHCP client boots up, it doesnt have a valid IPv4 Address.
IPv4 address 255.255.255.255 is also known as Limited Broadcast IP Address. An IPv4 datagram with
255.255.255.255 as destination IPv4 address is broadcasted in the LAN.
DHCPDISCOVER and DHCPREQUEST messages are sent from DHCP Client to DHCP Server.
DHCPOFFER and DHCPACK messages are sent from DHCP Server to DHCP Client.
The process of leasing TCP/IP configuration from the Dynamic Host Configuration Protocol (DHCP)
server involves four steps as listed below.
1. DHCPDISCOVER: The Dynamic Host Configuration Protocol (DHCP) client broadcasts a DHCP
discover message on the network containing its MAC address destined for UDP port number 68 (used
by BOOTP and Dynamic Host Configuration Protocol (DHCP) servers). This first datagram is known
as a DHCPDISCOVER message, which is a request to any DHCP Server that receives the datagram for
configuration information. As the name implies, the purpose of DHCPDISCOVER mesage is to
discover a DHCP server.
As you can see from the screenshot copied below, the destination MAC Address of a
DHCPDISCOVER message is ff:ff:ff:ff:ff:ff, which is the Broadcast MAC Address. An Ethernet Frame
with Broadcast MAC Address as the destination MAC Address is flooded to every port of the
connected LAN Switch. DHCPDISCOVER message is delivered to every connected computer in the
Broadcast Domain.
2. DHCPOFFER: DHCPDISCOVER Message was delivered to every connected computers in the
Broadcast Domain. Every DHCP Server in the Broadcast Domain which received the
DHCPDISCOVER message responds with a DHCPOFFER message. Other computers simply drop the
DHCPDISCOVER Message.
DHCPOFFER Message contains the offered TCP/IP Configuration values like IPv4 address and subnet
mask. If the DHCP client device received multiple DHCPOFFER, the DHCP client accepts the first
DHCPOFFER Message that arrives.
3. DHCPREQUEST: The Dynamic Host Configuration Protocol (DHCP) client accepts an offer and
broadcasts a DHCPREQUEST datagram. The DHCPREQUEST datagram contains the IP address of
the server that issued the offer and the physical address (MAC Address) of the DHCP client.
DHCPREQUEST message requests the selected DHCP server to assign the DHCP client an IP address
and other TCP/IP configuration values. DHCPREQUEST message also notifies all other DHCP servers
that their offers were not accepted by the DHCP client.
4. DHCPACK: When the DHCP server from which the offer was selected receives the
DHCPREQUEST datagram, it constructs a DHCPACK datagram. This datagram is known as a
DHCPACK (DHCP ACKNOWLEDGEMENT). The DHCPACK includes an IP address and subnet
mask for the DHCP client. It may include other TCP/IP configuration information like IP address of the
default gateway, IP addresses of DNS servers, IP addresses of WINS servers etc.
short note on transition states of Dynamic Host

ConfigurationProtocol clinet diagram also.(IMP)
DHCP is Dynamic Host Configuration Protocol for assigning IP addresses to devices on a network,
a device can have different IP address every time it connects to the network.
• The DHCP has been devised to provide static and dynamic address allocation.
• To provide dynamic address allocation, the DHCP client acts as a state machine that performs
transitions from one state to another depending on the messages it receives or sends. Figure
shows the transition diagram with main states.
• INIT State: When the DHCP client first starts, it is in the INIT state (initializing state). The
client broadcasts a DHCPDISCOVER message (a request message with the DHCPDISCOVER
option), using port 67.
• SELECTING State: After sending the DHCPDISCOVER message, the client goes to the
selecting state. Those servers that can provide this type of service respond with a DHCPOFFER
message. In these messages, the servers offer an IP address. They can also offer the lease
duration. The default is 1 hour. The server that sends a DHCPOFFER locks the offered IP
address so that it is not available to any other clients. The client chooses one of the offers and
sends a DHCPREQUEST message to the selected server. It then goes to the requesting state.
However, if the client receives no DHCPOFFER message, it tries four more times, each with a
span of 2 seconds. If there is no reply to any of these DHCPDISCOVERs, the client sleeps for 5
minutes before trying again.
• REQUESTING State: The client remains in the requesting state until it receives a DHCPACK
message from the server that creates the binding between the client physical address and its IP
address. After receipt of the DHCPACK, the client goes to the bound state.
• BOUND State: In this state, the client can use the IP address until the lease expires. When 50
percent of the lease period is reached, the client sends another DHCPREQUEST to ask for
renewal. It then goes to the renewing state. When in the bound state, the client can also cancel
the lease and go to the initializing state.
• RENEWING State: The client remains in the renewing state until one of two events happens.
It can receive a DHCPACK, which renews the lease agreement. In this case, the client resets its
timer and goes back to the bound state. Or, if a DHCPACK is not received, and 87.5 percent of
the lease time expires, the client goes to the rebinding state.
• REBINDING State: The client remains in the rebinding state until one of three events happens.
If the client receives a DHCPNACK or the lease expires, it goes back to the initializing state
and tries to get another IP address. If the client receives a DHCPACK, it goes to the bound state
and resets the timer.
Explain the Fully Qualified Domain Name (FQDN) and Partially

Qualified Domain Name (PQDN) in Domain NameSystem.
Fully Qualified Domain Name (FQDN) of a host in the DNS namespace hierarchyconsists of all the
labels from the node, up to the root of the namespace, separated by periods ("."). Fully Qualified
Domain Name (FQDN) must end with a empty string, which represnts the Root. Since there is no
need to represent empty string, Fully Qualified Domain Name (FQDN) ends with a period (.). The
trailing period (".") for the root domain is usually omitted in day to day use, but the DNS Resolver
(Client) and DNS Servers must use it during actual DNS name queries..
Using Fully Qualified Domain Name (FQDN) , we can identify a host's position from the Root of the
DNS namespace. An Fully Qualified Domain Name (FQDN) can unambiguously indicate the
position of a host relative to the DNS Root.
Example of a Fully Qualified Domain Name (FQDN) is pc15.tek.omnisecu.com.
When you happen to see a Fully Qualified Domain Name (FQDN), you should understand its
structure as explained below. Remember, a dot (".") is used to separate two labels inside a Fully
Qualified Domain Name (FQDN).
Try to read it from right-most position, which represents the DNS Root.
Note: DNS Domain names can contain characters "a to z", "A to Z", "0 to 9", and "-"(hyphen) only.
Other common characters are not allowed.
A Partially Qualified Domain Name (PQDN) is used to specify a portion of a domain name, normally
the host portion of it. A Partially Qualified Domain Name (PQDN) starts with a host name, but it
may not reach up to the root.
Example of Partially Qualified Domain Name (PQDN) pc15. Usually the computers will add the
DNS suffix along with Partially Qualified Domain Name (PQDN) before sending a DNS query for
name resolution.
I
Q
q. dhcp message format(imp)

Dynamic Host Configuration Protocol (DHCP) Message Format
Description
he type of the Dynamic Host Configuration Protocol (DHCP) message. Set to 1 in messages sent by a client (requests) and 2 in m
he network LAN architecture. For example, the ethernet type is specified when htype is set to 1.
ata-link layer) address length (MAC address)(in bytes); defines the length of hardware addressin the chaddr field. For Ethernet (
s 6.
relay agents that have forwarded this message.
ients to match responses from servers with previously transmitted requests.
me (in seconds) since the client began theDynamic Host Configuration Protocol (DHCP) process.
is called the broadcastbit, can be set to 1 to indicate that messages to the client must be broadcast
address; set by the client when the client has confirmed that its IP addressis valid.
address; set by the server to inform the client of the client s IP address.
of the next server for the client to use in the configuration process (for example, the server to contact for TFTP download of an o
t (gateway) IP address; filled in by the relay agent with the address of the interface through which Dynamic Host Configuration
rdware address (Layer 2 address).

e next server for client to use in the configuration process.
e file for the client to request from the next server (for example the name of the file that contains the operating system for this cl
have learned Dynamic Host Configuration Protocol (DHCP) Message Format and Dynamic Host Configuration Protocol (DH
ssage fields in this lesson. Click "Next"to continue.
Q.) Association establishment of SCTP
Association establishment in SCTP requires a four-way handshake. In this proce-dure, a process,

normally a client, wants to establish an association with another process,normally a server, using
SCTP as the transport layer protocol. Similar to TCP, theSCTP server needs to be prepared to
receive any association (passive open). Associa-tion establishment, however, is initiated by the
client (active open).
The steps, in a normal situation, are as follows:
1.The client sends the first packet, which contains an INIT chunk. The verificationtag(VT) of this
packet (defined in the general header) is 0 because no verificationtag has yet been defined for this
direction (client to server).The INIT tag includesan initiation tag to be used for packets from the
other direction (server to client).The chunk also defines the initial TSN for this direction and
advertises a value forrwnd. The value of rwnd is normally advertised in a SACK chunk; it is done
herebecause SCTP allows the inclusion of a DATA chunk in the third and fourth packets;the server
must be aware of the available client buffer size. Note that no other chunkscan be sent with the first
packet.
2.The server sends the second packet, which contains an INIT ACK chunk. The veri-fication tag is
the value of the initial tag field in the INIT chunk. This chunk ini-tiates the tag to be used in the
other direction, defines the initial TSN, for data flowfrom server to client, and sets the servers’
rwnd. The value of rwnd is defined toallow the client to send a DATA chunk with the third packet.
The INIT ACK also. sends a cookie that defines the state of the server at this moment. We will
discussthe use of the cookie shortly.
3.The client sends the third packet, which includes a COOKIE ECHO chunk. This isa very simple
chunk that echoes, without change, the cookie sent by the server.SCTP allows the inclusion of data
chunks in this packet.
4.The server sends the fourth packet, which includes the COOKIE ACK chunk thatacknowledges the
receipt of the COOKIE ECHO chunk. SCTP allows the inclu-sion of data chunks with this packet.
Q.) Recursive and iterative solution in DNS
Ans.-
RECURSIVE Resolution
The client (resolver) can ask for a recursive answer from a name server. Thismeans that the
resolver expects the server to supply the final answer. If the server is theauthority for the domain
name, it checks its database and responds. If the server is notthe authority, it sends the request to
another server (the parent usually) and waits for theresponse. If the parent is the authority, it
responds; otherwise, it sends the query to yetanother server. When the query is finally resolved, the
response travels back until itfinally reaches the requesting client.
Iterative Resolution
If the client does

not ask for a recursive answer, the mapping can be done iteratively. Ifthe server is an authority for
the name, it sends the answer. If it is not, it returns (to theclient) the IP address of the server that it
thinks can resolve the query. The client isresponsible for repeating the query to this second server.
If the newly addressed servercan resolve the problem, it answers the query with the IP address;
otherwise, it returnsthe IP address of a new server to the client. Now the client must repeat the
query to thethird server. This process is called iterative because the client repeats the same query
tomultiple servers. In Figure 19.13 the client queries five servers before it gets an answerfrom the
mcgraw.com server.
UNIT 5
Q)different nodes of TELNET Operations.
Q.Explain Generic, Country and the Inverse Domain.
Q. concept of nvt and nvt character set(imp)
Network Virtual Terminal (NVT)The mechanism to access a remote computer is complex.

This is because every com-puter and its operating system accepts a special combination of
characters as tokens.For example, the end-of-file token in a computer running the DOS operating
system isCtrl+z, while the UNIX operating system recognizes Ctrl+d. We are dealing with
heterogeneous systems. If we want to access any remote com-puter in the world, we must first
know what type of computer we will be connected to,and we must also install the specific terminal
emulator used by that computer. TELNETsolves this problem by defining a universal interface called
the Network VirtualTerminal (NVT) character set. Via this interface, the client TELNET translates
charac-ters (data or commands) that come from the local terminal into NVT form and deliversthem
to the network. The server TELNET, on the other hand, translates data and com-mands from NVT
form into the form acceptable by the remote computer. For an illus-tration of this concept
NVT Character SetNVT uses two sets of characters, one for data and one for control. Both are 8-bit
bytes(Figure 20.4).
Data CharactersFor data, NVT normally uses what is called NVT ASCII. This is an8-bit character set
in which the seven lowest order bits are the same as US ASCII andthe highest order bit is 0 (see
Figure 20.4). Although it is possible to send an 8-bit
ASCII (with the highest order bit set to be 0 or 1), this must first be agreed uponbetween the client
and the server using option negotiation. Control CharactersTo send control characters between
computers (from client toserver or vice versa), NVT uses an 8-bit character set in which the highest
order bit is setto 1 (see Figure 20.4). Table 20.1 lists some of the control characters and their
meanings.Later we will categorize these control characters on the basis of their functionalities.
Q. Component of Ssh(IMP)
SSH Transport-Layer Protocol (SSH-TRANS)Since TCP is not a secured transport layer protocol,
SSH first uses a protocol that cre-ates a secured channel on the top of TCP. This new layer is an
independent protocolreferred to as SSH-TRANS. When the software implementing this protocol is
called,the client and server first use the TCP protocol to establish an insecure proconnection.Then
they exchange several security parameters to establish a secure channel on the topof the TCP.
SSH Authentication Protocol (SSH-AUTH)After a secure channel is established between the client
and the server and the server isauthenticated for the client, SSH can call another software that can
authenticate the cli-ent for the server.
SSH Connection Protocol (SSH-CONN)After the secured channel is established and both server and
client are authenticated foreach other, SHH can call a piece of software that implements the third
protocol, SSH-CONN. One of the services provided by the SSH-CONN protocol is to do multiplex-
ing. SSH-CONN takes the secure channel established by the two previous protocolsand lets the
client create multiple logical channels over it.
SSH Applications After the connection phase is completed, SSH allows several application programs
touse the connection. Each application can create a logical channel as described aboveand then
benefit from the secured connection. In other words, remote login is one of theservices that can use
the SSH-CONN protocols; other applications, such as a file trans-fer application can use one of the
logical channels for this purpose. In the next chapter,we show how SSH can be used for secure file
transfer.
Q.) note on HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on
the World Wide Web. HTTP functions like a combination of FTP (Chapter 21) and SMTP
(Chapter 23). It is similar to FTP because it transfers files and uses the services of TCP.
However, it is much simpler than FTP because it uses only one TCP connection. There is
no separate control connection; only data are transferred between the client and the server.
HTTP is like SMTP because the data transferred between the client and the server
look like SMTP messages. In addition, the format of the messages is controlled by
MIME-like headers. Unlike SMTP, the HTTP messages are not destined to be read by
humans; they are read and interpreted by the HTTP server and HTTP client (browser).
SMTP messages are stored and forwarded, but HTTP messages are delivered immediately.
The commands from the client to the server are embedded in a request message.
The contents of the requested file or other information are embedded in a response
message. HTTP uses the services of TCP on well-known port 80.
Q.)communication over control connection and data connection in FTP(IMP)
Communication over Control Connection FTP uses the same approach as TELNET or SMTP to
communicate across the controlconnection. It uses the NVT ASCII character set (see Figure 21.4).
Communication isachieved through commands and responses. This simple method is adequate for
thecontrol connection because we send one command (or response) at a time. Each com-mand or
response is only one short line so we need not worry about file format or file structure. Each line is
terminated with a two-character (carriage return and line feed)end-of-line token.
Communication over Data Connection The purpose and implementation of the data connection are
different from that of the con-trol connection. We want to transfer files through the data connection.
The client mustdefine the type of file to be transferred, the structure of the data, and the
transmission mode.Before sending the file through the data connection, we prepare for
transmission throughthe control connection. The heterogeneity problem is resolved by defining
three attributesof communication: file type, data structure, and transmission mode
Q.) headers in HTTP Protocol
Q.)Explain persistence and nonpersistent connection of HTTP.(IMP)
Nonpersistent ConnectionI n a nonpersistent connection, one TCP connection is made for each
request/response.The following lists the steps in this strategy:1.The client opens a TCP connection
and sends a request.2.The server sends the response and closes the connection.3.The client reads
the data until it encounters an end-of-file marker; it then closes theconnection.In this strategy, if a
file contains link to N different pictures in different files (alllocated on the same server), the
connection must be opened and closed N +1 times.The nonpersistent strategy imposes high
overhead on the server because the serverneeds N +1 different buffers and requires a slow start
procedure each time a connec-tion is opened.
Persistent Connection HTTP version 1.1 specifies a persistent connection by default. In a persistent
connec-tion, the server leaves the connection open for more requests after sending a response.The
server can close the connection at the request of a client or if a time-out has beenreached. The
sender usually sends the length of the data with each response. However,there are some occasions
when the sender does not know the length of the data. This isthe case when a document is created
dynamically or actively. In these cases, the serverinforms the client that the length is not known and
closes the connection after sendingthe data so the client knows that the end of the data has been
reached.
Q.) define RRQ and WRQ messages in TFTP, Explain different messages of TFTP
RRQThe read request (RRQ) message is used by the client to establish a connection forreading data
from the server.
The RRQ message fields are as follows:
❑OpCode. The first field is a 2-byte operation code. The value is 1 for the RRQmessage.
❑File name. The next field is a variable-size string (encoded in ASCII) that definesthe name of the
file. Since the file name varies in length, termination is signaled bya 1-byte field of 0s.
❑Mode.The next field is another variable-size string defining the transfer mode. Themode field is
terminated by another 1-byte field of 0s. The mode can be one of twostrings: “netascii” (for an
ASCII file) or “octet” (for a binary file). The file nameand mode fields can be in upper- or lowercase,
or a combination of both.
WRQ
The write request (WRQ) message is used by the client to establish a connection forwriting data to
the server. The format is the same as RRQ except that the OpCode is 2
Q.) short note on different modes of TELNET Operations
Default Mode
The default mode is used if no other modes are invoked through option negotiation. In
this mode, the echoing is done by the client. The user types a character and the client
echoes the character on the screen (or printer) but does not send it until a whole line is
completed. After sending the whole line to the server, the client waits for the GA (go
ahead) command from the server before accepting a new line from the user. The operation
is half-duplex. Half-duplex operation is not efficient when the TCP connection
itself is full-duplex, and so this mode is becoming obsolete.
Character Mode
In the character mode, each character typed is sent by the client to the server. The
server normally echoes the character back to be displayed on the client screen. In this
mode the echoing of the character can be delayed if the transmission time is long (such
as in a satellite connection). It also creates overhead (traffic) for the network because
three TCP segments must be sent for each character of data:
1. The user enters a character that is sent to the server.
2. The server acknowledges the received character and echoes the character back (in
one segment).
3. The client acknowledges the receipt of the echoed character
Line Mode
A new mode has been proposed to compensate for the deficiencies of the default mode
and the character mode. In this mode, called the line mode, line editing (echoing,
character erasing, line erasing, and so on) is done by the client. The client then sendsthe whole line to the server. Although
the line mode looks like the default mode, it isnot. The default mode operates in the half-duplex mode; the line mode is full-
duplexwith the client sending one line after another, without the need for an intervening GA (go ahead) character from the
server
Q) Explain in detail hypertext and hyper media, web client(browser), webserver, Uniform
resource locator
Q.) Static,dyanamic and active web documents
Static documents are fixed-content documents that are created and stored in a server.The client can
get a copy of the document only. In other words, the contents of the fileare determined when the file
is created, not when it is used. Of course, the contents inthe server can be changed, but the user
cannot change them. When a client accesses thedocument, a copy of the document is sent. The user
can then use a browsing program todisplay the document
Static documents are prepared using one of the several languages: HypertextMarkup Language
(HTML), Extensible Markup Language (XML), ExtensibleStyle Language (XSL), and Extended
Hypertext Markup Language (XHTML).
A dynamic document is created by a Web server whenever a browser requests thedocument. When
a request arrives, the Web server runs an application program or ascript that creates the dynamic
document. The server returns the output of the programor script as a response to the browser that
requested the document. Because a freshdocument is created for each request, the contents of a
dynamic document may varyfrom one request to another. A very simple example of a dynamic
document is theretrieval of the time and date from a server. Time and date are kinds of
informationthat are dynamic in that they change from moment to moment. The client can ask
theserver to run a program such as the date program in UNIX and send the result of theprogram to
the client.
Active Documents For many applications, we need a program or a script to be run at the client
site.These are called active documents. F or example, suppose we want to run a programthat
creates animated graphics on the screen or a program that interacts with the user.The program
definitely needs to be run at the client site where the animation or inter-action takes place. When a
browser requests an active document, the server sends acopy of the document or a script. The
document is then run at the client (browser)site
Unit
6
Q) Explain various data types and subtypes in MIME.

Q) Write a note on Audio Compression..
Audio Compression
Audio compression can be used for speech or music. For speech, we need to compress
a 64-kHz digitized signal; for music, we need to compress a 1.411-MHz signal. Two
categories of techniques are used for audio compression: predictive encoding and
perceptual encoding.
Predictive Encoding
In predictive encoding, the differences between the samples are encoded instead of
encoding all the sampled values. This type of compression is normally used for speech.
Several standards have been defined such as GSM (13 kbps), G.729 (8 kbps), and
G.723.3 (6.4 or 5.3 kbps). Detailed discussions of these techniques are beyond the
scope of this book.
Perceptual Encoding: MP3
The most common compression technique that is used to create CD-quality audio is
based on the perceptual encoding technique. As we mentioned before, this type of
audio needs at least 1.411 Mbps; this cannot be sent over the Internet without compression.
MP3 (MPEG audio layer 3), a part of the MPEG standard (discussed in the video
compression section), uses this technique.
Perceptual encoding is based on the science of psychoacoustics, which is the study
of how people perceive sound. The idea is based on some flaws in our auditory system:
Some sounds can mask other sounds. Masking can happen in frequency and time. In
frequency masking, a loud sound in a frequency range can partially or totally mask a
softer sound in another frequency range. For example, we cannot hear what our dance
partner says in a room where a loud heavy metal band is performing. In temporal
masking, a loud sound can numb our ears for a short time even after the sound has
stopped.
MP3 uses these two phenomena, frequency and temporal masking, to compress
audio signals. The technique analyzes and divides the spectrum into several groups.
Zero bits are allocated to the frequency ranges that are totally masked. A small number
of bits are allocated to the frequency ranges that are partially masked. A larger number of
bits are allocated to the frequency ranges that are not masked.
MP3 produces three data rates: 96 kbps, 128 kbps, and 160 kbps. The rate is based
on the range of the frequencies in the original analog audio.
Q) note on user agent and message transfer agent of email system
Q) pop3 and imap4 in email system(IMP)
Basis for POP3 IMAP

Comparison
Basic To read the mail ithas to be The mail content can be checked partially
downloaded first. before downloading.
Organize The user can not organize mails in The user can organize the mails on the server.
the mailbox of the mail server.
Folder The user can not create, delete or The user can create, delete or rename
rename mailboxes on a mail server. mailboxes on the mail server.
Content A user can not search the content of A user can search the content of mail for
mail for prior downloading. specific string of character before
downloading.
Partial Download The user has to download the mail The user can partially download the mail if
for accessing it. bandwidth is limited.
Functions POP3 is simple and has limited IMAP is more powerful, more complex and
functions. has more features over POP3.
Definition of POP3
Post Office Protocol version 3 (POP3) is a message accessing agent (MAA) that transfer the email
from mailbox at the server to the local computer of the user. There is a client POP3 software which is
installed on the recipient’s computer. The client POP3 software is invoked by the user which thereby
creates the connection to the server POP3.
The server POP3 software is installed on the mail server. The connection is made on the TCP port
110. To establish the connection the client has to send username and password for accessing the
mailbox. Once the client is authenticated, it can then list and retrieve the emails one by one.
The
POP3 protocol operates in two modes, the delete mode and the keep mode. The POP3 protocol
operates on delete mode when the user is working on its permanent computer. In delete mode, once
the mail is retrieved from the mailbox it gets deleted from the mailbox permanently. The mail retrieved
from the mailbox is organized on the user’s computer.
The POP3 protocol operates on keep mode when the user is not working on its permanent or
primary computer. In keep mode, the mail remains in the mailbox even after its retrieval. The mail is
read by the user, but it is kept in the mailbox for later retrieval and organizing of mail on users
permanent computer.
Definition of IMAP
Internet Mail Accessing Protocol (IMAP) is also a mail accessing agent like POP3. But it is more
powerful, has more features and is more complex than POP3. The POP3 protocol was found deficient
in many ways. So IMAP is introduced to overcome these deficiencies.
POP3 does not allow a user to organize mails on the mailbox. The user can not create different folders
on the server. The user can not partially check the content of emails before downloading them. The user
has to download an email to read it, in POP.
IMAP is used to access
the mail from the mailbox at the mail server. Using IMAP the user can check the email header before
downloading it. The user is able to check the content of the email for a particular string of character
that too before downloading the email.
In case, the bandwidth is limited, using IMAP the user can partially download the mail. It is useful in
case the email contains multimedia with high bandwidth requirement. The user can create, delete or
rename the mailboxes on the server. The user can also create a hierarchy of these mailboxes in a folder.
This is how IMAP is more powerful than POP3 protocol.
Key Differences Between POP3 and IMAP

• The key difference between the POP3 and IMAP is that using POP3 protocol the user has to
download the mail before accessing it whereas, using IMAP protocol user can partially check
the content of mail prior downloading it.
• Using IMAP protocol user can organize emails on the server which can not be done using
POP3.
• Using IMAP protocol the user can create, delete or rename the mailboxes, even the user can
create a hierarchy of mailboxes in the folder, but it is not possible using POP3.
• POP3 protocol does not allow you to search the content of mail for a particular string of
character prior downloading whereas, using IMPA user can search the content of an email for
a specific string of character before downloading.
• IMAP allows a user to download the mail partially in the case of limited bandwidth. However,
this function is not available in POP3.
• POP3 is simple and has limited functionality whereas, IMAP is powerful, complex and have
extra functionsEthernet Evolution 51 over POP3.
Q) three approaches of stream stored audio/video
First Approach: Using a Web ServerA compressed audio/video file can be downloaded as a
text file. The client (browser)can use the services of HTTP and send a GET message to download the
file. The Webserver can send the compressed file to the browser. The browser can then use a
helpapplication,normally called a media player, to play the file.First Approach: Using a Web
ServerA compressed audio/video file can be downloaded as a text file. The client (browser)can use
the services of HTTP and send a GET message to download the file. The Webserver can send the
compressed file to the browser. The browser can then use a helpapplication,normally called a media
player, to play the file.
Second Approach: Using a Web Server with MetafileIn another approach, the media
player is directly connected to the Web server for down-loading the audio/video file. The Web server
stores two files: the actual audio/videofile and a metafile that holds information about the
audio/video file.
1.The HTTP client accesses the Web server using the GET message.
2.The information about the metafile comes in the response.
3.The metafile is passed to the media player.
4.The media player uses the URL in the metafile to access the audio/video file.
5.The Web server responds.
Third Approach: Using a Media ServerThe problem with the second approach is that the
browser and the media playerboth use the services of HTTP. HTTP is designed to run over TCP. This
is appropri-ate for retrieving the metafile, but not for retrieving the audio/video file. The reasonis
that TCP retransmits a lost or damaged segment, which is counter to the philoso-phy of streaming.
We need to dismiss TCP and its error control; we need to useUDP. However, HTTP, which accesses
the Web server, and the Web server itself aredesigned for TCP; we need another server, a media
server.
1.The HTTP client accesses the Web server using a GET message.
2.The information about the metafile comes in the response.
3.The metafile is passed to the media player.
4.The media player uses the URL in the metafile to access the media server to down-load the file.
Downloading can take place by any protocol that uses UDP.
5.The media server responds.
Q) draw and explain RTPPacket format
Ve r. This 2-bit field defines the version number. The current version is 2.
❑P. This 1-bit field, if set to 1, indicates the presence of padding at the end of thepacket. In this
case, the value of the last byte in the padding defines the length ofthe padding. Padding is the norm
if a packet is encrypted. There is no padding ifthe value of the P field is 0.
❑X.This 1-bit field, if set to 1, indicates an extra extension header between thebasic header and the
data. There is no extra extension header if the value of thisfield is 0.
❑Contributor count. This 4-bit field indicates the number of contributors. Note thatwe can have a
maximum of 15 contributors because a 4-bit field only allows anumber between 0 and 15.
------*****----------------------------
Explain in detail constructors used to create DatagramPacket.
Write TCP socket program that will give factorial of a number.
Explain ServerSocket class with its methods and properties.
Explain how UDP socket programming works?
Write UDP socket program that will display whether a string is palindrome or not.
Write a Client/server application where a client contacts the server to obtain random number. Use
Socket and Server Socket.
7 Attempt any three of the following 15

a Explain in detail constructors used to create DatagramSocket.
b Write TCP socket program that will display whether a number is a prime or not.
c Explain Socket class with its methods and properties.
d Explain how UDP socket programming works?
e Write UDP socket program that will display number of vowels in a string.
f Write a Client/server application where a client contacts the server to obtain random
number. Use Socket and Server Socket

It First Chapter

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

It First Chapter

Загружено:

Авторское право:

Доступные форматы

may-2018 OCT- 2017 done

Q 1)Write a note on TCP/IP protocol suite.

Table 1-2 TCP/IP Protocol Stack

Physical Network Layer

• Dropped packets – Packets that arrive too fast to be processed

• Connectivity failure – A destination system cannot be reached

• Redirection – Redirecting a sending system to use another router

• Starting point, which opens the connection

• Entire transmission in byte order

• Ending point, which closes the connection.

• UNIX “r” commands, such as rlogin and rsh

• Directory services (LDAP)

• File services, such as the NFS service

• Simple Network Management Protocol (SNMP), which enables network management

• Telnet – The Telnet protocol enables terminals and terminal-oriented processes to

Q.) Explain role of presentation layer.

Q.) Explain supernetting with example.

Q 2)What is NAT? How can NAT help in address depletion?

Q.6)Explain the Classfull Addressing in the Ipv4

First Octet IP Address Characteristics

Q.7)Explain the options in IPv4

--dest-ip <addr> (Destination IP Address)

--tos <tos> (Type of Service)

--id <id> (Identification)

--df (Don't Fragment)

--mf (More Fragments)

--ttl <hops> (Time To Live)

--badsum-ip (Invalid IP checksum)

--mtu <size> (Maximum Transmission Unit)

Q.9)Why do you need Subnetting in Classfull Addressing? Explain.

Some values calculated in subnetting :

6. Last Host ID : Subnet address + Number of Hosts

Solution : This is a class B address. So, no. of subnets = 2(25-16) = 29 = 512.

No. of hosts per subnet = 2(32-25) – 2 = 27 – 2 = 128 – 2 = 126

Q.10 )List functionalities of Transport Layer. Explain any four.

• Process to process delivery –

Q.11)What are the special addresses used in IPv4?

Address Block Name

How Much IPv6 Do We Have?

How many /12 blocks do we have to supply RIRs?

So how long does it take an ISP to go through a /32 block?

How many /48 blocks are there in the 2000::/3 block?

IANA IPv6 Allocations to Date

Q.13)Explain IPv6 base header format.

Figure 11-3 IPv6 Basic Header Format

The following list describes the function of each header field.

• Version – 4-bit version number of Internet Protocol = 6.

• Traffic class – 8-bit traffic class field.

Q.14)Explain role of transport layer.

• Process to process delivery –

Q.15)Explain subnetting with example.

The two main advantages of subnetting a network are

• It improves the security.

Subnetting of a network may be carried out in the following two ways-

1. Fixed Length Subnetting-

• All the subnets are of same size.

2. Variable Length Subnetting-

• All the subnets are not of same size.

Now, we shall discuss some examples of subnetting a network-

Clearly, the given network belongs to class C.

• We borrow one bit from the Host ID part.

• If borrowed bit = 0, then it represents the first subnet.

IP Address of the two subnets are-