Transcript Exam Overview

ECE-3600
Topics to Review for the Final Exam
www.csc.gatech.edu/copeland/jac/3600/slides/
12/4/2014
Chapter 1 - The Internet
Autonomous Systems (AS) - connected by ISPs (tiers)
Block(s) of IP addresses assigned (subnets) by IANA
Domain Names - assigned by Registrars (Verisign, Two Cows, …)
to AS's, Companies, Individuals.
Used in Universal Resource Locators (URLs)
Authoritative DNS servers (names -> 32 bit no.s)
Edge Routers and Firewalls
Domain Name System
Root, Top Level (.com), Authoritative (AS's), Local DNS servers
Recursive, Non-recursive lookups
Domain Name Registrars ("whois", "nslookup")
Parts of URL like www.csc.gatech.edu (host,subnet, domain)
Dynamic DNS, reverse lookups, mx lookups
Chapter 2 - Applications and Application Layer
HTTP (Web) - get command, "objects", Browser
Simultaneous TCP connections, (non-)persistent
FTP - separate (out of band) control on TCP port 22
original (non-passive) data on TCP 21 with client listening
passive - data on high-port/high-port TCP, normal establishment
Email - role that email servers play (messages not host to host)
SNMP - for sending mail to server, and server to server
POP - post office protocol, to check and download email
IMAP - ditto plus store mail in many folders on server
Web Mail - uses browser as interface to Email Server.
(HTML formatted email can bear malicious applications)
Peer-to-Peer Network - no central server, or limited function server.
"Socket" - the OS interface between the Application Layer and the
Transport Layer (TCP, UDP, etc.). Defined by Source and Destination IP
addresses and S&D Port numbers (4 items, and TCP or UDP). Servers
also have a "Listening Socket" to receive initial contacts from new IP,Port
combinations.
Chapter 3 - Transport Layer
UDP, TCP port numbers, server and client
Sockets, "Listening Socket" for server
Connections - how defined (IPs and Ports)
TCP - reliable connections
Flow control - Receiver Window size in every TCP header.
Congestion control, Congestion Window variation due to ?
Time out, slow start
# Duplicate Acks, fast recovery
Flag bits, sequence and ack numbers in header
Slow Start, Exponential Decrease + Additive Increase
Rapid retransmission (3 dup.s), RTO (-> slow start)
Receiver Window (size), Congestion Window (size)
TCP, UDP, ICMP, IC - 1's checksums for error detection
File Transmission Time - when Window Limited, and when not
Round-trip packet propagation time thru multiple routers, including
1) cache delay, 2) transmission time, and 3) link propagation time.
Chapter 4a - IP Addresses
network address, network mask
CIDR notation - a.b.c.d/n
sub-nets, no. hosts, reserved addresses
network address, broadcast address
routing choice, longest prefix rule
dividing a block of IP addresses into sub-nets
aggregating Subnets to shorten Routing Table "Longest Prefix Rule"
Network Address Translation, "private address blocks", how NAT
capability changes IP addresses and Ports (single outside IP, many
private IPs inside).
IP Header
Fragmentation - Datagram ID
Offset, Flags: "Frag. Flag" (mf), "Do Not Frag. (DNF)
Time to Live (TTL), 1's Checksum
IPv6 - 128-bit addresses, Flow ID (future use), Frag. info in option
Chapter 4b - Routing
Routers forward IP datagrams toward recipient
Parts of a router (input queue, output queue,
switching fabric, routing processor [forwarding table])
OSPF
Dykstra algorithm, forwarding table from tree.
Broadcast to all, link costs to neighbors
RIP
Bellman-Ford algorithm, lowest route in
forwarding table from nearest neighbors tables (+1)
Reverse path poisoning to prevent loops
Limited to small sub-nets.
BGP
Used on backbone to connect AS’s.
Chapter 5 -Local Area Networks - Ethernet
Ethernet can transport many Network Layer
protocols besides IP.
LAN connects hosts to other hosts on that LAN or
to the gateway router (to connect worldwide)
Hubs - collision domains, exponential backoff
Switches - "forwarding table" self learning
How are addresses assigned -Manufacturer ID
Virtual LAN (VLAN) – what? why?
CDMA/CD - what is “CD”, “MA”, “CD”
Collisions, Exponential Backoff
Full or Half Duplex
Address Resolution Protocol (ARP), uses
broadcast addresses (MAC and IP)
- (as does DHCP when looking for IP, netmask, DNS IP)
[Dynamic Host Configuration Protocol]
Chapter 6 - Wireless Networks
Wireless - WiFi - IEEE 802.11
CDMA/CA - what is “CD”, “MA”, “CA”
ARQ - acknowledgement, retransmission
CDMA - 1 spreading chip, only for robustness
Security: WEP is weak, WPA needs 22 character passphase
WiMAX (4G) - IEEE802.16
- longer distance point to point
- last mile to home, metro area coverage
Cellular
Freq. Division - different freq. sets used by near cells
FM modulation - used by AMPS (obsolete),
T(ime)DMA (GSM - AT&T), C(ode)DMA (Verizon)
Cells -> frequency reuse, many more users.
Data - EDGE, 3G, 4G
Chapter 7 - Multimedia
Problems to overcome:
Timing jitter - use Playback Buffer (adds delay)
Delay - problem for interactive (phone, videoconf.)
- Future, may see "flow switching" in IPv6 network.
- Today, higher-bandwidth links minimize congestion
Dropped Packets (with UDP streaming)
- Application must mitigate (interpolate to fill in)
- Forward Error Correction (add parity bits, interleave)
TCP - slows down if packets dropped (congestion control)
RTSP - Real Time Streaming Protocol (vs. TCP, UDP)
Adds serial numbers, time stamps, no retransmission.
Web Browser - link to Video or Audio
- link downloads "metafile," uses it to start player ("Media Player",
QuickTime, "Real Player", …)
Broadcast - Flooding (like Multicast Tree)
Session Initiation Protocol (SIP) and H.323 - Voice and Video call setup
Chapter 8 - Security
Services: Privacy, Authentication (& Authorization), Access, Integrity
Encryption
plaintext -> [ Encryption ] -> ciphertext
ciphertext -> [ Decryption ] -> plaintext
Symmetric Encryption uses same key for both operations (KDC)
Asymmetric Encryption uses two keys, Public and Private
Bob uses his Private Key to:
Decrypt messages to him, encrypted with his Public Key
Sign messages by encrypting the Message Digest (hash)
Others use Bob's Public Key to:
Encrypt messages for him, decrypt his digital signature.
SSL with HTTP makes HTTPS:
Web sites have "Certificate" signed by a Certificate Authority (CA)
Browser will warn Certificate is invalid, if the signing CA's Cert is not
on file. If on file, Browser uses CA Public Key to verify Web Certificate
Certificate sent to Browser, which uses the enclosed "Public Key" to
encrypt "Session Key" and send it back to Web site.
Public Key Infrastructure (PKI) requires CA have a database of valid
and revoked Certificates that it has signed.
Transport Layer Security (TLS) - like SSL, used for secure email
connections. New versions of SSL same as TSL
PGP and GnuPG - used with individual's Public/Private Keys to
encrypt and sign email messages.
Bot Nets - up to 200,000 computers infected with Bot (from robot)
software, connected in a Peer-to-Peer network, controlled by a Bot
Master who steals information (IDs), contracts to send SPAM and
malware, DDOS competitor's servers, operate Phishing Sites, … .
Classic Hacker attacks by five steps:
1. Reconnaissance - scans IP addresses to find hosts with "open"
ports.
2. Exploit - gain access to computer through server software known
to have a "vulnerability"
3. Escalate Privilege - to root or "admin" with another technique.
4. "Root Kit" - install a root kit or bot program to hide presence and
open a permanent back door.
5. Utilize - steal information, add to bot net, use as evil server, …