CSC 175 Final Quiz Study Guide The quiz will be targeted for about 30-40 minutes and will focus on material covered since the exam. You will need to read and understand code and demonstrate familiarity with socket programming concepts, including writing small fragments of code in Java or C. You will need to understand both Java and C code (what is the htonl function for?) Topics: 1. Authentication protocols (Kerberos/OVOAP, difference with RSA) 2. Socket Options: Nagle's algorithm and TCP_NODELAY option, the ReuseAddress option. 3. Socket programming tools: Understand the procedure for setting up both a client side and a server side connection. Understand how read/write works. 4. The role of threads. Why are they needed, and when are they necessary 5. Difference between TCP and UDP sockets 6. usage of iptables -t nat and iptables -m connlimit ---------------------- Sample Problems (solutions below): 1. Assume that S is a socket and that the TCP_NODELAY option has been set to false (in Java: S.setTcpNoDelay(false)). Does that mean that small packets will always be buffered instead of sent immediately? Explain. 2. What's the difference between symmetric and asymmetric encryption. 3. With regard to Needham-Schroder (OVOAP), Detail the packets that are exchanged between an authentication server and someone who wants to connect to another authenticated host 4. In a statement such as: int r = din.read(buffer,0,128) Explain the precise meaning of: a. the last parameter b. the return value 4b. in a java call new ServerSocket(x); What value does x represent? 4c. Given a ServerSocket sfd, what value (if any) does sfd.accept() return? 4d. What is ntohs in C for and explain why it's needed. Why is there no equivalent command in Java? 4e. Java has a .readUnsignedShort command but no .writeUnsignedShort. Explain why? 4f. In in Unix/C call to socket(AF_INET,SOCK_STREAM,0), what do the parameters AF_INET and SOCK_STREAM signify? 5. Given a buffer in java byte[] A of length A.length, or a buffer unsigned char A[] of length Alength, write a fragment of code that reads in exactly A.length (or Alength) number of bytes into the buffer (fill the buffer). hint: need while loop. 6. Can multiple packets sent from the same UDP socket be destined for different destination addresses? Can this be true in TCP? 7. Explain why a general-purpose proxy server would require multiple threads. What would the threads do? 8. Explain what is wrong with the following. Assume that the command is being executed on a machine acting as a NAT box for local network 10.1.0.0/16, which has external ip 96.57.41.74 and internal ip 10.1.0.98 iptables -t nat -A POSTROUTING -p udp --dport 53 -j DNAT --to 10.1.0.1:53 -------------------------- Answers: (don't look until you've tried them) 1. No. Setting the socket option to false enables Nagle's algorithm, which sends out packets without delay if there are no unacknowledged packets. 2. In symmetric encryption, the same key is used for both encrypting and decrypting, and must be kept secret, or by a trusted third party as in Kerberos/OVOAP. In asymmetric encryption (RSA), the encryption key is public and the decryption key is private. RAS authentication is used so that a host can verify that someone has the correct private key associated with a public key. Without the distinction in keys you'll need a trusted third party. Symmetric encryption algorithms are much faster to apply, so asymmetric encryption is usually only used for initial authentication. 3. The client sends the server its id (name A) and the id of the host it's trying to connect to (name B). Authentication server generates two session keys, keyS and Stamp, and sends back to A the keyS and Stamp encrypted with both A's encrpytion key (xkey and perm in the case of OVOAP) and B's encryption key. The authentication server have no communication with B. 4. The last parameter is the maximum number of bytes to be read, the return value is the number of bytes actually read. 4b. x is the port number (in C, an unsigned short, in Java, an int). 4c. sfd.accept() returns a Socket object. 4d. network to host byte ordering convertion for short (16 bit values). When a two-byte numerical value such as a port number is received over the network, it needs to be converted to the internal form before being used locally. Java enforces network byte ordering (big endian) at the virtual machine level. 4e. A short is just a 16 bit value, so when writing, it doesn't matter how the 16 bits are to be interpreted. Only when reading do we need to be concerned that there's no unsigned short in Java, so the 16 bit value, if interpreted as an unsigned number, needs to be returned as a 32 bit int. 4f. IP and TCP, respectively 5. These are in socketstuff.txt on the homepage: in Java: static void readFully(DataInputStream din, byte[] buf) throws Exception { int len = buf.length; int br; // bytes read each time; int total = 0; while (total> There are two things wrong: 1. DNAT is done in the PREROUTING CHAIN 2. If the intent of the rule is to redirect DNS packets to an internal server on 10.1.0.0/16, then another rule is needed: iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 10.1.0.1 iptables -t nat -A POSTROUTING -p udp --dport 53 -d 10.1.0.1 -j SNAT --to 10.1.0.98