CSC 175 Midterm Exam Study Guide Spring 2020 Exam Monday 9th TOPICS COVERED: Chapter 2: Bit Encodings NRZ, NRZI, Manchester, 4B/5B. In addition to knowing what these are, you need to understand their tradeoffs - i.e. what problems are they trying to solve. CRC algorithm. Know not just how to compute the remainder but how the remainder is used during transmission and reception. Ethernet Protocol (both 802.3 and Ethernet II headers). Header contents CSMA/CD - how collision detection works. Why is the minimum packet size 46 bytes? Difference between CSMA/CD ethernet and Switched Ethernet. What can an ethernet switch do? WIFI (802.11). You don't need to know as much detail as ethernet, but you need to know about the exposed node and hidden node problems and how it relates to CSMA/CA (collision avoidance). -- Chapter 3: IP(v4) address classes: difference between A,B,C classes and CIDR, Network masking: determine if an address belongs to a network. Routing table entries and how they're looked up. IP header, principal contents, including those pertaining to fragmentation. How does tunneling work in principle. ARP ICMP protocol purpose, general header format, types for echo_request and echo_reply (maybe) OSPF and BGP, with emphasis on OSPF - know Dijkstra's algorithm Linux commands: ip neighbor (arp cache) ip link ip addr ip route ip rule iptables Chapter 5.: TCP (only including topics covered in first TCP video lecture (up to 3-way opening handshake and closing handshakes). ================= Other studying hints: Topics that I lectured on more than once, and/or have assigned homework on, are more likely to appear on the exam. Some of the questions will require you to write a few sentences to explain. Use clear, unambiguous language. Be thorough in your explanation but also be to-the-point. Read each question carefully and answer all parts of the question. These questions are not about trivia but are testing your understanding of concepts. For example: Question: explain why there's no one-to-one mapping between MAC addresses and IP addresses. BAD answer: so you can have more than one IP address for a MAC address BAD answer: because you want flexibility in networking. BAD answer: Once upon a time there was a network administrator named Ahab... GOOD answer: Because a MAC address is 48 bits and an IP address is 32 bits (or 128bits for IPv6) so of course there can't be a one-one correspondance. Why is the first answer bad? because all it does is repeat the question. It's like saying "there's no one-to-one mapping because there's no mapping that's one-to-one." We know that. But WHY isn't there such a mapping? The second answer is vague and meaningless. Also, please don't ramble. After writing your answer, READ THE QUESTION AND YOUR ANSWER AGAIN to see if it makes sense. =================== Some Practice Problems and Solutions =================== 1. Explain why traditional CSMA/CD Ethernet cannot support full-duplex operation. 2. Can collision on 10mbps CSMA/CD ethernet still occur after a host has successfully transmitted 64 bits of data? Explain 3. What is the purpose of the "protocol" field of the IP header? 4. Describe the two flags used in the IP header to control fragmentation 5. How would a host determine that two fragmented IP packets belong together? 6. Use the ip addr command to assign an address of 192.168.96.10 to your eth0 device and use ip route to set your routing table to look like the following: 192.168.96.0/19 dev eth1 192.168.64.0/18 dev eth0 192.168.128.0/20 dev eth2 default via 192.168.100.1 7. Assume that the mac address of the router interface is ab:cd:ef:11:22:33 a. Suppose your host generates a packet with destination IP 192.168.140.1 Which routing table (shown above) entry will match? What about 192.168.160.1? (160 = 128+32) b. Give an example of an IP address that will match BOTH the first and second entries of the table. c. Suppose that your ARP cache is currently empty. You need to send a packet to ip address 192.168.65.1. Will a ARP broadcast be needed? (be careful). d. Suppose you're told to set your routing table so that "all packets destined for subnet 192.168.112.0/20 should be routed first to the router at 192.168.130.1". Is this possible? What Linux commands would you issue? Think carefully about this one. I've found that people tend to have misconceptions as to how an IP network must be arranged. But in fact, how it's laid out is only limited by how you can set the routing table. You should try some experiments with ip route before you answer this question. 8 Write iptables rules to effect the following conditions. Each rule must do NO MORE than what's specified. Assume that the default policy of each chain is ACCEPT and that each chain is initially empty. A. Explain the difference between the REJECT and DROP targets B. The following rule was written by someone to try to block ssh connections to their host. Explain what's wrong with it: iptables -A INPUT -p 22 -j DROP C. Block all ssh (port 22) connections to your host that's NOT coming from 10.1.0.0/16 (only hosts on these two networks are able to connect to you). D. You want people to only use on of two dns servers (udp port 53): 10.1.0.98 and 10.2.0.98. Block all udp-port 53 packets from being forwarded to any other server. E. Limit the rate of pings (icmp-type 8) routed through your router coming from interface eth1 to 1 every 2 seconds (30 per minute) on average. 10. Explain the difference between "interior" and "exterior" routing protocols. Why are both needed? Why is OSPF only an "interior" gateway protocol? NEW: 11. During a TCP closing handshake, describe what happens if the final ACK sent from the active side to the passive side is not received. Describe what happens at both ends. =========================== Sample Solutions: ============= 1. Only one packet can exist on the network at a time. In other words, a packet must "occupy" the entire network. Packets travelling in opposite directions will cause collision 2. no: 64 bytes = 512 bits requires 51.2 microseconds to transmit, which is larger than the maximum round-trip latency allowed on traditional ethernet, which means if there was a collision the sender would've been notified already. All hosts will now detect the link as busy and so won't transmit. 3. It identfies the next-level protocol header wrapped inside the ip packet (e.g, TCP, UDP, ICMP) 4. Do not fragment, and More fragment 5. the two packets will have the same identifier field in their header 6. ip addr add 192.168.96.10 dev eth0 ip route add 192.168.64.0/18 dev eth0 ip route add 192.168.96.0/19 dev eth1 ip route add 192.168.128.0/20 dev eth2 ip route add default via 192.168.100.1 7. a. Which routing table (shown above) entry will 192.168.140.1 match? matches 192.168.128.0/20 (140=128+12) What about 192.168.160.1? (160 = 128+32), which is within 20 bits) matches default route b. 192.168.97.1 c. 192.168.65.1 is directly connected reachable via eth0, so an arp broadcast will be made over eth0. A more interesting case: 192.168.160.1, which matches only the default route, will cause an arp broadcast to be sent over eth1 that looks for the MAC address of the 192.168.100.1, which (according to the routing table) is on the eth1 network. d. Yes it is possible. Even though it appears that 112 (96+16) and 130 (128+2) are on different ethernets according to the routing table, it is still possible to cut out a smaller IP network and put it elsewhere, say on a network directly attached to the 130.1 router. ip route add 192.168.112.0/20 via 192.168.130.1 Linux will automatically place this entry in front of the one for 96.0/19, because it has a longer bit mask. 8. A. Explain the difference between the REJECT and DROP targets DROP ignores the packet. REJECT actively sends back an ICMP message, usually 'destination unreachable'. B. The following rule was written by someone to try to block ssh connections to their host. Explain what's wrong with it: iptables -A INPUT -p 22 -j DROP -p refers to the next level protocol carried inside the IP packet, not tcp port 22. usuall -p is followed by tcp, udp or icmp C. Block all ssh (port 22) connections to your host that's NOT coming from 10.1.0.0/16 (only hosts on these two networks are able to connect to you). iptables -A INPUT ! -s 10.1.0.0/16 -p tcp --dport 22 --syn -j DROP D. You want people to only use on of two dns servers (udp port 53): 10.1.0.98 and 10.2.0.98. Block all udp-port 53 packets from being forwarded to any other server. You need to accept the exceptions then drop the rest: iptables -A FORWARD -d 10.1.0.98 -p udp --dport 53 -j ACCEPT iptables -A FORWARD -d 10.2.0.98 -p udp --dport 53 -j ACCEPT iptables -A FORWARD -p udp --dport 53 -j DROP E. Limit the rate of pings (icmp-type 8) routed through your router coming from interface eth1 to 1 every 2 seconds (30 per minute) on average. You also need two rules: iptables -A FORWARD -i eth1 -p icmp --icmp-type 8 -m limit --limit 20/m -j ACCEPT iptables -A FORWARD -i eth1 -p icmp --icmp-type 8 -j DROP 10. interior refers to inside an autonomous system, and guarantees the optimal path within an area (and close to optimal with a backbone area). exterior (BGP) routes between autonomous systems, and only guarantees non-circular routes, but not necessarily optimal routes. 11. During a TCP closing handshake, describe what happens if the final ACK sent from the active side to the passive side is not received. Describe what happens at both ends. The passive side will re-transmit it's FIN (or FIN-ACK) packet. The active side will be in the TIME-WAIT state. When active side sees the re-transmitted FIN, it will retransmit the final ACK and re-enter TIME-WAIT (reset TIME-WAIT timer to 2 minutes, which is the worst-case RTT of the internet).