TDC 375 John Kristoff Final Exam Guide March 16, 2002 Exam Format The final exam is open book, open notes. However, no electronic devices of any kind are allowed (e.g. calculators, PDAs, laptops, dick tracy watches, cell phones, and pagers). Only basic math skill are necessary for the exam. You will have enough paper as necessary, but if you need more you can ask the proctor for additional sheets. A final work of caution, DO NOT CHEAT! Topics Covered The book, required reading and optional reading should be used as reference material to study from. However, class lectures and class discussions are as equally as important references for the exam. Below is a list of concepts you should have mastered in order to do well on the exam. I. Introduction to Network Protocols A. Addressing B. Fragmentation C. Routing D. Internet Protocols E. The end-to-end argument F. IETF G. NAPs and Exchanges II. Internet Protocol (IP) A. Addressing B. IPv4 addressing issues and solutions C. IPv6 III. Network Control A. ARP B. DHCP C. ICMP IV. Routing Protocols A. Static B. RIP C. OSPF D. BGP V. IP Multicast A. Addressing B. IP to Ethernet MAC mapping C. IGMP D. DVMRP E. PIM-DM F. PIM-SM G. MBGP H. MSDP VI. Transmission Control Protocl (TCP) A. Reliability B. Flow Control C. Connection setup, data transfer and connection termination phases D. Congestion control and avoidance mechanisms VII. User Datagram Protocol (UDP) A. Usage VIII. Network Management A. Simple Network Management Protocol (SNMP) IX. Random Early Detection (RED) and Explicit Congestion Notification (ECN) A. Basic operations X. Network Security A. Firewalls and permiter security B. Intrusion Detection Systems C. Network-based attacks The final exam is comprehensive. You should use the midterm and the midterm study guide for additional reference. In addition to the topics above, you should be familar with the tools, discussions and examples we used in class. Please review your course notes, course online material and course homepage for further reference. Sample Exam Questions (see midterm study guide for additional questions) 1. Checksums are calculated by the sender and added as part of some TCP/IP protocol header fields. What should receivers generally do when they receive a TCP/IP packet and in verifying the received checksum, they calculate a different value than what it is they received? 2. In TCP, what does an ACK do? 3. If there is a mandatory checksum field in IP packets, why is there also an additional checksum in the UDP header field? 4. What is something the the command line utility 'netstat' can tell you in Microsoft Windows or UNIX? 5. Describe what peering is. Who does it and why? What protocols or technologys are generally involved? 6. According to the proponents of RED, what are some of the disadvantages of tail drop router queueing strategies? 7. Describe all the necessary protocols required to carry an SNMP packet on a local LAN segment at DePaul University? 8. What is the maximum number of /26 networks you can make out of a /24 address space using IPv4? 9. BGP is not a link state protocol. It is also not a distance vector protocol. What kind of routing protocol is it? 10. Using traditional UDP scanning methods, how do you know when a UDP port is open on a remote host? 11. As described by Steve Bellovin, what sorts of attacks can the ICMP protocol be used to launch? 12. What is meant by 'policy routing'? 13. When does TCP slow start go into effect? 14. Why might the use of ICMP and UDP be a problem when you're trying to avoid a network capacity collapse? 15. Of the following, which address(es) should not be present in IP datagram source or destination address fields on the public Internet? a. 12.62.5.254 b. 242.52.9.54 c. 10.3.2.1 d. 140.192.5.255 e. 127.55.121.1 16. What is the difference between a packet filtering firewall and an application level gateway? 17. Give three completely different examples of something you could filter on with a packet filtering firewall. Use real TCP/IP packet/application examples. 18. What is the difference between a host IDS and a network IDS? 19. Can NAT be a hinderance to security? If so, how? If not, why not? 20. What are some current solutions to denial of service attacks? 21. When there is traffic shaping going on, what might actually be happening and how might be implemented? 22. What does TCP use to calculate the running round trip time timer? 23. TCP receivers and TCP senders each use a different type of mechanism for congestion or flow control. Describe the differences between each. 24. How does a TCP receiver notify the sender that its window is closed? 25. Identify 3 TCP port numbers and their associated applications. Do the same for UDP. 26. Describe the 3-way handshake. What is one of the primary purposes of the 3-way handshake other than simply establishing a connection? 27. What is the difference between a TCP connection initiation and connection shutdown? 28. Describe when fast retransmit and fast recovery come into play. 29. Describe the process of getting a (uncached) web page at CNN.com from a host at DePaul. 30. Discuss why security in the Internet is so challenging.