Networking Exam 1 Review

Networking Exam 1 Review

Name the different layers in the TCP/IP protocol model, give a brief description of each layer, and name one protocol that is used in each layer.

1. Application Layer
   • Protocol: FTP, Telnet, HTTP,
     • The application layer defines standards for accessing services across an internet such as file transfer, email, or terminal emulation. For example, any application can send an email message to anyone on an internet as long as it follows the email standards.
2. Transport Layer
   • Protocol: TCP, UDP
     • The Transport layer provides communication to multiple destinations on a single host. It can also provide reliability through positive acknowledgement with retransmission, sequencing, and regulation of the flow of data.
3. Internet Layer
   • Protocol: IP
     • The Internet layer performs routing of data packets (datagrams) from the source host to the target host. It also provides some error reporting and control functions.
4. Network Interface Layer
   • Protocol: Ethernet, FDDI
     • The Network Interface layer accepts IP datagrams and transmits them as frames over the local physical network. TCP/IP does not specify the Network Interface layer but is network technology independent.
5. Hardware Layer
   • Protocol: Copper wire, Fiber cable
     • The Hardware layer is the physical interconnection between computers. It is the medium over which communication takes place on the local network. TCP/IP does not specify the hardware layer.

Describe the differences between circuit switched and packet switched networks.

• Circuit Switched » A circuit-switched network creates a dedicated circuit between the source and the target. The circuit is resevered for the communication between the source and the target. It has the advantage of having guaranteed capacity but can be costly if the capacity is not always used. The telephone system is an example of a circuit switched network.
• Packet Switched Networks » A packet switched network sends small amounts of data, known as packets, through the network. Each packet is self describing; it contains the source and destination addresses of the packet as well as the data itself. Each packet may take a different path through the network and thus may arrive out of order at the target. An advantage of a packet switched network is that the cost can be shared amongst all the users of the network. A disadvantage is that the capacity for an individual user is not gauranteed. As other users traffic increases there is less available for the individual user. The postal system is an example of a packet switched network.

Discuss the advantages and disadvantages between the different topologies found in networking.

• Bus - A bus topology connects computers along a single or more cable to connect linearly. A network that uses a bus topology is referred to as a "bus network" which was the original form of Ethernet networks. Ethernet 10Base2 (also known as thinnet) is used for bus topology.
  
  • Advantages:
    • Easy to connect a computer or peripheral to a linear bus.
    • Requires less cable length than a star topology.
    • It is easy to extend a network by adding cable with a repeater that boosts the signal and allows it to travel a longer distance.
  • Disadvantages:
    • A bus topology becomes slow by heavy network traffic with a lot of computer because networks do not coordinate with each other to reserve times to transmit.
    • Entire network shuts down if there is a break in the main cable.
    • Terminators are required at both ends of the backbone cable.
    • Difficult to identify the problem if the entire network shuts down.
    • Not meant to be used as a stand-alone solution in a large building.
• Star - A star topology links the computers by individual cables to a central unit, usually a hub. When a computer or other networking component transmits a signal to the network, the signal travels to the hub. Then, the hub forwards the signal simultaneously to all other components connected to the hub. Ethernet 10BaseT is a network based on the star topology. Star topology is the most popular way to connect computers in a workgroup or departmental network.
  
  • Advantages:
    • Easy to install and wire.
    • No disruptions to the network then connecting or removing devices.
    • Easy to detect faults and to remove parts.
    • The failure of a single computer or cable doesn't bring down the entire network.
    • The centralized networking equipment can reduce costs in the long run by making network management much easier.
  • Disadvantages:
    • Requires more cable length than a linear topology.
    • If the hub or concentrator fails, nodes attached are disabled. Failure of the central hub causes the whole network failure.
    • More expensive than linear bus topologies because of the cost of the concentrators. It is slightly more expensive than using bus topology.
• Tree
  
  • Advantages:
    • Point-to-point wiring for individual segments.
    • Supported by several hardware and software venders.
  • Disadvantages:
    • Overall length of each segment is limited by the type of cabling used.
    • If the backbone line breaks, the entire segment goes down.
    • More difficult to configure and wire than other topologies.
• Ring - A ring topology connects the computers along a single path whose ends are joined to form a circle as figure 3. The circle might be logical only but the physical arrangement of the cabling might be similar to star topology, with a hub or concentrator at the center. The ring topology is commonly used in token ring networks that the ring of a token ring network is concentrated inside a device called a Multistation Access Unit (MAU) and fiber Distributed Data Interface (FDDI) networks that the ring in this case is both a physical and logical ring and usually runs around a campus or collection of buildings to form a high-speed backbone network.
  
  • Advantages:
    • One computer cannot monopolize the network.
    • It continue to function after capacity is exceeded but the speed will be slow.
  • Disadvantages:
    • Failure of one computer can affect the whole network.
    • It is difficult to troubleshoot.
    • Adding and removing computers disrupts the network.
• Mesh - A mesh network has point to point links between every node on the network. In a mesh topology, each computer on network has redundant data paths as showing in figure 4. The mesh topology provides fault tolerance-if a wire, hub, switch, or other component fails, data can travel along an alternate path. A diagram of a mesh network looks like a fishing net. A mesh topology is most often used in large backbone networks in which failure of a single switch or router can result in a large portion of the network going down.
  
  • Advantages:
    • Redundant links between devices
  • Disadvantages:
    • Each node must have an interface for every other device
    • Large amounts of cable for many devices to be connected in a mesh environment
    • Unless each station sends to every other station frequently, bandwidth is wasted. (links that are not being used)

Discuss the differences between a repeater, hub, switch, bridge, and router and explain when each would be used.

• repeater - A repeater is a device that repeats each bit of digital data that it receives. This repeating action cleans up the signal by retiming and regenerating before repeating the data. Repeaters are an inexpensive method of overcoming distance limitations. Repeaters can only link devices of LAN segments of similar network architectures.
• hub - A hub is a device that allows attachment of multiple devices together. A hub is used to connect multiple devices together on the same physical network. A hub offers an alternative wiring system; instead of running the communication medium through a building and connecting all of the devices to the wire, the hub acts as a central connecting point. Hubs typically do not look at the traffic on the network.
• switch - A switch seeks to overcome the "one-at-a-time" broadcast scheme of a hub by adding the basic design of a data PBX to the concentrator functionality of a hub. The switch is actually able to create connections, or switch, between any two attached Ethernet devices on a packet-by-packet basis. Therefore, the "one-at-a-time" broadcast limitation previously associated with Ethernet is overcome. When transmission of a frame begins the switch looks at the destination address and only sends the frame directly to that device. Devices connected to a switch do not know the switch is there and can still communicate directly with each other.
• bridge - The simplest LAN connection device is the bridge. A bridge is designed for use between local area networks (LANs) that use identical protocols. Bridges learn the organization of the LANs by examining the source address of transmitted frames and can be used to isolate network traffic. Bridged networks cannot contain loops. Bridges are rather inexpensive devices and operate very fast. The main disadvantage is that there is no possibility of using an alternative route to bypass a failed or congested transmission line. This is more of a problem for long-distance transmission (WANs) than for local internets (LANs).
• router - Routers are used to connect different LANs so that the devices on each LAN can communicate with the devices on the other LAN. They can optimize routes and react to failures and congestion. They can also handle multiple LAN protocols simultaneously. Therefore, routers provide flexibility and functionality not found in other connection devices.

Calculate even/odd parity for a byte.

Calculate a two-digit, decimal checksum.

• 32 28 93 86 8 54 95 Sum = 396 -> 96
• 2 14 58 5 13 88 12 13 80 Sum = 285 -> 85
• 26 68 72 7 14 92 46 5 Sum = 330 -> 30
• 102 117 110 32 115 116 117 102 102 Sum = 913 -> 13

Describe the algorithm that Ethernet uses to transmit frames (CSMA/CD, binary exponential backoff).

• Ethernet is the most widely used packet-switching LAN technology. It uses a CSMA/CD (carrier-sense multiple access with collision detection) algorithm. This algorithm ensures that any device wishing to transmit, first listens to the medium to determine if a transmission is in progress (carrier sense). If the medium is idle, the device starts to transmit. Because any device (multiple access) may start transmission at any time, it is possible that two or more devices attempt to initiate a transmission at the same time. When this happens, a collision occurs; all transmissions become scrambled and are un-interpretable. To detect this, a device must listen to the medium while it is transmitting. When it detects that a collision has occurred, it stops transmitting immediately (collision detection). It then chooses a random amount of time to wait before starting the sequence over again. In the event that another collision occurs, the range of wait time is doubled (binary exponential back-off).

• CSMA/CD - Nodes in an Ethernet LAN are interconnected by a broadcast channel, so that when an adapter transmits a frame, all the adapters on the LAN receive the frame. As we mentioned in Section 5.3, Ethernet uses a CSMA/CD multiple access algorithm. Summarizing our discussion from Section 5.3, recall that CSMA/CD employs the following mechanisms:
  1. An adapter may begin to transmit at any time; that is, no slots are used.
  2. An adapter never transmits a frame when it senses that some other adapter is transmitting; that is, it uses carrier sensing.
  3. A transmitting adapter aborts its transmission as soon as it detects that another adapter is also transmitting; that is, it uses collision detection.
  4. Before attempting a retransmission, an adapter waits a random time that is typically small compared with the time to transmit a frame. These mechanisms give CSMA/CD much better performance than slotted ALOHA in a LAN environment. In fact, if the maximum propagation delay between stations is very small, the efficiency of CSMA/CD can approach 100 percent.
• binary exponential backoff » (good explanation)
  • Each sender will delay after a collision before attempting to retransmit. If they will delay for the same time, another collision will occur. That's why each sender chooses a random delay between 0 and d (d is some standard delay value). If, nevertheless, another collision occurs, each computer doubles the range from which the delay is chosen, that means, the random delay will now be between 0 and 2d. If another collision occurs the range will be between 0 and 4d and so on. After each collision the range of the random delay increases exponentially, therefore the probability of collision rapidly decreases and after few iterations becomes negligible.

Describe the classes for IP addressing and tell the class of an address.

• Internet Addresses
  • Two parts to identify host: Network and Host
  • All host on same physical network share network part
  • Routing only cares about network part
• Classes
  1. Class A Address » 1.0.0.0 to 126.255.255.255
     • 8 bit network id
     • 24 bit host id
       • Also called /8 address
  2. Class B Address » 128.0.0.0 to 191.255.255.255
     • 16 bit network id
     • 16 bit host id
       • Also called /16 address
  3. Class C Address » 192.0.0.0 to 233.255.255.255
     • 24 bit network id
     • 8 bit host id
       • Also called /24 address
  4. Class D Address
     • Multicast Address
  5. Class E Address
     • Reserved for future use

Describe how the ARP protocol works, when it is used, and how the ARP cache works.

• ARP - Address Resolution Protocol » allows a host to find the physical address of another host on the same physical network given the targer host's IP address
  • How it works?
    • ARP is automatic when a request is made to send a packet to another host
    • Several packets could "stack up" for same host from different applications waiting for address resolution
  • When it is used?
    • ARP is automatic, so when a request is made to send a packet to another host it is done automatically.
  • How ARP cache works?
    • To reduce communication costs, computers that use ARP maintain a cache of recently acquired IP-to-physical bindings. That is, whenever a computer sends an ARP request and receives an ARP reply, it saves the IP address and corresponding hardware address information in its cache for successive lookups.
    • ARP uses a soft state meaning the cache can go stale.
    • So the soft state works in an automcatic fashion, unfortunately if there is a crash the sender will not know so a delay will result.

Discuss the security risks of Proxy ARP.

• Proxy ARP (the ARP hack) » Proxy ARP technique allows one network adress to be shared between two physical nets. Router R answers ASP requests on each network for hosts on the other network, giving its hardware address and then routing datagrams correctly when they arrive. In essence, R lies about IP-to-physical address bindings.
  • Trust
    • ARP is based on the idea that all machines are cooperate and that any response is legitimate; so this totally goes against that philosophy.
  • Spoofing
    • Spoofing is a situation where one machine claims to be another in order to intercept packets.

Explain the differences between RARP, BOOTP, and DHCP.

• RARP » RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol (ARP) table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.
• BOOTP » BOOTP (Bootstrap Protocol) is a protocol that lets a network user be automatically configured (receive an IP address) and have an operating system booted (initiated) without user involvement. The BOOTP server, managed by a network administrator, automatically assigns the IP address from a pool of addresses for a certain duration of time. BOOTP is the basis for a more advanced network manager protocol, the Dynamic Host Configuration Protocol (DHCP).
  • BOOTP is more efficient than RARP because a single BOOTP message specifies many items needed at startup, including a computer's IP address, the address of a router, and the address of a server. BOOT also includes a vendor specific field in the reply that allows hardware to send additional information used only for their computers.
• DHCP » Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP address. When an organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each machine. Without DHCP, the IP address must be entered manually at each computer and, if computers move to another location in another part of the network, a new IP address must be entered. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network. DHCP uses the concept of a "lease" or amount of time that a given IP address will be valid for a computer. The lease time can vary depending on how long a user is likely to require the Internet connection at a particular location. It's especially useful in education and other environments where users change frequently. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses. DHCP supports static addresses for computers containing Web servers that need a permanent IP address.
  • DHCP extends BOOTP in 2 ways:
    1. DHCP allows a computer to acquire all the configuration information it needs in a single message; for example in addition to an IP address, a DHCP message can contain a subnet mask.
    2. DHCP allows a computer to obtain an IP address quickly and dynamically.
  • DHCP is an alternative to another network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is a more advanced protocol, but both configuration management protocols are commonly used. Some organizations use both protocols, but understanding how and when to use them in the same organization is important.

Describe how the DHCP protocol works and what its advantages over BOOTP.

• DHCP » Dynamic Host Configuration Protocol (DHCP) is a communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network. Using the Internet Protocol, each machine that can connect to the Internet needs a unique IP address. When an organization sets up its computer users with a connection to the Internet, an IP address must be assigned to each machine. Without DHCP, the IP address must be entered manually at each computer and, if computers move to another location in another part of the network, a new IP address must be entered. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network. DHCP uses the concept of a "lease" or amount of time that a given IP address will be valid for a computer. The lease time can vary depending on how long a user is likely to require the Internet connection at a particular location. It's especially useful in education and other environments where users change frequently. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses. DHCP supports static addresses for computers containing Web servers that need a permanent IP address.
  • DHCP extends BOOTP in 2 ways:
    1. DHCP allows a computer to acquire all the configuration information it needs in a single message; for example in addition to an IP address, a DHCP message can contain a subnet mask.
    2. DHCP allows a computer to obtain an IP address quickly and dynamically.
       • popular with ISP's because allows a host to obtain a temporary IP address
  • DHCP is an alternative to another network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is a more advanced protocol, but both configuration management protocols are commonly used. Some organizations use both protocols, but understanding how and when to use them in the same organization is important.

Explain how IP handles datagrams which are larger than the network's MTU.

• DHCP » MTU (Maximum Transfer Unit) For example, Ethernet limits transfers to 1500 octets of data, while FDDI permits approximately 4470 octets of data per frame; this is known as the network's MTU.
• Instead of designing datagrams that adhere to the constraints of physical networks, TCP/IP software chooses a convenient initial datagram size and arranges a way to divide large datagrams into smaller pieces when the datagram nees to traverse a network that has a small MTU.
  • The small pieces into which a datagram is divided are called fragments.
    • And the process of dividing a datagram is known as fragmentation.

Create a routing table for a router in an internet.

• Given the following network, what would the router table be for router A, B, C?

Calculate the maximum number of subnets and hosts and the correct subnet mask when using subnetting.

• Perform on seperate sheet.

Explain the routing algorithm used by IP.

• Setting a default gateway on a system tells the TCP/IP routing algorithm where to send packets that are addressed to destinations for which it does not have specific routes already defined. For example, if you have a system with a single interface addressed to 10.23.45.67 and a net mask of 255.255.255.0, this tells the routing algorithm that packets addressed to any system with an address in the range of 10.23.45.1 through 10.23.45.254 can be placed on the local segment through the interface. Without other routes or a default gateway the system will not be able to communicate with any systems that have addresses outside of this range. By setting the default gateway, this tells the routing algorithm to forward any packet addressed outside of the known network to a specific router or routing computer for further routing.
• It is important to be aware that the default gateway must be the address of a system for which the routing algorithm has a route. In the above example, if there are no other routes defined, the default gateway would need to be the address of a router or routing computer that is in the 10.23.45.1 through 10.23.45.254 range. Otherwise the routing algorithm could not find the gateway and no packets would be forwarded.

Discuss the difference between direct delivery and indirect delivery.

• direct delivery » The transmission of a datagram from one machine across a single physical network directly to another, is the basis on which all internet communication rests.
  • Transmission of an IP datagram between two machines on a single physical network does not involve routers. The sender encapsulates the datagram in a physical frame, binds the destination IP address to a physical hardware address, and sends the resulting frame directly to the destination.
• indirect delivery » Occurs when the destination is not on a directly attached network, forcing the sender to pass the datagram to a router for delivery.
  • Indirect delivery is more difficult than direct delivery because the sender must identify a router to which the datagram can be sent. The router much then forward the datagram on toward its destination network.
    • Routers in a TCP/IP internet form a cooperative, interconnected structure. Datagrams pass from router until they reach a router that can deliver the datgram directly.

Explain how the IP address structure is related to IP routing.

• ARP(Address Resolution Protocol) » When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the rightside packet length and format and sent to the machine. If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it. A machine that recognizes the IP address as its own returns a reply so indicating. ARP updates the ARP cache for future reference and then sends the packet to the MAC address that replied.

Perform Dijkstra's algorithm on a network.

• Perform from worksheet.

Explain how the traceroute utility determines the addresses of routers.

• Traceroute is a utility that determines the path an IP packet takes through the Internet by cleverly using the Time to Live (TTL) field in the IP packet header and looking for ICMP Destination Unreachable (TTL exceeded) messages generated by the routers along the path.
  • When looking at a traceroute, bear in mind that routers generally have a different IP address for each interface, so the IP address shown in a traceroute is always that of the interface on which the router received the packet.
  • Because of this rule, a traceroute done in the reverse direction may show a completely different set of IP addresses and domain names even when the exact same routers are traversed in reverse order.

What ICMP is and how it is used?

• ICMP (Internet Control Message Protocol) » An integral part of the Internet Protocol (IP) that handles error and control messages. Specifically, routers and hosts use ICMP to send reports of problems about datagrams back to the original source that sent the datagram. ICMP also includes an echo request/reply used to test whether a destination is reachable and responding.
  • Simply » ICMP (Internet Control Message Protocol) is a message control and error-reporting protocol between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams, but the messages are processed by the IP software and are not directly apparent to the application user.

What is ICMP source quench used for?

• A machine uses ICMP source quench messages to report congestion to the original source.
  • A source quench message is a request for the source to reduce its current rate of datagram transmission.
  • Usually congested routers send one source quench message for every datagram that they discard.

How does ICMP source quench works?

• There is no ICMP message to reverse the effect of a source quench. Instead, a host that receives source quench messages for a destination, D, lowers the reate at which it sends datagrams to D until it stops receiving source quench messages; it then gradually increases the reate as long as no further source quench requests are received.

What are the two cases which will result in an ICMP time exceeded message to be sent?

1. a router discards a datagram because its hop count has reached zero
2. a timeout occurred while waiting for fragments of a datagram

How are ICMP timestamp messages used to estimate network delay.

• A requesting machine sends an ICMP timestamp request message to another machine, asking that the second machine return its current value for the time if day. The receiveing machine returns a timestamp reply back to the machine making the request.
  • Accurate estimation of round-trip delay can be difficult and substantially restricts the utility of ICMP timestamp messages.
  • Taking many measurements may not guarentee consistency; sophisticated statistical analysis is needed to produce precise estimates.

Describe what happens when an ICMP message is lost.

• When a router cannot forward or deliver an IP datagram, it sends a destination unreachable message back to the original source, then drops or discards the datagram.
  • Network unreachable errors usually imply routing failures; host unreachable errors imply delivery failures.

How could the ICMP echo request message be used with the "do not fragment" flag in the IP datagram header to determine the largest datagram that can be transferred between a source and a destination without fragmentation (MTU)?

• To discover the path MTU, a sender probes the path by sending datagrams with the IP "do not frament" bit set. It then decreases the size if ICMP error messages report that fragmentation was required.

What is the difference between an ICMP Router Advertisement and Router Solicitation?

• Router discovery uses Internet Control Message Protocol (ICMP) router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet. Hosts must discover routers before they can send IP datagrams outside their subnet.
• Router Advertisement » a periodical advertisement sent by multicast to neighboring routers to say they are available, normally 10 minute default
• Router Solicitation » used to get immediate advertisement from other routers to know they are available; no 10 minute delay -> immediate

Explain the differences between IP, UDP, and TCP.

• IP (Internet Protocol) » The TCP/IP standard protocol that defines the IP datagram as the unit of information passed across an internet and provides the basis for connectionless, best-effort packet delivery service. IP includes the ICMP control and error message protocol as an integral part. The entire protocol suite is often referred to as TCP/IP because TCP and IP are the two fundamental protocols.
  •  
• UDP (User Datagram Protocol) » The protocol that allows an application program on one machine to send a dtagram to an application on another. UDP uses the IP to deliver datagrams.
  • Conceptually, the important difference between UDP datagrams and IP datagrams is that UDP includes a protocol port number, allowing the sender to distinguish among multiple application programs on a given remote machine.
• TCP (Transmission Control Protocol) » the TCP/IP standard transport level protocol that provides reliable, full duplex, stream service on which many application protocols depend. TCP allows a process on one machine to send a stream of data to a process on another. TCP is connection-oriented in the sense that before transmitting data, participants must establish a connection. All data travels in TCP segments, which each travel across the Internet in an IP datagram.
  • Both UDP and TCP are at the transport level. They both provide the concept of ports to allow data to be delivered to a specific application. UDP is an unreliable, connectionless, best-effort, datagram delivery mechanism. TCP is a reliable, connection-oriented, stream delivery mechanism. A UDP datagram may be lost, delayed, or duplicated but data through TCP guaranteed. TCP handles the problems of segments being lost (automatic retransmission), delayed or duplicated (ordered stream delivery).

How does TCP build reliability on top of something that is unreliable?

• TCP uses positive acknowledgement with timeout and retransmission. For each segment transmitted an acknowledgement is expected. Once a segment has been transmitted a timer is started. The acknowledgement is expected before the timer expires. If the acknowledgement is not received within the time limit, the segment is automatically retransmitted. Because of this each segment must be kept at the source until it has been properly acknowledged; only then can it be discarded. When a segment is received at the target, it transmits an acknowledgement which requests the byte in the stream which the target requires next. Every segment expects to receive an acknowledgement.

How do TCP acknowledgements work? What are their advantages and disadvantages?

• A TCP acknowledgement specifies the sequence number of the next octet that the receiver expects to receive.
  • Advantages »
    • One advantage is that acknowledgements are both easy to generate and unambiguous.
    • Another advantages are that lost acknowledgements do no necessarily force retransmission.
  • Disadvantages »
    • A major disadvantage is that the sender does not receive information about all successful transmissions, but only about a single position in the stream that has been received.
• How it works »
  • A TCP acknowledgement specifies the next byte in the stream that the target is expecting. This acknowledges everything from the beginning of the stream up to the octet being requested. Because TCP uses a sliding window, several segments could be in transmission at the same time. If the acknowledgement from one segment is lost but a subsequent acknowledgement is received, this includes the acknowledgement which was lost. In this case neither the lost acknowledgement nor the segment it was acknowledging needs to be retransmitted.
• Example »
  • Example: A sender has sent 10 segments. If the first segment is lost, At each other segment arrives, the receiver sends an acknowledgement, but each acknowledgement specifies octet 101, the next highest contiguous octet it expects to receive.

How does TCP regulate the flow of data from the source?

• TCP uses a specialized sliding window mechanism to solve two important problems: efficient transmission and flow control. The TCP form of a sliding window protocol also solves the end-to-end flow control problem, by allowing the receiver to restrict transmission until it has sufficientt buffer space to accomadate more data.
  • Flow Control » Control of the rate at which hosts or routers inject packets into a network or internet, usually to avoid congestion.
    • IP uses source quench, a machine uses ICMP source quench messages to report congestion to the original source.
      • Source Quench » A source quench message is a request for the source to reduce its curent rate of datagram transmission.

What is the difference between a TCP Window advertisement and the congestion window?

• Window Advertisement » A value used by TCP to allow a receiver to tell a sender the size of an available buffer.
• Congestion Window » Congestion window is the flow control set by the sender. Advertised window is the flow control performed by the receiver. Thus maximum congestion window has the same effect as the receiver's advertised window size.
  • Congestion Control » Congestion control is somewhat more involved. The sender keeps track of a parameter called congestion window. The effective window is than the minimum of receiver-advertised window and the congestion window. Congestion window starts out as one (or, sometimes, experimentally, two) maximum segment sizes (MSS). The sender estimates current round-trip time (RTT) between itself and the receiver (based on acknowledgment packets that come in response to its packets) and keeps track of this estimate. It's typically an exponentially decaying running average of observed round-trip times. Initially the sender enters the slow start phase of the connection; in slow start phase, during each RTT when there was no detected loss congestion window is doubled (so it grows exponentially and "slow start" is in effect a misnomer). Once the first packet loss is detected, slow start is over and the normal phase begins. From this point on, during each RTT when no loss is detected, congestion window is increased by one maximum segment size; during each RTT when any losses were detected, congestion window is halved.

What is Out of Band data and when would it be used?

• out of band data » Data sent outside the normal delivery path, often used to carry abnormal or error indicators. TCP has an urgent data facility for sending out-of-band data.
  • Typically, the reason for sending out-of-band data is to send notice of an exceptional condition.

How long does TCP wait until it retransmits a segment?

• A TCP acknowledgement specifies the next byte in the stream that the target is expecting. This acknowledges everything from the beginning of the stream up to the octet being requested. Because TCP uses a sliding window, several segments could be in transmission at the same time. If the acknowledgement from one segment is lost but a subsequent acknowledgement is received, this includes the acknowledgement which was lost. In this case neither the lost acknowledgement nor the segment it was acknowledging needs to be retransmitted.

What causes the silly window syndrome to occur (send and receive) and what is done to prevent it?

• silly window syndrome (SWS) » A condition that can arise in TCP in which the receiver repeatedly advertises a small window and the sender repeatedly sends a small segment to fill it. The resulting transmission of small segments makes inefficient use of network bandwidth.
  • Causes »
    • Sending Scenario »
      • For the sending scenario occurs when the application is generating data one octet at a time and requesting it to be pushed to the target. In this case each datagram would contain only one octet of information which is pretty silly.
    • Receiving Scenario »
      • The receiving scenario occurs when the TCP buffers on the target are full. The target advertises a zero size window which causes the source to stop transmitting. Then the application on the target extracts a single octet from the buffer. This causes an advertisement of one octet to be sent. The source sends a datagram of one octet and receives another advertisement of zero so it stops again.
  • Preventing »
    • Sending Scenario »
      • To avoid the sending side scenario the source buffers data even if push is requested as long as there is data that has not been acknowledged. As soon as an acknowledgement arrives or the buffer reaches the maximum segment size, the source sends the buffer.
    • Receiving Scenario »
      • To avoid the receiving side, once a zero window has been advertised, additional space is not advertised until half the buffer space is available.