5 Oct No Comments

Identify the RFC for each protocol, by RFC number: RFC 791 Internet Protocol

RFC 793 Transmission Control Protocol

Ques What two basic functions does IP implement

Ans The two basic function are :


  1. Addressing
  2. Fragmentation

A distinction is made between names, addresses, and routes [44]. A

name indicates what we seek. An address indicates where it is. A

route indicates how to get there. The internet protocol deals

primarily with addresses. It is the task of higher level (i.e.,

host-to-host or application) protocols to make the mapping from

names to addresses. The internet module maps internet addresses to

local net addresses. It is the task of lower level (i.e., local net

or gateways) procedures to make the mapping from local net addresses

to routes.


Fragmentation of an internet datagram is necessary when it

originates in a local net that allows a large packet size and must

traverse a local net that limits packets to a smaller size to reach

its destination.

An internet datagram can be marked “don’t fragment.” Any internet

datagram so marked is not to be internet fragmented under any

circumstances. If internet datagram marked don’t fragment cannot be

delivered to its destination without fragmenting it, it is to be

discarded instead.

Fragmentation, transmission and reassembly across a local network

which is invisible to the internet protocol module is called

intranet fragmentation and may be used

Ques What four key mechanisms does IP use to provide its service?

Ans The internet protocol uses four key mechanisms in providing its


Type Of Service :

  1. Type of Service
  2. Time to Live
    • Options
    • Header Checksum.
  3. The Type of Service is used to indicate the quality of the service

    desired. The type of service is an abstract or generalized set of

    parameters which characterize the service choices provided in the

    networks that make up the internet. This type of service indication

    is to be used by gateways to select the actual transmission parameters

    for a particular network, the network to be used for the next hop, or

    the next gateway when routing an internet datagram.

    Time to Live :

    The Time to Live is an indication of an upper bound on the lifetime of

    an internet datagram. It is set by the sender of the datagram and

    reduced at the points along the route where it is processed. If the

    time to live reaches zero before the internet datagram reaches its

    destination, the internet datagram is destroyed. The time to live can

    be thought of as a self destruct time limit.

    Options :

    The Options provide for control functions needed or useful in some

    situations but unnecessary for the most common communications. The

    options include provisions for timestamps, security, and special


    Header CheckSum :

    The Header Checksum provides a verification that the information used

    in processing internet datagram has been transmitted correctly. The

    data may contain errors. If the header checksum fails, the internet

    datagram is discarded at once by the entity which detects the error.

    Ques Via what protocol does IP communicate errors?

    Ans Internet Control Message Protocol is used to transmit error.

    When a datagram arrives at the internet protocol module from the local

    network, either there is a pending RECV call from the user addressed

    or there is not. In the first case, the pending call is satisfied by

    passing the information from the datagram to the user. In the second

    case, the user addressed is notified of a pending datagram. If the

    user addressed does not exist, an ICMP error message is returned to

    the sender, and the data is discarded.

    Ques In the IP header, what is the Identification field used for?

    Ans The identification field is used to distinguish the fragments of one

    datagram from those of another. The originating protocol module of

    an internet datagram sets the identification field to a value that

    must be unique for that source-destination pair and protocol for the

    time the datagram will be active in the internet system. The

    originating protocol module of a complete datagram sets the

    more-fragments flag to zero and the fragment offset to zero.

    Ques A number of bits within the IP header are designated reserved or optional; why would these be important in network security?

    Ans Protocol Version(4 bits) : This is the first field in the protocol header. This field occupies 4 bits. This signifies the current IP protocol version being used. Most common version of IP protocol being used is version 4 while version 6 is out in market and fast gaining popularity.

    Header Length(4 bits) : This field provides the length of the IP header. The length of the header is represented in 32 bit words. This length also includes IP options (if any). Since this field is of 4 bits so the maximum header length allowed is 60 bytes. Usually when no options are present then the value of this field is 5. Here 5 means five 32 bit words ie 5 *4 = 20 bytes.

    Type of service(8 bits) : The first three bits of this field are known as precedence bits and are ignored as of today. The next 4 bits represent type of service and the last bit is left unused. The 4 bits that represent TOS are : minimize delay, maximize throughput, maximize reliability and minimize monetary cost.

    Total length(16 bits): This represents the total IP datagram length in bytes. Since the header length (described above) gives the length of header and this field gives total length so the length of data and its starting point can easily be calculated using these two fields. Since this is a 16 bit field and it represents length of IP datagram so the maximum size of IP datagram can be 65535 bytes. When IP fragmentation takes place over the network then value of this field also changes. There are cases when IP datagrams are very small in length but some data links like ethernet pad these small frames to be of a minimum length ie 46 bytes. So to know the exact length of IP header in case of ethernet padding this field comes in handy.

    Identification(16 bits): This field is used for uniquely identifying the IP datagrams. This value is incremented every-time an IP datagram is sent from source to the destination. This field comes in handy while reassembly of fragmented IP data grams.

    Flags(3 bits): This field comprises of three bits. While the first bit is kept reserved as of now, the next two bits have their own importance. The second bit represents the ‘Don’t Fragment’ bit. When this bit is set then IP datagram is never fragmented, rather its thrown away if a requirement for fragment arises. The third bit represents the ‘More Fragment’ bit. If this bit is set then it represents a fragmented IP datagram that has more fragments after it. In case of last fragment of an IP datagram this bit is not set signifying that this is the last fragment of a particular IP datagram.

    Fragment offset(13 bits): In case of fragmented IP data grams, this field contains the offset( in terms of 8 bytes units) from the start of IP datagram. So again, this field is used in reassembly of fragmented IP datagrams.

    Time to live(8 bits) : This value represents number of hops that the IP datagram will go through before being discarded. The value of this field in the beginning is set to be around 32 or 64 (lets say) but at every hop over the network this field is decremented by one. When this field becomes zero, the data gram is discarded. So, we see that this field literally means the effective lifetime for a datagram on network.

    Protocol(8 bits) : This field represents the transport layer protocol that handed over data to IP layer. This field comes in handy when the data is demultiplex-ed at the destination as in that case IP would need to know which protocol to hand over the data to.

     Header Checksum(16 bits) : This fields represents a value that is calculated using an algorithm covering all the fields in header (assuming this very field to be zero). This value is calculated and stored in header when IP data gram is sent from source to destination and at the destination side this checksum is again calculated and verified against the checksum present in header. If the value is same then the datagram was not corrupted else its assumed that data gram was received corrupted. So this field is used to check the integrity of an IP datagram.

    Source and destination IP(32 bits each) : These fields store the source and destination address respectively. Since size of these fields is 32 bits each so an IP address os  maximum length of 32 bits can be used. So we see that this limits the number of IP addresses that can be used. To counter this problem, IP V6 has been introduced which increases this capacity.

    Options(Variable length) : This field represents a list of options that are active for a particular IP datagram. This is an optional field that could be or could not be present. If any option is present in the header then the first byte is represented as follows :

    copy flagoption classoption num

    In the description above, the ‘copy flag’ means that copy this option to all the fragments in case this IP datagram gets fragmented. The ‘option class’ represents the following values : 0 -> control, 1-> reserved, 2 -> debugging and measurement, and 3 -> reserved. Some of the options are given below :

    00end of option list
    01no operation
    03var.loose source routing
    09var.strict source routing
    07var.record route
    084stream id
    24var.INTERNET time stamp

    Data: This field contains the data from the protocol layer that has handed over the data to IP layer. Generally this data field contains the header and data of the transport layer protocols. Please note that each TCP/IP layer protocol attaches its own header at the beginning of the data it receives from other layers in case of source host and in case of destination host each protocol strips its own header and sends the rest of the data to the next layer.

    Ques What is the difference between a socket and a connection?

    Ans Socket connection implies two peer connected with each other,Protocol can be TCP or UDP.So connection does not specify type of connection.it is generic term for connection.

    When you say TCP connection it implies two nodes are connected using TCP protocol.

    Ques Name five of the six calls the TCP interface provides (to applications)

    Ans a ) Basic Data Transfer:

    The TCP is able to transfer a continuous stream of octets in each

    direction between its users by packaging some number of octets into

    segments for transmission through the internet system. In general,

    the TCPs decide when to block and forward data at their own


    Sometimes users need to be sure that all the data they have

    submitted to the TCP has been transmitted. For this purpose a push

    function is defined. To assure that data submitted to a TCP is

    actually transmitted the sending user indicates that it should be

    pushed through to the receiving user. A push causes the TCPs to

    promptly forward and deliver data up to that point to the receiver.

    The exact push point might not be visible to the receiving user and

    the push function does not supply a record boundary marker.

    b) Reliability:

    The TCP must recover from data that is damaged, lost, duplicated, or

    delivered out of order by the internet communication system. This

    is achieved by assigning a sequence number to each octet

    transmitted, and requiring a positive acknowledgment (ACK) from the

    receiving TCP. If the ACK is not received within a timeout

    interval, the data is retransmitted. At the receiver, the sequence

    numbers are used to correctly order segments that may be received

    out of order and to eliminate duplicates. Damage is handled by

    adding a checksum to each segment transmitted, checking it at the

    receiver, and discarding damaged segments.

    c) Flow Control:

    TCP provides a means for the receiver to govern the amount of data

    sent by the sender. This is achieved by returning a “window” with

    every ACK indicating a range of acceptable sequence numbers beyond

    the last segment successfully received. The window indicates an

    allowed number of octets that the sender may transmit before

    receiving further permission.

    d) Multiplexing:

    To allow for many processes within a single Host to use TCP

    communication facilities simultaneously, the TCP provides a set of

    addresses or ports within each host. Concatenated with the network

    and host addresses from the internet communication layer, this forms

    a socket. A pair of sockets uniquely identifies each connection.

    That is, a socket may be simultaneously used in multiple connections.

    e) Connections:

    The reliability and flow control mechanisms described above require

    that TCPs initialize and maintain certain status information for

    each data stream. The combination of this information, including

    sockets, sequence numbers, and window sizes, is called a connection.

    Each connection is uniquely specified by a pair of sockets

    identifying its two sides.

    Ques What are active and passive OPEN requests?


    Processes can issue passive OPENs and wait for matching active OPENs

    from other processes and be informed by the TCP when connections have

    been established. Two processes which issue active OPENs to each

    other at the same time will be correctly connected. This flexibility

    is critical for the support of distributed computing in which

    components act asynchronously with respect to each other.

    There are two principal cases for matching the sockets in the local

    passive OPENs and an foreign active OPENs. In the first case, the

    local passive OPENs has fully specified the foreign socket. In this

    case, the match must be exact. In the second case, the local passive

    OPENs has left the foreign socket unspecified. In this case, any

    foreign socket is acceptable as long as the local sockets match.

    Other possibilities include partially restricted matches.

    A passive OPEN request means that the process wants to accept incoming

    connection requests rather than attempting to initiate a connection.

    Often the process requesting a passive OPEN will accept a connection

    request from any caller. In this case a foreign socket of all zeros

    is used to denote an unspecified socket. Unspecified foreign sockets

    are allowed only on passive OPENs.

    A service process that wished to provide services for unknown other

    processes would issue a passive OPEN request with an unspecified

    foreign socket. Then a connection could be made with any process that

    requested a connection to this local socket. It would help if this

    local socket were known to be associated with this service.

    Ques Describe the three-way handshake.

    Ans The “three-way handshake” is the procedure used to establish a

    connection. This procedure normally is initiated by one TCP and

    responded to by another TCP. The procedure also works if two TCP

    simultaneously initiate the procedure. When simultaneous attempt

    occurs, each TCP receives a “SYN” segment which carries no

    acknowledgment after it has sent a “SYN”. Of course, the arrival of

    an old duplicate “SYN” segment can potentially make it appear, to the

    recipient, that a simultaneous connection initiation is in progress.

    Proper use of “reset” segments can disambiguate these cases.

    Several examples of connection initiation follow. Although these

    examples do not show connection synchronization using data-carrying

    segments, this is perfectly legitimate, so long as the receiving TCP

    doesn’t deliver the data to the user until it is clear the data is

    valid (i.e., the data must be buffered at the receiver until the

    connection reaches the ESTABLISHED state). The three-way handshake

    reduces the possibility of false connections. It is the

    implementation of a trade-off between memory and messages to provide

    information for this checking.

    The simplest three-way handshake is shown in figure 7 below. The

    figures should be interpreted in the following way. Each line is

    numbered for reference purposes. Right arrows (–>) indicate

    departure of a TCP segment from TCP A to TCP B, or arrival of a

    segment at B from A. Left arrows (<--), indicate the reverse.

    Ellipsis (…) indicates a segment which is still in the network

    (delayed). An “XXX” indicates a segment which is lost or rejected.

    Comments appear in parentheses. TCP states represent the state AFTER

    the departure or arrival of the segment (whose contents are shown in

    the center of each line). Segment contents are shown in abbreviated

    form, with sequence number, control flags, and ACK field. Other

    fields such as window, addresses, lengths, and text have been left out

    in the interest of clarity.







    Basic 3-Way Handshake for Connection Synchronization

    Figure 7.

    In line 2 of figure 7, TCP A begins by sending a SYN segment

    indicating that it will use sequence numbers starting with sequence

    number 100. In line 3, TCP B sends a SYN and acknowledges the SYN it

    received from TCP A. Note that the acknowledgment field indicates TCP

    B is now expecting to hear sequence 101, acknowledging the SYN which

    occupied sequence 100.

    At line 4, TCP A responds with an empty segment containing an ACK for

    TCP B’s SYN; and in line 5, TCP A sends some data. Note that the

    sequence number of the segment in line 5 is the same as in line 4

    because the ACK does not occupy sequence number space (if it did, we

    would wind up ACKing ACK’s!).

    Simultaneous initiation is only slightly more complex, as is shown in

    figure 8. Each TCP cycles from CLOSED to SYN-SENT to SYN-RECEIVED to




    2. SYN-SENT –>

    3. SYN-RECEIVED <-- <-- SYN-SENT

    4. … –> SYN-RECEIVED

    5. SYN-RECEIVED –>


    7. … –> ESTABLISHED

    Simultaneous Connection Synchronization

    Figure 8.

    The principle reason for the three-way handshake is to prevent old

    duplicate connection initiations from causing confusion. To deal with

    this, a special control message, reset, has been devised. If the

    receiving TCP is in a non-synchronized state (i.e., SYN-SENT,

    SYN-RECEIVED), it returns to LISTEN on receiving an acceptable reset.

    If the TCP is in one of the synchronized states (ESTABLISHED,


    aborts the connection and informs its user. We discuss this latter

    case under “half-open” connections below.

    Ques First googlenetstatand understand what it is. At a workstation, open some web pages and then at a command prompt type:

    netstat -a.

    Ans Displays protocol statistics and current TCP/IP network connections.

    -aDisplays all connections and listening ports. (Server-side connections are normally not shown).

    Ques Identify the ports your machine is listening on and the state of the various connections it is holding

    Ans Find the screenshot of the port and state of the connection it is holding

Click following link to download this document


To view and download a complete answer, scroll down to the bottom to pay Pay to view

Would you like your assignment done free from plagiarism by an expert? Place your order now and it shall be done within the time frame you indicate.