INFA 620


In order to detect or prevent network security breaches, you must understand the Internet protocols as well as the attacker does. The protocols originate from publicly available Requests for Comments, or RFCs. The official repository and publisher of all RFCs is the RFC Editor.

The purpose of this lab is to practice locating and studying two key RFCs. (Feel free to consult any newer material on IP and TCP protocols. These RFCs are original materials on these protocols. A Request for Comments (RFC) is a publication of the Internet Engineering Task Force (IETF) and the Internet Society, the principal technical development and standards-setting bodies for the Internet. Internet and its precursor ARPANET was developed by engineers and scientists using RFCs.


Go to the RFC Editor and download the specifications for IP and TCP.

  • Find and identify the RFCs for IP and TCP (Questions you should answer are in bold red.)


Addressing and fragmentation

  • Point your browser to
    • Read the page, click the “RFC SEARCH” link,
    • In the search field “Title/Keyword,” type in the complete name of the protocol (e.g. “Internet Protocol”, not “IP”).
    • By default, the search results are displayed by RFC number (ascending). Also, by default, the number of results shown is 25. Click ‘All’ to show all the results.
    • Identify the RFC for each protocol, by RFC number:
                RFC ___791 part of STD 5____     Internet Protocol (5 points)
                RFC ___
      793 a.k.a. STD 7____    Transmission Control Protocol (5 points)
    • Download the RFCs and use them to answer the following questions
    • Refer to the RFCs to answer the following questions
  • Questions about IP (40 Points)
    • What two basic functions does IP implement? (10 points)

    Type of Service, Time to Live, Options, and Header Checksum

      • What four key mechanisms does IP use to provide its service? 10 points)

    Internet Control Message Protocol

      • Via what protocol does IP communicate errors? (5 points)

    The Identification field is used to distinguish the fragments of one datagram from those of another

      • In the IP header, what is the Identification field used for? (5 points)

    These number of bits within the IP header are designated reserved or optional and are important in network security because it provides a way for hosts to send security, compartmentation, handling restrictions, and TCC parameters.

      • A number of bits within the IP header are designated reserved or optional; why would these be important in network security? (10 points)

    A connection is the combination of certain status information, which includes sockets, sequence numbers, and the size of windows. A socket is an address that specifically includes a port identifier.

      • Questions about TCP (40 Points)
      • What is the difference between a socket and a connection? (5 points)

    Open, Receive, Abort, Status, Close

    • Name five of the six calls the TCP interface provides (to applications) (15 points)

    An active OPEN request connects while a passive OPEN request listens.

    • What are active and passive OPEN requests? (5 points)

    The three-way handshake is a set of procedures that establish connections that uses the SYN control flag and has an exchange of three messages. One TCP initiates the connection and responds to another TCP connection. Each TCP connection receives a SYN segment which carries zero acknowledgement after the SYN has been sent. Additionally, the three-way handshake reduces the occurrence of false connections.

    • Describe the three-way handshake. (15 points)

    netstat -a

    Identify the ports your machine is listening on and the state of the various connections it is holding (10 points).

    • First google netstat and understand what it is. At a workstation, open some web pages and then at a command prompt type:

    Post your answer to the assignment folder under LAB1.