p4. Consider the following string of ASCH characters that were captured by Wireshark when the browser sent an HTTP GET message. The characters <cr><lf> are carriage return and line-feed characters. Answer the following questions indicating where in the HTTP Get massage below you find the answer.
GET /cs453/index.html HTTP/1.1<cr><lf>Host: gaia.cs.umass.edu<cr><lf>User Agent: Mozilla/5.o (Windows;U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax) <cr><lf>Accept: ex t/xml, application/xml, application/xhtml+xml, text/html;q=9.0. text/plain;q=0.8, image/png, ;q=.5<cr><lf>Accept Language: en-us,enq=0.5<cr><lf>Accept-Encoding: zip,deflate<cr><lf>Accept-Charset: ISO-8859-1. utf-8; q=0.7,;q=0.9<cr><lf>Keep Alive: 300<cr><lf>Connection:keep-alive<cr><lf><cr><lf>
a. What is the URL of the document requested by the browser?
The URL of the browser is http://gaia.cs.umass.edu/cs453/index.html. The Host : field indicates the server’s name and /cs453/index.html indicates the file name. p.172 (Kurose/Ross p172).
b. What version is the browser running?
The browser is running HTTP version 1.1. (p172)
c. Does the browser request a non-persistent or a persistent connection?
The browser is requesting a persistent connection, as indicated by the Connection: keep-alive. p172
d. What is the IP address of the host on which the browser is running?
We can not find tell from looking at the exchange of HTTP messages alone. One would need information from the IP datagrams (that carried the TCP segment that carried the HTTP GET request) to answer this question. p 172
e. What type of browser initiates this message? Why is the browser type needed in an HTTP request message?
Netscape is the browser that initiates this message. We need the browser to accept the information and keep it alive.
P6. Obtain the HTTP/1.1 specification(RFC 2616). Answer the following questions.
a. Explain the mechanism used for signaling between the client and server to indicate that a persistent connection is being closed. Can the client, the server, or both signal the close of a connection.
Persistent connections are discussed in section 8 of RFC 2616. Sections 8.1.2 and 8.1.2.1 of the RFC indicate that either the client or the server can indicate to the other that it is going to close the persistent connection. It does so by including the including the connection-token “close” in the Connection-header field of the http request/reply. p103
b. What encryption services are provided by HTTP?
The HTTP does not provide encryption services. (yahoo answers)
c. Can a client open three of more simultaneous connections with a given server?
A client can open three of more simultaneous connections with the help of many different servers.
d. Either a client or server may close a transport connection between them if either one detects the connection has been idle for some time. Is it possible that one side starts closing a connection while the other side is transmitting data via this connections.
It is not possible because it would cause the data to become corrupt and it would not constitute in being idle.
P7. Suppose within your Web browser you click on a link to obtain a Web page. The IP address for the associated URL is not cached in your local host, so a DNS lookup is necessary to obtain the IP address. Suppose that n DNS servers are visited before your host receives the IP address from DNS; the successive visits incur are RTT of RTT1, … RTTn. Further suppose that the small amount of HTML text. Let RTT0 denote the RTT between the local host and the server containing the object. Assuming zero transmission time of the object, how much time elapses from when the client clicks on the link until the client receives the object.
The total amount of time to get the IP address is
RTT1 + RTT2 + A +RTTn
When the IP address is known The RTT elapses to set up the TCP connection with another RTT elapses to request and receive the small object.
The total response time is equal to 2RTT + RTT1 + RTT2 + A + RTTn (google.com)
P10. Would parallel downloads via parallel instances of non-persistent HTTP make sense in this case? Now consider persistent HTTP. Do you expect significant gains over the non-persistent case?
The download would only share 100k bandwidth among the 10 connections. Persistent HTTP, allows you to avoid the SYN and SYNACK exchange. However it requires a couple of seconds to send the 100 bit message over the 100bp link and a second to receive the ACK. Therefore this method only gives you a few seconds gained in the process.
p15. Read RFC 5321 for SMTP. What does MTA stand for?
MTA stands for Mail transfer agent.
The MAIL FROM: in SMTP is a message from the SMTP client that identifies the sender of the mail message to the SMTP server. The From: on the mail message itself is just a line in the body of the letter. (p172)
17. Consider accessing your email with POP3.( p128)
a. Suppose you have configured your POP mail client to operate in the download-and delete mode. Complete the following transaction
C: list
S: 1 498
S: 2 912
S: .
C: dele 1
C: retr2
S: (blah blah …
S: …………..blah)
S: .
C: dele 2
C: quit
S: +OK POP3 server signing off
b. Suppose you have configured your POP mail client to operate in the download-and-keep mode. Complete the following transaction
C: retr 2
S: blah blah…
S: ………..blah
S: .
C: quit
S: +OK POP3 server signing off
c. Suppose you have configured your POP mail client to operate in the download-and-keep mode. Using your transcript in part b, suppose you retreive messages 1 and 2, exit POP. Provide a transcript of the second POP session.
C: retr 1
S: blah…
S: …blah
S: .
C: retr 2
S: blah blah …
S: ………..blah
S: .
C: quit
S:+OK POP3 server signing off
P18
A.) What is a whois database?
A whois database is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
B.)Use various whois databases on the Internet to obtain the names of two DNS servers. Indicate which whois databases you used.
Three whois databases that i found were ARIN, RIPE, and APNIC.
Two DNS servers that i found were Google and and OpenDNS.
C. Use nslookup on your local host to send DNS queries to three DNS servers: your local DNS server and the two DNS servers you found in part b. Try querying for Type A, NS, and MX reports.
d. Use nslookup to find a Web server that has multiple IP addresses. Does the Web server of your institution have multiple addresses?
Yahoo.com has multiple IP addresses ((216.109.112.135, 66.94.234.13).
Eastern also has multiple addresses (149.152.32.102,149.152.32.0/24)
e.)Use the ARIN whois database to determine the IP address range used by your university
The range of easternct.edu is 10.40.4.17 – 10.40.4.44 and 149.152.32.60 – 149.152.136.65.
F.) Describe how an attacker can use whois databases and the nslookup tool to perform reconnaissance on an institution before launching an attack.
Well an attacker using the whois database and the nslookup tool can find out every IP Address the institution us using and target those IP Addresses during his/her attack.
G.) Discuss why whois databases should be publicly available.
They are primary source to use when looking up the domain name or ip address of a web server.
P22. Consider distributing a file of F=15 Gbits to N peers. The server has an upload rate of u_s=30 Mbps, and each peer has a download rate of d_i=2 Mbps and an upload rate of u. For N = 10, 100, and 1,000 and u = 300 Kbps, 700 Kbps, and 2 Mbps, prepare a chart giving the minimum distribution time for each of the combinations of N and u for both client-server distribution and P2P distribution.
First we have to calculate the minimum distribution time for client-server distribution, with the equation.
Dcs= max{NF/us, F/d min}
Then we calculate the minimum distribution of P2P distribvtion, with this formula.
Dv2r = max{F/u, F/dmin, NF/(u + E u)
F = 10 Gbits = 10 * 1024 Mbits
us= 20 Mbps
dmin=di=1 Mbps
Client Server N
10 100 1000
200Kbps 10240 51200 512000
600 Kbps 10240 51200 512000
u1 Mbps 10240 51200 512000
Peer to Peer N
10 100 1000
200 Kpbs 10240 25904.3 47559.33
600 Kpbs 10240 13029.6 16899.64
u 1 Mbps 10240 10240 10240
P23. a. Suppose that u<=(us+u1+…un)/N Specify a distribution scheme that has a distribution time of F/us.
First we have to divide the file into N parts to the i^th which would be (u1/u)/F. The scheme would be (n-1)r1 = (n-1)(usu1)/ <= u.
b. In part B it would be the same as part A.
c. Combining the two would work to get the exact scheme you need.
P32. Suppose that in UDPClient.py, after we create socket, we add the line clientSocket.bind((”,5432)). Will it become necessary to change? What are the port numbers for the sockets in UDPClient and Server? What were they before the change?
It is not necessary to change the UPD because it can work with any port number. Before the change is would be Client Server=x and Server socket=9876. After the change it would be Client socket= 5432.
stephengluhosky 