Beruflich Dokumente
Kultur Dokumente
___________________________
PeopleSoft ID
1. (8 pts – 2x4) Suppose you are interested in detecting the number of hosts behind a
NAT. You observe that the IP layer stamps an identification number sequentially on
each IP packet. The identification number of the first IP packet generated by a host is a
random number, and the identification numbers of the subsequent IP packets are
sequentially assigned. Assume all IP packets generated by hosts behind the NAT are
sent to the outside world.
a. Based on this observation, and assuming you can sniff all packets sent by the NAT
to the outside (you’re monitoring just on the WAN side of the router), can you
outline a simple technique that detects the number of unique hosts behind a NAT?
Justify your answer.
Y/N.______________________________________________________________
Answer: count streams of consecutively-numbered packets based on their IP
regardless of IP and port.
b. If the identification numbers are not sequentially assigned but randomly assigned,
would your technique work? Justify your answer.
Y/N.______________________________________________________________
Answer: no, you’d have no way of spotting streams based on sequential numbers,
and therefore clusters of packets belonging to the same host.
_________________________
Answer: will vary
b. Include a screen capture or export the packet and copy/paste the text below.
<screen capture of Wireshark packet goes here>
_________________________
Answer: will vary
d. Paste a screen capture here:
<screen capture of whatsmyip.org result here>
Answer: will vary
e. Are they the same? Why or why not?
Y/N. _____________________________________________________________
Answer: they should be different unless you are using a public IP address, which
would be pretty cool.
Turn off WiFi and use the carrier’s data network (which is how hotspots are usually
configured to work). Tether your laptop or another device to the phone so you’re
connected to its hotspot.
____________________
Answer: will vary
b. Report the tethered device’s IP address (use whatsmyip.org):
_______________________
Answer: will vary
Now find the IP address in your laptop’s network settings (google how to find your
IP address if you don’t know how).
Y/N. _____________________________________________________________
Answer: will vary
e. When you send a packet from class to the Internet, does the WiFi router in our
classroom need to support NAT? Why or why not?
Y/N. _____________________________________________________________
Answer: No, because the private address pool is legal within all of UH. Only at the
edge does it need to be NATted to a public IP.
Frame 6: 590 bytes on wire (4720 bits), 590 bytes captured (4720 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Aug 29, 2004 11:57:23.661966000 CDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1093798643.661966000 seconds
[Time delta from previous captured frame: 0.002010000 seconds]
[Time delta from previous displayed frame: 0.002010000 seconds]
[Time since reference or first frame: 8.635133000 seconds]
Frame Number: 6
Frame Length: 590 bytes (4720 bits)
Capture Length: 590 bytes (4720 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: LinksysG_da:af:73 (00:06:25:da:af:73), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: LinksysG_da:af:73 (00:06:25:da:af:73)
Address: LinksysG_da:af:73 (00:06:25:da:af:73)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 255.255.255.255
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 576
Identification: 0x0109 (265)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 150
Protocol: UDP (17)
Header checksum: 0x5ffb [correct]
[Header checksum status: Good]
[Calculated Checksum: 0x5ffb]
Source: 192.168.1.1
Destination: 255.255.255.255
_____________
Answer: LinkSys
g. How big overall is this frame, in bytes? __________
Answer: 590 bytes
h. How large is the IP datagram inside of it, in bytes? _________
Answer: 576 bytes
i. Assuming all the error-checking looks good, I have a program running waiting
to receive the data that is arriving in this packet. On what port is my program
listening?
____________
Answer: 68
j. On what port number was the server part of the protocol running when it sent
data back to me?
__________
Answer: 67
The router is running NAT and the table below shows its entries.
a. Complete the entry needed in the table showing what happens when the second PC
(.2) opens a browser whose home page is set to www.uh.edu. Thus, the browser will
send an HTTP GET message asking for the home page. You’ll need to determine
www.uh.edu’s IP address). Assume that the browser client on the PC is assigned
ephemeral source port # 12345, and that the NAT service decides to reassign all
client port numbers beginning with 5000.
b. Complete the corresponding entries in the four steps of the diagram above.
Source IP Source Port Dest IP Dest Port
Step 1
Step 2
Step 3
Step 4
Answer:
c. Will it “break” your NAT process if the next client is running on 10.0.0.3 and by
incredible chance gives the router a packet with the same source port #12345? Why
or why not?
Y / N?____________________________________________________________
Answer: no, because the NAT table tracks by both IP and port, and the IPs differ.
Y / N?____________________________________________________________
Answer: no, because they have no relationship to each other; they’re on different
sides of the router.
e. Theoretically how many different LAN-side client sessions can you have actively
running through NAT at a time, each sending packets to WAN-side server
processes, considering that each client consumes a WAN-side port #? You will need
to consult the data format of the transport-layer header to answer this question.
________________
Answer: 216 or 65,536 (65,535 is OK)
6. (3 pts) Looking at Figure 4.27, how many paths exist (regardless of the cost) from y to
u that do not contain any loops? Mark the correct answer.
Answer: D. >10. They include: y-x-u, y-x-v-u, y-x-w-u, y-x-w-v-u, y-w-u, y-w-v-u, y-
w-x-u, y-w-x-v-u, y-w-v-x-u, y-z-w-u, y-z-w-v-u, y-z-w-x-u, y-z-w-x-v-u, y-z-w-v-x-u
b. If the second line of Dijkstra table looks like the one below, what will be the next
node added to the Nprime list and why? Be careful, this is a tricky answer.
c. Given the 6-node network map showing the least-cost routing tree from router u
highlighted in red, which are the only link pairs that will ever be used to route
traffic from router u?
d. Given the 6-node network map shown below and the least cost table, what are the 5
links in the least-cost routing tree that router u will use based on the tree? Your
answer should be in “a-b, a-c, c-e”… format.
Answer:
Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)
u - 3,u 5,u 9,u ∞ ∞
uv - - 5,u 9,u ∞ ∞
uvw - - - 9,u 12,w 14,w
uvwx - - - - 12,w 14,w
uvwxy - - - - - 14,w
uvwxyz - - - - - -
f. Given the 6-node network shown below, with the given link costs, using Dijkstra’s
algorithm, find the least-cost path from source node w to all other destinations.
Answer:
Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)
w 4,w 9,w - 9,w 9,w 1,w
wz 4,w 9,w - 9,w 3,z -
wzy 4,w 9,w - 8,y - -
wzyu - 6,u - 8,y - -
wzyuv - - - 7,v - -
wzyuvx - - - - - -
8. (8 pts) Consider the following network. With the indicated link costs, use Dijkstra’s
shortest-path algorithm to compute the shortest path from x to all network nodes. Show
how the algorithm works by computing a table similar to Table 4.3.
Answer:
Step N’ D(t),p(t) D(u),p(u) D(v),p(v) D(w),p(w) D(y),p(y) D(z),p(z)
0 x ∞ ∞ 3,x 6,x 6,x 8,x
1 xv 7,v 6,v 3,x 6,x 6,x 8,x
2 xvu 7,v 6,v 3,x 6,x 6,x 8,x
3 xvuw 7,v 6,v 3,x 6,x 6,x 8,x
4 xvuwy 7,v 6,v 3,x 6,x 6,x 8,x
5 xvuwyt 7,v 6,v 3,x 6,x 6,x 8,x
6 xvuwytz 7,v 6,v 3,x 6,x 6,x 8,x
_____________
Answer: 216
b. The /16 has been broken into four smaller networks. How many bits is the
subnet mask for each of them? The answer is an integer between 0 and 32.
________
Answer: 18
c. How many assignable addresses are in each of these blocks? Answer in powers
of two.
________
Answer: 32-18=14 so 214.
The diagram shows a third level of subnetting, much more complicated. There
are /19 blocks in three of the subnets.
d. How many addresses do they each have?
__________
Answer: 32-19=13 so 213
_________________
Answer: 255.255.224.0
f. We know there is a broadcast address of 255.255.255.255. But what is the
broadcast address specific to the first /19 block shown, the so-called “network
broadcast address”? Express it in dotted-decimal address. You will need to
convert to binary and back probably.
____________________________
Answer: 142.192.95.255
(a) is 173.36.240.173
(b) is 184.173.63.51
(c) 129.7.0.242
(d) 107.77.72.120
a. Three of the four visits to whatsmyip.org were made while connected to UH’s
wireless network. Which one most logically was not? How can you tell?
__________________________________________________________________
Answer: d. It was assigned by AT&T, my carrier. Also, the absence of the wifi icon
shows it’s turned off.
b. Two of the four were taking while running VPN privacy software that built a tunnel
from my iphone to a VPN concentrator somewhere outside of UH, from which it
appears my HTTP query for the whatsmyip.org web page originated. Which two are
they?
________
Answer: a & b – we know I was at UH and yet these do not have UH addresses.
They also show non-uh domain names.
c. Could any of these addresses be private? Try to answer without having to look it up
– think about it. Why?
Y/N.______________________________________________________________
Answer: no, because we’re sending a packet to a server on the Internet, and private
addresses are prohibited on the Internet.