Title: Chapters: All Final Review
1Chapters AllFinal Review
- Professor Rick Han
- University of Colorado at Boulder
- rhan_at_cs.colorado.edu
2Announcements
- All lectures, midterm solutions, HW 6 solutions
online - Ch. 8 samples, todays review online tonight
- Final is Tuesday May 6, 1030-1 pm
- Office Hours Monday 4-6 pm
- Next, final review
3Format of Final
- 2 ½ hours
- Comprehensive
- In class
- Closed book
- Calculator OK
- 5 multi-part questions
- About 30 minutes for each multi-part question
4Format of Final (2)
- 1 Question each on
- TCP
- security
- network layer/IP
- application layer
- 1 mystery question from midterm topics
5Potential Topics for Final
- List is not all-inclusive some topics may appear
on final not listed here - How does ___ work? Why is it used?
- Sections in textbook relevant to final
- Chapter 1 1.1-1.3
- Chapter 2 2.1-2.8
- Chapter 3 3.1-3.2
- Chapter 4 4.1-4.4
- Chapter 5 5.1-5.2
- Chapter 6 6.2-6.4
- Chapter 7 none
- Chapter 8 8.1-8.4
- Chapter 9 9.1-9.2
6Potential Topics for Final (2)
- All topics in lecture notes are relevant to final
- Relevant topics in lecture notes but not in the
textbook - SACK TCP
- TCP extensions window scale time stamp
- Wireless TCP snoop
- Web caching proxies
- Load balancing via DNS, HTTP Redirect,
- NATs for address translation, firewalling, load
balancing - SMB/Samba
- Stream ciphers and WEP
7Potential Topics for Final (3)
- All topics listed in the Midterm Review, plus the
following - UDP
- Unreliable datagram delivery
- Header, Checksum
- Multiplexing/demultiplexing
- Under what conditions is UDP useful?
- TCP
- Reliable Stream Delivery
- Header, Checksum
- Why was it necessary to invent TCP?
8Potential Topics for Final (4)
- TCP (cont.)
- Connection setup
- How does a 3-way handshake work and why does it
work? - SYN, SYN/ACK
- How does FIN and FIN/ACK exchange differ from SYN
and SYN/ACK exchange? (half-closed) - State machine
- What states are traversed during connection
setup? - In a normal termination, how does TIME_WAIT state
differ from CLOSE_WAIT?
9Potential Topics for Final (5)
- TCP
- Sliding window
- Sequence s and segments
- Window-based flow control
- Cumulative ACKs
- Receiver window advertisements
- Sender-side vs. receiver-side sliding window flow
control - What is TCP Persist and why is it useful?
- TCP Extensions
- Timestamp address wrap-around with seq. s
- Window scaling keeps pipe full over LFNs
10Potential Topics for Final (6)
- TCP
- Adaptive Retransmission
- Under what conditions does TCP retransmit?
- Timeout
- 3 duplicate ACKs
- How is the RTT originally estimated?
- New RTT estimate a (old RTT estimate) (1 - a)
(new RTT) - How is the timeout originally computed from RTT?
- RTO b RTT, where b 2
- What were Karn/Partridges refinements to
original approach? - Recompute RTT only for unambiguous ACKs
- Backoff the timeout exponentially
11Potential Topics for Final (7)
- TCP
- Adaptive Retransmission
- What were Jacobsen/Karels refinements to timeout
algorithm? - Make the timeout a function of both the average
and deviation but why? - RTO Smoothed Ave 4 Smoothed Dev
12Potential Topics for Final (8)
- TCP
- Congestion Control
- W min (CW, FW) why?
- send no more packets than the network can handle
without loss - Sawtooth behavior of CW whats the basic
principle? - Probe network by expanding CW until loss, then
reduce CW, then grow CW again, etc. - Slow Start is actually exponential increase
- How does a sender detect that CW is too large?
- A timeout occurs
13Potential Topics for Final (9)
- TCP
- Congestion Control
- Additive Increase/Multiplicative Decrease
- After a timeout, divide CW by 2 and store in
ssthresh - Slow start up to ssthresh, then add a/CW if CW
packets in a RTT are safely ACKed - If 3 duplicate ACKs are received, then infer that
one segment has been lost - Retransmit immediately, rather than wait for a
timeout called Fast Retransmit - Cancel slow start, and drop CW to half its value
(approximately) rather than to one called Fast
Recovery
14Potential Topics for Final (10)
- TCP
- Congestion Avoidance
- Back off before there are packet losses
- Informed by increasing RTT Source-based
- Informed by routers of congestion DECbit
(explicit), RED (implicit by dropped packets) - Queueing Disciplines
- What is a drop-tail policy?
- How do Fair Queueing and Weighted Fair Queueing
enforce fairness? How are they work-conserving?
15Potential Topics for Final (11)
- SACK-TCP
- Why is this an improvement over vanilla TCP?
- How are selective ACKs achieved?
- Wireless TCP
- What is the major problem with TCP over wireless?
- Solutions
- End-to-End approaches ECN, ELN
- Split connection
- Link-Layer
- Snoop TCP is a hybrid TCP-aware
- Retransmit locally and suppress duplicate ACKs
all without having to terminate TCP connection - Advantages and disadvantages?
16Potential Topics for Final (12)
- Application Layer
- DNS
- Hierarchical naming
- Hierarchical resolution of names local, root
authoritative name servers with
iterative/recursive resolution - Load distribution DNS round robin
- HTTP
- Stateless Request/Response protocol using text
- Persistent HTTP 1.1
- HTTP Caching Proxies relevant headers?
- HTTP Redirect for load balancing
- SMTP, MIME, and how is email relayed via SMTP
mail gateways?
17Potential Topics for Final (13)
- Network Address Translation (NAT)
- How does it work?
- Replace senders IP addr and source TCP port with
NATs IP addr and source TCP port - Dynamic NAT serves as firewall
- Static NAT allows inbound traffic on designated
ports - Load balancing via NAT
- IPSec and NATs whats the conflict?
- TCP ports are encrypted
- Even if TCP ports were visible, cant modify
packet without causing tampering to be detected
via digital signature
18Potential Topics for Final (14)
- Security
- What are the six major characteristics of concern
in security? - Confidentiality
- Integrity
- Authentication
- Non-Repudiation
- Availability
- Authorization
- What are different types of cryptanalysis
attacks? - Brute force, ciphertext-only, known-plaintext,
chosen-plaintext, adaptive chosen-plaintext - Substitution (S-Box) and Transposition (P-Box)
19Potential Topics for Final (15)
- Security
- Symmetric Key Cryptography
- Same secret key on both endpoints
- DES uses 16 stages each employs principles of
confusion and diffusion - What is a block cipher, how is it vulnerable, and
how does Cipher-Block-Chaining (CBC) address
this? - How do stream ciphers work?
- What are various ways to securely distribute a
shared secret key to both endpoints? - Diffie-Helman Key Exchange
- Public key encryption of shared symmetric key
- Key Distribution Center (KDC) Kerberos
20Potential Topics for Final (16)
- Security
- Public Key Cryptography
- Asymmetric keys a public key and a private key
- Helps provide Confidentiality, Authentication,
Integrity - Based on the difficulty of inverting one-way
functions - How does RSA work? (see example)
21Potential Topics for Final (17)
- Security
- Authentication via
- public-key digital signatures
- 3-way handshakes
- Trusted 3rd party
- Public keys (Fig. 8.11)
- How do one-way hashes provide data integrity?
- What are some counterexamples?
- Checksums for IP and WEP
22Potential Topics for Final (18)
- Security
- Secure distribution of public keys
- Trusted 3rd party Certificate Authorities (CA)
- What is a digital certificate and how does it
certify the provider of the certificate? - SSL/TLS how is the secure connection
established? - IPSec
- End-to-end encryption at the network layer
- Impact on NATs
- How do the two protocols AH and ESP provide
confidentiality, integrity, and/or
authentication? - How is a VPN created using IPSec?
23Potential Topics for Final (19)
- Security
- Firewalls
- Packet filters
- Proxies
- What are some sample policies that firewalls
could implement? How are they flawed? - Good luck on the Final!