TCP Introduction

Question 1

When working with application protocols like HTTP, SMTP, or DNS, what is the recommended practice and why?

Answer 1

Always use libraries to avoid reinventing the wheel and ensure reliability

Question 2

What is the most sensible unit for measuring link capacity?

Answer 2

Bits per second (bps)

Question 3

What is a baud, and where is it commonly used?

Answer 3

A baud is a unit that refers to symbols per second, commonly used in electrical engineering and older communication systems like dial-up modems.

Question 4

What are the two primary components of latency in a network?

Answer 4

Propagation delay and transmission delay.

Question 5

What is propagation delay, and what does it depend on?

Answer 5

Propagation delay is the time taken for a signal to travel across a physical link. It depends on the distance and the propagation speed.

Question 6

What is transmission delay, and what does it depend on?

Answer 6

Transmission delay is the time required to push the entire packet onto the link. It depends on the packet size (in bits) and the transmission rate.

Question 7

How do you calculate propagation delay?

Answer 7

Propagation delay = Distance / Propagation speed

Question 8

How do you calculate transmission delay?

Answer 8

Transmission delay = Packet size (in bits) / Transmission rate.

Question 9

Why does transmission delay vary with packet size?

Answer 9

Because larger packets take more time to transmit at a given transmission rate.

Question 10

Why is propagation delay constant for a link?

Answer 10

Because it depends only on the fixed distance and propagation speed of the medium. (Speed of light is constant)

Question 11

What is the difference between “store-and-forward” and “cut-through” systems?

Answer 11

Store-and-forward systems buffer packets until the checksum is read at each hop, while cut-through systems process packets as soon as they receive the frame, without waiting for the entire packet (and it’s checksum).

Question 12

Why is “store-and-forward” more common in modern networks?

Answer 12

It ensures error-checking through checksum verification at every hop, which is critical for reliable communication.

Question 13

What factors contribute to latency at each hop in a network?

Answer 13

Packet clocking time and propagation delay

Question 14

Why are checksums verified at every hop?

Answer 14

To detect and correct errors in data transmission

Question 15

Why do network projects often fail, according to the introductory module slides?

Answer 15

Due to underestimating latency and its impact on performance

Question 16

What dominates latency in short-distance links?

Answer 16

Bandwidth limitations.

Question 17

What dominates latency in long-distance links?

Answer 17

Propagation delay.

Question 18

What is the “elephants problem” in networking?

Answer 18

Long Fat Networks face performance challenges when bandwidth scales to tens of gigabits or terabits per second, requiring efficient utilisation.

Question 19

Why is “filling” a network link important?

Answer 19

To maximise the utilisation of the available bandwidth for optimal performance.

Question 20

What is a Long Fat Network (LFN) and its main challenge?

Answer 20

An LFN is a network with high bandwidth and long distances. The challenge is efficiently utilising the high bandwidth despite the high latency caused by long distances.

Question 21

What is the throughput in a network determined by?

Answer 21

The throughput is determined by the slowest link in the network path

Question 22

What happens to the excess data sent if the sender transmits more than the capacity of the slowest link?

Answer 22

The excess data accumulates in buffers (e.g., at the router), leading to potential buffer overflow and packet drops if the buffers are full.

Question 23

Why don’t core transmission devices have large buffers?

Answer 23

Core transmission devices lack large (deep) buffers because fast, error-checked, double-ported RAM is expensive, and designing core switches with large buffers is challenging.

Question 24

How do edge devices differ in terms of buffering compared to core devices?

Answer 24

Edge devices can have larger (deeper) buffers, but these are still finite and cannot handle unlimited data overflow.

Question 25

What must happen for data transmission to avoid overwhelming the network?

Answer 25

The sender (e.g., device A) must throttle its transmission rate to match the capacity of the slowest link in the network.

Question 26

What was considered fast broadband in the mid-2000s?

Answer 26

In the mid-2000s, 2 Mbps downstream and 256 kbps upstream were considered fast broadband.

Question 27

What does the “A” in ADSL stand for, and what does it signify?

Answer 27

The “A” in ADSL stands for “Asymmetric,” signifying that the downstream speed is greater than the upstream speed.

Question 28

What is SDSL, and how does it differ from ADSL?

Answer 28

SDSL (Symmetric Digital Subscriber Line) provides equal upstream and downstream speeds, unlike ADSL, which is asymmetric.

Question 29

Out of SDSL and ADSL, which is cheaper and which is more common?

Answer 29

ADSL is more common because most residential and small office/home office (SOHO) users primarily download content (e.g., streaming, browsing), so higher downstream speeds are more useful. ADSL is also cheaper to deploy due to its focus on asymmetric speeds.

Question 30

What happens when queues fill up in a network?

Answer 30

When queues fill up, packets are dropped, leading to reduced throughput and increased latency.

Question 31

How is limited upstream bandwidth apportioned in a network?

Answer 31

Bandwidth is managed using queuing disciplines (qdisc) and traffic control (tc), which decide how packets are prioritized and scheduled for transmission.

Question 32

What is the role of ingress and egress queues in a network?

Answer 32

Ingress Queues manage incoming traffic, ensuring packets are processed before being sent further.

Egress Queues manage outgoing traffic to prioritize and limit data sent to a lower-bandwidth link.

Question 33

How do core and edge systems differ in their use of queues?

Answer 33

Edge systems: Have long, deep, and well-managed queues to handle variable traffic.

Core systems: Use fast, reliable, deterministic systems with small or no queues.

Question 34

What Linux tools are mentioned for managing queues and traffic control in the lecture?

Answer 34

The tools mentioned are qdisc (queuing discipline) and tc (traffic control).

Question 35

What is the difference between hosts, switches, and routers?

Answer 35

Hosts: Devices running useful programs (e.g., computers).

Switches: Connects multiple hosts within a LAN. Move packets inside subnets or LANs, operating on broadcast domains.

Routers: Connects different LANs. Move packets between networks, needing topology knowledge to deliver packets.

Question 36

Why is the boundary between routers and switches becoming less clear?

Answer 36

Modern routers often include switch-like functions, and most routers today have an attached switch fabric.

Question 37

What does a switch do within a LAN?

Answer 37

A switch broadcasts a packet within the LAN to ensure the recipient gets it, minimizing unnecessary traffic by learning local addresses.

Question 38

What are the key steps when you click on a link like https://www.bbc.co.uk/index.html?

Answer 38

1. Parse the URL to understand the protocol, host, and path.
2. Use DNS to find the IP address of the destination.
3. Establish a TCP connection.
4. Perform cryptographic handshakes if HTTPS is used.
5. Fetch the content using HTTP.
6. Send and receive data at each step.

Question 39

What does the structure of a URL like https://www.bbc.co.uk/index.html represent?

Answer 39

Scheme: The protocol, e.g., https, defines how the resource is accessed.

Host: The server or domain, e.g., www.bbc.co.uk, identifies where the resource is located.

Path: The specific resource being accessed on the server, e.g., /index.html.

Question 40

What is the function of DNS in the context of a URL?

Answer 40

DNS maps the human-readable domain name (e.g., www.bbc.co.uk) to its corresponding IP address, enabling communication with the server.

Question 41

Why should you avoid writing your own TCP or networking code in production?

Answer 41

It is better to use libraries since they are tested, optimized, and secure. Writing your own code for production is likely error-prone and unnecessary unless for learning purposes.

Question 42

Why does a URL path look like a Unix path? What effect does this have on the server?

Answer 42

The URL path follows a Unix-like structure because the web’s early design borrowed from Unix systems. However, servers interpret and handle the path in their own way.

Question 43

What is RFC 1034 and what does it define?

Answer 43

RFC 1034 is the foundational document that specifies the concepts and facilities of the Domain Name System (DNS), focusing on the hierarchical naming structure.

It defines DNS as a distributed, hierarchical system for translating domain names into IP addresses and explains the roles of name servers and resolvers.

Question 44

What is RFC 1035?

Answer 44

RFC 1035 complements RFC 1034 by providing the implementation details of DNS, including message formats, query/response protocols, and resource record types.

Question 45

What are resource records in RFC 1035?

Answer 45

Resource records are the basic data elements of DNS, including types like A (address), MX (mail exchange), and NS (name server).

Question 46

What is an IPv4 address?

Answer 46

IPv4 addresses are 32 bits long, written as four decimal numbers separated by dots.

Question 47

What is an IPv6 address?

Answer 47

IPv6 addresses are 128 bits long, written in eight groups of four hexadecimal digits separated by colons, e.g., 2a00:1450:400c:c07::6a

Question 48

Why is IPv6 necessary?

Answer 48

IPv6 is needed because IPv4’s 32-bit addressing allows only ~4 billion unique addresses, which is insufficient for the growing number of devices worldwide.

Question 49

How does IPv6 expand address space?

Answer 49

IPv6 uses 128-bit addresses, enabling 2^128 unique addresses, enough for every device to have its own address.

Question 50

Why is DNS preferred over a “hosts.txt” file?

Answer 50

DNS automates name-to-IP mapping for the internet, whereas manually managing mappings in a hosts file is inefficient and error-prone for large-scale networks.

Question 51

What are the main security problems with hosts.txt instead of DNS?

Answer 51

Tampering: Attackers can modify it to redirect traffic to malicious sites.

No Authentication: Cannot verify if mappings are legitimate.

Not Scalable: Manual updates are error-prone and infeasible for large networks.

Question 52

What are port numbers, and why are they used?

Answer 52

Port numbers distinguish between different services running on a single device, enabling specific communication (e.g., email via SMTP, file transfer via FTP).

Question 53

What are some examples of well-known port numbers?

Answer 53

21: Telnet
23: FTP
25: SMTP (email)
53: DNS
22: SSH
80: HTTP

Question 54

Why do some protocols lack assigned port numbers?

Answer 54

Older protocols developed before 1983 (prior to NCP) did not have formal port number assignments. (Networks were small so ad-hoc communication arrangements were sufficient). Later systems and updates assigned numbers to newer protocols.

Question 55

What is the difference between UDP and TCP?

Answer 55

UDP (RFC 768): Sends “unreliable” packets without guarantees of delivery or order (like a message in a bottle).

TCP (RFC 793): Sets up a virtual connection, offering reliability with checks for delivery, order, and error correction.

Question 56

Why is DNS typically over UDP instead of TCP?

Answer 56

UDP is faster and more efficient for DNS queries, which are small and single-request transactions. TCP is used only when reliability or larger data transfers are needed.

Question 57

When might DNS use TCP instead of UDP?

Answer 57

DNS switches to TCP if the response size exceeds UDP limits (e.g., DNS zone transfers or large query responses).

Question 58

Why is TCP considered more reliable than UDP?

Answer 58

TCP ensures delivery by retransmitting lost packets, maintaining order, and performing error checks, whereas UDP does not.

Question 59

What port does DNS use, and how does communication happen?

Answer 59

DNS servers listen for queries on port 53, which is the standard port for DNS communication.

When your computer (the client) sends a DNS query, it picks a random high-numbered port (e.g., 49152–65535) as its source port. This is done to distinguish between different outgoing queries.

Question 60

Why is DNS conventionally done over UDP?

Answer 60

UDP is faster and more efficient for DNS because most queries are small, single-question, single-response exchanges. Building a TCP connection adds extra overhead.
Now a days, can just use TCP for everything.

Question 61

What does /24 mean in the IP address 10.92.213.123/24?

Answer 61

/24 specifies that the first 24 bits are the network portion, leaving the remaining 8 bits for host addresses. It allows 254 usable hosts.

Question 62

Why is /24 commonly used in home networks?

Answer 62

/24 provides a good balance of address availability and simplicity for small networks.

Question 63

How does a netmask like /24 affect equality checking for IP addresses?

Answer 63

The netmask ensures only the network portion is compared. For example:

10.92.213.1 & 255.255.255.0 = 10.92.213.0

Two addresses match if their network portions are equal.

Question 64

Why do IPv4 masks align on octet boundaries (e.g., /8, /16, /24)?

Answer 64

IPv4 masks align on 8-bit boundaries for simplicity and compatibility, unlike IPv6, which allows non-aligned masks.

Question 65

Why are “random bytes” (like 10.x.x.x) used in private IP addressing?

Answer 65

Random bytes help avoid address conflicts:

Private IP ranges (like 10.x.x.x, 192.168.x.x) are reserved for internal use and not routable on the public internet.

Choosing different values for the middle bytes (e.g., 10.1.x.x vs. 10.5.x.x) reduces the risk of overlapping IP addresses when connecting multiple networks, like merging home and office networks.

Question 66

What is an octet in IP addressing?

Answer 66

An octet is a group of 8 bits. In IPv4, addresses are 32 bits long, divided into four octets, each represented as a decimal number (0–255), separated by dots. For example: 192.168.1.1.

Question 67

Why are octets used in IP addresses?

Answer 67

1. Human Readability: Splitting a 32-bit address into four octets makes it easier to read and manage (e.g., 192.168.1.1 is simpler than 11000000101010000000000100000001).
2. Bit Boundary Alignment: Each octet aligns to 8 bits, simplifying calculations for subnetting and masking (e.g., /8, /16, /24).
3. Efficient Representation: Each octet can represent values from 0 to 255 (2^8 = 256), covering all possible values for an 8-bit binary sequence.
4. Historical Context: Hexadecimal wasn’t as widely adopted or standardised at the time IPv4 was introduced, so base-10 became the convention.

Question 68

What two addresses does a device have on an Ethernet network?

Answer 68

IP Address: A structured, logical address used for routing packets (e.g., 10.92.213.123).

Ethernet Address (MAC): A 48-bit physical address assigned to the device, often unique per interface.

Question 69

How do we send an IP packet on an Ethernet network?

Answer 69

To send an IP packet:

1. Find the Ethernet address (MAC) of the device owning the IP address using ARP.
2. Encapsulate the IP packet in an Ethernet frame with the correct Ethernet addresses.
3. Send the frame to the next place.

Question 70

What is ARP, and what does it do?

Answer 70

ARP (Address Resolution Protocol) maps an IP address to its corresponding Ethernet (MAC) address by broadcasting a query:

“Who has this IP address?” The device with that IP replies with its MAC address.

Question 71

Why is ARP considered insecure?

Answer 71

ARP has no authentication or exchange validation, making it vulnerable to hijacking (e.g., ARP spoofing), where attackers can send fake replies to intercept traffic.

Question 72

What are the sizes of IPv4 and Ethernet addresses?

Answer 72

IPv4 addresses: 32 bits
Ethernet (MAC) addresses: 48 bits

Question 73

Why is using an Ethernet hub considered bad?

Answer 73

Hubs broadcast all packets to every connected device, meaning any device can see all traffic. This makes hubs insecure, as malicious users can intercept and monitor network traffic (e.g., with tools like Wireshark).

Additionally by broadcasting all packets to every connected device, unnecessary traffic is caused and reducing efficiency. Switches are better as they only send packets to the specific port where the destination device is located.

Question 73

In the realworld, what should you always replace an ethernet hub with?

Answer 73

A switch

Question 74

How does an Ethernet switch improve communication compared to a hub?

Answer 74

Switches learn which port each device is on by monitoring transmissions and only send packets to the correct port, limiting unnecessary traffic and improving performance.

Question 74

What is Ethernet encapsulation?

Answer 74

Ethernet encapsulation wraps an IP packet with an Ethernet frame, which includes:

1. Destination MAC address
2. Source MAC address
3. Payload (the IP packet).

Question 75

How does DNS resolution use UDP?

Answer 75

The client sends a query to port 53 on the DNS server. The server replies using the same mechanism, sending the response back to the client’s random source port.

Question 75

Why does a website like www.bbc.co.uk have multiple IP addresses?

Answer 75

Multiple IP addresses are used for redundancy (ensuring availability if one server fails) or to distribute load across servers of varying sizes.

Question 76

Why is TCP used instead of UDP for HTTP/HTTPS connections?

Answer 76

TCP ensures reliable, ordered delivery of data, which is necessary for web communication, unlike UDP which is unreliable.

Question 76

What happens after DNS resolution provides the IP address?

Answer 76

The client initiates a TCP connection to the web server’s IP address (e.g., 212.58.235.1) and communicates:

Over port 80 for HTTP (unencrypted)
Over port 443 for HTTPS (encrypted).

Question 77

What is the purpose of the Source Port and Destination Port in a TCP frame?

Answer 77

The Source Port identifies the sending application, while the Destination Port specifies the receiving application, enabling communication between processes.

Question 78

What is the TCP three-way handshake, and what are its steps?

Answer 78

The TCP three-way handshake establishes a reliable connection between client and server:

1. SYN: The client sends a packet with a sequence number to initiate the connection.
2. SYN-ACK: The server acknowledges the SYN and sends its own sequence number.
3. ACK: The client acknowledges the server’s response, completing the handshake.

Question 79

What is SYN in the TCP setup?

Answer 79

I am going to send a stream of bytes, numbered from this initial sequence number, from this port number to this port numbers. This is called SYNchronise.

Question 80

What is SYN, ACK in the TCP setup?

Answer 80

OK, got that. I am going to send a stream of bytes, numbered from this initial sequence number, back to you. This is called SYNchronise ACKnowledge.

Question 81

What is ACK in the TCP setup?

Answer 81

OK, got that ACKnowledge.

Question 82

How does TCP sign off the connection using SYN and ACK?

Answer 82

1. A to B says: I got your last, and here’s some bytes.
2. B to A: I got your last, and here’s some bytes.
3. A to B Nothing for you, but I got yours. Bare acknowledgement sent back

Question 83

Why is the TCP handshake important?

Answer 83

It synchronises sequence numbers and ensures both parties are ready to communicate, establishing a reliable, bi-directional connection.

Question 84

What does signing off mean in TCP?

Answer 84

“Signing off” refers to gracefully terminating a TCP connection using the FIN-ACK sequence:

1. One side sends a FIN (finish) packet to signal it is done sending data.
2. The other side responds with ACK, and then sends its own FIN.
3. The sender acknowledges with an ACK, completing the connection teardown.

Question 85

Does a SYN packet carry data?

Answer 85

Generally, no. SYN packets only carry control information (sequence numbers) to set up the connection. However, in TCP Fast Open (a modern extension), SYN packets can include data to reduce latency.

Question 86

How many steps does TCP signing off have?

Answer 86

TCP connection termination can happen in 3 steps or 4 steps:

4-step termination (normal case):
1. One side sends FIN (I’m done sending).
2. The other side ACKs the FIN.
3. The other side later sends its own FIN.
4. The first side ACKs the second FIN.

3-step termination (combined ACK and FIN):
One side combines the ACK for the first FIN with its own FIN, reducing the steps to three.

Question 87

What does the “default” entry mean in a routing table?

Answer 87

It specifies where packets should go if no specific route exists for the destination.

Example: default via 10.92.213.1 dev eno1 means send packets via 10.92.213.1 on interface eno1

Question 88

What does “via” indicate in a routing table?

Answer 88

The “via” keyword shows the gateway (next hop) through which traffic should be sent to reach a remote destination.

Question 89

Why is storing the entire routing table feasible today?

Answer 89

Modern machines have enough RAM to store complex routing tables with millions of entries (e.g., the global IPv4 table).

Question 90

Why are routers needed in large networks?

Answer 90

Routers connect multiple networks and forward packets between them, enabling communication across spread-out systems.

Question 91

What does a router do in a network?

Answer 91

A router reads incoming packets, decides the best path to forward them, and sends them to their destination network. It connects multiple networks and enables communication beyond local networks.

Question 92

Whats the process for a device on a local network to send packets to the internet?

Answer 92

1. The device sends the packet to its default gateway (the router).
2. The router checks its routing table for a match or uses a default route.
3. The router ARPs for the next hop and forwards the packet to the appropriate network.

Question 93

What is a default route, and why is it important?

Answer 93

A default route (0.0.0.0/0) is used when no specific match exists in the routing table. It directs packets to a gateway, enabling access to external or unknown networks.

Question 94

How does a routing table enable communication?

Answer 94

The routing table maps IP address ranges (networks) to specific interfaces or gateways, allowing the router to decide where to send packets.

Question 95

What role does ARP play when sending a packet to a gateway?

Answer 95

ARP resolves the MAC address of the gateway (next hop) so the IP packet can be encapsulated in an Ethernet frame and sent to the correct device.

Question 96

What is the significance of the HTTP response “301 Moved Permanently”?

Answer 96

It tells the client that the requested resource has been permanently moved to a new URL, and the client should use the provided Location header for future requests.

Question 97

Why is HTTPS (encrypted content) important, especially for banks?

Answer 97

HTTPS ensures:

1. Encryption: Protects data from interception.
2. Authentication: Confirms the server’s identity.
3. Integrity: Ensures the content hasn’t been tampered with.

Question 98

What tool is generally better for HTTP requests: curl or wget?

Answer 98

curl is often preferred for its flexibility, better handling of modern HTTP features, and ability to send HTTP headers and payloads.

Question 99

Why might TCP teardown be merged into fewer packets nowadays?

Answer 99

Optimisations allow combining the ACK and FIN flags into a single packet, reducing overhead and speeding up termination.