Internet: Technologie, Protokolle und Dienste

Klausur Solutions
17. Juli 1996 Es sind keine Hilfsmittel außer einem Taschenrechner erlaubt.

Frage	1	2	3	4	5	6	7	8	9	10	11	12	Summe
Punkte	5	2	5	2	5	6	2	3	2	6	3	4	45
Erreicht

- Erstellen Sie die CIDR (supernet) Routing Tabellen für die Router A(merika) und E(uropa). Die Rechtecke deuten Netze an. In der Zeichnung bedeutet "192.1.2" den Adreßraum von 192.1.2.0 bis 192.1.2.255. Die Leitungen ("interfaces") sind numeriert.
  We assume that networks (rectangles) do not allow transit traffic and that all links have the same metric. Masks are expressed as /b, where b is the number of bits to be matched against destination addresses. E.g., Mask 22 is equivalent to 0xff.ff.fc.00.
  Router A (2)
  
  Net/mask interface
  194/8 2
  194.0.4/22 1
  Router E (2)
  
  Net/mask interface
  194.1/16 2
  194.0.4/22 3
  198/8 1
- Welchen Weg nimmt ein Paket aus New York an den Rechner 194.0.5.1 und warum?
  The packet travels through interface 1 of router A since that is the longest match. (1)
Nennen Sie je einen Vor- und Nachteil von "proxy ARP".

Advantages:
Allows to extend a network (e.g., beyond the physical limits of an Ethernet) without renumbering or installing routing software, simply by modifying a single router. Splits a network in several parts, reducing broadcast and multicast traffic (even for switched Ethernet networks).(1).
Disadvantage:
Assumes trusting relationship; only works for broadcast networks (1).
Berechnen Sie die "link state" Routingtabelle von Knoten A. (Rechenschritte müssen erkennbar sein.)

step N d(B),p(B) d(C),p(C) d(D),p(D) d(E),p(E)
1 A 1,A 1,A -,- -,-
2 A B 1,A 2,B 9,A 4,B
3 A B C 1,A 2,B 9,A 3,C
4 A B C E 1,A 2,B 8,E 3,C
5 A B C E D 1,A 2,B 8,E 3,C
(per mistake: -1)
Nennen Sie eine Art von Übertragunsfehler, die von der UDP und TCP Prüfsumme nicht entdeckt wird.
The UDP and TCP checksum, a one's complement addition of 16-bit words, will not detect if 16-bit words are swapped or if the same bit position is wrong in two different words. Note that the UDP and TCP checksum use the same algorithm as the IP header checksum, but cover the whole payload, plus the pseudo-header.(2)
Beschreiben Sie mit einer Skizze (ausgetauschte Pakete auf Zeitaxis) zwei Verfahren, mit denen eine TCP Verbindung abgebrochen werden kann. Von der Netzwerkanwendung betrachtet, was ist der Unterschied zwischen den Verfahren?
Normal termination (orderly release): Client (for example) sends FIN, which is acknowledged by server with ACK. The client goes to state FIN_WAIT_1, until it receives the FIN from the server, which goes to state LAST_ACK. The client acknowledges the server FIN and goes to state TIME_WAIT. (State names are not necessary.) (2)
Abortive release: The client or server sends a RST (reset). There is no answer from the other side, including no ACK. (2)
With abortive release, the sender has no idea how many bytes have been received by the other side (except if all outstanding bytes have been acknowledged). (1)

Net/mask	interface
194/8	2
194.0.4/22	1

Net/mask	interface
194.1/16	2
194.0.4/22	3
198/8	1

step	N	d(B),p(B)	d(C),p(C)	d(D),p(D)	d(E),p(E)
1	A	1,A	1,A	-,-	-,-
2	A B	1,A	2,B	9,A	4,B
3	A B C	1,A	2,B	9,A	3,C
4	A B C E	1,A	2,B	8,E	3,C
5	A B C E D	1,A	2,B	8,E	3,C

Schreiben Sie ein C "client" Programm, das eine TCP Verbindung zum Port 79 des Hostes 127.0.0.1 eröffnet, den Befehl "root" sendet und die vom "server" gesendeten Daten ausgibt. (Die genaue Reihenfolge von Funktionsargumenten ist hier nicht von Bedeutung.)

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>

int main(int argc, char *argv[])
{
  int s;
  struct sockaddr_in sin;
  char msg[80] = "root\n";
  int n;

  if ((s = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
    perror("socket"); return -1;
  }
  sin.sin_family      = AF_INET;
  sin.sin_port        = htons(79);
  sin.sin_addr.s_addr = inet_addr("127.0.0.1");
  if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
    perror("connect"); return -1;
  }
  if (write(s, msg, strlen(msg)+1) < 0) {
    perror("write"); return -1;
  }
  while ((n = read(s, msg, sizeof(msg))) > 0) {
    msg[n] = '\0';
    fputs(msg, stdout);
  }
  if (close(s) < 0) { perror("close"); return -1; }
  return 0;
}

(Sequence: 4; socket/address: 2)

Wie kann ich (oft) an Hand des email "headers" feststellen, ob der Email Absender im From: Feld gefälscht worden ist?
By looking at the Received: header to determine the last hops before reaching the destination. This field is set by the server MTA based on the HELO SMTP command issued by the client. Servers should thus check that the IP address of the client agrees with the host name included in the HELO command. Some servers refuse to accept bogus HELO host names, others produce something like:
```
Return-path: 
Delivery-date: Mon, 22 Jul 1996 17:12:46 +0200
Received: from whitehouse.gov (actually lupus.fokus.gmd.de)
          by ceres.fokus.gmd.de with SMTP (PP-ICR1v5);
          Mon, 22 Jul 1996 17:12:13 +0200
To: schulzrinne@fokus.gmd.de
From: Jane Smith 
Date: Mon, 22 Jul 1996 16:52:19 +0200 (MET DST)
```
Some servers (ns.research.att.com) blindly accept whatever host name is given in the HELO command and provide no indication of mismatches between name and address, so this method is not foolproof.
Also, Return-path: might provide a clue, although that is easily spoofed when simulating sendmail via telnet, as seen in the example.(2)
Was ist die URL eines 'fragments' mit den Namen sec1 des HTML Dokuments book.html im Verzeichnis pub/meier auf einem Server, der auf dem Host www.tu-berlin.de auf Port 8000 läuft?
```
http://www.tu-berlin.de:8000/pub/meier/book.html#sec1
```
(http/host, port, directory/fragment: 1 each)
Nennen Sie zwei wichtige Unterschiede zwischen HTML auf der einen und LaTeX, nroff, Microsoft Word, Wordperfect, etc. auf der anderen Seite.
- HTML does not support macros (functions that translate into actual formating instructions).
- HTML describes the structure rather than the formatting of text (although LaTeX does this to some extent as well).
- HTML has no notion of pages of a certain size ("scroll-like").
- HTML supports anchors for hyperlinks.
- HTML allows embedding of interaction (forms) and applets.
(1 each)

Sowohl mit ftp, NFS und HTTP kann man Dateien, die auf einem anderen Rechner (server) liegen, sich lokal ansehen. Was sind (in Stichworten) die Unterschiede in folgenden Eigenschaften?

Unterstützung von Datentypen?
Was passiert wenn sich die Daten auf dem Server ändern?
Dateioperationen?
Zahl der Verbindungen?
Verwendete Transportprotokolle?
Sicherheit gegen "Abhören"?

Criteria ftp NFS HTTP
Data type support ASCII, binary, EBCDIC just raw bytes, no type indication any MIME type (not just text or HTML!)
What happens when data changes on server? Client won't notice (local copy) and has to manually check directory listing to see if the document has changed. Client gets new data with next access (server cache). Client tests if data has expired (HEAD, If-modified-since) and retrieves again (client cache).
File operations? retrieval (RETR), storage (STOR), delete (DELE), directory list (LIST), ... standard Unix file operations currently (V1.0), just retrieval (GET), storage (POST), header (HEAD), but others planned
Number of connections 2 (control, data) none (UDP), 1 (TCP) 1
transport protocols TCP UDP or TCP TCP
Protection against eavesdropping? none (but: extensions); password in the clear none (but: extensions); no password SSL; challenge-response authentication
(1 each)

Criteria	ftp	NFS	HTTP
Data type support	ASCII, binary, EBCDIC	just raw bytes, no type indication	any MIME type (not just text or HTML!)
What happens when data changes on server?	Client won't notice (local copy) and has to manually check directory listing to see if the document has changed.	Client gets new data with next access (server cache).	Client tests if data has expired (HEAD, If-modified-since) and retrieves again (client cache).
File operations?	retrieval (RETR), storage (STOR), delete (DELE), directory list (LIST), ...	standard Unix file operations	currently (V1.0), just retrieval (GET), storage (POST), header (HEAD), but others planned
Number of connections	2 (control, data)	none (UDP), 1 (TCP)	1
transport protocols	TCP	UDP or TCP	TCP
Protection against eavesdropping?	none (but: extensions); password in the clear	none (but: extensions); no password	SSL; challenge-response authentication

Worin unterscheiden sich WWW Zugriff und ein Internet Telefongespräch? (Nennen Sie 3 Unterschiede.)

WWW retrieval Internet telephony
no delay bound delay bound (hundreds of ms)
use any available bandwidth fixed bandwidth
loss-sensitive (needs TCP) somewhat loss-tolerant
unicast only unicast or multicast
TCP and HTTP UDP and RTP
client-server symmetric (but: caller and callee)
Both applications are reasonably insensitive to packet re-ordering, but the transport protocol (TCP) or application (Internet telephony) resequences packets.

Skizzieren Sie in der Abbildung, wie das erste Multicastpaket im abgebildeten Netz von S aus weitergeleitet wird. Das Routingprotokoll mißt Verbindungen in "hops". Begründen Sie den Paketfluß.
See lecture slides.

WWW retrieval	Internet telephony
no delay bound	delay bound (hundreds of ms)
use any available bandwidth	fixed bandwidth
loss-sensitive (needs TCP)	somewhat loss-tolerant
unicast only	unicast or multicast
TCP and HTTP	UDP and RTP
client-server	symmetric (but: caller and callee)