TCP Introduction Flashcards
When working with application protocols like HTTP, SMTP, or DNS, what is the recommended practice and why?
Always use libraries to avoid reinventing the wheel and ensure reliability
What is the most sensible unit for measuring link capacity?
Bits per second (bps)
What is a baud, and where is it commonly used?
A baud is a unit that refers to symbols per second, commonly used in electrical engineering and older communication systems like dial-up modems.
What are the two primary components of latency in a network?
Propagation delay and transmission delay.
What is propagation delay, and what does it depend on?
Propagation delay is the time taken for a signal to travel across a physical link. It depends on the distance and the propagation speed.
What is transmission delay, and what does it depend on?
Transmission delay is the time required to push the entire packet onto the link. It depends on the packet size (in bits) and the transmission rate.
How do you calculate propagation delay?
Propagation delay = Distance / Propagation speed
How do you calculate transmission delay?
Transmission delay = Packet size (in bits) / Transmission rate.
Why does transmission delay vary with packet size?
Because larger packets take more time to transmit at a given transmission rate.
Why is propagation delay constant for a link?
Because it depends only on the fixed distance and propagation speed of the medium. (Speed of light is constant)
What is the difference between “store-and-forward” and “cut-through” systems?
Store-and-forward systems buffer packets until the checksum is read at each hop, while cut-through systems process packets as soon as they receive the frame, without waiting for the entire packet (and it’s checksum).
Why is “store-and-forward” more common in modern networks?
It ensures error-checking through checksum verification at every hop, which is critical for reliable communication.
What factors contribute to latency at each hop in a network?
Packet clocking time and propagation delay
Why are checksums verified at every hop?
To detect and correct errors in data transmission
Why do network projects often fail, according to the introductory module slides?
Due to underestimating latency and its impact on performance
What dominates latency in short-distance links?
Bandwidth limitations.
What dominates latency in long-distance links?
Propagation delay.
What is the “elephants problem” in networking?
Long Fat Networks face performance challenges when bandwidth scales to tens of gigabits or terabits per second, requiring efficient utilisation.
Why is “filling” a network link important?
To maximise the utilisation of the available bandwidth for optimal performance.
What is a Long Fat Network (LFN) and its main challenge?
An LFN is a network with high bandwidth and long distances. The challenge is efficiently utilising the high bandwidth despite the high latency caused by long distances.
What is the throughput in a network determined by?
The throughput is determined by the slowest link in the network path
What happens to the excess data sent if the sender transmits more than the capacity of the slowest link?
The excess data accumulates in buffers (e.g., at the router), leading to potential buffer overflow and packet drops if the buffers are full.
Why don’t core transmission devices have large buffers?
Core transmission devices lack large (deep) buffers because fast, error-checked, double-ported RAM is expensive, and designing core switches with large buffers is challenging.
How do edge devices differ in terms of buffering compared to core devices?
Edge devices can have larger (deeper) buffers, but these are still finite and cannot handle unlimited data overflow.
What must happen for data transmission to avoid overwhelming the network?
The sender (e.g., device A) must throttle its transmission rate to match the capacity of the slowest link in the network.
What was considered fast broadband in the mid-2000s?
In the mid-2000s, 2 Mbps downstream and 256 kbps upstream were considered fast broadband.
What does the “A” in ADSL stand for, and what does it signify?
The “A” in ADSL stands for “Asymmetric,” signifying that the downstream speed is greater than the upstream speed.
What is SDSL, and how does it differ from ADSL?
SDSL (Symmetric Digital Subscriber Line) provides equal upstream and downstream speeds, unlike ADSL, which is asymmetric.
Out of SDSL and ADSL, which is cheaper and which is more common?
ADSL is more common because most residential and small office/home office (SOHO) users primarily download content (e.g., streaming, browsing), so higher downstream speeds are more useful. ADSL is also cheaper to deploy due to its focus on asymmetric speeds.
What happens when queues fill up in a network?
When queues fill up, packets are dropped, leading to reduced throughput and increased latency.
How is limited upstream bandwidth apportioned in a network?
Bandwidth is managed using queuing disciplines (qdisc) and traffic control (tc), which decide how packets are prioritized and scheduled for transmission.
What is the role of ingress and egress queues in a network?
Ingress Queues manage incoming traffic, ensuring packets are processed before being sent further.
Egress Queues manage outgoing traffic to prioritize and limit data sent to a lower-bandwidth link.
How do core and edge systems differ in their use of queues?
Edge systems: Have long, deep, and well-managed queues to handle variable traffic.
Core systems: Use fast, reliable, deterministic systems with small or no queues.
What Linux tools are mentioned for managing queues and traffic control in the lecture?
The tools mentioned are qdisc (queuing discipline) and tc (traffic control).
What is the difference between hosts, switches, and routers?
Hosts: Devices running useful programs (e.g., computers).
Switches: Connects multiple hosts within a LAN. Move packets inside subnets or LANs, operating on broadcast domains.
Routers: Connects different LANs. Move packets between networks, needing topology knowledge to deliver packets.
Why is the boundary between routers and switches becoming less clear?
Modern routers often include switch-like functions, and most routers today have an attached switch fabric.
What does a switch do within a LAN?
A switch broadcasts a packet within the LAN to ensure the recipient gets it, minimizing unnecessary traffic by learning local addresses.
What are the key steps when you click on a link like https://www.bbc.co.uk/index.html?
- Parse the URL to understand the protocol, host, and path.
- Use DNS to find the IP address of the destination.
- Establish a TCP connection.
- Perform cryptographic handshakes if HTTPS is used.
- Fetch the content using HTTP.
- Send and receive data at each step.
What does the structure of a URL like https://www.bbc.co.uk/index.html represent?
Scheme: The protocol, e.g., https, defines how the resource is accessed.
Host: The server or domain, e.g., www.bbc.co.uk, identifies where the resource is located.
Path: The specific resource being accessed on the server, e.g., /index.html.
What is the function of DNS in the context of a URL?
DNS maps the human-readable domain name (e.g., www.bbc.co.uk) to its corresponding IP address, enabling communication with the server.
Why should you avoid writing your own TCP or networking code in production?
It is better to use libraries since they are tested, optimized, and secure. Writing your own code for production is likely error-prone and unnecessary unless for learning purposes.
Why does a URL path look like a Unix path? What effect does this have on the server?
The URL path follows a Unix-like structure because the web’s early design borrowed from Unix systems. However, servers interpret and handle the path in their own way.
What is RFC 1034 and what does it define?
RFC 1034 is the foundational document that specifies the concepts and facilities of the Domain Name System (DNS), focusing on the hierarchical naming structure.
It defines DNS as a distributed, hierarchical system for translating domain names into IP addresses and explains the roles of name servers and resolvers.
What is RFC 1035?
RFC 1035 complements RFC 1034 by providing the implementation details of DNS, including message formats, query/response protocols, and resource record types.
What are resource records in RFC 1035?
Resource records are the basic data elements of DNS, including types like A (address), MX (mail exchange), and NS (name server).
What is an IPv4 address?
IPv4 addresses are 32 bits long, written as four decimal numbers separated by dots.
What is an IPv6 address?
IPv6 addresses are 128 bits long, written in eight groups of four hexadecimal digits separated by colons, e.g., 2a00:1450:400c:c07::6a
Why is IPv6 necessary?
IPv6 is needed because IPv4’s 32-bit addressing allows only ~4 billion unique addresses, which is insufficient for the growing number of devices worldwide.
How does IPv6 expand address space?
IPv6 uses 128-bit addresses, enabling 2^128 unique addresses, enough for every device to have its own address.
Why is DNS preferred over a “hosts.txt” file?
DNS automates name-to-IP mapping for the internet, whereas manually managing mappings in a hosts file is inefficient and error-prone for large-scale networks.
What are the main security problems with hosts.txt instead of DNS?
Tampering: Attackers can modify it to redirect traffic to malicious sites.
No Authentication: Cannot verify if mappings are legitimate.
Not Scalable: Manual updates are error-prone and infeasible for large networks.
What are port numbers, and why are they used?
Port numbers distinguish between different services running on a single device, enabling specific communication (e.g., email via SMTP, file transfer via FTP).
What are some examples of well-known port numbers?
21: Telnet
23: FTP
25: SMTP (email)
53: DNS
22: SSH
80: HTTP
Why do some protocols lack assigned port numbers?
Older protocols developed before 1983 (prior to NCP) did not have formal port number assignments. (Networks were small so ad-hoc communication arrangements were sufficient). Later systems and updates assigned numbers to newer protocols.
What is the difference between UDP and TCP?
UDP (RFC 768): Sends “unreliable” packets without guarantees of delivery or order (like a message in a bottle).
TCP (RFC 793): Sets up a virtual connection, offering reliability with checks for delivery, order, and error correction.
Why is DNS typically over UDP instead of TCP?
UDP is faster and more efficient for DNS queries, which are small and single-request transactions. TCP is used only when reliability or larger data transfers are needed.
When might DNS use TCP instead of UDP?
DNS switches to TCP if the response size exceeds UDP limits (e.g., DNS zone transfers or large query responses).
Why is TCP considered more reliable than UDP?
TCP ensures delivery by retransmitting lost packets, maintaining order, and performing error checks, whereas UDP does not.
What port does DNS use, and how does communication happen?
DNS servers listen for queries on port 53, which is the standard port for DNS communication.
When your computer (the client) sends a DNS query, it picks a random high-numbered port (e.g., 49152–65535) as its source port. This is done to distinguish between different outgoing queries.
Why is DNS conventionally done over UDP?
UDP is faster and more efficient for DNS because most queries are small, single-question, single-response exchanges. Building a TCP connection adds extra overhead.
Now a days, can just use TCP for everything.
What does /24 mean in the IP address 10.92.213.123/24?
/24 specifies that the first 24 bits are the network portion, leaving the remaining 8 bits for host addresses. It allows 254 usable hosts.
Why is /24 commonly used in home networks?
/24 provides a good balance of address availability and simplicity for small networks.
How does a netmask like /24 affect equality checking for IP addresses?
The netmask ensures only the network portion is compared. For example:
10.92.213.1 & 255.255.255.0 = 10.92.213.0
Two addresses match if their network portions are equal.
Why do IPv4 masks align on octet boundaries (e.g., /8, /16, /24)?
IPv4 masks align on 8-bit boundaries for simplicity and compatibility, unlike IPv6, which allows non-aligned masks.
Why are “random bytes” (like 10.x.x.x) used in private IP addressing?
Random bytes help avoid address conflicts:
Private IP ranges (like 10.x.x.x, 192.168.x.x) are reserved for internal use and not routable on the public internet.
Choosing different values for the middle bytes (e.g., 10.1.x.x vs. 10.5.x.x) reduces the risk of overlapping IP addresses when connecting multiple networks, like merging home and office networks.
What is an octet in IP addressing?
An octet is a group of 8 bits. In IPv4, addresses are 32 bits long, divided into four octets, each represented as a decimal number (0–255), separated by dots. For example: 192.168.1.1.
Why are octets used in IP addresses?
- Human Readability: Splitting a 32-bit address into four octets makes it easier to read and manage (e.g., 192.168.1.1 is simpler than 11000000101010000000000100000001).
- Bit Boundary Alignment: Each octet aligns to 8 bits, simplifying calculations for subnetting and masking (e.g., /8, /16, /24).
- Efficient Representation: Each octet can represent values from 0 to 255 (2^8 = 256), covering all possible values for an 8-bit binary sequence.
- Historical Context: Hexadecimal wasn’t as widely adopted or standardised at the time IPv4 was introduced, so base-10 became the convention.
What two addresses does a device have on an Ethernet network?
IP Address: A structured, logical address used for routing packets (e.g., 10.92.213.123).
Ethernet Address (MAC): A 48-bit physical address assigned to the device, often unique per interface.
How do we send an IP packet on an Ethernet network?
To send an IP packet:
- Find the Ethernet address (MAC) of the device owning the IP address using ARP.
- Encapsulate the IP packet in an Ethernet frame with the correct Ethernet addresses.
- Send the frame to the next place.
What is ARP, and what does it do?
ARP (Address Resolution Protocol) maps an IP address to its corresponding Ethernet (MAC) address by broadcasting a query:
“Who has this IP address?” The device with that IP replies with its MAC address.
Why is ARP considered insecure?
ARP has no authentication or exchange validation, making it vulnerable to hijacking (e.g., ARP spoofing), where attackers can send fake replies to intercept traffic.
What are the sizes of IPv4 and Ethernet addresses?
IPv4 addresses: 32 bits
Ethernet (MAC) addresses: 48 bits
Why is using an Ethernet hub considered bad?
Hubs broadcast all packets to every connected device, meaning any device can see all traffic. This makes hubs insecure, as malicious users can intercept and monitor network traffic (e.g., with tools like Wireshark).
Additionally by broadcasting all packets to every connected device, unnecessary traffic is caused and reducing efficiency. Switches are better as they only send packets to the specific port where the destination device is located.
In the realworld, what should you always replace an ethernet hub with?
A switch
How does an Ethernet switch improve communication compared to a hub?
Switches learn which port each device is on by monitoring transmissions and only send packets to the correct port, limiting unnecessary traffic and improving performance.
What is Ethernet encapsulation?
Ethernet encapsulation wraps an IP packet with an Ethernet frame, which includes:
- Destination MAC address
- Source MAC address
- Payload (the IP packet).
How does DNS resolution use UDP?
The client sends a query to port 53 on the DNS server. The server replies using the same mechanism, sending the response back to the client’s random source port.
Why does a website like www.bbc.co.uk have multiple IP addresses?
Multiple IP addresses are used for redundancy (ensuring availability if one server fails) or to distribute load across servers of varying sizes.
Why is TCP used instead of UDP for HTTP/HTTPS connections?
TCP ensures reliable, ordered delivery of data, which is necessary for web communication, unlike UDP which is unreliable.
What happens after DNS resolution provides the IP address?
The client initiates a TCP connection to the web server’s IP address (e.g., 212.58.235.1) and communicates:
Over port 80 for HTTP (unencrypted)
Over port 443 for HTTPS (encrypted).
What is the purpose of the Source Port and Destination Port in a TCP frame?
The Source Port identifies the sending application, while the Destination Port specifies the receiving application, enabling communication between processes.
What is the TCP three-way handshake, and what are its steps?
The TCP three-way handshake establishes a reliable connection between client and server:
- SYN: The client sends a packet with a sequence number to initiate the connection.
- SYN-ACK: The server acknowledges the SYN and sends its own sequence number.
- ACK: The client acknowledges the server’s response, completing the handshake.
What is SYN in the TCP setup?
I am going to send a stream of bytes, numbered from this initial sequence number, from this port number to this port numbers. This is called SYNchronise.
What is SYN, ACK in the TCP setup?
OK, got that. I am going to send a stream of bytes, numbered from this initial sequence number, back to you. This is called SYNchronise ACKnowledge.
What is ACK in the TCP setup?
OK, got that ACKnowledge.
How does TCP sign off the connection using SYN and ACK?
- A to B says: I got your last, and here’s some bytes.
- B to A: I got your last, and here’s some bytes.
- A to B Nothing for you, but I got yours. Bare acknowledgement sent back
Why is the TCP handshake important?
It synchronises sequence numbers and ensures both parties are ready to communicate, establishing a reliable, bi-directional connection.
What does signing off mean in TCP?
“Signing off” refers to gracefully terminating a TCP connection using the FIN-ACK sequence:
- One side sends a FIN (finish) packet to signal it is done sending data.
- The other side responds with ACK, and then sends its own FIN.
- The sender acknowledges with an ACK, completing the connection teardown.
Does a SYN packet carry data?
Generally, no. SYN packets only carry control information (sequence numbers) to set up the connection. However, in TCP Fast Open (a modern extension), SYN packets can include data to reduce latency.
How many steps does TCP signing off have?
TCP connection termination can happen in 3 steps or 4 steps:
4-step termination (normal case):
1. One side sends FIN (I’m done sending).
2. The other side ACKs the FIN.
3. The other side later sends its own FIN.
4. The first side ACKs the second FIN.
3-step termination (combined ACK and FIN):
One side combines the ACK for the first FIN with its own FIN, reducing the steps to three.
What does the “default” entry mean in a routing table?
It specifies where packets should go if no specific route exists for the destination.
Example: default via 10.92.213.1 dev eno1 means send packets via 10.92.213.1 on interface eno1
What does “via” indicate in a routing table?
The “via” keyword shows the gateway (next hop) through which traffic should be sent to reach a remote destination.
Why is storing the entire routing table feasible today?
Modern machines have enough RAM to store complex routing tables with millions of entries (e.g., the global IPv4 table).
Why are routers needed in large networks?
Routers connect multiple networks and forward packets between them, enabling communication across spread-out systems.
What does a router do in a network?
A router reads incoming packets, decides the best path to forward them, and sends them to their destination network. It connects multiple networks and enables communication beyond local networks.
Whats the process for a device on a local network to send packets to the internet?
- The device sends the packet to its default gateway (the router).
- The router checks its routing table for a match or uses a default route.
- The router ARPs for the next hop and forwards the packet to the appropriate network.
What is a default route, and why is it important?
A default route (0.0.0.0/0) is used when no specific match exists in the routing table. It directs packets to a gateway, enabling access to external or unknown networks.
How does a routing table enable communication?
The routing table maps IP address ranges (networks) to specific interfaces or gateways, allowing the router to decide where to send packets.
What role does ARP play when sending a packet to a gateway?
ARP resolves the MAC address of the gateway (next hop) so the IP packet can be encapsulated in an Ethernet frame and sent to the correct device.
What is the significance of the HTTP response “301 Moved Permanently”?
It tells the client that the requested resource has been permanently moved to a new URL, and the client should use the provided Location header for future requests.
Why is HTTPS (encrypted content) important, especially for banks?
HTTPS ensures:
- Encryption: Protects data from interception.
- Authentication: Confirms the server’s identity.
- Integrity: Ensures the content hasn’t been tampered with.
What tool is generally better for HTTP requests: curl or wget?
curl is often preferred for its flexibility, better handling of modern HTTP features, and ability to send HTTP headers and payloads.
Why might TCP teardown be merged into fewer packets nowadays?
Optimisations allow combining the ACK and FIN flags into a single packet, reducing overhead and speeding up termination.
