BSc CSIT (TU) Science Computer Networks (BSc CSIT, CSC258) Question Paper 2077 Nepal

TCP (Transmission Control Protocol)

TCP is a connection-oriented, reliable, byte-stream transport-layer protocol of the TCP/IP suite. It provides reliable, in-order delivery using sequence numbers and acknowledgements, flow control (sliding window), congestion control, and full-duplex communication between two endpoints identified by port numbers.

TCP Segment Structure

A TCP segment has a 20-byte fixed header (up to 60 bytes with options) followed by data:

Three-Way Handshake (Connection Establishment)

Used to synchronize sequence numbers and open a connection:

1. SYN: Client sends a segment with SYN=1 and initial sequence number seq = x.
2. SYN+ACK: Server replies with SYN=1, ACK=1, its own seq = y, and ack = x+1.
3. ACK: Client sends ACK=1 with seq = x+1, ack = y+1. Connection is now ESTABLISHED.

Client                         Server
  | ---- SYN seq=x ----------> |
  | <-- SYN/ACK seq=y ack=x+1- |
  | ---- ACK seq=x+1 ack=y+1-> |

Connection Termination (Four-Way Handshake)

TCP is full-duplex, so each direction is closed independently:

1. FIN: Initiator sends FIN=1 to close its side.
2. ACK: Peer acknowledges the FIN.
3. FIN: Peer sends its own FIN=1 when it has finished sending.
4. ACK: Initiator acknowledges; it then waits in TIME_WAIT state (typically 2×MSL) before fully closing to ensure stray segments expire.

  | ---- FIN ----> |
  | <--- ACK ----- |
  | <--- FIN ----- |
  | ---- ACK ----> |  (TIME_WAIT)

Error Detection and Correction in the Data Link Layer

The data link layer adds redundant bits to data so the receiver can detect (and sometimes correct) errors caused by noise during transmission.

A. Error Detection Techniques

1. Parity Check (VRC): Append one parity bit so the total number of 1s is even (even parity) or odd. Detects all single-bit (odd number of) errors but not even-numbered errors.
2. Two-Dimensional / Longitudinal Parity (LRC): Parity computed per row and per column; detects most burst errors.
3. Checksum: Data divided into k-bit words, summed using 1's-complement arithmetic; the complemented sum is sent. Receiver re-adds all words plus checksum; result of all 1s means no error.
4. Cyclic Redundancy Check (CRC): Most powerful detection method (see below).

B. CRC (Cyclic Redundancy Check)

CRC treats the bit string as a polynomial and divides it (modulo-2) by an agreed generator polynomial $G(x)$.

Steps (sender):

1. Generator has degree $r$; append $r$ zero bits to the data $D$.
2. Divide the augmented data by $G$ using modulo-2 (XOR) division.
3. The $r$-bit remainder is the CRC; transmit $D$ followed by the remainder.

Receiver: divides the received frame by $G$; remainder $0 \Rightarrow$ no detected error.

Example: Data $= 1101011011$, $G = 10011$ (degree $r=4$). Append 4 zeros → $11010110110000$. Modulo-2 division by $10011$ gives remainder $1110$. Transmitted frame $= 1101011011\,1110$. The receiver dividing this by $G$ obtains remainder $0000 \Rightarrow$ correct.

C. Hamming Code (Error Correction)

Hamming code can correct single-bit errors by inserting parity bits at positions that are powers of two ($1,2,4,8,\dots$). The number of parity bits $r$ satisfies:

where $m$ = data bits.

Example: Encode 4 data bits $1011$ (so $m=4$, need $r=3$, total 7 bits → Hamming(7,4)).

Positions: P1 P2 D1 P4 D2 D3 D4 = P1 P2 1 P4 0 1 1.

• $P1$ checks positions 1,3,5,7 → bits $(1,0,1)$ → even parity ⇒ $P1=0$.
• $P2$ checks positions 2,3,6,7 → bits $(1,1,1)$ → ⇒ $P2=1$.
• $P4$ checks positions 4,5,6,7 → bits $(0,1,1)$ → ⇒ $P4=0$.

Codeword $= 0\,1\,1\,0\,0\,1\,1$. At the receiver, recomputing the parity checks yields a syndrome; if non-zero, its decimal value gives the exact position of the erroneous bit, which is then flipped to correct it.

Medium Access Control (MAC) Sub-layer

The MAC sub-layer is the lower part of the data link layer. When multiple stations share a single broadcast (multiple-access) channel, the MAC sub-layer decides which station may use the channel at a given time, resolving contention and minimizing collisions. It also handles physical (MAC) addressing and framing for the shared medium. Access methods include random access (ALOHA, CSMA), controlled access (token passing, polling), and channelization (FDMA, TDMA, CDMA).

CSMA/CD (Carrier Sense Multiple Access with Collision Detection)

Used in traditional wired Ethernet (IEEE 802.3).

Working principle:

1. Carrier sense: A station listens to the medium before transmitting.
2. If the channel is idle, it begins transmitting; if busy, it waits.
3. Collision detection: While transmitting, the station keeps listening. If it detects another signal (collision), it stops immediately and sends a jam signal to alert all stations.
4. Each colliding station waits a random time chosen by the binary exponential backoff algorithm, then retries.

Collision detection works on wires because a station can simultaneously transmit and sense the higher combined voltage.

CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)

Used in wireless LANs (IEEE 802.11 Wi-Fi), where collision detection is impractical (a station cannot transmit and listen at the same time, and hidden-node problems exist). So collisions are avoided instead of detected.

Working principle:

1. Carrier sense: station senses the channel.
2. If idle, it waits a DIFS interval, then transmits; if busy, it defers.
3. A random backoff timer is used before transmission to reduce simultaneous access.
4. Optional RTS/CTS handshake reserves the channel and solves the hidden-terminal problem.
5. The receiver returns an ACK after a SIFS; absence of ACK implies a collision/loss and the frame is retransmitted.

Key Difference

CIDR (Classless Inter-Domain Routing)

CIDR is an IP addressing scheme that replaces the rigid classful (A/B/C) system with variable-length subnet masking. Instead of fixed class boundaries, the network prefix length can be any value, written in slash notation as IP/n, where n is the number of bits in the network portion.

Benefits:

• Efficient use of the IPv4 address space (reduces wastage).
• Route aggregation / supernetting: many contiguous networks are advertised as a single route, shrinking routing tables.

Example: 192.168.16.0/20

• /20 means the first 20 bits are the network prefix → subnet mask 255.255.240.0.
• Host bits $= 32 - 20 = 12$, giving $2^{12} = 4096$ addresses (4094 usable hosts).
• Address range: 192.168.16.0 to 192.168.31.255.

A single CIDR block like 200.10.0.0/22 aggregates the four class-C networks 200.10.0.0, 200.10.1.0, 200.10.2.0, 200.10.3.0 into one routing entry.

Hub vs. Switch vs. Router

Summary: A hub simply repeats incoming bits to every port (causing collisions and inefficiency). A switch learns MAC addresses and forwards a frame only to the destination port, creating separate collision domains. A router connects different networks, makes forwarding decisions using IP addresses and a routing table, and separates broadcast domains (e.g., it connects a LAN to the Internet).

ARP (Address Resolution Protocol)

ARP is a network-layer protocol that maps a known logical (IPv4) address to the corresponding physical (MAC) address within the same local network. Hosts need the destination MAC address to build a data-link frame, but applications only know IP addresses; ARP bridges this gap.

How ARP Resolves IP → MAC

1. Cache check: The sender first checks its ARP cache (table of recent IP↔MAC mappings). If the entry exists, it is used directly.
2. ARP Request (broadcast): If not cached, the sender broadcasts an ARP request frame to the whole LAN (destination MAC = FF:FF:FF:FF:FF:FF), asking: "Who has IP X? Tell IP Y." It includes its own IP and MAC.
3. Reception: Every host on the LAN receives the broadcast and compares the target IP with its own.
4. ARP Reply (unicast): Only the host owning IP X replies directly (unicast) to the requester with its MAC address.
5. Caching: The sender stores the new IP↔MAC mapping in its ARP cache (with a timeout) and uses it to encapsulate and send the frame.

If the destination is on a different network, ARP resolves the MAC address of the default gateway (router) instead. The reverse mapping (MAC → IP) was historically handled by RARP.

HTTP (HyperText Transfer Protocol)

HTTP is the application-layer, request/response protocol used by the World Wide Web to transfer web resources (HTML, images, etc.) between a client (browser) and a web server. It runs over TCP on port 80 (HTTPS uses TLS on port 443) and is stateless — each request is independent (state is added via cookies).

Working

1. The client establishes a TCP connection to the server (three-way handshake), typically on port 80.
2. The client sends an HTTP request message consisting of:
   • A request line: method + URL + version, e.g. GET /index.html HTTP/1.1
   • Headers (e.g., Host, User-Agent, Accept)
   • An optional body (for POST/PUT).
3. The server processes the request and returns an HTTP response message containing:
   • A status line with a status code (e.g., 200 OK, 404 Not Found, 301 Moved, 500 Internal Server Error).
   • Headers (e.g., Content-Type, Content-Length).
   • The body (the requested resource).
4. The browser renders the response. With persistent connections (HTTP/1.1 keep-alive) the same TCP connection serves multiple requests; otherwise it is closed (non-persistent).

Common methods: GET (retrieve), POST (submit data), PUT (upload/replace), DELETE (remove), HEAD (headers only).

NAT (Network Address Translation)

NAT is a technique, usually run on a router/firewall, that translates private IP addresses (used inside a LAN) into one or more public IP addresses (used on the Internet), and vice-versa. It allows many internal hosts to share a limited number of public IPs, conserving the IPv4 address space and hiding the internal network topology.

Types of NAT

1. Static NAT: A one-to-one, fixed mapping between a private and a public IP. Used when an internal server must be reachable from outside at a constant address.
2. Dynamic NAT: Private addresses are mapped to public addresses drawn from a pool, on a first-come basis. Mappings are temporary.
3. PAT / NAT Overload (Port Address Translation): Many private IPs share a single public IP, distinguished by different port numbers. This is the most common form, used in home/office routers.

Uses / Advantages

• Conserves public IPv4 addresses (one public IP serves many hosts).
• Security/privacy: hides internal host addresses from the outside world.
• Allows reuse of the same private address ranges in many organizations.
• Lets an entire LAN access the Internet through a single ISP-assigned address.

Limitation: breaks true end-to-end connectivity and complicates protocols that embed IP addresses in their payload (e.g., FTP, SIP).

FTP (File Transfer Protocol)

FTP is an application-layer protocol used to transfer files between a client and a server over a TCP/IP network. It supports uploading, downloading, renaming, and deleting files and directories, and works with both ASCII (text) and binary transfer modes.

Two Connections (Out-of-Band Control)

A key feature of FTP is that it uses two separate TCP connections:

1. Control connection — port 21: Established for the whole session. It carries commands (e.g., USER, PASS, LIST, RETR, STOR) and responses/status codes. It stays open throughout.
2. Data connection — port 20 (active mode): Opened only when a file or directory listing is actually transferred, then closed after each transfer.

Working

1. The client opens a control connection to the server on port 21 and authenticates with a username and password.
2. Commands are exchanged over the control connection.
3. When data must move, a data connection is opened:
   • Active mode: the server initiates the data connection back to the client from port 20.
   • Passive mode (PASV): the server opens a port and the client initiates the data connection (firewall-friendly).
4. The file or directory listing is transferred over the data connection, which then closes.
5. The session ends with the QUIT command.

Note: Standard FTP sends credentials and data in plaintext; secure variants are FTPS (FTP over TLS) and SFTP (over SSH).

ICMP (Internet Control Message Protocol)

Purpose: ICMP is a network-layer protocol used by hosts and routers to send error-reporting and diagnostic/control messages about the state of IP delivery. IP itself is unreliable and connectionless, so when a datagram cannot be delivered or a problem occurs, ICMP reports it back to the source. ICMP messages are encapsulated inside IP datagrams (protocol number 1). It is also the basis of diagnostic tools such as ping and traceroute.

Common ICMP Message Types

Error-reporting messages:

• Destination Unreachable (type 3) — host/network/port not reachable.
• Time Exceeded (type 11) — TTL reached 0 (used by traceroute).
• Source Quench (type 4, deprecated) — congestion control.
• Parameter Problem (type 12) — invalid header field.
• Redirect (type 5) — better route available.

Query / control messages:

• Echo Request (type 8) and Echo Reply (type 0) — used by ping.
• Timestamp Request/Reply (types 13/14).

Note: ICMP only reports errors; it does not correct them or make IP reliable.

Symmetric vs. Asymmetric Key Cryptography

Summary: In symmetric cryptography the same secret key encrypts and decrypts, so it is fast but the key must be securely distributed. In asymmetric cryptography each party has a public/private key pair; data encrypted with one key can only be decrypted with the other, solving the key-distribution problem and enabling digital signatures, but at a higher computational cost. In practice, hybrid systems use asymmetric cryptography to exchange a symmetric session key, then use the faster symmetric cipher for bulk data.

Port Numbers and Socket Addresses

Port Numbers

A port number is a 16-bit identifier (range 0–65535) used by the transport layer (TCP/UDP) to identify a specific process or application running on a host. While an IP address identifies the machine, the port number identifies which application on that machine the data belongs to — this is called multiplexing/demultiplexing.

Port ranges (IANA):

• Well-known ports (0–1023): standard services, e.g., HTTP 80, HTTPS 443, FTP 20/21, SSH 22, DNS 53, SMTP 25.
• Registered ports (1024–49151): assigned to user applications.
• Dynamic / ephemeral ports (49152–65535): temporary ports for client sides.

Socket Address

A socket address is the combination of an IP address and a port number, written as IP:Port, which uniquely identifies a process endpoint on the network:

Example: 192.168.1.10:80 identifies the web-server process on host 192.168.1.10.

A complete TCP connection is uniquely defined by a pair of socket addresses — (source IP : source port, destination IP : destination port) — together with the protocol, forming the connection's 5-tuple.