DNS, TCP and UDP (w4-5) Flashcards
what does heirarchy tell us about the address name (DNS)
Heirarchy tells you who issued the name, not where the address is located physically
gTLD and ccTLD stand for? examples?
generic Top Level Domain and country-code Top Level Domain
gtld: .com, .net…
cctld: .nz, .au…
Secondary Level Domain includes which type of address?
.co.nz, .org.nz, whitehouse.gov …
What server is above the TLD servers? how many instances of them are there?
how many pre-defined IP addresses are there?
Root Servers. roughly 1400 Root servers, widely distributed. 13 pre-defined addresses
which command would you use to look up an IP address of an named address eg www.waikato.cms.ac.nz?
why is it an iterative look up
dig command. it is iterative, as we have to work our way down through the DNS resolver servers, starting from the root server.
do DNS resolvers have to go through the iterative look-up every time someone wants to use an address?
DNS resolvers keep a cache of recently looked up records. The lenght of time each entry is kept for is defined by a person and varies from minutes to days
when looking up a name with DNS, what happens if the first name server does not respond?
when looking up a name, the reply will often contain multiple other name servers, so if the first does not respond, the resolver can try one of the others
What are the 4 basic contents of a UDP packet?
Src and Dest Port, UDP Length and a checksum
when sending a Datagram packet, what are the 4 parameters you will need to fill out
ip, port, byte array and length of data (not lenght of array)
How would you recieve a datagram packet?
4lines of code
DatagramSocket ds = new DatagramSocket();
byte[] buf = new byte[65535];
DatagramPacket dp = new DatagramPacket(buf, 65535);
ds.recv(dp)
To echo back a datagram packet (as a server) you use the method .getSocketAddress() to get what information about the sender
returns the senders InetAddress and senders port in a single object
Why would you predominantly use UDP for DNS lookups?
since DNS lookups preceed nearly every interaction, we need the fastest method possible, TCP = slower
where is TCP implemented in? the operating system, or application software? Do sockets use UDP or TCP?
TCP is implemented in the operating system kernel, sockets use TCP
Which part of the osi model is TCP?
Transport layer
Is TCP reliable? why? is it half duplex?
lost messages are re-transmitted in TCP, and use a weak checksum to protect the messages. It is full duplex, so client and server can send messages simultaneously
Why might a tcp connection have two ports?
Allows client to have multiple connections with the server, meaning it can for example fetch the html and an image resource at the same time.
What is the sequence number in a TCP frame. why is this needed?
it is the position in the series of frames that the particular frame belongs to. Needed to order the frames correctly by the receiver
What is the ack number sent by the reciever? TCP
It acknowledges the previously sent data cumulatively, while advising the sender on which byte the receiver expects next
Explain why random initial sequence numbers are sent in the three way TCP handshake?
security, reduces chance third party can impersonate one of the two parties
if system reboots, reduces chance that old packets will interfere with new connection
if a server sends rst-ack after client sends syn, what could this mean?
- The requested port is not open
- there is a backlog of pending connections
- theres is a firewall between the client and server that is blocking access
Which part of TCP detects corruption
the checksum can detect corruption
does the reciever tell the sender that it is missing packets, or if a packet was corrupted? TCP
No, the sender can infer this when an ack is not received before a time-out occurs.
In TCP, how is packet loss detected? 2 ways
No ack is received before timeout occurs, or, multiple duplicate acks are received
TCP assumes that if a packet was lost, the network is experiencing congestion, how does this explain why the receiver does not simply tell the sender when a packet is lost?
the theory is that sending such a packet into an already congested network only adds to the congestion problem.
when receiver gets a SYN request, what must he do and what systems are taxed because of this? The receiver is then vulnerable to which attack?
Receiver searches table of existing connections (CPU taxing) then allocate a record (Memory taxing). This leaves the receiver vulnerable to SYN flooding. Syn flooding means the system is so caught up on these spoof SYN requests, it is unable to accept genuine requests.
How are Checksums calculated. are they strong methods of detecting corruption?
fold 32 bit value into a 16 bit value, then negate the binary values. Very weak method of checking corruption
Explain how a tcp connection is ended.
A sends a FIN bit to B, telling B that A has nothing more to send. Connection now half-closed. Eventually, B sends its own FIN bit to signal it is also finished. FIN bits are acknowledged with an ACK
if server sends 200 bytes of data, in 50byte chuncks, but client receives only 150 bytes of data, what does client ack? and what does server send back?
Client sends 150 ack. Server then knows client has everything up to byte 150, and resends byte 150-200.
the sender is required to decide when data is lost when to retransmit. how do they decide this?
Operating systems keep track of how long previous data took to be acknowledged
Since TCP is a stream based protocol, what does this mean in terms of how the client sees the incoming data.
Client does not know how large the incoming packets are, rather only sending a ack pack once a certain amount of bytes has been sent.
in terms of RTT round trip time, which is considered more important: the most recent measurement or prior estimations?
The most recent measurement is the most important, which is acknowledged by using weighting when calculating the RTT
what is RTO?
Retransmission time-out
Estimated RTT = ?
(1 - a)CurrentEstimatedRTT + aNewRTT. Where a = 0.125 (usually) and NewRTT is the latest RTT
DevRTT = ? (Delay Variation)
(1 - b)CurrentDevRTT + b|NewRTT - EstimatedRTT| where b = 0.25 and newRTT is the latest RTT
then RTO = ?
EstimatedRTT + 4*DevRTT
What is a slow start?
at the start of a tcp, the two hosts have no reliable measure of available capacity, so starting with one sending out one packet, they introduce two packets for each packet that is acknowledged. process continues until data is lost
What happens when the ssthresh (slow start threshold) is encountered?
congestion avoidance starts, which increases the rate of transmission by one data unit per RTT.
if congestion is encountered at 16 data bits per RTT, what happens to the SSTHRESH in terms of the CWND. ssthresh = rate at which congestion advoidance occurs, CWND is the amount of data a sender can transmit without err.
if congestion occurs at 16, this is the CWND. the CWND is then halfed, and this value is now the new ssthresh.
what is fast retransmit? why is it safe to use? what does fast retransmit avoid?
fast retransmit is used on the third duplicate ack, retransmits the assumed missing data piece. Because the sender is still receiving duplicate acks, this means that the data is still being received by the receiver. Avoids going back to slow start.
Step one of Fast Recovery
set ssthresh to half the value of CWND
set CWND to ssthresh + 3 x segment size
retransmit missing segment
What is fast recovery?
after a packet goes missing and is replaced by fast retransmit, fast recovery is responsible for transmission of new data until a non-duplicate ack arrives
Step two of fast recovery
each time another dup-ack is received, cwnd = cwnd + segment size, then transmit new segment
Step three of fast recovery
when ack asking for new data arrives, set CWND to ssthresh, then enter congestion advoidance.
