CSC 175 Final Exam Study Guide The exam will cover most subjects since the first exam. It will overlap part of the first exam in that some questions regarding IP will be asked. Usage of iptables will be covered. Some technical questions regarding socket programming may be asked. But the emphasis is on the textbook material on TCP, iptables and NAT, and the authentication schemes we discussed in class. What will NOT be covered: Material from chapter 2, 3, ethernet. OSPF/BGP Linux tools OTHER THAN iptables. Topics to study: IP and Routing: Routing mechanism; how to compute bit masks, use of destination address, etc... Knowledge of this basic material may be required implicitly in answering other questions. IP header components and their usage, in particular, how IP handles fragmentation. IPv6. (whether this topic will be covered is to be determined). I will not ask too many detailed questions, be expect questions such as: How does fragmentation in IPv6 differ from IPv4 (answer: 1. IPv6 doesn't allow routers to fragment (so no DF bit). 2. IPv6 uses an extension header for fragmentation info.) IPTABLES: iptables usage, including syntax (problems will be similar to those found on the quiz). ** I will give you a brief, one-page summary on correct syntax. ** advanced features of iptables including: -m state (what are the different states and their meaning?) --tcp-flags -t nat how SNAT and DNAT works (conceptually as well as how they're realized through iptables). Know the order in which the different chains (FORWARD, POSTROUTING, etc ...) are traversed. You need to understand the Linux connection tracking mechanism. Study the iptables HOWTOs (the packet filtering and NAT howtos). Go over the different types of NAT: full, restricted, port-restricted, etc ... Understand why "NAT Traversal" is useful. TCP Differences between TCP and UDP TCP protocol header components, including syn,ack,fin flags, and their usage State machine: Three-way handshake and closing handshakes. You don't have to memorize the entire state machine, but would have to know, for example, the purpose of the TIME_WAIT state. Sliding window mechanism Retransmission algorithm (Jacobson/Karels - know the formulas) Congestion Control mechanism Nagel's algorithm The meaning of "connection-oriented" versus "connectionless" protocols (TCP vs UDP) On Jacobson/Karel's algorithm, the best thing to do is to memorize the formulas. While it is not strictly required, knowing the formulas will show without any doubt that you understand it. For example, I may ask you a question such as: Is the *weighted* average of the J/K algorithm weighed more in favor of the ERTT or the SRTT? explain why. (answer: ERTT, because it represents a running average of many samples, while SRTT is just one sample round trip time). Security: The Needham-Schroeder authentication protocol (either as described in book or as implemented in OVOAP). Public-Key encryption and digital certificate. Understand how the public/private keys are used for authentication. -------------------- Sample Problems (in addition to past quizes and homeworks): 1. Explain why TCP requires its own mechanism for assembling packets in the right order, given the fragmentation/reassembly mechanism that's already found in IP? 2. Assume your routing table is as follows: 24.190.240.0/21 dev eth0 10.1.0.0/16 via 10.0.0.2 dev eth1 10.0.0.0/8 dev eth1 127.0.0.0/8 dev lo default via 24.190.240.1 dev eth0 Assume further that your host is known as 10.0.0.1 on 10.0.0.0/8 and 24.190.242.2 on the internet. All your built-in chains have policy ACCEPT unless otherwise indicated. Write iptables rules to effect the following conditions: A. drop tcp packets with the syn bit set from reaching your host through eth1 if the tcp connection is already ESTABLISHED. hint: read this carefully. Having the syn bit set is not the same as using --syn, which really means --tcp-flags SYN,ACK,RST SYN (that is, among the three flags SYN,ACK and RST, SYN is set and ACK and RST are not, the other flags can be any value). B. Hosts on your intranet 10.0.0.0/8 need to be masqueraded as 24.190.242.2 so they can share this IP on the internet. Show how it's done with iptables. C. You run your site's web server on 10.0.0.5. Redirect all www connections from the internet to the right location D. Block all other state NEW connections to your router from the (outside) internet except ports 80 and 22. E. Explain why DNAT should not be done in the POSTROUTING chain. 2: a. Explain the meaning of the RELATED state. How is "RELATED" different from "ESTABLISHED"? b. Is the state "ESTABLISHED" in iptables -m state the same as the "ESTABLISHED" state in TCP? (hint: read the Andreason tutorial). 2b. Suppose you used the following rules on 10.1.0.3: iptables -A FORWARD -s 10.1.0.3 -d 147.4.183.0/24 -j DROP iptables -t nat -A POSTROUTING -d 147.4.183.0/24 -j SNAT --to 10.1.0.3 Assume there are no other rules in effect and the the default policy of FORWARD is ACCEPT. Explain carefully the effect of the above two rules. What will happen to packets being routed by 10.1.0.3? 3. Explain the difference between Full Cone NAT and (port) Restricted Cone NAT. 4. Describe the principal differences between TCP and UDP. Is TCP always better? 5. If the advertised window of a TCP receiver becomes zero, explain how the sender will be informed when it's nolonger zero. 6. Explain as precisely as possible how a TCP sender uses the "advertised window" of the receiving side. 6b. Does a TCP agent acknowledge a packet as soon as it's received? If not, describe two specific circumstances in which the acknowledgement will be delayed. 7. In what way is the Jacobson/Karels algorithm an improvement over the original algorithm, which only took the weighted average of sample RTTs? 7b. Will a larger average deviation value lead to a longer or shorter timeout value with the Jacobson/Karels algorithm? Explain using either math, or careful reasoning. 8. List the sequence of steps that occurs when a TCP host receives a closing signal from the other host (i.e, as passive agent). Assume nothing "out of the ordinary" happens. 9. (related to above) What is the purpose of the TIMEWAIT state. Why does it only exist for active close (side initiating the close) as opposed to passive close. That is, why is the 1-2 minute timeout not needed in the CLOSE-WAIT state. 10. Explain why the TCP congestion control algorithm is needed in addition to the sliding window algorithm. That is, what's the difference between "flow control" and "congestion control". 10b. If the value of the Congestion window is currently N. Assume that a packet was not acknowledged during timeout or that a packet with a positive ECN has arrived. What will be the new value of the congestion window? 11. Given a Socket object cfd, explain the meaning of the call: cfd.setTcpNoDelay(true); When might you want to use this? 12. Explain the exact meaning and effect of the call din.read(A,i,n); // where din is a DataInputStream That is, describe the meaning/purpose of each parameter (A, i and n), as well as the retrun value (if there is a return value). ---- All of these questions are based on past assignment and quizzes, and/or focused topics of my lectures.