DNS, TCP and UDP (w4-5)

Question 1

what does heirarchy tell us about the address name (DNS)

Answer 1

Heirarchy tells you who issued the name, not where the address is located physically

Question 2

gTLD and ccTLD stand for? examples?

Answer 2

generic Top Level Domain and country-code Top Level Domain

gtld: .com, .net…
cctld: .nz, .au…

Question 3

Secondary Level Domain includes which type of address?

Answer 3

.co.nz, .org.nz, whitehouse.gov …

Question 4

What server is above the TLD servers? how many instances of them are there?
how many pre-defined IP addresses are there?

Answer 4

Root Servers. roughly 1400 Root servers, widely distributed. 13 pre-defined addresses

Question 5

which command would you use to look up an IP address of an named address eg www.waikato.cms.ac.nz?
why is it an iterative look up

Answer 5

dig command. it is iterative, as we have to work our way down through the DNS resolver servers, starting from the root server.

Question 6

do DNS resolvers have to go through the iterative look-up every time someone wants to use an address?

Answer 6

DNS resolvers keep a cache of recently looked up records. The lenght of time each entry is kept for is defined by a person and varies from minutes to days

Question 7

when looking up a name with DNS, what happens if the first name server does not respond?

Answer 7

when looking up a name, the reply will often contain multiple other name servers, so if the first does not respond, the resolver can try one of the others

Question 8

What are the 4 basic contents of a UDP packet?

Answer 8

Src and Dest Port, UDP Length and a checksum

Question 9

when sending a Datagram packet, what are the 4 parameters you will need to fill out

Answer 9

ip, port, byte array and length of data (not lenght of array)

Question 10

How would you recieve a datagram packet?

4lines of code

Answer 10

DatagramSocket ds = new DatagramSocket();

byte[] buf = new byte[65535];

DatagramPacket dp = new
DatagramPacket(buf, 65535);

ds.recv(dp)

Question 11

To echo back a datagram packet (as a server) you use the method .getSocketAddress() to get what information about the sender

Answer 11

returns the senders InetAddress and senders port in a single object

Question 12

Why would you predominantly use UDP for DNS lookups?

Answer 12

since DNS lookups preceed nearly every interaction, we need the fastest method possible, TCP = slower

Question 13

where is TCP implemented in? the operating system, or application software? Do sockets use UDP or TCP?

Answer 13

TCP is implemented in the operating system kernel, sockets use TCP

Question 14

Which part of the osi model is TCP?

Answer 14

Transport layer

Question 15

Is TCP reliable? why? is it half duplex?

Answer 15

lost messages are re-transmitted in TCP, and use a weak checksum to protect the messages. It is full duplex, so client and server can send messages simultaneously

Question 16

Why might a tcp connection have two ports?

Answer 16

Allows client to have multiple connections with the server, meaning it can for example fetch the html and an image resource at the same time.

Question 17

What is the sequence number in a TCP frame. why is this needed?

Answer 17

it is the position in the series of frames that the particular frame belongs to. Needed to order the frames correctly by the receiver

Question 18

What is the ack number sent by the reciever? TCP

Answer 18

It acknowledges the previously sent data cumulatively, while advising the sender on which byte the receiver expects next

Question 19

Explain why random initial sequence numbers are sent in the three way TCP handshake?

Answer 19

security, reduces chance third party can impersonate one of the two parties
if system reboots, reduces chance that old packets will interfere with new connection

Question 20

if a server sends rst-ack after client sends syn, what could this mean?

Answer 20

• The requested port is not open
• there is a backlog of pending connections
• theres is a firewall between the client and server that is blocking access

Question 21

Which part of TCP detects corruption

Answer 21

the checksum can detect corruption

Question 22

does the reciever tell the sender that it is missing packets, or if a packet was corrupted? TCP

Answer 22

No, the sender can infer this when an ack is not received before a time-out occurs.

Question 23

In TCP, how is packet loss detected? 2 ways

Answer 23

No ack is received before timeout occurs, or, multiple duplicate acks are received

Question 24

TCP assumes that if a packet was lost, the network is experiencing congestion, how does this explain why the receiver does not simply tell the sender when a packet is lost?

Answer 24

the theory is that sending such a packet into an already congested network only adds to the congestion problem.

Question 25

when receiver gets a SYN request, what must he do and what systems are taxed because of this? The receiver is then vulnerable to which attack?

Answer 25

Receiver searches table of existing connections (CPU taxing) then allocate a record (Memory taxing). This leaves the receiver vulnerable to SYN flooding. Syn flooding means the system is so caught up on these spoof SYN requests, it is unable to accept genuine requests.

Question 26

How are Checksums calculated. are they strong methods of detecting corruption?

Answer 26

fold 32 bit value into a 16 bit value, then negate the binary values. Very weak method of checking corruption

Question 27

Explain how a tcp connection is ended.

Answer 27

A sends a FIN bit to B, telling B that A has nothing more to send. Connection now half-closed. Eventually, B sends its own FIN bit to signal it is also finished. FIN bits are acknowledged with an ACK

Question 28

if server sends 200 bytes of data, in 50byte chuncks, but client receives only 150 bytes of data, what does client ack? and what does server send back?

Answer 28

Client sends 150 ack. Server then knows client has everything up to byte 150, and resends byte 150-200.

Question 29

the sender is required to decide when data is lost when to retransmit. how do they decide this?

Answer 29

Operating systems keep track of how long previous data took to be acknowledged

Question 30

Since TCP is a stream based protocol, what does this mean in terms of how the client sees the incoming data.

Answer 30

Client does not know how large the incoming packets are, rather only sending a ack pack once a certain amount of bytes has been sent.

Question 31

in terms of RTT round trip time, which is considered more important: the most recent measurement or prior estimations?

Answer 31

The most recent measurement is the most important, which is acknowledged by using weighting when calculating the RTT

Question 32

what is RTO?

Answer 32

Retransmission time-out

Question 33

Estimated RTT = ?

Answer 33

(1 - a)CurrentEstimatedRTT + aNewRTT. Where a = 0.125 (usually) and NewRTT is the latest RTT

Question 34

DevRTT = ? (Delay Variation)

Answer 34

(1 - b)CurrentDevRTT + b|NewRTT - EstimatedRTT| where b = 0.25 and newRTT is the latest RTT

Question 35

then RTO = ?

Answer 35

EstimatedRTT + 4*DevRTT

Question 36

What is a slow start?

Answer 36

at the start of a tcp, the two hosts have no reliable measure of available capacity, so starting with one sending out one packet, they introduce two packets for each packet that is acknowledged. process continues until data is lost

Question 37

What happens when the ssthresh (slow start threshold) is encountered?

Answer 37

congestion avoidance starts, which increases the rate of transmission by one data unit per RTT.

Question 38

if congestion is encountered at 16 data bits per RTT, what happens to the SSTHRESH in terms of the CWND. ssthresh = rate at which congestion advoidance occurs, CWND is the amount of data a sender can transmit without err.

Answer 38

if congestion occurs at 16, this is the CWND. the CWND is then halfed, and this value is now the new ssthresh.

Question 39

what is fast retransmit? why is it safe to use? what does fast retransmit avoid?

Answer 39

fast retransmit is used on the third duplicate ack, retransmits the assumed missing data piece. Because the sender is still receiving duplicate acks, this means that the data is still being received by the receiver. Avoids going back to slow start.

Question 40

Step one of Fast Recovery

Answer 40

set ssthresh to half the value of CWND
set CWND to ssthresh + 3 x segment size
retransmit missing segment

Question 41

What is fast recovery?

Answer 41

after a packet goes missing and is replaced by fast retransmit, fast recovery is responsible for transmission of new data until a non-duplicate ack arrives

Question 42

Step two of fast recovery

Answer 42

each time another dup-ack is received, cwnd = cwnd + segment size, then transmit new segment

Question 43

Step three of fast recovery

Answer 43

when ack asking for new data arrives, set CWND to ssthresh, then enter congestion advoidance.