Application Layer

Question 1

What are the downsides of using Telnet? What’s the solution to these problems?

Answer 1

Telnet has transmits user credentials in the open and has no server authentication. The solution is to use SSH.

Question 2

Why is SSH used?

Answer 2

SSH solves the problems of Telnet, namely server authentication and cyber security. The first layer of SSH is the connection layer. Here, file transfer and TCP forwarding takes place. The second layer is the authentication layer where password and public-key authentication takes place. The last layer is the connection layer. Key exchange and server authentication take place in this layer.

Question 3

Discuss HTTP

Answer 3

HTTP support client-server communication with a request/response protocol. It is connectionless, stateless and has no notion of session. It operates over TCP. Clients can retrieve HTML files from web servers at a specified URI.

Question 4

How can we improve HTTP 1.0?

Answer 4

HTTP retrieves HTML files with embedded objects from web servers. Since it operates over TCP, a new TCP connection is made for every new embedded object. However, TCP has a costly setup for new connections, making the process inefficient. The TCP congestion algorithm also slowly increases speed, meaning that the transfer rate of new connections is slower.
The solution to this problem is to have a persistent TCP connection for all the embedded objects that were requested. It can even improve further, by pipelining different embedded objects in the same persistent connection.
Another improvement for HTTP in general is using caches. Recent request are getting stored in a cache so that the client doesn’t need to download the same request every single time.

Question 5

Discuss FTP

Answer 5

FTP is designed to transfer files and navigate directory listings. It uses two TCP ports: one for a control connection and one for the actual data trasnfer. This way we have a simple control flow by using commands whilst being able to download at the same time. A TCP connection is used because we don’t want to chop the big transfers in little pieces. We also want ordering and we don’t want to overwhelm the local connection.

Question 6

Discuss the different mail protocols

Answer 6

Post Office Protocol: Unsynchronized, download messages from server to 1 device. After downloading, the messages get removed from the server. Therefore it’s not possible to get your mail on different devices.
IMAP: Synchronized, the mail server is copied locally to the client device, causing higher overhead. When something changes on the server it also changes on the client device.
Web-mail: No synchronization, because everything is stored on the server making this a lightweight protocol. It does require a consistent Internet connection
SMTP: Three phases, namely handshaking, transfer and closure. SMTP uses TCP because we want reliability and ordering.

Question 7

Discuss the different mail protocols

Answer 7

Post Office Protocol: Unsynchronized, download messages from server to 1 device. After downloading, the messages get removed from the server. Therefore it’s not possible to get your mail on different devices.
IMAP: Synchronized, the mail server is copied locally to the client device, causing higher overhead. When something changes on the server it also changes on the client device.
Web-mail: No synchronization, because everything is stored on the server making this a lightweight protocol. It does require a consistent Internet connection
SMTP: Three phases, namely handshaking, transfer and closure. SMTP uses TCP because we want reliability and ordering.

Question 8

What is DHCP?

Answer 8

The Dynamic Host Configuration Protocol provides automated leasing of IP addresses. It uses UDP because we have to broadcast a discovery message on the local network. Short leases improve the allocation of addresses, while long leases reduce the load on the DHCP server.

Question 9

How does a client obtain a new IP address using DHCP?

Answer 9

The client broadcasts a DHCPDISCOVER message on the local network. Different DHCP servers respond to the broadcast message with a DHCPOFFER by using the MAC layer entry created by the client when sending the DHCPDISCOVER message. The client picks the best offer and sends a DHCPREQUEST message to the corresponding DHCP server. When the server responds with a DHCPACK message, the lease begins. When 50% of the lease has expired, it has to be renewed. When the client sends a DHCPRELEASE or receives a DHCPNACK message, the lease is released. To avoid multiple clients using the same IP address, duplicate address detection is used. The offered IP address is translated to a MAC address. If this address is already in use, the client sends a DHCPDECLINE message.

Question 10

Discuss DNS. How does the protocol work?

Answer 10

The Domain Name System maps IP addresses to human-readable names. It does so by using a hierarchical system. This reduces complexity, enables distribution and reduces bottlenecks.
An originator sends a query to a local name server, requesting the IP address of a certain URI (recursive part). The local name server searches the DNS tree to find the URI, starting at the root name server (iterative part). All intermediate results in the tree are stored in a cache to improve performance.

Question 11

Why is UDP used in the DNS protocol instead of TCP?

Answer 11

A DNS lookup is a single packet interaction. If we would use TCP, multiple lookups require a new connection per packter resulting in high setup costs and overhead. Multiple machines can be mapped to the same IP address (e.g. the root name server) to provide redundancy and load balancing. When we want to do a lookup, anycast is used to choose one of the machines mapped behind the IP address to answer the query. TCP doesn’t support anycast, UDP does.

Question 12

Why is UDP used in the DNS protocol instead of TCP?

Answer 12

A DNS lookup is a single packet interaction. If we would use TCP, multiple lookups require a new connection per packter resulting in high setup costs and overhead. Multiple machines can be mapped to the same IP address (e.g. the root name server) to provide redundancy and load balancing. When we want to do a lookup, anycast is used to choose one of the machines mapped behind the IP address to answer the query. TCP doesn’t support anycast, UDP does.

Question 13

When do we use UDP and when do we use TCP?

Answer 13

UDP: Broadcast when receiver address unknown. Using multicast and anycast. When the connections are short-lived or when the data consists of 1 packet.

TCP: Ordering, reliability, congestion and flow control. When the data consists of large files.

Question 14

Discuss Napster

Answer 14

Napster was a large-scale download service with only 1 server and a few high bandwidth connections. Napster peers upload a list of files that they offered to the central Napster server. Other peers can request files to the Napster server. It returns a list of all the peers that offer the requested files. The peer can send a file request to one of the peers from the list. After receiving the files the Napster server index needs to be updated, because now there is an extra peer offering these files.

Question 15

What are problems of the Napster system?

Answer 15

Napster isn’t resilient. It has 1 point of failure, the Napster server. If this server crashes, the entire system won’t work anymore untill the server is fixed. Another problem has to do with privacy. When the server sends the list of peers offering certain files, their credentials are sent over a TCP connection. Lastly, there aren’t enough usable IP addresses for this system.

Question 16

Why is it important to minimize message passing on application-level overlays?

Answer 16

On the application level, the route consists of simple hops. However, every hop on the application level can consist of several hops at the network layer (by hopping between different networks). By minimizing the message passing, the overhead is also minimized.

Question 17

What’s the difference between Napster and Gnutella 0.4?

Answer 17

Gnutella 0.4 is an unstructured, decentralised overlay network on top of TCP/IP. Unstructured means that there is no logic involved in placing a new node in the existing network. Its locating will be random. Decentralised means that there is no central node/server (unlike Napster).

Question 18

How does a new node connect to an existing Gnutella 0.4 network?

Answer 18

The new peer makes a transient connection with an initial peer. This peer floods the Gnutella network with a PING message. Other peers that are available for a new connection respond with a PONG message and their connection details. To avoid infinite loops caused by the flooding, sequence numbers are added to the PING messages. Every node has a cache with sequence numbers of PING messages that passed that node. When a PING arrives at a node with a sequence number that’s already in the cache, the PING message is discarded. We also need a TTL value for every PING message, to limit how far it will go across the network.

Question 19

How can a peer obtain certain files in a Gnutella 0.4 network?

Answer 19

The peer floods the network with a QUERY message. If another peer can satisfy this query, it responds with a QUERYHIT message containing the network address and port for HTTP file-transfer. This data reaches the requesting peer by using reversed path forwarding. Each peer stores the sequence number of a QUERY message and the previous hop of this message in its cache. If the peer that sent that QUERYHIT message is behind a firewall, a direct download via HTTP won’t work. The requesting peer must send a PUSH message with information about the requested file to the target peer. When a peer receives a PUSH message, it establishes the HTTP connection.

Question 20

Discuss the Search Horizon and how it’s solved.

Answer 20

The Search Horizon is a scalability problem in Gnutella 0.4. The propagation of query messages is limited by a TTL value. When this value is too high and there are too many open connections per peer, the data unleashed for simple searches in the network is enormous. Gnutella 0.6 solves this problem. There are two types of peers: ultra-peers and leaf-nodes. Only ultra peers participate in the peer discovery. It contains a list of all the files of the leaf-nodes that are connected to that ultra-peer.

Question 21

What are the downsides of Gnutella 0.6?

Answer 21

Gnutella 0.6 is more centralized and less resilient than Gnutella 0.4. Also, bad people can put their own ultra-peers in the network which enables them to monitor the traffic in the network. There is also less privacy for the leaf-nodes since their information is listed in their corresponding ultra-peer.

Question 22

Discuss BitTorrent

Answer 22

If you want to download certain files with BitTorrent, you first need the corresponding torrent files. These files contain connection details of trackers. A tracker contains the addresses of peers downloading the same file you want. The file is split into multiple chunks. Peers with all chunks of the file are seeders. By using the tracker, peers can download and upload different chunks. The more you upload, the more connections you’ll make with other peers which increases your own download speed.

Question 23

Discuss TOR

Answer 23

When a client wants to send a message to a certain router, it has to follow a path through the network. In onion routing, this path is random every single time. The initial message is secured with multiple layers of encryption. At every hop, a layer of encryption is removed to reveal the next-hop routing instructions. Every onion router has a public key. When the route through the network is established, the message is backwards encrypted. The first layer of encryption corresponds to the key of the last onion router, then the second to last router,…

Question 24

Which places in a TOR circuits contain information leaks?

Answer 24

The entry knows who you are and at what time you sent the message. The exit node knows what message you wanted to send to the server. Therefore, at least three relays are required to acquire good privacy.