Derek Mata
ECE 5590-01
Spring 2022
Assignment 2
1. Overall chapter questions:
a. What is the difference between network architecture and application architecture
Network architecture refers to the communication layering throughout a network.
For example, the 5 layers of the TCP/IP model. Application architecture refers to
application design and the top-level design of how it will work over a network. As
discussed in lecture, this would refer to the client-server model or the P2P model.
b. Recall that TCP can be enhanced with SSL to provide process-to-process
security services, including encryption. Does SSL operate at the transport layer
or the application layer?
SSL operates between the application layer and transport layer in the TCP/IP
reference model. If we reference the OSI model, we can see that this refers to
the security/encryption of the data transfer. From Chapter 1, we saw that
encryption, compression, and more revolved around the presentation layer (layer
6). Thus, if we use this ideology of the presentation layer using the OSI model,
we can say that in the TCP/IP model SSL lands in the presentation layer. This is
because the TCP/IP model’s application layer (5) encapsulates layers 5 through
7 of the OSI model (session, presentation, application).
c. Why do HTTP, SMTP, and POP3 run on top of TCP rather than on UDP?
HTTP, SMTP, and POP3 are email related protocols. Due to this, data loss is not
acceptable. TCP is a reliable transportation protocol and provides error
checking. UDP is an unreliable transportation protocol, and does not provide
error checking. Therefore, TCP is the best transport protocol for this operation.
d. Describe how Web caching can reduce the delay in receiving a requested object.
Will Web caching reduce the delay for all objects requested by a user or for only
some of the objects?
Web caching to a proxy server can help reduce delay within a network. A proxy
server acts as a middle man between a client and a web server. If a client
creates an HTTP request, the proxy will first check if it has the requested HTTP
objects within its cache. If the objects are not within its cache, the proxy will
retrieve the objects from the web server the client originally requested the objects
from. The proxy will then cache the object from the web server’s HTTP response
and relay the object to the client. Therefore, the next client can retrieve the same
object directly from the proxy server. This greatly reduces transmission delays,
especially if the proxy server is local to the network.
Web caching will reduce the delay for some objects requested by clients. As
stated previously, it can only give clients the objects within its cache. Otherwise
the proxy will have to retrieve the objects from the web server the client
requested from originally. This slightly increases the delay since the proxy will
add some additional nodal processing delay and potentially queuing delay.
e. In BitTorrent, suppose Alice provides chunks to Bob throughout a 30-second
interval. Will Bob necessarily return the favor and provide chunks to Alice in this
same interval? Explain your answer.
Bob will NOT necessarily return the favor to Alice. In BitTorrent, Alice will send
chunks to the 4 peers that are currently sending her chunks at the highest rate.
In this case, Alice does not send other peers chunks. This means if Bob is not
within Alice’s top 4 list, then he will not receive chunks from her. Though Alice
will re-evaluate her top 4 list every 10 seconds, Bob may never reach that list,
and therefore will not receive any chunks from her. Also, since this is only a
30-second interval, it could be possible that Bob will not be randomly selected as
Alice’s peer.
f.
UDP servers need only one socket, whereas the TCP server needed two
sockets. Why? If the TCP server were to support N simultaneous connections,
each from a different client host, how many sockets would the TCP server need?
UDP only requires 1 socket because it does not have a handshaking routine. It
does not need to “accept” a connection, therefore, there is no need for more than
1 socket. It just sends/receives packets without any care of the source or
destination.
TCP requires 2 sockets because there is a handshaking routine. The TCP
protocol needs to always be listening on 1 socket to track which clients it will
need to start a handshake with. This is because the TCP protocol handshake
starts with the client SYN packet. This then is followed by the TCP server
sending the client a SYN-ACK packet. Finally, the ACK packet from the client.
The second socket is the socket in which the server will send data back to the
client. This will also help keep track of specific states within the TCP connection
such as packet number, window size, and client IP and port number.
A TCP server would need N+1 sockets to support N different client hosts. This is
because the client hosts will all start their connection by connecting to the
listening socket of the TCP server. Then, the TCP server will have to create N
connection sockets (1 for each client).
2. The text below shows the reply sent from the server in response to an HTTP GET
message. Answer the following questions, indicating where in the message below you
find the answer.
a. Was the server able to successfully find the document or not? What time was
the document reply provided?
The server was able to successfully find the document because it had a response
code of 200 OK. The reply occurred on Tuesday, March 7, 2008 at 12:39:45
GMT.
b. When was the document last modified?
This document was last modified on Saturday, December 10, 2005 at 18:27:46
GMT.
c. How many bytes are there in the document being returned?
The content length is 3874 bytes/octets
d. What are the first 5 bytes of the document being returned? Did the server agree
to a persistent connection?
The first 5 bytes of the document being returned is <!doc. Since the request is
sent using HTTP 1.1, all connections are considered persistent by default, unless
stated otherwise. The Connection type Keep-Alive also further emphasizes the
persistent connection.
3. In an institutional network connected to the Internet at a transmission rate of
15Mbits/sec, suppose that the average object size is 850,000 bits and that the average
request rate from the institution’s browsers to the origin server is 16 requests/sec. Also
suppose that the amount of time it takes from when the router on the Internet side of the
access link forwards an HTTP request until it receives the response is 3 seconds on
average. Model the total average response time as the sum of the average access
delay (that is, the delay from the Internet router to institution router) and the average
Internet delay. For the average access delay, use delta / (1-delta*beta) where delta =
average time required to send an object over the access link, and beta = the arrival rate
of objects to the access link.
a. Find the total average response time.
850,000 𝑏𝑖𝑡𝑠
𝑑𝑒𝑙𝑡𝑎 = 𝑎𝑣𝑔 𝑡𝑖𝑚𝑒 𝑡𝑜 𝑠𝑒𝑛𝑑 𝑜𝑏𝑗𝑒𝑐𝑡 𝑜𝑣𝑒𝑟 𝑎𝑐𝑐𝑒𝑠𝑠 𝑙𝑖𝑛𝑘 = 15,000,000 𝑏𝑝𝑠 = 0. 056667 𝑠𝑒𝑐𝑜𝑛𝑑𝑠
𝑟𝑒𝑞𝑢𝑒𝑠𝑡𝑠
𝑏𝑒𝑡𝑎 = 𝑎𝑟𝑟𝑖𝑣𝑎𝑙 𝑟𝑎𝑡𝑒 𝑜𝑓 𝑜𝑏𝑗𝑒𝑐𝑡𝑠 𝑡𝑜 𝑡ℎ𝑒 𝑎𝑐𝑐𝑒𝑠𝑠 𝑙𝑖𝑛𝑘 = 16 𝑠𝑒𝑐𝑜𝑛𝑑
𝑑𝑒𝑙𝑡𝑎
𝑎𝑣𝑔 𝑎𝑐𝑐𝑒𝑠𝑠 𝑑𝑒𝑙𝑎𝑦 = (1−𝑑𝑒𝑙𝑡𝑎*𝑏𝑒𝑡𝑎) =
0.056667𝑠𝑒𝑐
𝑟𝑒𝑞
1−(0.056667𝑠𝑒𝑐 * 16 𝑠𝑒𝑐 )
= 0. 607𝑠𝑒𝑐
𝑡𝑡𝑜𝑡𝑎𝑙 𝑟𝑒𝑠𝑝𝑜𝑛𝑠𝑒 = 𝑎𝑣𝑔 𝑎𝑐𝑐𝑒𝑠𝑠 𝑑𝑒𝑙𝑎𝑦 + 𝑎𝑣𝑔 𝑖𝑛𝑡𝑒𝑟𝑛𝑒𝑡 𝑑𝑒𝑙𝑎𝑦 = 0. 607𝑠𝑒𝑐 + 3𝑠𝑒𝑐 = 3. 607 𝑠𝑒𝑐
b. Now suppose a cache is installed in the institutional LAN. Suppose the miss rate
is 0.4. Find the total response time.
𝑟𝑒𝑞𝑢𝑒𝑠𝑡𝑠
𝑟𝑒𝑞𝑢𝑒𝑠𝑡𝑠
𝑏𝑒𝑡𝑎𝑤𝑖𝑡ℎ 𝑐𝑎𝑐ℎ𝑒 = 𝑎𝑟𝑟𝑖𝑣𝑎𝑙 𝑟𝑎𝑡𝑒 𝑜𝑓 𝑜𝑏𝑗𝑒𝑐𝑡𝑠 𝑡𝑜 𝑡ℎ𝑒 𝑎𝑐𝑐𝑒𝑠𝑠 𝑙𝑖𝑛𝑘 = 16 𝑠𝑒𝑐𝑜𝑛𝑑 * 0. 4 = 6. 4 𝑠𝑒𝑐𝑜𝑛𝑑
𝑑𝑒𝑙𝑡𝑎
𝑎𝑣𝑔 𝑎𝑐𝑐𝑒𝑠𝑠 𝑑𝑒𝑙𝑎𝑦 = (1−𝑑𝑒𝑙𝑡𝑎*𝑏𝑒𝑡𝑎) =
0.056667𝑠𝑒𝑐
𝑟𝑒𝑞
1−(0.056667𝑠𝑒𝑐 * 6.4 𝑠𝑒𝑐 )
= 0. 0889𝑠𝑒𝑐
𝑡𝑡𝑜𝑡𝑎𝑙 𝑟𝑒𝑠𝑝𝑜𝑛𝑠𝑒 = 𝑎𝑣𝑔 𝑎𝑐𝑐𝑒𝑠𝑠 𝑑𝑒𝑙𝑎𝑦 + 𝑎𝑣𝑔 𝑖𝑛𝑡𝑒𝑟𝑛𝑒𝑡 𝑑𝑒𝑙𝑎𝑦 = 0. 0889𝑠𝑒𝑐 + 3𝑠𝑒𝑐 = 3. 0889 𝑠𝑒𝑐
4. Finish the following Wireshark labs:
1. nslookup:
a. Run nslookup to obtain the IP address of a Web server in Asia. What is the IP
address of that server?
C:\Users\derek> nslookup mixi.jp
Server: rns01.charter.com
Address: 71.10.216.1
Non-authoritative answer:
Name: mixi.jp
Addresses: 52.196.165.19
52.69.201.150
b. Run nslookup to determine the authoritative DNS servers for a university in
Europe.
C:\Users\derek> nslookup -type=NS cam.ac.uk
Server: rns01.charter.com
Address: 71.10.216.1
Non-authoritative answer:
cam.ac.uk
nameserver = dns0.cl.cam.ac.uk
cam.ac.uk
nameserver = ns1.mythic-beasts.com
cam.ac.uk
nameserver = ns3.mythic-beasts.com
cam.ac.uk
nameserver = auth0.dns.cam.ac.uk
cam.ac.uk
nameserver = dns0.eng.cam.ac.uk
cam.ac.uk
nameserver = ns2.ic.ac.uk
c. Run nslookup so that one of the DNS servers obtained in Question 2 is queried
for the mail servers for Yahoo! mail. What is its IP address?
C:\Users\derek>nslookup mail.yahoo.com ns2.ic.ac.uk
Server: ns2.ic.ac.uk
Address: 155.198.142.82
*** ns2.ic.ac.uk can't find mail.yahoo.com: Query refused
All DNS servers refused the query request
2. ipconfig:
ipconfig /displaydns results:
ipconfig /flushdns results:
3. Tracing DNS with Wireshark:
a. Clear DNS cache with ipconfig
b. Empty browser cache
c. Set up Wireshark to only display captured packets with your IP address (found
using ipconfig)
d. Locate the DNS query and response messages. Are they sent over UDP or
TCP?
Both the query and response messages are send via UDP
e. What is the destination port for the DNS query message? What is the source
port of DNS response message?
Using the image above and from the previous problem we can see that:
- Destination Port for Query = 53
- Source Port for Reponse = 53
f.
To what IP address is the DNS query message sent? Use ipconfig to determine
the IP address of your local DNS server. Are these 2 IP addresses the same?
The DNS query message was sent to 134.71.71.71. The local DNS servers have
IP addresses of 134.71.71.71, 134.71.71.72, and 134.71.71.73. This was found
using the ipconfig /all command in the windows command line, as seen above.
Therefore, one of the local DNS servers on CPP’s campus was queried.
g. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
Looking through the packet analysis provided by Wireshark, we can see that the
query message did NOT contain any answers and is a type A query.
h. Examine the DNS response message. How many “answers” are provided?
What do each of these answers contain?
The DNS response provided 3 answers. 1 CNAME response for the canonical
hostname to true DNS hostname. 2 Type A replies for the CNAME response
DNS hostname to its IP address.
i.
Consider the subsequent TCP SYN packet sent by your host. Does the
destination IP address of the SYN packet correspond to any of the IP addresses
provided in the DNS response message?
We can see that the TCP SYN packet following the DNS response contains the
IP address of one of the type A replies ( 104.16.44.99).
j.
This webpage contains images. Before retrieving each image, does your host
issue new DNS queries?
Yes, the host does issue new DNS queries for each image. We can see here the
images are saved at a few different servers, thus requiring a hostname
translation.
Now, let’s play nslookup:
k. What is the destination port for the DNS query message? What is the source
port of DNS response message?
Destination port for Query = 53
Source port for Response = 53
l.
To what IP address is the DNS query message sent? Is this the IP address of
your default local DNS server?
The DNS query message is sent to 134.71.71.71 which as seen before is one of
the default local DNS servers.
m. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
We can see in this DNS query that the type is A and does NOT contain any
answers.
n. Examine the DNS response message. How many “answers” are provided?
What do each of these answers contain?
We can see in this screenshot only 1 answer is provided which contains the IP
address of the hostname mit.edu.
Now repeat, the previous experiment, but use the nslookup -type=NS mit.edu command:
o. To what IP address is the DNS query message sent? Is this the IP address of
your default local DNS server?
The IP address of the DNS query is 134.71.71.71 which is the default local DNS
server as seen before.
p. Examine the DNS query message. What “Type” of DNS query is it? Does the
DNS query message contain any “answers”?
We can see here that the DNS query an NS type and does not contain any
answers.
q. Examine the DNS response message. What MIT nameservers does the
response message provide? Does this response message also provide the IP
addresses of the MIT namesers?
The DNS response provided 8 different nameservers as seen above, but the
response does NOT provide the IP addresses of them, only the hostname.
Now repeat the previous experiment, but with the nslookup www.aiit.or.kr bitsy.mit.edu
command:
Used the .zip file provided by gaia.cs.umass.edu since not able to fill request
r.
To what IP address is the DNS query message sent? Is this the IP address of
your default local DNS server? If not, what does the IP address correspond to?
The IP address of the query message destination is 18.71.0.3 which would not
match the default local DNS server. In our nslookup command, we specified our
DNS of choice: bitsy.mit.edu. Therefore, this would match that DNS server.
s. Examine the DNS query message. What “Type” of DNS query is it? Does the
query message contain any “answers”?
We can see here that the DNS query type is A, and it does NOT contain any
answers.
t.
Examine the DNS response message. How many “answers” are provided?
What does each of these answers contain?
We can see here there were 5 total answers provided. 2 answers were of type
NS which provided the authoritative name server hostnames of the www.aiit.or.kr
hostname. Another 2 answers were provided of type A which resolved the NS
hostnames provided. Finally, another type A response gave the final IP of
originally request www.aiit.or.kr hostname.
4. The Basic HTTP GET/response interaction:
a. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the
server running?
We can see here both are running HTTP 1.1 because the client requested
version is HTTP 1.1 and the server response version is HTTP 1.1.
b. What languages (if any) does your browser indicate that it can accept to the
server?
The accepted languages from the browser are US-english and general english.
c. What is the IP address of your computer? Of the gia.cs.umass.edu server?
The IP address of my computer is 10.110.214.214 and the IP address of
gia.cs.umass.edu 128.119.245.12
d. What is the status code returned from the server to your browser?
The server returned the status code of 200 OK.
e. When was the HTML file that you are retrieving last modified at the server?
This file was last modified on February 28, 2022 at 6:59:01 GMT.
f.
How many bytes of content are being returned to your browser?
There are 128 bytes of data being returned to the client.
g. By inspecting the raw data in the packet content window, do you see any headers
within the data that are not displayed in the packet-listing window? If so, name
one.
The raw data shows the layer 2 and 3 headers before the HTTP packet header
and data.
5. The HTTP CONDITIONAL GET/response interaction:
a. Inspect the contents of the first HTTP GET request from your browser to the
server. Do you see an “IF-MODIFIED-SINCE” line in the HTTP GET?
We can see in the first HTTP request that there is no “IF-MODIFIED-SINCE”
statement.
b. Inspect the contents of the server response. Did the server explicitly return the
contents of the file? How can you tell?
We can see here that the html file contents were explicitly delivered to the client
in the first HTTP GET request.
c. Now inspect the contents of the second HTTP GET request from your browser to
the server. Do you see an “IF-MODIFIED-SINCE:” header?
Here we can see in the second HTTP GET request there is an If-Modified-Since
statement within the HTTP header.
d. What is the HTTP status code and phrase returned from the server in response
to this second HTTP GET? Did the server explicitly return the contents of the
file? Explain.
The HTTP response to the second HTTP GET request has a status code of 304
Not Modified. Therefore, the server did not explicitly return the contents of the
HTML file. The server replied only with a header and no payload. This lets the
user or proxy know that the version they have in memory is the most up to date
version of the file.
6. Retrieving Long Documents:
a. How many HTTP GET request messages did your browser send? Which packet
number in the trace contains the GET message for the Bill of Rights?
My browser only sent 1 HTTP GET request message and it was the first packet
within the trace.
b. Which packet number in the trace contains the status code and phrase
associated with the response to the HTTP GET request?
The TCP segment with the HTTP response contains the status code and phrase.
c. What is the status code and phrase in the response?
The response contains the code and description of 200 OK.
d. How many data-containing TCP segments were needed to carry the single HTTP
response and the text of the Bill of Rights?
There were 2 total TCP segments that carried the single HTTP response and the
text of the Bill of Rights.
7. HTML Documents with Embedded Objects:
a. How many HTTP GET request messages did your browser send? To which
Internet address were these GET requests sent?
In the figure above, we can see that the browser sent 3 HTTP GET request
messages. The IP addresses are:
- HTML Code → 128.119.245.12
- Pearson image → 128.119.245.12
- Book cover image → 178.79.137.164
b. Can you tell whether your browser downloaded the 2 images serially, or whether
they were downloaded from the 2 websites in parallel? Explain.
Looking at the figure above, we can see that the 2 images were most likely
downloaded in serial. This is because we can see the 2 GET requests were not
one after the other. The sequence is pearson image GET, pearson image reply,
book cover GET, book cover reply. Also, the packet numbers are far apart from
one another which most likely indicates they were downloaded serially.
8. HTTP Authentication:
a. What is the server’s response (status code and phrase) in response to the initial
HTTP GET message from your browser?
Looking at the figure above, we can see the initial response status code and
phrase from the HTTP GET message was 401 Unauthorized
b. When your browser sends the HTTP GET message for the second time, what
new field is included in the HTTP GET message?
After entering the provided credentials into our browser, we can see the second
HTTP GET message adds the additional Authorization Credentials field. This
provides the Base64 encoding of our username and password we entered in our
browser. It also adds the Cache-Control field.