ACN Notes

Advanced Computer Networks 22MCAC102 Notes
Module1
Syllabus - Introduction and Physical Layer
Networks – Network Types – Protocol Layering – TCP/IP Protocol suite – OSI Model –
Physical Layer: Performance – Transmission media – Switching – Circuit-switched
Networks – Packet Switching.
---------------------------------------------------------------------------------------------
Instruction – Very firstly study completely what we have discussed in class in module1 and
then focus on topics given below
Topics - Transmission modes, topologies, infrared waves, switching, transmission media,

throughput, latency, propagation time, jitter, transmission time, round trip time, microwave,
LAN, MAN, WAN, radio waves in unguided media
---------------x---------------x-----------------
Module2
Syllabus - Data-Link Layer & Media Access - Introduction – Link-Layer Addressing –
DLC Services – Data-Link Layer Protocols – HDLC – PPP – Media Access Control – Wired
LANs: Ethernet – Wireless LANs – Introduction – IEEE 802.11, Bluetooth – Connecting
Devices.
---------------------------------------------------------------------------------------------
then focus on topics given below
1. Topics – ARP, RARP, bit oriented protocol, stop and wait protocol, error
detection VRC, LRC, CRC, Checksum, gobackN, selective repeat,
switch(switching), frame format of WLAN/802.11, Bluetooth architecture, Hubs,
Repeaters, and bridges, sliding window protocol, CSMA/CD, ethernet frame format,
hidden node and exposed node problem, basic service set (BSS), extended service set
(ESS), gateway, switch, stop and wait ARQ, high level data link control and types of
frames,
Module3
Syllabus - NETWORK LAYER
Network Layer Services – Packet switching- IPv4 Packet format – Performance – IPV4
Addresses – Forwarding of IP Packets – Network Layer Protocols: IP, ICMP v4 – Unicast
Routing Algorithms – Protocols – Multicasting Basics – IPV6 Addressing – IPV6 Protocol.
--------------------------------------------------------
then focus on following notes
Notes
The services which are offered by the network layer protocol are as follows:
1. Packetizing –
The process of encapsulating the data received from upper layers
of the network(also called as payload) in a network layer packet at
the source and decapsulating the payload from the network layer
packet at the destination is known as packetizing.
The source host adds a header that contains the source and
destination address and some other relevant information required
by the network layer protocol to the payload received from the
upper layer protocol, and delivers the packet to the data link layer.
2. Routing and Forwarding –
These are two other services offered by the network layer. In a
network, there are a number of routes available from the source to
the destination. The network layer specifies has some strategies
which find out the best possible route. This process is referred to as
routing. There are a number of routing protocols which are used in
this process and they should be run to help the routers coordinate
with each other and help in establishing communication throughout
the network.
3. Error Control –
Although it can be implemented in the network layer, but it is
usually not preferred because the data packet in a network layer
maybe fragmented at each router, which makes error checking
inefficient in the network layer.
4. Flow Control –
It regulates the amount of data a source can send without
overloading the receiver. If the source produces a data at a very
faster rate than the receiver can consume it, the receiver will be
overloaded with data. To control the flow of data, the receiver
should send a feedback to the sender to inform the latter that it is
overloaded with data.
5. Congestion Control –
Congestion occurs when the number of datagrams sent by source
is beyond the capacity of network or routers. This is another issue
in the network layer protocol. If congestion continues, sometimes a
situation may arrive where the system collapses and no datagrams
are delivered. Although congestion control is indirectly implemented
in network layer, but still there is a lack of congestion control in the
network layer.
Advantages of Network Layer Services :
• Packetization service in network layer provides an ease of
transportation of the data packets.
• Packetization also eliminates single points of failure in data
communication systems.
• Routers present in the network layer reduce network traffic by
creating collision and broadcast domains.
• With the help of Forwarding, data packets are transferred from one
place to another in the network.
Disadvantages of Network Layer Services :
• There is a lack of flow control in the design of the network layer.
• Congestion occurs sometimes due to the presence of too many
datagrams in a network which are beyond the capacity of network
or the routers. Due to this, some routers may drop some of the
datagrams and some important piece of information maybe lost.
• Although indirectly error control is present in network layer, but
there is a lack of proper error control mechanisms as due to
presence of fragmented data packets, error control becomes
difficult to implement.
Introduction of Classful IP Addressing

IP address is an address having information about how to reach a specific host,
especially outside the LAN. An IP address is a 32 bit unique address having an
address space of 232.
Generally, there are two notations in which IP address is written, dotted decimal
notation and hexadecimal notation.
Dotted Decimal Notation:
Hexadecimal Notation:
Some points to be noted about dotted decimal notation:

1. The value of any segment (byte) is between 0 and 255 (both included).
2. There are no zeroes preceding the value in any segment (054 is wrong,
54 is correct).
Classful Addressing
The 32 bit IP address is divided into five sub-classes. These are:
• Class A
• Class B
• Class C
• Class D
• Class E
Each of these classes has a valid range of IP addresses. Classes D and E are
reserved for multicast and experimental purposes respectively. The order of bits
in the first octet determine the classes of IP address.
IPv4 address is divided into two parts:
• Network ID
• Host ID
The class of IP address is used to determine the bits used for network ID and host
ID and the number of total networks and hosts possible in that particular class.
Each ISP or network administrator assigns IP address to each device that is
connected to its network.
Note: IP addresses are globally managed by Internet Assigned Numbers

Authority(IANA) and regional Internet registries(RIR).
Note: While finding the total number of host IP addresses, 2 IP addresses are not
counted and are therefore, decreased from the total count because the first IP
address of any network is the network number and whereas the last IP address is
reserved for broadcast IP.
Class A:
IP address belonging to class A are assigned to the networks that contain a large
number of hosts.
• The network ID is 8 bits long.
• The host ID is 24 bits long.
The higher order bit of the first octet in class A is always set to 0. The remaining 7
bits in first octet are used to determine network ID. The 24 bits of host ID are
used to determine the host in any network. The default subnet mask for class A is
255.x.x.x. Therefore, class A has a total of:
• 2^7-2= 126 network ID(Here 2 address is subtracted because 0.0.0.0
and 127.x.y.z are special address. )
• 2^24 – 2 = 16,777,214 host ID
IP addresses belonging to class A ranges from 1.x.x.x – 126.x.x.x
Class B:
IP address belonging to class B are assigned to the networks that ranges from
medium-sized to large-sized networks.
The higher order bits of the first octet of IP addresses of class B are always set to
10. The remaining 14 bits are used to determine network ID. The 16 bits of host
ID is used to determine the host in any network. The default sub-net mask for
class B is 255.255.x.x. Class B has a total of:
• 2^14 = 16384 network address
• 2^16 – 2 = 65534 host address
IP addresses belonging to class B ranges from 128.0.x.x –
191.255.x.x.
Class C:
IP address belonging to class C are assigned to small-sized
networks.
The higher order bits of the first octet of IP addresses of class C are
always set to 110. The remaining 21 bits are used to determine
network ID. The 8 bits of host ID is used to determine the host in
any network. The default sub-net mask for class C is 255.255.255.x.
Class C has a total of:
• 2^21 = 2097152 network address
• 2^8 – 2 = 254 host address
IP addresses belonging to class C ranges from 192.0.0.x –
223.255.255.x.
Class D:
IP address belonging to class D are reserved for multi-casting. The
higher order bits of the first octet of IP addresses belonging to class
D are always set to 1110. The remaining bits are for the address that
interested hosts recognize.
Class D does not posses any sub-net mask. IP addresses belonging to
class D ranges from 224.0.0.0 – 239.255.255.255.
Class E:
IP addresses belonging to class E are reserved for experimental and
research purposes. IP addresses of class E ranges from 240.0.0.0 –
255.255.255.254. This class doesn’t have any sub-net mask. The
higher order bits of first octet of class E are always set to 1111.
Classless Addressing
To reduce the wastage of IP addresses in a block, we use sub-netting. What
we do is that we use host id bits as net id bits of a classful IP address. We give
the IP address and define the number of bits for mask along with it (usually
followed by a ‘/’ symbol), like, 192.168.1.1/28. Here, subnet mask is found by
putting the given number of bits out of 32 as 1, like, in the given address, we
need to put 28 out of 32 bits as 1 and the rest as 0, and so, the subnet mask
would be 255.255.255.240.
Some values calculated in subnetting :
1. Number of subnets : 2 (Given bits for mask – No. of bits in default mask)
2. Subnet address : AND result of subnet mask and the given IP address
3. Broadcast address : By putting the host bits as 1 and retaining the network
bits as in the IP address
4. Number of hosts per subnet : 2 (32 – Given bits for mask) – 2
5. First Host ID : Subnet address + 1 (adding one to the binary representation
of the subnet address)
6. Last Host ID : Subnet address + Number of Hosts
Example : Given IP Address – 172.16.0.0/25, find the number of subnets and
the number of hosts per subnet. Also, for the first subnet block, find the subnet
address, first host ID, last host ID and broadcast address.
Solution : This is a class B address. So, no. of subnets = 2(25-16) = 29 = 512.
No. of hosts per subnet = 2(32-25) – 2 = 27 – 2 = 128 – 2 = 126
For the first subnet block, we have subnet address = 0.0, first host id = 0.1,
last host id = 0.126 and broadcast address = 0.127
Packet Sniffing
An intruder may intercept an IP packet and make a copy of it.
Packet sniffing is a passive attack, in which the attacker does not change the contents of the packet.
This type of attack is very difficult to detect because the sender and the receiver may never know
that the packet has been copied.
Although packet sniffing cannot be stopped, encryption of the packet can make the attacker’s effort
useless.
The attacker may still sniff the packet, but the content is not detectable.
IP Spoofing
An attacker can masquerade as somebody else and create an IP packet that carries the source
address of another computer.
An attacker can send an IP packet to a bank pretending that it is coming from one of the customers.
This type of attack can be prevented using an origin authentication mechanism
Internet Protocol (IP) spoofing is a type of malicious attack where the threat
actor hides the true source of IP packets to make it difficult to know where
they came from. The attacker creates packets, changing the source IP
address to impersonate a different computer system, disguise the sender's
identity or both. The spoofed packet's header field for the source IP
address contains an address that is different from the actual source IP
address.
IP spoofing is a technique often used by attackers to launch distributed

denial of service (DDoS) attacks and man-in-the-middle attacks against
targeted devices or the surrounding infrastructures. The goal of DDoS
attacks is to overwhelm a target with traffic while hiding the identity of the
malicious source, preventing mitigation efforts.
Network Address Translation
NAT enables hosts on a network to use Internet with local addresses.
Addresses reserved for internal use range from 172.16.0.0 to 172.31.255.255
Organization must have single connection to the Internet through a router that runs the NAT
software.
Network Address Translation (NAT) working –

Generally, the border router is configured for NAT i.e the router which has
one interface in the local (inside) network and one interface in the global
(outside) network. When a packet traverse outside the local (inside) network,
then NAT converts that local (private) IP address to a global (public) IP
address. When a packet enters the local network, the global (public) IP
address is converted to a local (private) IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured
then the packets will be dropped and an Internet Control Message Protocol
(ICMP) host unreachable packet to the destination is sent.
Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) works in the network layer of the OSI
model and the internet layer of the TCP/IP model. It is used to send control messages
to network devices and hosts. Routers and other network devices monitor the
operation of the network. When an error occurs, these devices send a message using
ICMP. Messages that can be sent include "destination unreachable", "time
exceeded", and "echo requests".
• ICMP is a network layer protocol.

• ICMP messages are not passed directly to the data link layer. The
message is first encapsulated inside the IP datagram before going to the
lower layer.
Types of ICMP messages

• Information Messages − In this message, the sender sends a query to the
host or router and expects an answer. For example, A host wants to know
if a router is alive or not.
• Error-reporting message − This message report problems that a router or
a host (destination) may encounter when it processes an IP packet.
• Query Message − It helps a router or a network manager to get specific
information from a router or another host.
Category Type Message
Error-Reporting Messages 3 Destination unreachable
4 Source quench
11 Time Exceeded
12 Parameter Problem
5 Redirection
Query Message 8 or 0 Echo request or reply
13 or 14 Timestamp request or reply

17 or 18 Address mask request or reply
10 or 9 Router Solicitation or advertisement
• Source Quench − It requests to decrease the traffic rate of message

sending from source to destination.
• Time Exceeded − When fragments are lost in a network the fragments
hold by the router will be dropped and then ICMP will take the source IP
from the discarded packet and inform the source, that datagram is
discarded due to the time to live field reaches zero, by sending time
exceeded message.
• Fragmentation Required − When a router is unable to forward a
datagram because it exceeds the MTU of the next-hop network and the
DF (Don't Fragment) bit is set, the router is required to return an ICMP
Destination Unreachable message to the source of the datagram, with the
Code indicating fragmentation is needed and DF (Don’t Fragment) set.
• Destination Unreachable − This error message indicates that the
destination host, network, or port number that is specified in the IP packet
is unreachable. This may happen due to the destination host device is
down, an intermediate router is unable to find a path to forward the
packet, and a firewall is configured to block connections from the source
of the packet.
• Redirect Message − A redirect error message is used when a router
needs to tell a sender that it should use a different path for a specific
destination. It occurs when the router knows a shorter path to the
destination.
ICMP Basic Error Message Format
A basic ICMP error message would have the following format −
• Type − The type field identifies the type of the message.

• Code − The code field in ICMP describes the purpose of the message.
• Checksum − The checksum field is used to validate ICMP messages.
Border Gateway Protocol

BGP stands for Border Gateway Protocol. It is a standardized gateway protocol that
exchanges routing information across autonomous systems (AS). When one network
router is linked to other networks, it cannot decide which network is the best network
to share its data to by itself.
Border Gateway Protocol considers all peering partners that a router has and sends
traffic to the router closest to the data’s destination. This communication is possible
because, at boot, BGP allows peers to communicate their routing information and
then stores that information in a Routing Information Base (RIB).
The main goal of BGP is to find any path to the destination that is loop-free. This is
different from intradomain routing protocols’ common goals: finding an optimal route
to the destination based on a specific link metric.
The routers that connect other ASs are called border gateways. The task of the
border gateways is to forward packets between ASs. Each AS has at least one BGP
speaker. BGP speakers exchange reachability information among ASs.
Internet Protocol version 6 (IPv6)

IP v6 was developed by Internet Engineering Task Force (IETF) to deal with the
problem of IP v4 exhaustion. IP v6 is a 128-bits address having an address space
of 2^128, which is way bigger than IPv4. In IPv6 we use Colon-Hexa
representation. There are 8 groups and each group represents 2 Bytes.
In IPv6 representation, we have three addressing methods :

• Unicast
• Multicast
• Anycast
1. Unicast Address –
Unicast Address identifies a single network interface. A packet sent to a unicast
address is delivered to the interface identified by that address.
2. Multicast Address –
Multicast Address is used by multiple hosts, called as Group, acquires a multicast
destination address. These hosts need not be geographically together. If any
packet is sent to this multicast address, it will be distributed to all interfaces
corresponding to that multicast address.
3. Anycast Address –
Anycast Address is assigned to a group of interfaces. Any packet sent to an
anycast address will be delivered to only one member interface (mostly nearest
host possible).
Note: Broadcast is not defined in IPv6.
Types of IPv6 address:
We have 128 bits in IPv6 address but by looking at the first few bits we can
identify what type of address it is.
IP version 6 Header Format :
Congestion Control Mechanisms
• Congestion control is a mechanism for improving performance.

• It refers to techniques and mechanisms that can either prevent congestion
before it happens or remove congestion after it has happened.
• In general, we can divide congestion control mechanisms into two broad
categories:
– Open-loop Congestion control (prevention)
– Closed-loop Congestion control (removal)
• In open-loop congestion control, policies are applied to prevent congestion

before it happens.
• In these mechanisms, congestion control is handled by either the source or the
destination.
• Retransmission Policy
• Retransmission is sometimes unavoidable.
• If the sender feels that a sent packet is lost or corrupted, the packet
needs to be retransmitted.
• Retransmission in general may increase congestion in the network.
• However, a good retransmission policy can prevent congestion.
• The retransmission policy and the retransmission timers must be
designed to optimize efficiency and at the same time prevent
congestion.
• Window Policy
• The type of window at the sender may also affect congestion.
• The Selective Repeat window is better than the Go-Back-N window for
congestion control.
• In the Go-Back-N window, when the timer for a packet times out,
several packets may be resent, although some may have arrived safe
and sound at the receiver.
• This duplication may make the congestion worse.
• The Selective Repeat window, on the other hand, tries to send the
specific packets that have been lost or corrupted.
• Acknowledgment Policy
• The acknowledgment policy imposed by the receiver may also affect
congestion.
• If the receiver does not acknowledge every packet it receives, it may
slow down the sender and help prevent congestion.
• Several approaches are used in this case.
• A receiver may send an acknowledgment only if it has a packet to be
sent or a special timer expires.
• A receiver may decide to acknowledge only N packets at a time.
• Sending fewer acknowledgments means imposing less load on the
network.
• Discarding Policy
• A good discarding policy by the routers may prevent congestion and at
the same time may not harm the integrity of the transmission.
• For example, in audio transmission, if the policy is to discard less
sensitive packets when congestion is likely to happen, the quality of
sound is still preserved and congestion is prevented or
alleviated/diminished.
• Admission Policy
• An admission policy, which is a quality-of-service mechanism can also
prevent congestion in virtual-circuit networks.
• Switches in a flow first check the resource requirement of a flow
before admitting it to the network.
• A router can deny establishing a virtual-circuit connection if there is
congestion in the network or if there is a possibility of future congestion.
• CLOSED-LOOP CONGESTION CONTROL
• Closed-loop congestion control mechanisms try to alleviate congestion after
it happens.
• Several mechanisms have been used by different protocols.
• Backpressure
• The technique of backpressure refers to a congestion control
mechanism in which a congested node stops receiving data from the
immediate upstream node or nodes.
• This may cause the upstream node or nodes to become congested, and
they, in turn, reject data from their upstream node or nodes, and so on.
• Backpressure is a node-to- node congestion control that starts with a
node and propagates, in the opposite direction of data flow, to the
source.
• The backpressure technique can be applied only to virtual circuit
networks, in which each node knows the upstream node from which a
flow of data is coming.
• Choke Packet
– A choke packet is a packet sent by a node to the source to inform it of
congestion.
– In backpressure, the warning is from one node to its upstream node,
although the warning may eventually reach the source station.
– In the choke-packet method, the warning is from the router, which has
encountered congestion, directly to the source station.
– The intermediate nodes through which the packet has traveled are not
warned.
– The warning message goes directly to the
source station; the intermediate routers do not take any
action.
• Implicit Signaling
– In implicit signaling, there is no communication between the congested node or

nodes and the source.
– The source guesses that there is congestion somewhere in the network from other
symptoms.
– For example, when a source sends several packets and there is no acknowledgment
for a while, one assumption is that the network is congested.
– The delay in receiving an acknowledgment is interpreted as congestion in the
network; the source should slow down.
• Explicit Signaling
– The node that experiences congestion can explicitly send a signal to the source or
destination.
– The explicit-signaling method is different from the choke-packet method.
– In the choke-packet method, a separate packet is used for this purpose; in the
explicit-signaling method, the signal is included in the packets that carry data.
– Explicit signaling can occur in either the forward or the backward direction.
• DHCP – DYNAMIC HOST CONFIGURATION PROTOCOL
• The dynamic host configuration protocol is used to simplify the installation and maintenance
of networked computers.
• DHCP is derived from an earlier protocol called BOOTP.
• Ethernet addresses are configured into network by manufacturer and they are unique.
• IP addresses must be unique on a given internetwork but also must reflect the structure of
the internetwork
• Most host Operating Systems provide a way to manually configure the IP information for the
host
Drawbacks of manual configuration
• A lot of work to configure all the hosts in a large network
• Configuration process is error-prune
• It is necessary to ensure that every host gets the correct network number and that no two
hosts receive the same IP address.
• For these reasons, automated configuration methods are required.
• The primary method uses a protocol known as the Dynamic Host Configuration Protocol
(DHCP).
• The main goal of DHCP is to minimize the amount of manual configuration required for a
host.
• If a new computer is connected to a network, DHCP can provide it with all the necessary
information for full system integration into the network.
• DHCP is based on a client/server model.

• DHCP clients send a request to a DHCP server to which the server responds with an IP
address
• DHCP server is responsible for providing configuration information to hosts.
• There is at least one DHCP server for an administrative domain.
• The DHCP server can function just as a centralized repository for host configuration
information.
• The DHCP server maintains a pool of available addresses that it hands out to hosts on
demand.
• A newly booted or attached host sends a DHCPDISCOVER message to a special IP address

(255.255.255.255., which is an IP broadcast address.
• This means it will be received by all hosts and routers on that network.
• DHCP uses the concept of a relay agent. There is at least one relay agent on each network.
• DHCP relay agent is configured with the IP address of the DHCP server.
When a relay agent receives a DHCPDISCOVER message, it unicasts it to the DHCP server and awaits
the response, which it will then send back to the requesting client.
• DHCP Message Format
– A DHCP packet is actually sent using a protocol called the User Datagram Protocol
(UDP).
IP - INTERNET PROTOCOL
– The Internet Protocol is the key tool used today to

build scalable, heterogeneous internetworks.
– IP runs on all the nodes (both hosts and routers) in a collection of networks
– IP defines the infrastructure that allows these nodes and networks to function as a
single logical internetwork.
• IP SERVICE MODEL
– Service Model defines the host-to-host services that we want to provide
– The main concern in defining a service model for an internetwork is that we can
provide a host-to-host service only if this service can somehow be provided over
each of the underlying physical networks.
• The Internet Protocol is the key tool used today to build scalable, heterogeneous
internetworks.
– The IP service model can be thought of as having two parts:

• A GLOBAL ADDRESSING SCHEME - which provides a way to identify all
hosts in the internetwork
• A DATAGRAM DELIVERY MODEL – A connectionless model of data delivery.
• IP PACKET FORMAT / IP DATAGRAM FORMAT
– A key part of the IP service model is the type of packets that can be carried.
– The IP datagram consists of a header followed by a number of bytes of data.
• UNICAST ROUTING ALGORITHMS
• There are three main classes of routing protocols:
• Distance Vector Routing Algorithm – Routing Information Protocol
• Link State Routing Algorithm – Open Shortest Path First Protocol
• Path-Vector Routing Algorithm - Border Gateway Protocol
DISTANCE VECTOR ROUTING (DSR)
ROUTING INFORMATION PROTOCOL (RIP)
BELLMAN - FORD ALGORITHM
– Distance vector routing is distributed, i.e., algorithm is run on all nodes.
– Each node knows the distance (cost) to each of its directly connected neighbors.
– Nodes construct a vector (Destination, Cost, NextHop) and distributes to its

neighbors.
– Nodes compute routing table of minimum distance to every other node via NextHop
using information obtained from its neighbors.
– In given network, cost of each link is 1 hop.
– Each node sets a distance of 1 (hop) to its immediate neighbor and cost to itself as 0.
– Distance for non-neighbors is marked as unreachable with value ∞ (infinity).
– For node A, nodes B, C, E and F are reachable, whereas nodes D and G are
unreachable.
The initial table for all the nodes are given below
– Each node sends its initial table (distance vector) to neighbors and receives their
estimate.
– Node A sends its table to nodes B, C, E & F and receives tables from nodes B, C, E &
F.
– Each node updates its routing table by comparing with each of its neighbor's table
– For each destination, Total Cost is computed as:
• Total Cost = Cost (Node to Neighbor) + Cost (Neighbor to Destination)
– If Total Cost < Cost then
• Cost = Total Cost and NextHop = Neighbor
– Node A learns from C's table to reach node D and from F's table to reach node G.
– Total Cost to reach node D via C = Cost (A to C) + Cost(C to D)
• Cost = 1 + 1 = 2.
• Since 2 < ∞, entry for destination D in A's table is changed to (D, 2, C)
• Total Cost to reach node G via F = Cost(A to F) + Cost(F to G) = 1 + 1 = 2
• Since 2 < ∞, entry for destination G in A's table is changed to (G, 2, F)
Each node builds complete routing table after few exchanges amongst its neighbors
System stabilizes when all nodes have complete routing information, i.e.,
convergence.
Routing tables are exchanged periodically or in case of triggered update.
The final distances stored at each node is given below:

• Updation of Routing Tables
• There are two different circumstances under which a given node decides to send a routing
update to its neighbors.
• Periodic Update
• In this case, each node automatically sends an update message every so often, even if
nothing has changed.
• The frequency of these periodic updates varies from protocol to protocol, but it is typically
on the order of several seconds to several minutes.
• Triggered Update
– In this case, whenever a node notices a link failure or receives an update from one of
its neighbors that causes it to change one of the routes in its routing table.
– Whenever a node’s routing table changes, it sends an update to its neighbors, which
may lead to a change in their tables, causing them to send an update to their
neighbors.
• ROUTING INFORMATION PROTOCOL (RIP)
• RIP is an intra-domain routing protocol based on distance-vector algorithm
• Routers advertise the cost of reaching networks. Cost of reaching each link is 1 hop. For
example, router C advertises to A that it can reach network 2, 3 at cost 0 (directly
connected), networks 5, 6 at cost 1 and network 4 at cost 2.
• Each router updates cost and next hop for each network number.
• Infinity is defined as 16, i.e., any route cannot have more than 15 hops. Therefore RIP can be
implemented on small-sized networks only.
• Advertisements are sent every 30 seconds or in case of triggered update.

– Command - It indicates the packet type.
• Value 1 represents a request packet. Value 2 represents a response packet.
– Version - It indicates the RIP version number. For RIPv1, the value is 0x01.
– Address Family Identifier - When the value is 2, it represents the IP protocol.
– IP Address - It indicates the destination IP address of the route. It can be the

addresses of only the natural network segment.
– Metric - It indicates the hop count of a route to its destination.
• LINK STATE ROUTING (LSR)
• OPEN SHORTEST PATH PROTOCOL (OSPF)
• DIJKSTRA’S ALGORITHM
• Each node knows state of link to its neighbors and cost.
• Nodes create an update packet called link-state packet (LSP) that contains:
– ID of the node
– List of neighbors for that node and associated cost
– 64-bit Sequence number
Time to live
• Link-State routing protocols rely on two mechanisms:
– Reliable flooding of link-state information to all other nodes
– Route calculation from the accumulated link-state knowledge
• Reliable Flooding
• Each node sends its LSP out on each of its directly connected links.
• When a node receives LSP of another node, checks if it has an LSP already for that node.
• If not, it stores and forwards the LSP on all other links except the incoming one.
• Else if the received LSP has a bigger sequence number, then it is stored and forwarded.
Older LSP for that node is discarded.
• Otherwise discard the received LSP, since it is not latest for that node.
• Thus recent LSP of a node eventually reaches all nodes, i.e., reliable flooding.
• Flooding of LSP in a small network is as follows:
➢ When node X receives Y’s LSP (fig a), it floods onto its neighbors A
and C (fig b)
➢ Nodes A and C forward it to B, but does not sends it back to X (fig c).
➢ Node B receives two copies of LSP with same sequence number.
➢ Accepts one LSP and forwards it to D (fig d). Flooding is complete.
• LSP is generated either periodically or when there is a change in the topology.
Route Calculation
• Each node knows the entire topology, once it has LSP from every other node.
• Forward search algorithm is used to compute routing table from the received LSPs.
• Each node maintains two lists, namely Tentative and Confirmed with entries of the form
(Destination, Cost, NextHop).
• DIJKSTRA’S SHORTEST PATH ALGORITHM (FORWARD SEARCH ALGORITHM)
1. Each host maintains two lists, known as Tentative and Confirmed
2. Initialize the Confirmed list with an entry for the Node (Cost = 0).
3. Node just added to Confirmed list is called Next. Its LSP is examined.
4. For each neighbor of Next, calculate cost to reach each neighbor as Cost (Node to Next) +
Cost (Next to Neighbor).
– If Neighbor is neither in Confirmed nor in Tentative list, then add (Neighbor, Cost,
NextHop) to Tentative list.
– If Neighbor is in Tentative list, and Cost is less than existing cost, then replace the
entry with (Neighbor, Cost, NextHop).
5. If Tentative list is empty then Stop, otherwise move least cost entry from Tentative list to
Confirmed list. Go to Step 2.
Example – Write example here that I have discussed in class based on Dijkstra Algorithm
Link State Packet Format

Version ― represents the current version, i.e., 2.
Type ― represents the type (1–5) of OSPF message.
Type 1 - “hello” message, Type 2 - request, Type 3 – send ,
Type 4 - acknowledge the receipt of link state messages ,
Type 5 - reserved
SourceAddr ― identifies the sender
AreaId ― 32-bit identifier of the area in which the node is located
Checksum ― 16-bit internet checksum
Authentication type ― 1 (simple password), 2 (cryptographic authentication).
Authentication ― contains password or cryptographic checksum
PATH VECTOR ROUTING (PVR)
BORDER GATEWAY PROTOCOL (BGP)
• Path-vector routing is an asynchronous and distributed routing algorithm.
• The Path-vector routing is not based on least-cost routing.
• The best route is determined by the source using the policy it imposes on the route.
• In other words, the source can control the path.
• Path-vector routing is not actually used in an internet, and is mostly designed to route a
packet between ISPs.
Spanning Trees
• In path-vector routing, the path from a source to all destinations is determined by the best
spanning tree.
• The best spanning tree is not the least-cost tree.
• It is the tree determined by the source when it imposes its own policy.
• If there is more than one route to a destination, the source can choose the route that meets
its policy best.
• A source may apply several policies at the same time.
• One of the common policies uses the minimum number of nodes to be visited. Another
common policy is to avoid some nodes as the middle node in a route.
• The spanning trees are made, gradually and asynchronously, by each node. When a node is
booted, it creates a path vector based on the information it can obtain about its immediate
neighbor.
• A node sends greeting messages to its immediate neighbors to collect these pieces of
information.
• Each node, after the creation of the initial path vector, sends it to all its immediate
neighbors.
•
Each node, when it receives a path vector from a neighbor, updates its path vector using the
formula
• The policy is defined by selecting the best of multiple paths.
• Path-vector routing also imposes one more condition on this equation.
• If Path (v, y) includes x, that path is discarded to avoid a loop in the path.
• In other words, x does not want to visit itself when it selects a path to y.
• Example:
• The Figure below shows a small internet with only five nodes.
• Each source has created its own spanning tree that meets its policy.
• The policy imposed by all sources is to use the minimum number of nodes to reach a
destination.
• The spanning tree selected by A and E is such that the communication does not pass through
D as a middle node.
• Similarly, the spanning tree selected by B is such that the communication does not pass
through C as a middle node.
• Path Vectors made at booting time
• The Figure below shows all of these path vectors for the example.
• Not all of these tables are created simultaneously.
• They are created when each node is booted.
• The figure also shows how these path vectors are sent to immediate neighbors after they
have been created.
• Updating Path Vectors
• The Figure below shows the path vector of node C after two events.
• In the first event, node C receives a copy of B’s vector, which improves its vector: now it
knows how to reach node A.
• In the second event, node C receives a copy of D’s vector, which does not change its vector.
• The vector for node C after the first event is stabilized and serves as its forwarding table.
BORDER GATEWAY PROTOCOL (BGP)

• The Border Gateway Protocol version (BGP) is the only interdomain routing protocol used in
the Internet today.
• BGP4 is based on the path-vector algorithm. It provides information about the reachability
of networks in the Internet.
• BGP views internet as a set of autonomous systems interconnected arbitrarily.
• Each AS have a border router (gateway), by which packets enter and leave that AS. In above
figure, R3 and R4 are border routers.
• One of the router in each autonomous system is designated as BGP speaker.
• BGP Speaker exchange reachability information with other BGP speakers, known as external
BGP session.
• BGP advertises complete path as enumerated list of AS (path vector) to reach a particular
network.
• Paths must be without any loop, i.e., AS list is unique.
• For example, backbone network advertises that networks 128.96 and 192.4.153 can be
reached along the path <AS1, AS2, AS4>.
• If there are multiple routes to a destination, BGP speaker chooses one based on policy.
• Speakers need not advertise any route to a destination, even if one exists.
• Advertised paths can be cancelled, if a link/node on the path goes down. This negative
advertisement is known as withdrawn route.
• Routes are not repeatedly sent. If there is no change, keep alive messages are sent.
UNICAST ROUTING PROTOCOLS
• A protocol is more than an algorithm.
• A protocol needs to define its domain of operation, the messages exchanged,

communication between routers, and interaction with protocols in other domains.
• A routing protocol specifies how routers communicate with each

other, distributing information that enables them to select routes between any two
nodes on a computer network.
• Routers perform the "traffic directing" functions on the

Internet; data packets are forwarded through the networks of the internet from
router to router until they reach their destination computer.
• Routing algorithms determine the specific choice of route.
• Each router has a prior knowledge only of networks attached to it directly.
• A routing protocol shares this information first among immediate neighbors, and then
throughout the network. This way, routers gain knowledge of the topology of the network.
• The ability of routing protocols to dynamically adjust to changing conditions such as disabled
data lines and computers and route data around obstructions is what gives the Internet its
survivability and reliability.
• The specific characteristics of routing protocols include the manner in which they avoid
routing loops, the manner in which they select preferred routes, using information about
hop costs, the time they require to reach routing convergence, their scalability, and other
factors.
MULTICASTING
• In multicasting, there is one source and a group of destinations.

• Multicast supports efficient delivery to multiple destinations.
• The relationship is one to many or many-to-many.
• One-to-Many (Source Specific Multicast)

Radio station broadcast
Transmitting news, stock-price
Software updates to multiple hosts
• Many-to-Many (Any Source Multicast)

Multimedia teleconferencing
Online multi-player games
Distributed simulations
• In this type of communication, the source address is a unicast address, but the destination
address is a group address.
• The group address defines the members of the group.
• In multicasting, a multicast router may have to send out copies of the same datagram
through more than one interface.
• Hosts that are members of a group receive copies of any packets sent to that group’s
multicast address
• A host can be in multiple groups
• A host can join and leave groups
• A host signals its desire to join or leave a multicast group by
communicating with its local router using a special protocol.
• In IPv4, the protocol is Internet Group Management Protocol (IGMP)
• In IPv6, the protocol is Multicast Listener Discovery (MLD)
MULTICAST ROUTING
• To support multicast, a router must additionally have multicast forwarding tables that
indicate, based on multicast address, which links to use to forward the multicast packet.
• Unicast forwarding tables collectively specify a set of paths.
• Multicast forwarding tables collectively specify a set of trees -Multicast distribution trees.
• Multicast routing is the process by which multicast distribution trees are determined.
• To support multicasting, routers additionally build multicast forwarding tables.
• Multicast forwarding table is a tree structure, known as multicast distribution trees.
• Internet multicast is implemented on physical networks that support broadcasting by

extending forwarding functions.
• MULTICAST DISTRIBUTION TREES
• There are two types of Multicast Distribution Trees used in multicast routing. They are
➢ Source-Based Tree: (DVMRP)
▪ For each combination of (source , group), there is a shortest path spanning tree.
▪ Flood and prune
➢ Send multicast traffic everywhere
➢ Prune edges that are not actively subscribed to group
▪ Link-state
➢ Routers flood groups they would like to receive
➢ Compute shortest-path trees on demand
Distance Vector Multicast Routing Protocol
– The DVMRP, is a routing protocol used to share information between routers

to facilitate the transportation of IP multicast packets among networks.
– It formed the basis of the Internet's historic multicast backbone.
– Distance vector routing for unicast is extended to support multicast routing.
– Each router maintains a routing table for all destination through exchange of
distance vectors.
– DVMRP is also known as flood-and-prune protocol.
– DVMRP consists of two major components:
– A conventional distance-vector routing protocol, like RIP

– A protocol for determining how to forward multicast packets, based on the routing
table
– DVMRP router forwards a packet if
– The packet arrived from the link used to reach the source of the packet
– If downstream links have not pruned the tree
– DVMRP protocol uses the basic packet types as follows:
The forwarding table of DVMRP is as follows:
• Multicasting is added to distance-vector routing in four stages.
– Flooding
– Reverse Path Forwarding (RPF)
– Reverse Path Broadcasting (RPB)
– Reverse Path Multicast (RPM)

Module4
Syllabus - TRANSPORT LAYER
Introduction – Transport Layer Protocols –TCP Segment format - Services – Port Numbers –
User Datagram Protocol – Transmission Control Protocol – SCTP.
-------------------------------------
Notes
• The transport layer is the fourth layer of the OSI model and is the core of the Internet model.
• It responds to service requests from the session layer and issues service requests to the
network Layer.
• The transport layer provides transparent transfer of data between hosts.
• It provides end-to-end control and information transfer with the quality of service needed
by the application program.
• It is the first true end-to-end layer, implemented in all End Systems (ES).
• TRANSPORT LAYER FUNCTIONS / SERVICES
• The transport layer is located between the network layer and the application layer.
• The transport layer is responsible for providing services to the application layer; it receives
services from the network layer.
• The services that can be provided by the transport layer are
– Process-to-Process Communication
– Addressing : Port Numbers
– Encapsulation and Decapsulation
– Multiplexing and Demultiplexing
– Flow Control
– Error Control
– Congestion Control
• Process-to-Process Communication
• The Transport Layer is responsible for delivering data to the appropriate application process
on the host computers.
• This involves multiplexing of data from different application processes, i.e. forming data
packets, and adding source and destination port numbers in the header of each Transport
Layer data packet.
• Together with the source and destination IP address, the port numbers constitutes a
network socket, i.e. an identification address of the process-to-process communication.
• Addressing: Port Numbers

• Ports are the essential ways to address multiple entities in the same location.
• Using port addressing it is possible to use more than one network-based application at the
same time.
• Three types of Port numbers are used :
• Well-known ports - These are permanent port numbers. They range between 0 to
1023.These port numbers are used by Server Process.
• Registered ports - The ports ranging from 1024 to 49,151 are not assigned or controlled.
• Ephemeral ports (Dynamic Ports) – These are temporary port numbers. They range between
49152–65535.These port numbers are used by Client Process
• Encapsulation and Decapsulation
• To send a message from one process to another, the transport-layer protocol encapsulates
and decapsulates messages.
• Encapsulation happens at the sender site. The transport layer receives the data and adds the
transport-layer header.
• Decapsulation happens at the receiver site. When the message arrives at the destination
transport layer, the header is dropped and the transport layer delivers the message to the
process running at the application layer.
• Multiplexing and Demultiplexing
• Whenever an entity accepts items from more than one source, this is referred to as
• multiplexing (many to one).
• Whenever an entity delivers items to more than one source, this is referred to as
• demultiplexing (one to many).
• The transport layer at the source performs multiplexing
• The transport layer at the destination performs demultiplexing
PORT NUMBERS
• A transport-layer protocol usually has several responsibilities.
• One is to create a process-to-process communication.
• Processes are programs that run on hosts. It could be either server or client.
• A process on the local host, called a client, needs services from a process usually on the
remote host, called a server.
• Processes are assigned a unique 16-bit port number on that host.
• Port numbers provide end-to-end addresses at the transport layer
• They also provide multiplexing and demultiplexing at this layer.
• The port numbers are integers between 0 and 65,535 .
• ICANN (Internet Corporation for Assigned Names and Numbers) has divided the port
numbers into three ranges:
– Well-known ports
– Registered
– Ephemeral ports (Dynamic Ports)
• WELL-KNOWN PORTS
• These are permanent port numbers used by the servers.
• They range between 0 to 1023.

• This port number cannot be chosen randomly.
• These port numbers are universal port numbers for servers.
• Every client process knows the well-known port number of the corresponding server
process.
• For example, while the daytime client process, a well-known client program, can use an
ephemeral (temporary) port number, 52,000, to identify itself, the daytime server process
must use the well-known (permanent) port number 13.
• EPHEMERAL PORTS (DYNAMIC PORTS)
• The client program defines itself with a port number, called the ephemeral port number.
• The word ephemeral means “short-lived” and is used because the life of a client is normally
short.
• An ephemeral port number is recommended to be greater than 1023.
• These port number ranges from 49,152 to 65,535 .
• They are neither controlled nor registered. They can be used as temporary or private port
numbers.
• REGISTERED PORTS
• The ports ranging from 1024 to 49,151 are not assigned or controlled.
• Three protocols are associated with the Transport layer.They are
• UDP –User Datagram Protocol
• TCP – Transmission Control Protocol
• SCTP - Stream Control Transmission Protocol
• Each protocol provides a different type of service and should be used appropriately.
• UDP - UDP is an unreliable connectionless transport-layer protocol used for its simplicity and
efficiency in applications where error control can be provided by the application-layer
process.
• TCP - TCP is a reliable connection-oriented protocol that can be used in any application
where reliability is important.
• SCTP - SCTP is a new transport-layer protocol designed to combine some features of UDP
and TCP in an effort to create a better protocol for multimedia communication.
• User Datagram Protocol (UDP) is a connectionless, unreliable transport protocol.
• UDP adds process-to-process communication to best-effort service provided by IP.
• UDP is a very simple protocol using a minimum of overhead.
• UDP is a simple demultiplexer, which allows multiple processes on each host to

communicate.
• UDP does not provide flow control , reliable or ordered delivery.
• UDP can be used to send small message where reliability is not expected.
• Sending a small message using UDP takes much less interaction between the sender and
receiver.
• UDP allow processes to indirectly identify each other using an abstract locator called port or
mailbox
• UDP PORTS
• Processes (server/client) are identified by an abstract locator known as port.

• Server accepts message at well known port.
• Some well-known UDP ports are 7–Echo, 53–DNS, 111–RPC, 161–SNMP, etc.
• < port, host > pair is used as key for demultiplexing.
• Ports are implemented as a message queue.
• When a message arrives, UDP appends it to end of the queue.
• When queue is full, the message is discarded.
• When a message is read, it is removed from the queue.
• When an application process wants to receive a message, one is removed from the front of
the queue.
• If the queue is empty, the process blocks until a message becomes available.
• UDP DATAGRAM (PACKET) FORMAT
• UDP packets are known as user datagrams .
• These user datagrams, have a fixed-size header of 8 bytes made of four fields, each of 2
bytes (16 bits).
• Source Port Number
• Port number used by process on source host with 16 bits long.
• If the source host is client (sending request) then the port number is an temporary one
requested by the process and chosen by UDP.
• If the source is server (sending response) then it is well known port number.
• Destination Port Number
• Port number used by process on Destination host with 16 bits long.
• If the destination host is the server (a client sending request) then the port number is a well
known port number.
• If the destination host is client (a server sending response) then port number is an
temporary one copied by server from the request packet.
• Length
• This field denotes the total length of the UDP Packet (Header plus data)
• The total length of any UDP datagram can be from 0 to 65,535 bytes.
• Checksum
• UDP computes its checksum over the UDP header, the contents of the message body, and
something called the pseudoheader.
• The pseudoheader consists of three fields from the IP header—protocol number, source IP
address, destination IP address plus the UDP length field.
Data
• Data field defines tha actual payload to be transmitted.

• Its size is variable.
• UDP SERVICES
• UDP provides process-to-process communication using socket

addresses, a combination of IP addresses and port numbers.
• Connectionless Services
• UDP provides a connectionless service.
• There is no connection establishment and no connection termination .
• Each user datagram sent by UDP is an independent datagram.
• There is no relationship between the different user datagrams even if they are
• coming from the same source process and going to the same destination program.
• The user datagrams are not numbered.
• Each user datagram can travel on a different path.
• Flow Control
• UDP is a very simple protocol.
• There is no flow control, and hence no window mechanism.
• The receiver may overflow with incoming messages.
• The lack of flow control means that the process using UDP should provide for this
service, if needed.
• Error Control
• There is no error control mechanism in UDP except for the checksum.
• This means that the sender does not know if a message has been lost or duplicated.
• When the receiver detects an error through the checksum, the user datagram is
silently discarded.
• The lack of error control means that the process using UDP should provide for this
service, if needed.
• Checksum
• UDP checksum calculation includes three sections: a pseudoheader, the UDP header,
and the data coming from the application layer.
• The pseudoheader is the part of the header in which the user datagram is to be
encapsulated with some fields filled with 0s.
• Optional Inclusion of Checksum
• The sender of a UDP packet can choose not to calculate the checksum.
• In this case, the checksum field is filled with all 0s before being sent.
• In the situation where the sender decides to calculate the checksum, but it
happens that the result is all 0s, the checksum is changed to all 1s before the
packet is sent.
• In other words, the sender complements the sum two times.
TRANSMISSION CONTROL PROTOCOL (TCP)
• TCP is a reliable, connection-oriented, byte-stream protocol.
• TCP guarantees the reliable, in-order delivery of a stream of bytes. It is a full-duplex

protocol, meaning that each TCP connection supports a pair of byte streams, one
flowing in each direction.
• TCP includes a flow-control mechanism for each of these byte streams that allow the
receiver to limit how much data the sender can transmit at a given time.
• TCP supports a demultiplexing mechanism that allows multiple application programs

on any given host to simultaneously carry on a conversation with their peers.
• TCP also implements congestion-control mechanism. The idea of this mechanism is

to prevent sender from overloading the network.
• Flow control is an end to end issue, whereas congestion control is concerned with
how host and network interact.
• TCP is a reliable, connection-oriented, byte-stream protocol.
• TCP guarantees the reliable, in-order delivery of a stream of bytes. It is a full-duplex

protocol, meaning that each TCP connection supports a pair of byte streams, one
flowing in each direction.
• TCP includes a flow-control mechanism for each of these byte streams that allow the
receiver to limit how much data the sender can transmit at a given time.
• TCP supports a demultiplexing mechanism that allows multiple application programs

on any given host to simultaneously carry on a conversation with their peers.
• TCP also implements congestion-control mechanism. The idea of this mechanism is
to prevent sender from overloading the network.
• Flow control is an end to end issue, whereas congestion control is concerned with
how host and network interact.
• TCP SERVICES
• TCP provides process-to-process communication using port numbers.
• Stream Delivery Service
• TCP is a stream-oriented protocol.
• TCP allows the sending process to deliver data as a stream of bytes and allows
the receiving process to obtain data as a stream of bytes.
• TCP creates an environment in which the two processes seem to be connected

by an imaginary “tube” that carries their bytes across the Internet.
• The sending process produces (writes to) the stream and the receiving process
consumes (reads from) it.
• TCP SEGMENT
– A packet in TCP is called a segment.
– Data unit exchanged between TCP peers are called segments.
– A TCP segment encapsulates the data received from the application layer.
– The TCP segment is encapsulated in an IP datagram, which in turn is encapsulated in

a frame at the data-link layer.
– TCP is a byte-oriented protocol, which means that the sender writes bytes into a TCP
connection and the receiver reads bytes out of the TCP connection.
– TCP does not, itself, transmit individual bytes over the Internet.
– TCP on the source host buffers enough bytes from the sending process to fill a
reasonably sized packet and then sends this packet to its peer on the destination
host.
– TCP on the destination host then empties the contents of the packet into a receive
buffer, and the receiving process reads from this buffer at its leisure.
– TCP connection supports byte streams flowing in both directions.
– The packets exchanged between TCP peers are called segments, since each one
carries a segment of the byte stream.
– TCP PACKET FORMAT
– Each TCP segment contains the header plus the data.
– The segment consists of a header of 20 to 60 bytes, followed by data from the

application program.
– The header is 20 bytes if there are no options and up to 60 bytes if it contains

options.
• SrcPort and DstPort―port number of source and destination process.
SequenceNum―contains sequence number, i.e. first byte of data segment.
Acknowledgment― byte number of segment, the receiver expects next.
• HdrLen―Length of TCP header as 4-byte words.
• Flags― contains six control bits known as flags. o URG — segment contains urgent data.
• ACK — value of acknowledgment field is valid.
• PUSH — sender has invoked the push operation.
• RESET — receiver wants to abort the connection.
• SYN — synchronize sequence numbers during connection establishment.
• FIN — terminates the TCP connection.
• Advertised Window―defines receiver’s window size and acts as flow control.
• Checksum―It is computed over TCP header, Data, and pseudo header containing IP fields
• (Length, SourceAddr & DestinationAddr).
• UrgPtr ― used when the segment contains urgent data. It defines a value that must be
added to the sequence number.
• Options - There can be up to 40 bytes of optional information in the TCP header.
• TCP CONNECTION MANAGEMENT
• TCP is connection-oriented.
• A connection-oriented transport protocol establishes a logical path between the

source and destination.
• All of the segments belonging to a message are then sent over this logical path.
• In TCP, connection-oriented transmission requires three phases: Connection

Establishment, Data Transfer and Connection Termination.
• Connection Establishment
• While opening a TCP connection the two nodes(client and server) want to agree on a set of
parameters.
• The parameters are the starting sequence numbers that is to be used for their respective
byte streams.
• Connection establishment in TCP is a three-way handshaking.
• Client sends a SYN segment to the server containing its initial sequence number (Flags
• = SYN, SequenceNum = x)
• Server responds with a segment that acknowledges client’s segment and specifies its initial
sequence number (Flags = SYN + ACK, ACK = x + 1 SequenceNum = y).
• Finally, client responds with a segment that acknowledges server’s sequence number
• (Flags = ACK, ACK = y + 1).
• Data Transfer
– After connection is established, bidirectional data transfer can take place.
– The client and server can send data and acknowledgments in both directions.
– The data traveling in the same direction as an acknowledgment are carried on the
same segment.
– The acknowledgment is piggybacked with the data.
• Connection Termination
• Connection termination or teardown can be done in two ways :

• Three-way Close and Half-Close
• Three-way Close—Both client and server close simultaneously.
• Silly Window Syndrome
• When either the sending application program creates data slowly or the receiving
application program consumes data slowly, or both, problems arise.
• Any of these situations results in the sending of data in very small segments, which reduces
the efficiency of the operation.
• This problem is called the silly window syndrome.
• The sending TCP may create a silly window syndrome if it is serving an application program
that creates data slowly, for example, 1 byte at a time.
• The application program writes 1 byte at a time into the buffer of the sending TCP.
• The result is a lot of 1-byte segments that are traveling through an internet.
• The solution is to prevent the sending TCP from sending the data byte by byte.
• The sending TCP must be forced to wait and collect data to send in a larger block.
• Nagle’s Algorithm
• If there is data to send but is less than MSS, then we may want to wait some amount of time
before sending the available data
• If we wait too long, then it may delay the process.
• If we don’t wait long enough, it may end up sending small segments resulting in Silly
Window Syndrome.
• The solution is to introduce a timer and to transmit when the timer expires
• Nagle introduced an algorithm for solving this problem
Note – Prepare service point addressing as one of the main functions of transport layer, we
have already discussed in class
SCTP stands for Stream Control Transmission Protocol.

It is a connection- oriented protocol in computer networks which provides a
full-duplex association i.e., transmitting multiple streams of data between two
end points at the same time that have established a connection in network. It
is sometimes referred to as next generation TCP or TCPng, SCTP makes it
easier to support telephonic conversation on Internet. A telephonic
conversation requires transmitting of voice along with other data at the same
time on both ends, SCTP protocol makes it easier to establish reliable
connection.
SCTP is also intended to make it easier to establish connection over wireless
network and managing transmission of multimedia data. SCTP is a standard
protocol (RFC/request for comment 2960) and is developed by Internet
Engineering Task Force (IETF).
Characteristics of SCTP :
1. Unicast with Multiple properties –
It is a point-to-point protocol which can use different paths to reach
end host.
2. Reliable Transmission –
It uses SACK and checksums to detect damaged, corrupted,
discarded, duplicate and reordered data. It is similar to TCP but
SCTP is more efficient when it comes to reordering of data.
3. Message oriented –
Each message can be framed and we can keep order of
datastream and tabs on structure. For this, In TCP, we need a
different layer for abstraction.
4. Multi-homing –
It can establish multiple connection paths between two end points
and does not need to rely on IP layer for resilience.
5. Security –
Another characteristic of SCTP that is security. In SCTP, resource
allocation for association establishment only takes place following
cookie exchange identification verification for the client (INIT ACK).
Man-in-the-middle and denial-of-service attacks are less likely as a
result. Furthermore, SCTP doesn’t allow for half-open connections,
making it more resistant to network floods and masquerade attacks.
Advantages of SCTP :
1. It is a full- duplex connection i.e. users can send and receive data
simultaneously.
2. It allows half- closed connections.
3. The message’s boundaries are maintained and application doesn’t
have to split messages.
4. It has properties of both TCP and UDP protocol.
5. It doesn’t rely on IP layer for resilience of paths.
Disadvantages of SCTP :
1. One of key challenges is that it requires changes in transport stack
on node.
2. Applications need to be modified to use SCTP instead of TCP/UDP.
3. Applications need to be modified to handle multiple simultaneous
streams.
Module -5
Syllabus - APPLICATION LAYER
WWW and HTTP –DHCP - FTP – Email –Telnet –SSH – DNS
NETWORK SECURITY
Perimeter, Firewall and Internal Routers, Introduction to Access Lists, Standard Access Lists,
Extended Access Lists, Turning Off and Configuring Network Services, Monitoring Access
Lists.
--------------------------------------------------------
Notes
❖ Access Lists - An access list is essentially a list of conditions that categorize
packets, and they really come in handy when you need to exercise control over
network traffic. An ACL would be your tool of choice for decision making in these
situations.
❖ Access control lists (ACLs) perform packet filtering to control the movement of
packets through a network. Packet filtering provides security by limiting the access
of traffic into a network, restricting user and device access to a network, and
preventing traffic from leaving a network.
❖ IP access lists reduce the chance of spoofing and denial-of-service attacks, and
allow dynamic, temporary user-access through a firewall.
Benefits of IP Access Lists
✓ An access control list (ACL) contains rules that grant or deny access to certain
digital environments.
✓ Access control lists (ACLs) perform packet filtering to control the flow of
packets through a network.
✓ Packet filtering can restrict the access of users and devices to a network,
providing a measure of security.
✓ Access lists can save network resources by reducing traffic. The benefits of
using access lists are as follows:
Authentication - Access lists can simplify the identification of local users, remote
hosts, and remote users in an authentication database that is configured to control
access to a device.
Block unwanted traffic or users—Access lists can filter incoming or outgoing

packets on an interface, thereby controlling access to a network based on source
addresses, destination addresses, or user authentication. You can also use access lists
to determine the types of traffic that are forwarded or blocked at device interfaces.
For example, you can use access lists to permit e-mail traffic to be routed through a
network and to block all Telnet traffic from entering the network.
Identify or classify traffic for QoS features—Access lists provide congestion

avoidance by setting the IP precedence for Weighted Random Early Detection
(WRED) and committed access rate (CAR). Access lists also provide congestion
management for class-based weighted fair queueing (CBWFQ), priority queueing,
and custom queueing.
➢ Weighted random early detection is a queueing discipline for a network scheduler

suited for congestion avoidance. It is an extension to random early detection where a
single queue may have several different sets of queue thresholds.
➢ Committed access rate (CAR) is a feature from Cisco that is used in network
optimization and security. It limits the input or output traffic rate on an interface or
sub-interface based on criteria such as IP precedence, IP access list or incoming
interface.
➢ Class Based Weighted Fair Queuing: Class Based Weighted Fair queuing is an
advanced form of WFQ that supports user defined traffic classes i.e. one can define
traffic classes based on match criteria like protocols, access control lists (ACLs), and
input interfaces.
➢ Limit debug command output—Access lists can limit debug output based on an IP
address or a protocol.
➢ Provide bandwidth control—Access lists on a slow link can prevent excess traffic on
a network.
➢ Provide NAT control—Access lists can control which addresses are translated by
Network Address Translation (NAT).
➢ Reduce the chance of DoS attacks—Access lists reduce the chance of denial-of-
service (DoS) attacks. Specify IP source addresses to control traffic from hosts,
networks, or users from accessing your network. Configure the TCP Intercept feature
to can prevent servers from being flooded with requests for connection.
➢ • Restrict the content of routing updates—Access lists can control routing updates that
are sent, received, or redistributed in networks.
➢ • Trigger dial-on-demand calls—Access lists can enforce dial and disconnect criteria.
➢ An access list can allow one host to access a part of your network and prevent another
host from accessing the same area.
➢ Access lists should be used in firewall routers, which are often positioned between
your internal network and an external network such as the Internet.
➢ To provide some security benefits of access lists, you should at least configure access
lists on border routers--routers located at the edges of your networks
➢ Creating access lists is really a lot like programming a series of if then statements—
if a given condition is met, then a given action is taken.
There are two main types of access lists:

1. Standard access lists: These ACLs use only the source IP address in an IP packet as
the condition test.
❑ All decisions are made based on the source IP address. This means that standard
access lists basically permit or deny an entire suite of protocols. They don’t
distinguish between any of the many types of IP traffic such as Web, Telnet, UDP,
and so on.
2. Extended access lists: Extended access lists can evaluate many of the other fields
in the layer 3 and layer 4 headers of an IP packet.
❑ They can evaluate source and destination IP addresses, the Protocol field in the
Network layer header, and the port number at the Transport layer header.
This gives extended access lists the ability to make much more granular decisions
when controlling traffic.
❑ Named access lists; there were only two types of access lists but listed three! Well,
technically there really are only two since named access lists are either standard or
extended and not actually a distinct type. I’m just distinguishing them because they’re
created and referred to differently than standard and extended access lists are, but
they’re still functionally the same.
❑ Inbound access lists When an access list is applied to inbound packets on an

interface, those packets are processed through the access list before being routed to
the outbound interface.
❑ Any packets that are denied won’t be routed because they’re discarded before the
routing process is invoked.
❑ Outbound access lists When an access list is applied to outbound packets on an
interface, packets are routed to the outbound interface and then processed through the
access list before being queued.
Notes – Study Perimeter, Firewall and Internal Routers
URL
URL stands for Uniform Resource Locator. A URL is nothing more than the address of a given
unique resource on the Web. In theory, each valid URL points to a unique resource. Such
resources can be an HTML page, a CSS document, an image, etc. In practice, there are some
exceptions, the most common being a URL pointing to a resource that no longer exists or that
has moved. As the resource represented by the URL and the URL itself are handled by the Web
server, it is up to the owner of the web server to carefully manage that resource and its
associated URL.
❑ Basics: anatomy of a URL

❑ Here are some examples of URLs:
❑ https://developer.mozilla.org
❑ https://developer.mozilla.org/en-US/docs/Learn/
❑ https://developer.mozilla.org/en-US/search?q=URL
❑ Any of those URLs can be typed into your browser's address bar to tell it to load the
associated page (resource).
❑ A URL is composed of different parts, some mandatory and others optional. The most
important parts are highlighted on the URL below (details are provided in the
following sections):
Categories of web document

1. Static Documents
The documents that contain fixed content is called as a static document. Static documents
are created and stored on the server. The client can get a copy of the documents only. In
other words, we can say that the content of the file is determined when the file is created, not
when it is used. Static documents, user cannot change the content, but the content server can
be changed. When the client access the document, a copy of the documents is the sent, the user
can then use a browsing program to display the documents.
Static documents are prepared using one of the languages which are mentioned below:
• HTML (Hypertext Markup Language)

• XML (Extensible Markup Language)
• XHTML (Extended Hypertext Markup Language)
• XSL (Extensible Style Language)
2. Dynamic Documents
Dynamic documents are created by a web server when the browser requests the document.
When server receives the request, it runs an application program or script which creates the
dynamic documents. The server returns the output of the program or script as a response to the
browser that requested the documents. A fresh document is created for each request; the content
for dynamic documents may vary from one request to another.
For example, when we retrieve the date and time from the web server, the result differs for
each request. This is because the date and time are dynamic as they change from moment to
moment. A client can ask the client to date the program in Unix and send the result of the
program to the client. CGI (Common Gateway Interface) is a technology used to create and
handle the dynamic documents.
CGI:
It is a set of standards that defines how the content in dynamic documents is written, how the
data are input into the program, and how it is shown. It allows programmers to use languages
such as C, A shell, or Perl. Common gateway interface represents the standard that defines a
common set of rules for any language or platform.
There are some predefined terms and variables which can be used in Common gateway
interface programs. A CGI program is a code which is written in one of the languages that CGI
supports. The programmer who knows how to encode the sequence of action or task in the
program, and has a knowledge of syntax, can write a CGI program. Dynamic documents
sometimes referred to as server site dynamic documents.
3. Active Documents
For many applications, we need a program or script to be run at the client site. These are called
as active documents. For example, suppose we want to run a program that creates animation
graphics on the screen. Definitely, the program needs to be run at the client site where
animation action takes place. When a browser requests an active document, the server sends a
copy of the script or document; then, the document is run at the client.
Java Applets:
Java applets are used to create an active document. Java is a high level, an object-oriented
programming language which allows a programmer to write an active document and browser
to run it. It can also be a stand-alone program that doesn’t use a browser. An applet is a program
which is written in java on the server. It is compiled and ready to be run.
The document is always in binary format. The client first creates an instance of this applet and
then run it. The browser can run Java applets in two ways; one way is the browser directly
request a java applet program in URL and receives the applet in binary format, the another way
is browser can retrieve and run HTML file that has embedded the applet’s address as a tag.
HTTP (Hyper Text Transfer Protocol)

The Hypertext Transfer Protocol (HTTP) is application-level protocol for collaborative,
distributed, hypermedia information systems. It is the data communication protocol used to
establish communication between client and server.
HTTP is TCP/IP based communication protocol, which is used to deliver the data like image
files, query results, HTML files etc on the World Wide Web (WWW) with the default port is
TCP 80. It provides the standardized way for computers to communicate with each other.
The Basic Characteristics of HTTP (Hyper Text Transfer Protocol):
It is the protocol that allows web servers and browsers to exchange data over the web.
It is a request response protocol.
It uses the reliable TCP connections by default on TCP port 80.
It is stateless means each request is considered as the new request. In other words, server doesn't
recognize the user by default.
The Basic Features of HTTP (Hyper Text Transfer Protocol):
HTTP is media independent: It specifies that any type of media content can be sent by HTTP
as long as both the server and the client can handle the data content.
HTTP is connectionless: It is a connectionless approach in which HTTP client i.e., a browser

initiates the HTTP request and after the request is sent the client disconnects from server and
waits for the response.
HTTP is stateless: The client and server are aware of each other during a current request only.
Afterwards, both of them forget each other. Due to the stateless nature of protocol, neither the
client nor the server can retain the information about different request across the web pages.
The Basic Architecture of HTTP (Hyper Text Transfer Protocol):

The below diagram represents the basic architecture of web application and depicts where
HTTP stands:
HTTP is request/response protocol which is based on client/server based architecture. In this

protocol, web browser, search engines, etc. behave as HTTP clients and the Web server like
Servlet behaves as a server
FTP
o FTP stands for File transfer protocol.
o FTP is a standard internet protocol provided by TCP/IP used for transmitting the files
from one host to another.
o It is mainly used for transferring the web page files from their creator to the computer
that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.
Objectives of FTP
o It provides the sharing of files.
o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.
Why FTP?
Although transferring files from one system to another is very simple and
straightforward, but sometimes it can cause problems. For example, two systems may
have different file conventions. Two systems may have different ways to represent text
and data. Two systems may have different directory structures. FTP protocol
overcomes these problems by establishing two connections between hosts. One
connection is used for data transfer, and another connection is used for the control
connection.
Mechanism of FTP
The above figure shows the basic model of the FTP. The FTP client has three
components: the user interface, control process, and data transfer process. The server
has two components: the server control process and the server data transfer process.
There are two types of connections in FTP:

o Control Connection: The control connection uses very simple rules for
communication. Through control connection, we can transfer a line of command or
line of response at a time. The control connection is made between the control
processes. The control connection remains connected during the entire interactive FTP
session.
o Data Connection: The Data Connection uses very complex rules as data types may
vary. The data connection is made between data transfer processes. The data
connection opens when a command comes for transferring the files and closes when
the file is transferred.
FTP Clients
o FTP client is a program that implements a file transfer protocol which allows you to
transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files between
you and your host and close the connection.
o The FTP program is also available as a built-in component in a Web browser. This GUI
based FTP client makes the file transfer very easy and also does not require to
remember the FTP commands.
Advantages of FTP:
o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest
way to transfer the files from one computer to another computer.
o Efficient: It is more efficient as we do not need to complete all the operations to get
the entire file.
o Security: To access the FTP server, we need to login with the username and password.
Therefore, we can say that FTP is more secure.
o Back & forth movement: FTP allows us to transfer the files back and forth. Suppose
you are a manager of the company, you send some information to all the employees,
and they all send information back on the same server.
Disadvantages of FTP:
o The standard requirement of the industry is that all the FTP transmissions should be
encrypted. However, not all the FTP providers are equal and not all the providers offer
encryption. So, we will have to look out for the FTP providers that provides encryption.
o FTP serves two operations, i.e., to send and receive large files on a network. However,
the size limit of the file is 2GB that can be sent. It also doesn't allow you to run
simultaneous transfers to multiple receivers.
SMTP
o SMTP stands for Simple Mail Transfer Protocol.
o SMTP is a set of communication guidelines that allow software to transmit an electronic
mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and it
also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the errors
such as incorrect email address. For example, if the recipient address is wrong, then
receiving server reply with an error message of some kind.
Components of SMTP
o First, we will break the SMTP client and SMTP server into two components such as user
agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares the message,
creates the envelope and then puts the message in the envelope. The mail transfer
agent (MTA) transfers this mail across the internet.
o SMTP allows a more complex system by adding a relaying system. Instead of just
having one MTA at sending side and one at receiving side, more MTAs can be added,
acting either as a client or server to relay the email.
o The relaying system without TCP/IP protocol can also be used to send the emails to
users, and this is achieved by the use of the mail gateway. The mail gateway is a relay
MTA that can be used to receive an email.
Working of SMTP
1. Composition of Mail: A user sends an e-mail by composing an electronic mail
message using a Mail User Agent (MUA). Mail User Agent is a program which is used
to send and receive mail. The message contains two parts: body and header. The body
is the main part of the message while the header includes information such as the
sender and recipient address. The header also includes descriptive information such as
the subject of the message. In this case, the message body is like a letter and header is
like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient and
domain name. For example, vivek@gmail.com, where "vivek" is the username of the
recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's
domain name, then MSA will send the mail to the Mail Transfer Agent (MTA). To relay
the email, the MTA will find the target domain. It checks the MX record from Domain
Name System to obtain the target domain. The MX record contains the domain name
and IP address of the recipient's domain. Once the record is located, MTA connects to
the exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which stores
the e-mail where it waits for the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using MUA
(Mail User Agent). MUA can be accessed by using login and password.
MIME Protocol
MIME stands for Multipurpose Internet Mail Extensions. It is used to extend the
capabilities of Internet e-mail protocols such as SMTP. The MIME protocol allows the
users to exchange various types of digital content such as pictures, audio, video, and
various types of documents and files in the e-mail. MIME was created in 1991 by a
computer scientist named Nathan Borenstein at a company called Bell
Communications.
MIME is an e-mail extension protocol, i.e., it does not operate independently, but it
helps to extend the capabilities of e-mail in collaboration with other protocols such
as SMTP. Since MIME was able to transfer only text written file in a limited size English
language with the help of the internet. At present, it is used by almost all e-mail related
service companies such as Gmail, Yahoo-mail, Hotmail.
Need of MIME Protocol
MIME protocol is used to transfer e-mail in the computer network for the following
reasons:
1. The MIME protocol supports multiple languages in e-mail, such as Hindi, French,
Japanese, Chinese, etc.
2. Simple protocols can reject mail that exceeds a certain size, but there is no word limit
in MIME.
3. Images, audio, and video cannot be sent using simple e-mail protocols such as SMTP.
These require MIME protocol.
4. Many times, emails are designed using code such as HTML and CSS, they are mainly
used by companies for marketing their product. This type of code uses MIME to send
email created from HTML and CSS.
MIME Header
MIME adds five additional fields to the header portion of the actual e-mail to extend
the properties of the simple email protocol. These fields are as follows: MIME Version
1. Content Type
2. Content Type Encoding
3. Content Id
4. Content description
1. MIME Version
It defines the version of the MIME protocol. This header usually has a parameter value
1.0, indicating that the message is formatted using MIME.
2. Content Type
It describes the type and subtype of information to be sent in the message. These
messages can be of many types such as Text, Image, Audio, Video, and they also have
many subtypes such that the subtype of the image can be png or jpeg. Similarly, the
subtype of Video can be WEBM, MP4 etc.
3. Content Type Encoding
In this field, it is told which method has been used to convert mail information into
ASCII or Binary number, such as 7-bit encoding, 8-bit encoding, etc.
4. Content Id
In this field, a unique "Content Id" number is appended to all email messages so that
they can be uniquely identified.
5. Content description
This field contains a brief description of the content within the email. This means that
information about whatever is being sent in the mail is clearly in the "Content
Description". This field also provides the information of name, creation date, and
modification date of the file.
Example of Content description
Content-Description: attachment; filename = javatpoint.jpeg;

modification-date = "Wed, 12 Feb 1997 16:29:51 -0500";
Working diagram of MIME Protocol
Features of MIME Protocol

1. It supports multiple attachments in a single e-mail.
2. It supports the non-ASCII characters.
3. It supports unlimited e-mail length.
4. It supports multiple languages.
Introduction to Remote Login

Remote Login is a process in which user can login into remote site i.e. computer and use
services that are available on the remote computer. With the help of remote login a user is able
to understand result of transferring result of processing from the remote computer to the local
computer.
Figure – Remote login
It is implemented using Telnet.

Procedure of Remote Login :
1. When the user types something on local computer, then local operating system
accepts character.
2. Local computer does not interpret the characters, it will send them to TELNET
client.
3. TELNET client transforms these characters to a universal character set
called Network Virtual Terminal (NVT) characters and it will pass them to the
local TCP/IP protocol Stack.
4. Commands or text which is in the form of NVT, travel through Internet and it will
arrive at the TCP/IP stack at remote computer.
5. Characters are then delivered to operating system and which later on passed to
TELNET server.
6. Then TELNET server changes that characters to characters which can be
understandable by remote computer.
7. Remote operating system receives character from a pseudo-terminal driver, which
is a piece of software that pretends that characters are coming from a terminal.
8. Operating system then passes character to the appropriate application program.
Figure – Remote login procedure
NVT Character Set :

• With NVT Character set, TELNET client translates characters into NVT
form and deliver to network.
• TELNET server translates data and commands from NVT form to the
other form that will be understandable by remote computer.
• NVT uses 2 sets of characters, one for data and other for control. Size of
both characters is 8-bit bytes.
• For data, NVT is an 8-bit character set in which 7 lowest bits are same
as ASCII and highest order bit is 0.
• For control characters, NVT uses an 8-bit character set in which the
highest bit is set to 1.
World Wide Web (WWW) and its components

The World Wide Web is abbreviated as WWW and is commonly known as the web. The
WWW was initiated by CERN (European Council for Nuclear Research) in 1989.
WWW can be defined as the collection of different websites around the world, containing
different information shared via local servers (or computers).
History:
It is a project created, by Tim Berner Lee in 1989, for researchers to work together effectively
at CERN. is an organization, named the World Wide Web Consortium (W3C), which was
developed for further development of the web. This organization is directed by Tim Berner’s
Lee, aka the father of the web.
System Architecture:
From the user’s point of view, the web consists of a vast, worldwide connection of documents
or web pages. Each page may contain links to other pages anywhere in the world. The pages
can be retrieved and viewed by using browsers of which internet explorer, Netscape Navigator,
Google Chrome, etc are the popular ones. The browser fetches the page requested interprets
the text and formatting commands on it, and displays the page, properly formatted, on the
screen.
The basic model of how the web works are shown in the figure below. Here the browser is
displaying a web page on the client machine. When the user clicks on a line of text that is linked
to a page on the abd.com server, the browser follows the hyperlink by sending a message to
the abd.com server asking it for the page.
Here the browser displays a web page on the client machine when the user clicks
on a line of text that is linked to a page on abd.com, the browser follows the
hyperlink by sending a message to the abd.com server asking for the page.
Working of WWW:
The World Wide Web is based on several different technologies: Web browsers,
Hypertext Markup Language (HTML) and Hypertext Transfer Protocol (HTTP).
A Web browser is used to access web pages. Web browsers can be defined as
programs which display text, data, pictures, animation and video on the Internet.
Hyperlinked resources on the World Wide Web can be accessed using software
interfaces provided by Web browsers. Initially, Web browsers were used only for
surfing the Web but now they have become more universal. Web browsers can
be used for several tasks including conducting searches, mailing, transferring
files, and much more. Some of the commonly used browsers are Internet
Explorer, Opera Mini, and Google Chrome.
Features of WWW:
• HyperText Information System
• Cross-Platform
• Distributed
• Open Standards and Open Source
• Uses Web Browsers to provide a single interface for many services
• Dynamic, Interactive and Evolving.
Components of the Web: There are 3 components of the web:
1. Uniform Resource Locator (URL): serves as a system for resources on

the web.
2. HyperText Transfer Protocol (HTTP): specifies communication of
browser and server.
3. Hyper Text Markup Language (HTML): defines the structure,
organisation and content of a webpage.
Working principles of email
Working of Email
The email refers to the electronic means of communication of sending and receiving messages
over the Internet. Email is the most common form of communication nowadays. An email has
significantly evolved over the past couple of years. There are now stronger sync and messaging
features along with stronger security and spam-related features.
Components of an Email:
1. Sender: The sender creates an email in which he records the information that
needs to be transferred to the receiver.
2. Receiver: The receiver gets the information sent by the sender via email.
3. Email address: An email address is just like a house address where the
communication arrives for the sender and receiver and they communicate with each
other.
4. Mailer: The mailer program contains allows the ability to read, write, manage and
delete the emails like Gmail, Outlook, etc.
5. Mail Server: The mail server is responsible for sending, receiving, managing, and
recording all the data proceeded by their respective mail programs and then
processing them to their respective users.
6. SMTP: SMTP stands for Simple mail transfer protocol. SMTP basically uses the
internet network connection to send and receive email messages over the Internet.
Protocols of Email:
Emails basically use two types of standard protocols for communication over the Internet. They
are-
1. POP3: POP3 stands for post office protocol version3 for email. Similar to a post
office, our approach is just to drop the email over the service mail provider and then
leave it for services to handle the transfer of messages. We can be even disconnected
from the Internet after sending the email via POP. Also, there is no requirement of
leaving a copy of the email over the web server as it uses very little memory. POP
allows using concentrate all the emails from different email addresses to accumulate
on a single mail program. Although, there are some disadvantages of POP
protocol like the communication medium is unidirectional, i.e it will transfer
information from sender to receiver but not vice versa.
2. IMAP: IMAP stands for Internet message access protocol. IMAP has some
special advantages over POP like it supports bidirectional communication over
email and there is no need to store conversations on servers as they are already well-
maintained in a database. It has some advanced features like it tells the sender that
the receiver has read the email sent by him.
Working of Email
1. When the sender sends the email using the mail program, then it gets redirected to
the simple mail transfer protocol which checks whether the receiver’s email address
is of another domain name or it belongs to the same domain name as that of the
sender (Gmail, Outlook, etc.). Then the email gets stored on the server for later
purposes transfer using POP or IMAP protocols.
2. If the receiver has another domain name address then, the SMTP protocol
communicates with the DNS (domain name server) of the other address that the
receiver uses. Then the SMTP of the sender communicates with the SMTP of the
receiver which then carries out the communication and the email gets delivered in
this way to the SMTP of the receiver.
3. If due to certain network traffic issues, both the SMTP of the sender and the receiver
are not able to communicate with each other, the email to be transferred is put in a
queue of the SMTP of the receiver and then it finally gets receiver after the issue
resolves. And if due to very bad circumstances, the message remains in a queue for
a long time, then the message is returned back to the sender as undelivered.
From Sender to Receiver:
The sender first needs the email address of the receiver to send the information to
be communicated via email. When the sender writes all the information in the email
along with the email address of the receiver and clicks on the send button, the mail program
transfers the message to the MTA (Mail Transfer Agent) which is transferred from the local
computer of the sender to the mail server via the SMTP protocol.
Then the webmail server looks out for the similar mail transfer agent of the receiver and locates
it whether it is using the same DNS (domain name server) or a different service. The DNS
looks for the mail exchanger service of the receiver. Now, the SMTP protocol transfers the
message between both mail servers through their mailing agents. Then the receiver’s MTA
finally transfers this message to the receiver’s local computer.
In case, the receiver uses POP protocol then when he receives the email, then the copy of the
email at the webserver will get deleted. And if he uses IMAP then the copy of the email gets
stored on the webserver and it can be changed at any time by the user.
What is SSH protocol in networking?

SSH refers to the protocol by which network communications can take place safely and
remotely via an unsecured network. SSH enables a variety of crucial functions: protected file
transfers, automated processes, command execution, and remote access to private
network systems, devices, and applications.
When it was first developed, SSH sought to address the security lapses of Telnet, a protocol
that allows one computer to log into another on the same open network. In its original form,
distinguished as SSH-1, secure shell protocol made great leaps in networking operation security
but had a few notable design vulnerabilities. The detection of these vulnerabilities led to version
SSH-2.
Today, most systems that utilize SSH support SSH-2. The updates of this version have
strengthened the protocol and made it a reliable cryptographic method of remote
networking. By authenticating and encrypting every session, SSH in networking protects data
against overt/direct forms of cyberattack perpetrated by system hijackers, as well as subtler
forms of information theft like packet sniffing.
Understanding how secure shell protocol facilitates and secures networking operations means
you can configure the remote administration solutions that best suit your customers’ businesses.
SSH protocol explained

The first step to answering the question, “How does SSH work?” is gaining a clear view of
how it interacts with other internet protocols to accomplish network services.
SSH works within a network through a client/server architecture. An SSH client is the program
that runs SSH protocol from a specific device in order to access remote machines, automate
data transfers, issue commands, and even manage network infrastructure. The client/server
model means that the network system components being used to establish an SSH secure
connection must be enabled for SSH. This can mean installing the proper software, or simply
utilizing the SSH services program the computer has built in.
Next, it’s crucial to understand the layers within and around SSH referred to as the protocol
stack. SSH has three components: transport layer protocol (TLP), user authentication protocol,
and connection protocol. The three layers do the following:
1. Transport layer protocol: The TLP serves to authenticate the server and establish
confidentiality and integrity. According to the Request for Comments (RFC) memo
4251, TLP should be held to a standard of perfect forward secrecy. In essence, even if
a compromise were to happen during one session, it would not affect the security of
past sessions. Perfect forward secrecy (PFS) represents significant progress in data
transfer protocol, because it means that even if the server’s private key were to fall into
the wrong hands a hacker would not be able to retroactively gain access to previously
transmitted data. With PFS, each new session is independently secure, assuring that the
total confidentiality of past sessions remains intact.
2. User authentication protocol: As indicated by its title, the user authentication protocol
authenticates the user to the server, confirming the identity of the agent operating as the
client.
3. Connection protocol: The connection protocol mutiplexes the SSH tunnel. In other
words, the connection protocol creates distinct data streams, or logical channels, from
a single client/server connection.
The sequential actions of these three protocol layers allow the SSH protocol to successfully
secure connections, encrypt data, and transfer data along different channels.
Working of Domain Name System (DNS) Server

Prerequisite – Domain Name System (DNS) in Application Layer
In the world of networking, computers do not represent by names like humans do, they
represent by numbers because that is how computers and other similar devices talk and identify
with each other over a network, which is by using numbers such as IP addresses.
Humans on the other hand are accustomed to using names instead of numbers, whether is
talking directly to another person or identifying a country, place, or things, humans identify
with names instead of numbers. So in order to bridge the communication gap between
computers and humans and make the communication of a lot easier networking engineers
developed DNS.
DNS stands for a Domain Name System.
DNS resolves names to numbers, to be more specific it resolves domain names to IP addresses.
So if you type in a web address in your web browser, DNS will resolve the name to a number
because the only thing computers know are numbers.
Working:
If you wanted to go to a certain website you would open up your web browser and type in
domain name of that website. Let us use google.com. Now technically you really do not have
to type in google.com to retrieve Google web page, you can just type in IP address instead if
you already know what google’s IP address is, but since we are not accustomed to memorizing
and dealing with numbers, especially when there are millions of websites on Internet, we can
just type in domain name instead and let DNS convert it to an IP address for us.
So back to our example, when you type google.com on your web browser DNS server will
search through its cache to find a matching IP address for that domain name, and when it finds
it it will resolve that domain name to IP address of Google web site, and once that is done then
your computer is able to communicate with a Google web server and retrieve the webpage.
So DNS basically works like a phone book, when you want to find a number, you do not look
up number first, you look up name first then it will give you the number. So to break this down
into further detail, let us examine the steps that DNS takes. So when you type in google.com
in your web browser and if your web browser or operating system cannot find IP address in its
own cache memory, it will send a query to next level to what is called resolver server. Resolver
server is basically your ISP or Internet service provider, so when resolver receives this query,
it will check its own cache memory to find an IP address for google.com, and if it cannot find
it it will send query to next level which is root server. The root servers are the top most server
in the DNS hierarchy.
There are 13 sets of these root servers from a.root-servers.net to m.root-servers.net and they
are strategically placed around world, and they are operated by 12 different organizations and
each set of these root servers has their own unique IP address. So when root server receives
query for IP address for google.com, root server is not going to know what IP address is, but
root server does know where to send resolver to help it find IP address. So root server will
direct resolver to TLD or top-level domain server for .com domain. So resolver will now ask
TLD server for IP address for google.com.
Difference Between POP3 and IMAP
Parameter POP3 IMAP
Full Form POP3 is an abbreviation for Post Office IMAP is an abbreviation for Internet
Protocol 3. Message Access Protocol.
Introduction The POP is an Internet standard protocol on The IMAP is a protocol that allows
the application layer that the local email distant users to access their emails
clients use for retrieving emails from any directly from the server and read them
remote server over the TCP/IP connection. on any device at any location feasible
for them.
Complexity POP3 is a very simplified protocol. It can The IMAP protocol is very complex. It
only download the emails on the local allows all the users to view their email
computer from the inbox. folders easily and read them on the mail
server itself (from any device they
want).
Email A user cannot organize the emails on the IMAP allows its users to organize their
Organization server using POP3. available emails on the server.
Need to POP3 downloads the mail first and then You can partially read your emails
Download allows its users to read them. before downloading them in the case of
IMAP.
Multiaccess POP3 only allows a single device at a time to IMAP allows multiple devices at a time
access the emails. to access and read the available mails.
Updating of A user cannot update or create emails on the You can use the IMAP protocol for
Emails mail server by using the POP3 protocol. updating or creating emails. It is easy to
do so with a web interface or email
software.
Search Emails You cannot search for mail content on any You can easily search for mail content
mail server using the POP3 protocol. The on any mail server using IMAP without
user needs to download the mail first and then downloading them.
search for the required content.
Change and POP3 does not allow its users to alter or IMAP allows its users to use an email
Delete delete any email available on the mail server. software or a web interface to alter or
delete the available emails.
Speed POP3 is very fast. IMAP is slow as compared to POP3.
Syncing of It does not allow syncing of a user’s emails. Users can sync their emails using this
Mails protocol.
Storage of It downloads the content on the local device It always stores content on the mail
Content unless someone selects a “Keep a copy on the server.
server” via settings.
Direction Unidirectional – The changes that you make Bi-directional – Whenever you make
on a device have zero effect on the content changes on the device or server, it shows
available on the server. on the other side as well.
Offline Usage You can read the emails offline because The downloaded mails are available for
POP3 downloads them on the device. The the user to read, edit, and delete offline.
device only goes online to download new Any changes that one makes on the
emails. device get synced with the server.
Current POP3 IMAP4rev1

Versions

ACN Notes

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ACN Notes

Uploaded by

Copyright:

Available Formats

Advanced Computer Networks 22MCAC102 Notes

Topics - Transmission modes, topologies, infrared waves, switching, transmission media,

Introduction of Classful IP Addressing

Some points to be noted about dotted decimal notation:

Note: IP addresses are globally managed by Internet Assigned Numbers

An intruder may intercept an IP packet and make a copy of it.

This type of attack can be prevented using an origin authentication mechanism

IP spoofing is a technique often used by attackers to launch distributed

Network Address Translation

NAT enables hosts on a network to use Internet with local addresses.

Addresses reserved for internal use range from 172.16.0.0 to 172.31.255.255

Network Address Translation (NAT) working –

Internet Control Message Protocol (ICMP)

• ICMP is a network layer protocol.

Types of ICMP messages

Error-Reporting Messages 3 Destination unreachable

Query Message 8 or 0 Echo request or reply

13 or 14 Timestamp request or reply

10 or 9 Router Solicitation or advertisement

• Source Quench − It requests to decrease the traffic rate of message

• Type − The type field identifies the type of the message.

Border Gateway Protocol

Internet Protocol version 6 (IPv6)

In IPv6 representation, we have three addressing methods :

IP version 6 Header Format :

Congestion Control Mechanisms

• Congestion control is a mechanism for improving performance.

• In open-loop congestion control, policies are applied to prevent congestion

– In implicit signaling, there is no communication between the congested node or

– The explicit-signaling method is different from the choke-packet method.

• DHCP – DYNAMIC HOST CONFIGURATION PROTOCOL

• DHCP is derived from an earlier protocol called BOOTP.

Drawbacks of manual configuration

• A lot of work to configure all the hosts in a large network

• Configuration process is error-prune

• For these reasons, automated configuration methods are required.

• DHCP is based on a client/server model.

• DHCP server is responsible for providing configuration information to hosts.

• There is at least one DHCP server for an administrative domain.

• A newly booted or attached host sends a DHCPDISCOVER message to a special IP address

– The Internet Protocol is the key tool used today to

– Service Model defines the host-to-host services that we want to provide

– The IP service model can be thought of as having two parts:

• A DATAGRAM DELIVERY MODEL – A connectionless model of data delivery.

• IP PACKET FORMAT / IP DATAGRAM FORMAT

– The IP datagram consists of a header followed by a number of bytes of data.

• UNICAST ROUTING ALGORITHMS

• There are three main classes of routing protocols:

• Distance Vector Routing Algorithm – Routing Information Protocol

• Link State Routing Algorithm – Open Shortest Path First Protocol

• Path-Vector Routing Algorithm - Border Gateway Protocol

DISTANCE VECTOR ROUTING (DSR)

ROUTING INFORMATION PROTOCOL (RIP)

BELLMAN - FORD ALGORITHM

– Distance vector routing is distributed, i.e., algorithm is run on all nodes.

– Nodes construct a vector (Destination, Cost, NextHop) and distributes to its

– In given network, cost of each link is 1 hop.

– Distance for non-neighbors is marked as unreachable with value ∞ (infinity).

– For each destination, Total Cost is computed as:

• Total Cost = Cost (Node to Neighbor) + Cost (Neighbor to Destination)

– If Total Cost < Cost then

• Cost = Total Cost and NextHop = Neighbor