TDC 375-901 Student Name: Mid-term Exam 2016-04-28 @ 5:45 PM * You have an entire class time to finish this exam. * NO calculators, books, mobile devices, etc. allowed. * You may use one 8 1/2" x 11" crib sheet (double sided) for notes. * Beat clear and neat, if I can't read it, it is wrong. * Don't panic. 1. Match the best description on the right with the item on the left that is best associated with that description. (13 points, partial credit given). ___ 0.0.0.0/0 a. Default, initial starting IPv4 TTL value in a traceroute ___ hop limit b. Maximum possible IPv4 TTL value in decimal ___ 128 c. Number of bits that make up an IPv6 address ___ 255 d. You should say this instead of 'Class C' ___ 5 e. Total number of unique /26 prefixes in a /24 ___ 4 f. Minimum value, in decimal, of the IPv4 IHL field ___ /24 g. Minimum number of bytes in an IPv4 header ___ 1 h. The IPv6 default route ___ ::1 i. The IPv6 loop back address ___ time exceeded j. The IPv6 equivalent of the IPv4 TTL field ___ 20 k. Expected ICMP message type routers return during a traceroute ___ ::/0 l. The least specific route possible in IPv4 ___ /32 m. A "host" route, or the most specific route, in IPv4 2. Given the notation 192.0.2.255/25, answer the following questions. (1 point each) a. How many total addresses are covered by that prefix? Note, there are no unusable addresses, just tell me the total integer count. b. Is 192.0.2.127 covered by this prefix? Yes or no? c. How many /27 prefixes could be formed out of this prefix? d. If this prefix had a directed broadcast address, what would that address be? 3. Which prefix below best covers the destination IP address 192.0.2.15? (1 point) ___ a. 0.0.0.0/0 ___ b. 192.0.2.0/28 ___ c. 192.0.2.0/29 ___ d. 192.0.2.0/32 4. Which prefix below best covers the destination IP address 192.0.2.128? (1 point) ___ a. 0.0.0.0/0 ___ b. 192.0.2.128/28 ___ c. 192.0.2.128/29 ___ d. 192.0.2.128/32 5. Which one of the following IPv4 header fields helps ensure IP datagrams (packets) will not exist (i.e. loop) on the network indefinitely? (1 point) ___ a. Fragment Offset ___ b. Protocol ___ c. TTL ___ d. Version 6. Select the fragment that best completes the sentence. (1 point) The IPv4 header fields that will always be updated when traversing any router are ... a. ___ header length and total length b. ___ the source address and destination address c. ___ total length and identification d. ___ TTL and header checksum e. ___ TTL and protocol f. ___ TTL, header checksum and options 7. If an IPv4 receiver calculates a different value for the checksum field that what it received, what should the receiver do? (1 point) ___ a. Signal an error to the user application it was going to ___ b. Forward the datagram to the default router ___ c. Silently discard the datagram ___ d. Request a re-transmission from the original source 8. If your destination is 192.0.2.255, which would be the best BGP route given the following information? (1 point) prefix AS path (next-as --> origin AS) ___ a. 192.0.0.0/8 [ 65000 ] ___ b. 192.0.2.0/24 [ 65100 65101 65102 65103 65000 ] ___ c. 192.0.0.0/22 [ 65200 65201 65004 ] ___ d. 0.0.0.0/0 [ 65501 65500 ] 9. When you run a traceroute command like the following: traceroute www.example.net what is typically the first thing traceroute will do? (1 point) ___ a. Set the TTL = 255 and send an ICMP or UDP probe to the destination ___ b. Perform a DNS A (and/or AAAA) query look up for www.example.net ___ c. Ping the destination to see if it is online ___ d. Send an IGMP join request to the traceroute multicast group 10. When a router has a packet that it would forward, but can't because the IPv4 TTL is zero, what will (should) it normally do? (1 point) ___ a. Silently discard the packet and forget it ever received it ___ b. Flood the packet out all local interfaces ___ c. Return an ICMP time exceeded message to the source ___ d. Increment the value just enough to reach the destination 11. Imagine from within DePaul's network, you ran a traceroute from a source host to 192.35.225.7 and this is the complete output of that attempt: $ traceroute -n ns1.dns.ucla.edu traceroute to 192.35.225.7, 30 hops max, 60 byte packets 1 140.192.218.129 0.469 ms 0.531 ms 0.582 ms 2 140.192.9.78 0.738 ms 0.783 ms 0.835 ms 3 140.192.9.148 11.705 ms 11.716 ms 11.709 ms 4 140.192.9.154 12.161 ms 12.162 ms 12.152 ms 5 64.57.28.205 12.139 ms 12.127 ms 12.114 ms 6 64.57.28.36 34.892 ms 48.195 ms 48.130 ms 7 64.57.28.57 35.826 ms 35.896 ms 35.905 ms 8 * * * 9 137.164.26.133 67.003 ms 66.842 ms 66.725 ms 10 137.164.27.6 59.239 ms 59.312 ms 59.382 ms 11 169.232.4.100 58.931 ms 58.729 ms 58.623 ms 12 169.232.8.7 58.943 ms 58.904 ms 58.760 ms 13 192.35.225.7 59.062 ms 58.990 ms 58.888 ms Answer the following questions (1 point each): a. Was this trace successful? If so, how many hops to 192.35.225.7? b. How many trace packets are sent? How many responses to each trace packet are received? c. What would be the IP TTL of any datagrams sent by the tracing station associated with the line marked as "8 * * *". d. What is the IP address of default router for the host performing the trace? 12. Assume two routers are misconfigured so that they each point to the other for the best next hop towards a destination. If a datagram arrives at one of those routers towards the destination in question, what will happen? Be specific and complete. (2 points) 13. Fill in the blanks with the best term, value or acronym (1 point each). IPv4 routers make their primary forwarding decision based on the ___________________________ field, which is ______ bits in length. The ____________________________ is the organization responsible for drafting and maintaining Internet Request for Comments (RFCs) documents. (continued on next page) The _______________________ program/utility, is a popular networking utility used to help discover the path of routers packets from a source to a destination traverses in an IPv4 network. It does this by altering the IPv4 ______________ field value for each step along the way. 14. True or false. The Type of Service field has been redefined and standardized as the Hop Limit and Explicit Congestion Notification (ECN) fields in IPv4 and IPv6. (1 point) 15. Which IP routing does jtk advocate you never actually use in any reasonable, real-world and "proper" network? (1 point) ___ a. BGP ___ b. IS-IS ___ c. OSPF ___ d. RIP 16. What step is not typically conducted as a result of your web browser being asked to render a page at a particular URL? (Assume the page is not cached and the destination domain name or IP address have not been used by the client before.) (1 point) ___ a. A BGP routing announcement is sent to peer router ___ b. A DNS query is sent to a DNS resolver ___ c. A routing decision towards the DNS resolver is made ___ d. The local hosts (or hosts.txt) file is consulted 17. Discuss the issue of source IP address spoofing on the Internet. What are the common reasons for seeing such packets and what are the consequences of them? What sorts of things can be done to proactively or re-actively limit them? (3 points, partial credit given) 18. Which of the following notations contains the largest number of addresses? (1 point) ___ a. 0.0.0.0/0 ___ b. ::1 ___ c. 192.0.2.0/1 ___ d. 2620:0:2250:2115::/64 19. Which unicast routing decision will an IP host never make? (1 point) ___ a. Copy a datagram onto all interfaces (all links broadcast) ___ b. Send a datagram directly to a neighbor (on attached interface) ___ c. Send a datagram to another via a relay (remote destination) ___ d. Send a datagram to itself (loopback or local address) 20. For your browser to load http://condor.depaul.edu/jkristof/tdc375, what part of that process is most likely to occur last (assume each of the following items happens once for this operation). (1 point) ___ a. Parse the URI (URL) in the web browser application ___ b. Send a TCP SYN to condor.depaul.edu ___ c. Send a ARP request for the default gateway's L2 address ___ d. Send a DNS query for condor.depaul.edu to a resolver 21. Which statement is not true? (1 point) ___ a. BGP inherits all the advantages and disadvantages of TCP as a transport protocol. ___ b. IS-IS runs directly over the IP layer ___ c. OSPF uses IP multicast destination addresses ___ d. IS-IS, OSPF and BGP are all capable of supporting IPv6 routes 22. What pair of guests came and talked to us last week? (1 point) ___ a. E.J. Gamarro, Maciej Leja ___ b. Jon Postel, J.C.R. Licklider ___ c. Mark Vixie, Paul Andrews ___ d. Dennis Kwerri, Dee H. Sepe 23. What block of addresses represents only the total IPv4 multicast address space? (1 point) ___ a. 0.0.0.0/0 ___ b. 10.0.0.0/8, 172.12.0.0/12, 192.168.0.0/16 ___ c. 127.0.0.1/8 ___ d. 224.0.0.0/4 ___ e. 240.0.0.0/4 24. What statement is not true about the operation and analysis of the Conficker C sinkhole? (1 point) ___ a. The worm infects Microsoft Windows computers ___ b. An infected host issues many seemingly random DNS queries ___ c. By IP address, the U.S. infection rate was modest compared to Brazil, China and Russia ___ d. The IETF ran 4 Apache sinkhole web servers for containment 25. In essay form, explain how the Internet works. Focus on the core protocols and systems that enable the movement of communications, not the applications used directly by end users. Obviously you might be able to write a book, but please don't. I suggest you outline the main protocols and subsystems and talk about how they are used and why. This is to see if you can convey a sense of understanding about networking and how networks work. Do use real world examples as applicable! Use the free space below and the back page as needed. (10 points) $Id: midterm.txt,v 1.1 2016/04/28 21:41:31 jtk Exp $