COSC 4377 – Networking – Spring 2018 - Kevin B Long

Solutions to Homework #5 v2 of 4/6

Due 11:59pm Sunday, Apr. 8, 2018
Multiple submissions accepted.

100 points total

Multiple submissions accepted.
________________________________________________________
Name

___________________________
PeopleSoft ID

100 points total

Resubmissions accepted.
From Chapter 4

1. (8 pts – 2x4) Suppose you are interested in detecting the number of hosts behind a
NAT. You observe that the IP layer stamps an identification number sequentially on
each IP packet. The identification number of the first IP packet generated by a host is a
random number, and the identification numbers of the subsequent IP packets are
sequentially assigned. Assume all IP packets generated by hosts behind the NAT are
sent to the outside world.

a. Based on this observation, and assuming you can sniff all packets sent by the NAT
to the outside (you’re monitoring just on the WAN side of the router), can you
outline a simple technique that detects the number of unique hosts behind a NAT?
Justify your answer.

Y/N.______________________________________________________________
Answer: count streams of consecutively-numbered packets based on their IP
regardless of IP and port.

b. If the identification numbers are not sequentially assigned but randomly assigned,
would your technique work? Justify your answer.

Y/N.______________________________________________________________
Answer: no, you’d have no way of spotting streams based on sequential numbers,
and therefore clusters of packets belonging to the same host.

©2018 Kevin B Long, Kurose and Ross Page 1 of 14

2. (20 pts – 5x5) Changing IP addresses?
a. Start Wireshark from a laptop. Go to www.whatsmyip.org. Stop Wireshark and find
an HTTP packet you sent to the site. What does Wireshark report as your IP
address?

_________________________
Answer: will vary
b. Include a screen capture or export the packet and copy/paste the text below.
<screen capture of Wireshark packet goes here>

Answer: will vary

c. What does the web site show as your IP address?

_________________________
Answer: will vary
d. Paste a screen capture here:
<screen capture of whatsmyip.org result here>
Answer: will vary
e. Are they the same? Why or why not?

Y/N. _____________________________________________________________
Answer: they should be different unless you are using a public IP address, which
would be pretty cool.

3. (15 pts – 5x3) Hotspot NAT?

Does your phone support an Internet hotspot? Do you have a friend whose does? If
not, we’ll do it from mine in class next Monday, the 9th of April.

Turn off WiFi and use the carrier’s data network (which is how hotspots are usually
configured to work). Tether your laptop or another device to the phone so you’re
connected to its hotspot.

a. Report the phone’s IP address (use whatsmyip.org):

____________________
Answer: will vary
b. Report the tethered device’s IP address (use whatsmyip.org):
_______________________
Answer: will vary
Now find the IP address in your laptop’s network settings (google how to find your
IP address if you don’t know how).

c. Report the tethered device’s internal IP address:

©2018 Kevin B Long, Kurose and Ross Page 2 of 14

 _________________________
Answer: will vary
d. Based on this information, is the phone’s WiFi hotspot running NAT? Justify your
answer.

Y/N. _____________________________________________________________
Answer: will vary
e. When you send a packet from class to the Internet, does the WiFi router in our
classroom need to support NAT? Why or why not?

Y/N. _____________________________________________________________
Answer: No, because the private address pool is legal within all of UH. Only at the
edge does it need to be NATted to a public IP.

4. (20 pts – 10x2)Consider the following Wireshark packet trace:

No. Time Source Destination Protocol Length Info
6 8.635133 192.168.1.1 255.255.255.255 DHCP 590 DHCP ACK - Transaction
ID 0x3e5e0ce3

Frame 6: 590 bytes on wire (4720 bits), 590 bytes captured (4720 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Aug 29, 2004 11:57:23.661966000 CDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1093798643.661966000 seconds
[Time delta from previous captured frame: 0.002010000 seconds]
[Time delta from previous displayed frame: 0.002010000 seconds]
[Time since reference or first frame: 8.635133000 seconds]
Frame Number: 6
Frame Length: 590 bytes (4720 bits)
Capture Length: 590 bytes (4720 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: LinksysG_da:af:73 (00:06:25:da:af:73), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: LinksysG_da:af:73 (00:06:25:da:af:73)
Address: LinksysG_da:af:73 (00:06:25:da:af:73)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.1.1, Dst: 255.255.255.255
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 576
Identification: 0x0109 (265)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 150
Protocol: UDP (17)
Header checksum: 0x5ffb [correct]
[Header checksum status: Good]
[Calculated Checksum: 0x5ffb]
Source: 192.168.1.1
Destination: 255.255.255.255

©2018 Kevin B Long, Kurose and Ross Page 3 of 14

 [Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 67, Dst Port: 68
Source Port: 67
Destination Port: 68
Length: 556
Checksum: 0x6f23 [unverified]
[Checksum Status: Unverified]
[Stream index: 2]
Bootstrap Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x3e5e0ce3
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0
Your (client) IP address: 192.168.1.101
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: Dell_4f:36:23 (00:08:74:4f:36:23)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (ACK)
Length: 1
DHCP: ACK (5)
Option: (1) Subnet Mask
Length: 4
Subnet Mask: 255.255.255.0
Option: (3) Router
Length: 4
Router: 192.168.1.1
Option: (6) Domain Name Server
Length: 8
Domain Name Server: 63.240.76.19
Domain Name Server: 204.127.198.19
Option: (15) Domain Name
Length: 22
Domain Name: ne2.client2.attbi.com
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: (86400s) 1 day
Option: (54) DHCP Server Identifier
Length: 4
DHCP Server Identifier: 192.168.1.1
Option: (255) End
Option End: 255
Padding: 000000000000000000000000000000000000000000000000...
a. What application-layer protocol generated the contents of this packet?
_____________
Hint: it’s a two-word answer, not just one, which we just studied.
Answer: DHCP ACK
b. What transport-layer protocol is being used? ______________
Answer: UDP
c. What type of layer-2 network is the frame on? ________________
Answer: Ethernet
d. A server is sending information to a host in this trace. It is not sure of the
destination IP address. What address does it use as a destination?
Answer: 255.255.255.255
e. The server is trying to give the host an IP address. What IP address is it trying to
give him? Circle where you found the answer.

©2018 Kevin B Long, Kurose and Ross Page 4 of 14

 ______________________
Answer: 192.167.8.101
f. Who made the Ethernet card the sender is using?

_____________
Answer: LinkSys
g. How big overall is this frame, in bytes? __________
Answer: 590 bytes
h. How large is the IP datagram inside of it, in bytes? _________
Answer: 576 bytes
i. Assuming all the error-checking looks good, I have a program running waiting
to receive the data that is arriving in this packet. On what port is my program
listening?

____________
Answer: 68
j. On what port number was the server part of the protocol running when it sent
data back to me?

__________
Answer: 67

5. (10 pts -- 5x2) REPLACEMENT QUESTION The nitty-gritty of NAT

Consider this modified version of Figure 4.22 from the book:

The router is running NAT and the table below shows its entries.
a. Complete the entry needed in the table showing what happens when the second PC
(.2) opens a browser whose home page is set to www.uh.edu. Thus, the browser will
send an HTTP GET message asking for the home page. You’ll need to determine
www.uh.edu’s IP address). Assume that the browser client on the PC is assigned
ephemeral source port # 12345, and that the NAT service decides to reassign all
client port numbers beginning with 5000.

NAT translation table

WAN LAN Side
WAN Side IP Side Port LAN Side IP Port

©2018 Kevin B Long, Kurose and Ross Page 5 of 14

 Answer:
WAN LAN Side
WAN Side IP Side Port LAN Side IP Port
138.76.29.7 5000 10.0.0.2 12345

b. Complete the corresponding entries in the four steps of the diagram above.
Source IP Source Port Dest IP Dest Port
Step 1
Step 2
Step 3
Step 4

Answer:

Source IP Source Port Dest IP Dest Port

Step 1 10.0.0.2 12345 129.7.97.54 80
Step 2 138.76.29.7 5000 129.7.97.54 80
Step 3 129.7.97.54 80 138.76.29.7 5000
Step 4 129.7.97.54 80 10.0.0.2 12345

c. Will it “break” your NAT process if the next client is running on 10.0.0.3 and by
incredible chance gives the router a packet with the same source port #12345? Why
or why not?

Y / N?____________________________________________________________
Answer: no, because the NAT table tracks by both IP and port, and the IPs differ.

©2018 Kevin B Long, Kurose and Ross Page 6 of 14

 d. Will it “break” your NAT process if 10.0.0.3 sends a packet with the same source
port # as the one you just assigned in your table for the WAN side of 10.0.0.2? Why
or why not?

Y / N?____________________________________________________________
Answer: no, because they have no relationship to each other; they’re on different
sides of the router.

e. Theoretically how many different LAN-side client sessions can you have actively
running through NAT at a time, each sending packets to WAN-side server
processes, considering that each client consumes a WAN-side port #? You will need
to consult the data format of the transport-layer header to answer this question.

________________
Answer: 216 or 65,536 (65,535 is OK)

6. (3 pts) Looking at Figure 4.27, how many paths exist (regardless of the cost) from y to
u that do not contain any loops? Mark the correct answer.

A: 1 B: >1 but ≤5. C. >5 but ≤ 10. D. >10.

Answer: D. >10. They include: y-x-u, y-x-v-u, y-x-w-u, y-x-w-v-u, y-w-u, y-w-v-u, y-
w-x-u, y-w-x-v-u, y-w-v-x-u, y-z-w-u, y-z-w-v-u, y-z-w-x-u, y-z-w-x-v-u, y-z-w-v-x-u

7. (12 pts – 6x2) This question relates to Dijkstra’s algorithm.

a. In this first row from a table built from Dijkstra’s algorithm, for the next row, which
router will you add to N’ (Nprime) and why?

Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)

u - 1,u 5,u 6,u ∞ ∞

Next node: _______ Why?:_________________________________________________

Answer: v, because it’s the lowest cost of the candidates shown.

b. If the second line of Dijkstra table looks like the one below, what will be the next
node added to the Nprime list and why? Be careful, this is a tricky answer.

©2018 Kevin B Long, Kurose and Ross Page 7 of 14

 Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)
u w - 9,u - 4,u 4,w 7,w

Next node: _______ Why?:_________________________________________________

Answer: you have a choice of x or y, because they’re the same cost and are lowest.

c. Given the 6-node network map showing the least-cost routing tree from router u
highlighted in red, which are the only link pairs that will ever be used to route
traffic from router u?

1.___________ 2.___________ 3.___________ 4.___________ 5.___________

Answer: u-v, u-w, w-v, w-y, w-z

d. Given the 6-node network map shown below and the least cost table, what are the 5
links in the least-cost routing tree that router u will use based on the tree? Your
answer should be in “a-b, a-c, c-e”… format.

step N’ D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)

0 u 8,u 5,u 9,u ∞ ∞
1 uw 8,u - 8,w 9,w 11,w
2 uwv - - 8,w 9,w 11,w
3 uwvx - - - 9,w 11,w
4 uwvxy - - - - 11,w
5 uxvwyz - - - -

Five links in least-cost routing tree:

1.___________ 2.___________ 3.___________ 4.___________ 5.___________
Answer: u-v, u-w, w-x, w-y, w-z

©2018 Kevin B Long, Kurose and Ross Page 8 of 14

 e. Given the 6-node network shown below with the given link costs, and the first row
completed, finish the Dijkstra’s Least-Cost Table.

Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)

u - 3,u 5,u 9,u ∞ ∞

Answer:
Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)
u - 3,u 5,u 9,u ∞ ∞
uv - - 5,u 9,u ∞ ∞
uvw - - - 9,u 12,w 14,w
uvwx - - - - 12,w 14,w
uvwxy - - - - - 14,w
uvwxyz - - - - - -

f. Given the 6-node network shown below, with the given link costs, using Dijkstra’s
algorithm, find the least-cost path from source node w to all other destinations.

©2018 Kevin B Long, Kurose and Ross Page 9 of 14

 Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)
w
w
w
w
w
w

Answer:
Nprime D(u),p(u) D(v),p(v) D(w),p(w) D(x),p(x) D(y),p(y) D(z),p(z)
w 4,w 9,w - 9,w 9,w 1,w
wz 4,w 9,w - 9,w 3,z -
wzy 4,w 9,w - 8,y - -
wzyu - 6,u - 8,y - -
wzyuv - - - 7,v - -
wzyuvx - - - - - -

8. (8 pts) Consider the following network. With the indicated link costs, use Dijkstra’s
shortest-path algorithm to compute the shortest path from x to all network nodes. Show
how the algorithm works by computing a table similar to Table 4.3.

Step N’ D(t),p(t) D(u),p(u) D(v),p(v) D(w),p(w) D(y),p(y) D(z),p(z)

0

©2018 Kevin B Long, Kurose and Ross Page 10 of 14

 1
2
3
4
5
6

Answer:
Step N’ D(t),p(t) D(u),p(u) D(v),p(v) D(w),p(w) D(y),p(y) D(z),p(z)
0 x ∞ ∞ 3,x 6,x 6,x 8,x
1 xv 7,v 6,v 3,x 6,x 6,x 8,x
2 xvu 7,v 6,v 3,x 6,x 6,x 8,x
3 xvuw 7,v 6,v 3,x 6,x 6,x 8,x
4 xvuwy 7,v 6,v 3,x 6,x 6,x 8,x
5 xvuwyt 7,v 6,v 3,x 6,x 6,x 8,x
6 xvuwytz 7,v 6,v 3,x 6,x 6,x 8,x

©2018 Kevin B Long, Kurose and Ross Page 11 of 14

 ----EXTRA CREDIT---

9. (12 pts – 6x2) Subnetting

This site will help you answer this question and practice:
http://lightmesh.com/subnet-builder/
Consider the following big block of IP addresses, a /16.

a. How many assignable (sometimes called user-assignable) addresses are in the

overall block? Answer in powers of two.

_____________
Answer: 216
b. The /16 has been broken into four smaller networks. How many bits is the
subnet mask for each of them? The answer is an integer between 0 and 32.

________
Answer: 18
c. How many assignable addresses are in each of these blocks? Answer in powers
of two.

________
Answer: 32-18=14 so 214.

The diagram shows a third level of subnetting, much more complicated. There
are /19 blocks in three of the subnets.
d. How many addresses do they each have?

__________
Answer: 32-19=13 so 213

The first /19 shown in the diagram has an IP address of 142.192.64.0/19.

e. What is its subnet mask, expressed as a dotted-decimal number?

_________________
Answer: 255.255.224.0
f. We know there is a broadcast address of 255.255.255.255. But what is the
broadcast address specific to the first /19 block shown, the so-called “network
broadcast address”? Express it in dotted-decimal address. You will need to
convert to binary and back probably.

____________________________
Answer: 142.192.95.255

©2018 Kevin B Long, Kurose and Ross Page 12 of 14

10. (12 pts – 3x4) Tunnel detection
All four screen shots were taken from an iPhone while on campus. Larger versions are
in the Homeworks folder on the google drive; they have more detail and can definitely
help. Zooming in on part of the screen, let’s label the four as follows:

(a) is 173.36.240.173

(b) is 184.173.63.51

(c) 129.7.0.242

(d) 107.77.72.120

©2018 Kevin B Long, Kurose and Ross Page 13 of 14

 Experiment with www.whatsmyip.org on your laptop or phone and get a feel for how it
works, and then answer the following questions:

a. Three of the four visits to whatsmyip.org were made while connected to UH’s
wireless network. Which one most logically was not? How can you tell?
__________________________________________________________________
Answer: d. It was assigned by AT&T, my carrier. Also, the absence of the wifi icon
shows it’s turned off.
b. Two of the four were taking while running VPN privacy software that built a tunnel
from my iphone to a VPN concentrator somewhere outside of UH, from which it
appears my HTTP query for the whatsmyip.org web page originated. Which two are
they?

________
Answer: a & b – we know I was at UH and yet these do not have UH addresses.
They also show non-uh domain names.
c. Could any of these addresses be private? Try to answer without having to look it up
– think about it. Why?

Y/N.______________________________________________________________
Answer: no, because we’re sending a packet to a server on the Internet, and private
addresses are prohibited on the Internet.

©2018 Kevin B Long, Kurose and Ross Page 14 of 14