EPFL-logo

Computer Networks - Final ExamProf. J.-P. Hubaux and Dr. M. H. Manshaei

January 27, 2009

Duration: 3:15 hours, closed book.

Please write your answers on these sheets, at the end of each question;use extra sheets if necessary (put your name on them).

You may write your answers in English or in French.

The total number of points is 60.

This document contains 18 pages.

Student First name:Last name:

Division: 2 Communication Systems 2 Computer Science2 Other (mention it): . . . . . . . . .

Year: 2 Bachelor Year 2 2 Bachelor Year 32 Other (mention it): . . . . . . . . .

(answers to the questions are shown in italic and blue)

1 Socket Programming (6 points)Consider the following Java program:

1: public class TCPServer {2: public static void main(String argv[]) throws Exception {3: String clientSentence;4: String capitalizedSentence;5: ServerSocket welcomeSocket = new ServerSocket(6789);6: while(true) {7: Socket connectionSocket = ...8: BufferedReader inFromClient = new BufferedReader(9: new InputStreamReader(connectionSocket.getInputStream()));

10: DataOutputStream outToClient = new DataOutputStream(11: connectionSocket.getOutputStream());12: clientSentence = inFromClient.readLine();13: capitalizedSentence = clientSentence.toUpperCase() + ’\n’;14: outToClient.writeBytes(capitalizedSentence);15: }16: }17: }

Question 1: Complete line 7.

7: Socket connectionSocket = welcomeSocket.accept();

Question 2: Extend the server to print the IP address/port of every connecting client. Use line numbersto indicate which lines should be changed/removed and where new code should be added.

We add the following line after line number 7:System.out.println("Incoming connection from IP: " +connectionSocket.getInetAddress() + " / port: " +connectionSocket.getPort());

Question 3: Assume that 3 different machines connect to the server (sequentially). As a result, howmany Socket objects will be created by the server? How many TCP ports will be assigned to the server(not including the already assigned port 6789)?

3 Sockets objects are created. No additional port is assigned.

2

Question 4: Complete the code of the TCP client provided below. This client takes one command-line argument, sends it to the server, and displays the answer on the screen. Assume that the addressof the server is compnet.epfl.ch. For simplicity, ignore exception handling.

public class TCPClient {public static void main(String argv[]) throws Exception {

String clientSentence = argv[0] + ’\n’;

Socket connectionSocket = new Socket("compnet.epfl.ch", 6789);

BufferedReader inFromServer =

new BufferedReader(new InputStreamReader(connectionSocket.getInputStream()));

DataOutputStream outToServer =

new DataOutputStream(connectionSocket.getOutputStream());

outToServer.writeBytes(capitalizedSentence);

String capitalizedSentence = inFromServer.readLine();;

System.out.println(capitalizedSentence);

connectionSocket.close();

}}

Question 5: Implement a program that lists ports between 4096 and 8192 that are assigned to UDPservers or clients (on the local machine). The information printed on the standard output should be ofthe following format: ”UDP Port # is busy”. Complete the code below.

public class UDPscanner{public static void main (String[] args){

for (int i = 4096; i < 8192; i++){

try {DatagramSocket s = new DatagramSocket(i);s.close();}catch (IOException e) {System.out.println("UDP Port " + i + " is busy");}

}}

}

3

2 Transport Layer (11 points)

Consider the following plot of TCP window size as a function of time for two TCP connections A andB. In this problem we will suppose that both TCP senders are sending large files. We also assumethat the packet loss events are independent in connection A and B.

2 64 108 1412 16 18

2

4

6

8

10

12

14

Transmission round

Co

ng

est

ion

Win

do

w

(in

se

gm

en

ts)

Connection B

Connection A

20

Figure 1: Evolution of TCP’s congestion windows for two TCP connections A and B.

Question 1: Considering the above values of congestion window (CongWin) for these connections,can we identify the type of TCP connections (Reno or Tahoe) that have been used by connection Aand B? Justify your answers.

Considering the different changes of CongWin in the 6th and 12th transmission rounds, connection Auses TCP Reno, whereas we cannot say that connection B uses TCP Reno or Tahoe.

4

Question 2: What are the values of the Threshold parameter between the 1st and the 14th transmis-sion rounds for each connection?

Connection A: The value of Threshold is 8 between the first and the sixth transmission round. It is 5between the sixth and the fourteenth transmission round.Connection B: With the above plot we cannot identify the exact value of Threshold for connection Bbetween the first and the sixth transmission round. It could have any value larger than 4. From thesixth to the fourteenth transmission round, it is 2 and at the fourteenth transmission round it is 4.

Question 3: At the 12th transmission round for connection A, is segment loss detected by a tripleduplicate ACK or by timeout? Justify your answer.

It is detected by timeout, because CongWin has dropped to 1 at the 13th transmission round.

Question 4: Draw (on Figure 1) the CongWin values of both connections up to the 20th transmissionround, considering that there is neither timeout nor duplicate ACK for any of the connections.

Question 5: Assume that the segment size is 1460 bytes and that a total of 87600 bytes havebeen successfully transmitted over connection A before the 13th transmission round. At whichtransmission round the cumulative amount of the successful transmitted data is equal to 163520bytes? Again we assume that there is neither timeout nor duplicate ACK after the 13th transmissionround.

87600 is equal to 876001460 = 60 segments. We would like to know at which transmission round the

1635201460 = 112 segment will be transmitted. Thus we have to find x such that:

1 + 2 + 4 + 5 + 6 + 7 + 8 + · · ·+ x = 112− 60 = 52x(x + 1)/2− 3 = 52x = 10.This means that in the 21nd transmission round 163520 bytes will be transmitted.

5

3 Network Layer (11 points)

Consider the network in the figure below. The numbers on links between the nodes represent the costscorresponding to these links. Assume that nodes initially know only the costs to their neighbors.

D

BC

E

A

3

7

5

1

2 9

Figure 2: A computer network.

Question 1: Using the distance-vector algorithm, show the distance tables at node E. Assume that thealgorithm works in a synchronous manner, where all nodes simultaneously receive distance vectorsfrom their neighbors, compute their new distance vectors, and inform their neighbors if their distancevectors have changed.

cost toA B C D E

A ∞ ∞ ∞ ∞ ∞from B ∞ ∞ ∞ ∞ ∞

D ∞ ∞ ∞ ∞ ∞E 3 9 ∞ 5 0

cost toA B C D E

A 0 7 ∞ ∞ 3from B 7 0 1 ∞ 9

D ∞ ∞ 2 0 5E 3 9 7 5 0

cost toA B C D E

A 0 7 8 8 3from B 7 0 1 3 9

D 8 3 2 0 5E 3 8 7 5 0

cost toA B C D E

A 0 7 8 8 3from B 7 0 1 3 8

D 8 3 2 0 5E 3 8 7 5 0

6

Question 2: Create a routing loop between the nodes B and C by changing the cost of the linkbetween the nodes C and D. What is the minimum change in link cost that creates the routing loop?What is this problem alternatively called?

Increase the link cost to at least 4. Count-to-infinity problem.

Question 3: How does RIP solve this problem? If RIP were used for routing in the above network,what is the finite number that would play the role of∞?

Using poisoned reverse. 16.

Question 4: If OSPF were used in the above network, how would it handle the routing loop? Howdo nodes learn the link costs in OSPF?

OSPF uses link-state routing, a global routing algorithm. Hence, the problem does not arise. Link-state broadcast.

Question 5: How does BGP solve this problem?

The AS-PATH attribute.

Question 6: Assume the IP addresses of the 5 nodes A, B, C, D, and E are 130.132.5.32,130.132.5.33, . . . , 130.132.5.36. Assume that the network in Fig. 2 is an autonomous system in theInternet with AS number 0. Node A is the BGP gateway of the AS. If A announces 130.132.5.0/28as the prefix of the network, is it valid? If no, please propose a valid one. Please note that this ASshould be assigned as few IP addresses as possible.

No. 130.132.5.32/29

7

4 Link Layer (10 points)

Suppose three active nodes – nodes n1, n2, and n3 – are competing for access to a channel usingslotted ALOHA. The channel is capable of transmitting a given frame at the full channel rate of RMbps. Assume each node has an infinite number of packets to send. Each node attempts to transmitin each slot with probability pi, i ∈ {1, 2, 3}.

Question 1: What is the probability Ps, as a function of p1, p2, and p3, that in a given slot a frame istransmitted successfully? How is this probability related to the network throughput?

Ps = p1(1− p2)(1− p3) + p2(1− p1)(1− p3) + p3(1− p1)(1− p2)

The network throughput is equal to PsR, where R is the channel bit-rate.

Question 2: What is the probability of successful transmission for node n1? What is the value of p1

that maximizes throughput of node n1?

P 1s = p1(1− p2)(1− p3).

For any given value of p2 and p3, p∗1 = 1 maximizes the throughput of n1.

Question 3: Now assume that node n3 always transmits its packets with p3 = 0.2 and that noden1 and n2 decide to cooperate with each other and send their packets with probability p (i.e.,p = p1 = p2). What is the value of p that maximizes the throughput of this network? What is thevalue of p that maximizes the throughput of nodes n1 and n2?

Ps = 1.6p(1− p) + 0.2(1− p)2.

∂Ps∂p = 1.2(1− p)− 1.6p = 0,

then p∗ = 37 .

The probability of successful transmission for n1 and n2 are equal and can be written asq = p(1− p)(1− 0.2) = 0.8p(1− p).Hence, p∗ = 0.5 maximizes the throughput of n1 and n2.

8

Question 4: Solve Question 3, assuming that nodes use pure ALOHA instead of slotted ALOHA.

Nodes use the pure ALOHA protocol. So, Ps should be rewritten by:Ps = p(1−p)2(1−0.2)2 +p(1−p)2(1−0.2)2 +0.2(1−p)2(1−p)2 = 1.28p(1−p)2 +0.2(1−p)4

∂Ps∂p = 1.28(1− p)2 − 0.8(1− p)3 − 2.56(1− p)p = −0.8(1− p)(−0.2 + p)(3 + p),

then p∗ = 0.2.

The probability of successful transmission for n1 and n2 is:q = 0.64p(1− p)2.The optimum probability of transmission for these nodes is p∗ = 1

3 .

Question 5: Consider a host A that is connected to a local network through a network interface withan IP address 1.1.1.10 and a MAC address AA-AA-AA-AA-AA-AA. At some point in time, a newhost B is connected to the same local network, through a network interface with an IP address 1.1.1.11and a MAC address BB-BB-BB-BB-BB-BB. Assume that host A knows the IP address of host B.List, in the table below, all the link layer frames that are exchanged between A and B, assumingthat A sends two IP packets to B immediately after B connects to the local network. Preserve theframe order. Note: The length of the table does not necessarily match the actual number of framesexchanged.

MAC address IP address

Frame Type source destination source destination

1. ARP AA-AA-AA-AA-AA-AA FF-FF-FF-FF-FF-FF 1.1.1.10 1.1.1.11

2. ARP BB-BB-BB-BB-BB-BB AA-AA-AA-AA-AA-AA 1.1.1.11 1.1.1.10

3. IP AA-AA-AA-AA-AA-AA BB-BB-BB-BB-BB-BB 1.1.1.10 1.1.1.11

4. IP AA-AA-AA-AA-AA-AA BB-BB-BB-BB-BB-BB 1.1.1.10 1.1.1.11

5.

6.

7.

9

5 Network Security (7 points)

Host A wants to send a large file of F bits to host B securely (i.e., protect the confidentiality andintegrity of packets). A and B are connected by two routers R1 and R2 (Figure 3). A TCP flow isinitiated by A towards B and all packets are forwarded by routers R1 and R2. We assume that A andB never exchanged information in the past and that there is no other communication channel betweenA and B.

A BR1 R2

Figure 3: Host A and host B are connected by R1 and R2.

Question 1: Is it possible for the routers (R1 or R2) to inject content in the TCP flow without causinga loss of any original packets sent from A to B? If yes, explain how. If no, explain why.

Yes, it is possible for a router to inject content by doing a Man-in-the-Middle attack. A router caneither add packets to the TCP flow, or add bits into a packet of the TCP flow. To do so, a routermust also alter the TCP sequence numbers to take into account the extra information. Consider forexample that a router injects 2 Bytes in a packet of 100 Bytes. After the injection of the 2 Bytes, therouter updates the TCP sequence number of all subsequent packets in both directions (i.e., data andacks).

Question 2: Host A decides to establish an SSH connection with host B using public key authenti-cation. We assume that both hosts A and B self-generate a public/private key pair. Is it still possiblefor the routers (R1 or R2) to inject content in the TCP flow without losing any of the original packetssent from A to B? If yes, explain how. If no, explain why.

Yes, it is still possible by doing another Man-in-the-Middle attack. SSH public keys are not certified bya trusted central authority and there is no secure side channel to verify the fingerprints of the publickeys. Hence, it is possible for a router to impersonate either host A or B. Then, the same attack as inquestion 1 can be used.

10

Question 3: Host A decides to use SSL. Hosts A and B, as well as routers R1 and R2 are assigneda public/private key pair together with its corresponding certificate signed by a common certificationauthority. All nodes know the public key of the certification authority.

a. In this example, even though SSL is used, all packets going through the routers are not en-crypted. Explain how is this possible.In SSL, data encryption is optional. Hence, during the SSL negotiation phase, host B (becauseit is malicious or misconfigured) can downgrade the security of the SSL session. For example,B can ask not to encrypt communications and only do integrity checks.

b. Assuming that all packets are now properly encrypted with SSL, is it possible for the routers(R1 or R2) to inject content in the TCP flow without losing any of the original packets sentfrom A to B? Is it possible to eavesdrop communications? Justify your answers.

No, it is not possible to inject data anymore. It is possible to eavesdrop communications butrouters will only observe encrypted packets.

Question 4: Assume that host A and B want to protect the anonymity of their communications fromthe routers. To do so, the routers forwarding the packets between A and B should not know the entirecommunication pattern: R1 should only know the source of communications, whereas R2 shouldonly know the destination. Explain how A can protect the anonymity of the packets it sends to Bwith SSL. (Hint: assume that the packet format is [source||destination||payload] and that packetscan be encrypted several times.)

A must repeatedly encrypt the packet it send to B. Each router on the path to B will remove a layerof encryption before forwarding the message to the following router. This prevents the routers fromknowing the origin and destination of messages. (Note: This technique is called Onion routing and isused by Tor to anonymize web traffic). For example,

[A||R1||KR1([R1||R2||KR2([R2||B||KB(A||B||message)])])] (1)

where KRi creates a messages encrypted with the public key of Ri.

11

6 Wireless and Mobile Networks (5 points)

Question 1: TDMA

Assume that two hosts share a base station to access the infrastructure. They use a TDMAframe with 2 time slots of duration T1 and T2 to share the spectrum: Each node i ∈ {1, 2} trans-mits during Ti and has a transmission rate Ri. What is the total throughput? What happens if T1 = T2?

th =L1 + L2

T1 + T2=

R1T1 + R2T2

T1 + T2(2)

where L1 and L2 are the packet lengths of host 1 and 2.If T1 = T2, we have:

th =R1 + R2

2(3)

In other words, the channel is equally shared.

Question 2: Channel Allocation

Consider that there are 4 apartments on the same floor in your building. In each apartment, thereis an IEEE 802.11b wireless access point to connect to the Internet.

Assume that their SSIDs are “home1”, “home2”, “home3”, and “home4”. The distance betweenthe access points “home1” and “home4” is the highest among distances between access points, butthey are all in the transmission range of each other.

a. If all APs have been configured to operate over channel 8, can anybody use its wireless connec-tion? Justify your answer.Yes, it is possible to use the wireless connection but with bad performances. All APs will com-pete on the same channel and there will be many collisions.

12

b. What is the optimum design for channel allocation in this problem such that at least two AP donot interfere with each other?There are 3 orthogonal channels (1, 6, 11) in IEEE 802.11b. Any answer of the following formis correct: home1=home4, and home2, home3 have the remaining orthogonal channels. Forexample, home1=1, home2=6, home3=11, home4=1.

Question 3: Mobile IP

a. In mobile IP with indirect routing, will the end-to-end delays of datagrams increase? Justifyyour answer. What if direct routing is used?

Yes, with both routing types, it will increase the end-to-end delay.

b. What are the advantages and disadvantages of direct routing over indirect routing?

Advantages: Avoid triangle routing, reduces delay with respect to indirect routing.Disadvantages: More packets exchanged, higher complexity.

13

7 The Web (10 points)

Recently in the UK, the major UK ISPs blocked its users from viewing a particular entry of Wikipedia(more precisely, a URL). This was done after the request from the Internet Watch Foundation, whichfound this particular entry offensive. The action, aside from igniting a debate on Internet censorship,had an interesting side-effect. Quoting an administrative noticeboard on Wikipedia:

“Due to the way the block was created (via transparent proxies), users from the affectedISPs now share a small number of IP addresses. This means that a user committingvandalism cannot be distinguished from all the other people on the same ISP. Unfortu-nately, the effect of this is that all users from the affected ISPs are temporarily blockedfrom editing Wikipedia. Simply viewing the site is not affected, aside from the blockedcomposition and image.”

Based on this text, and your networking knowledge, answer the following questions:Question 1: Does Wikipedia block any users from viewing its content? If yes, in what way?

No.

Question 2: Does Wikipedia block any users from editing its content? If yes, in what way?

Yes, based on the IP address.

We have seen in the lecture and the TPs that to use a web proxy, a user needs to specificallyconfigure his web browser. This is not the case for the transparent proxies deployed by the ISPs inthis example: The http traffic of every user is handled by the transparent proxy. In the next 4 questions,we are going to investigate how such a proxy could be implemented, such that its behavior would beconsistent with the behavior described in the Wikipedia noticeboard. For simplicity we ignore theTCP connection and acknowledgement mechanisms. NOTE: There is more than one solution thatwill be considered correct.

We assume that the ISP configures its network such that every TCP/IP packet with destinationport 80 originated at a user is routed to the transparent proxy. We further assume that the IP ad-dress of Wikipedia is IPwiki, and the URL to be blocked is URLblock = hostname(URLblock) +pathname(URLblock).

A following TCP/IP packet carrying an HTTP message arrives at the transparent proxy:source IP destination IP . . . source port destination port . . .IPuser IPweb−server portuser portweb−server = 80GET pathname(URL) HTTP/1.1Host: hostname(URL)

14

Question 3: Define a condition based on which the transparent proxy decides to block the HTTPrequest or allow it through.

Version 1: Block if IPweb−server = IPwiki and URL = URLblock

Version 2: Block if URL = URLblock

Question 4: If the transparent proxy decided to block the request, it is going to immediately reply tothe client. Describe (fill in all the fields in the table below) the packet that the transparent proxy isgoing to reply with. For simplicity, assume that the reply fits in a single IP packet. Give an overviewof the HTTP payload, not an actual HTTP message.

source IP destination IP . . . source port destination port . . .

IPweb−server IPuser 80 portuser

error message, e.g., HTTP 404

Question 5: If the transparent proxy decided to allow the request through, it is going to be routed tothe web server. Describe the packet that the transparent proxy sends to the web server, and the packetwith which the web server replies. If the reply packet is modified by the transparent proxy beforereaching the client, describe the reply packet that the proxy send to the client. For simplicity, assumethat the reply fits in a single IP packet. Give an overview of the HTTP payload, not an actual HTTPmessage.

source IP destination IP . . . source port destination port . . .

IPproxy IPweb−server p = new port 80copy payload from arriving packet

source IP destination IP . . . source port destination port . . .

IPweb−server IPproxy 80 presponse of the server

source IP destination IP . . . source port destination port . . .

IPweb−server IPuser 80 portuser

copy response of the server

15

Question 6: Does the the transparent proxy operate differently if the arriving packet contains a POSTor a PUT request, instead of a GET request? If yes, how?

No. The proxy can either allow every POST/PUT packet through (as in Question 5), or extend theblocking filter (Question 3) and block packets (Question 4) containing the offending URL.

NOTE: Questions 7 and 8 must be answered based on the proxy implementation you proposed inquestions 3-6.Question 7: Consider a user of one of the blocking UK ISPs that configures his browser to use a webproxy located in Switzerland. Would such a user be able to edit Wikipedia? Would such a user beable to view the blocked Wikipedia entry? Explain.

If the Swiss proxy accepts requests at a port different than 80 (e.g., 8080), the request will not berouted via the transparent proxy, and both viewing and editing are possible.Otherwise, the user would be able to edit Wikipedia, as from Wikipedia’s point of view the trafficwould be coming from the IP address of the Swiss proxy. (Assuming that the Swiss proxy would no beblocked from editing by Wikipedia.)For viewing, the answer depends on the proxy implementation:Version 1: Yes, as the destination IP address in the HTTP request would no match the condition.Version 2: No, it would be blocked based on the blocked URL.

Question 8: Consider a user of one of the UK ISPs that is accessing the ISP network from behind aNAT. Would such a user be able to edit Wikipedia? Would such a user be able to view the offendingWikipedia entry? Explain.

No, neither view or edit, as after traversing the NAT, the user’s packet would be still routed towardsthe transparent proxy.

16

Question 9: Would it be possible for the ISPs to block only the offending Wikipedia entry, withoutpreventing their users from editing Wikipedia? If yes, explain how. If no, explain why not.

Yes. In the proxy implementation, if the blocking condition is not satisfied, the proxy could act as arouter and simply forward the packet without modifying IP addresses.

Question 10: Assume, hypothetically, that communication with Wikipedia would be done overHTTPS (with correctly deployed certificates). Could the ISPs block only the offending Wikipediaentry, but allow access to other Wikipedia entries? Explain.

No. With https, the traffic would be (most likely) encrypted, and the ISP would not be able to under-stand the HTTP traffic, and thus it would be unable to block only the offending entry. Note that withcorrectly deployed certificates, a man-in-the-middle attack is not possible.

17

18