TDC 375-701
Worksheet 3
2009-09-23
From TCP/IP Protocol Suite, 4th Edition, answer:
6.7, Questions 2, 4, 6, 8, 14, 16, 17
7.12, Questions 2, 7, 8, 9, 10, 12, 13
Also answer the following questions:
Q. What are some advantages and disadvantages to running a
"default-free" network attached to the public Internet?
Q. The use of IP option fields is typically very rare. Discuss
why you think this is.
Q. What if any header fields in an IP datagram have to change when
passing a router. Explain your reasoning.
Q. Visit:
and examine some of the latest weekly report data. What stands
out? What is surprising? What is not surprising? What do you
not understand? What do you think "Netflow" means exactly?
Q. People often posted packet dumps online for troubleshooting
assistance. Here are two examples of someone trying to hide
a destination IP address. Can you can recover the obfuscated IP
address in each example?
Example 1:
Here is a representative example of one of the packets, taken with
tcpdump:
09:39:07.148532 65.197.243.120.2557 > mercury.80: S [tcp sum ok]
263101219:263101219(0) win 8192 (DF) (ttl 106,
id 39171, len 44)
0x0000 4500 002c 9903 4000 6a06 b6eb 41c5 f378
0x0010 839c 0803 09fd 0050 0fae 9b23 0000 0000
0x0020 6002 2000 027b 0000 0204 0564 0000
Example 2:
We also see those tcp 21536 packets. Did you also observe UDP 37852
packets ? We are trying to determine if they are due to similar
problem.
Capture of packets (anonymized) follow :
08:09:30.529936 194.133.58.129.55 > XXX.XXX.142.42.37852: udp 10
(ttl 53, id 46545)
4500 0026 b5d1 0000 3511 6ff4 c285 3a81
XXXX 8e2a 0037 93dc 0012 0bb5 0000 0000
0000 0000 0000 0000 3335 3420 456e
Q. MPLS is often popular with some big net operators, the reason is
most often "traffic engineering". What is traffic engineering in
this context and why or why not use IP without MPLS?
$Id: worksheet3.txt,v 1.1 2009/09/23 02:02:24 jtk Exp $