Here are some example questions for the midterms and final of CIS656.

Frame Types in Ethernet (Ether Types) (in hexadecimal):

IPv4	0800
IPv6	86DD
ARP	0806
RARP	8035

Protocol Identifiers:

ICMP	 1
IGMP	 2
IPv4	 4
TCP	 6
EGP	 8
UDP	17
IPv6	41
RSVP	46
OSPFIGP 89

Version numbers:

IPv4	4
IPv6	6

Keep all your responses  BRIEF  and  CONCISE  !!
Checksums: Explain what it is for, and over what bytes it is computed
(data only, or header only, or ...), but do  NOT  explain  HOW it is 
computed.

Typical questions:

1. Draw an ethernet packet and BRIEFLY describe the size, meaning, 
   and use of all fields.

2. Draw the header of an IP packet without options, BRIEFLY describe 
   the size, meaning and use of all fields. 

3. IPv6 has Version number 6, Protocol Identifier 41, and Frame Type
   (also called Ether Type) 86DD (in hexadecimal).
   Give examples of how each of these identifiers is used.
   BRIEFLY (!!) explain your answer.

4. Consider the network in Professor Ott's homepage, in ``spring 2002'',
   Simple Routing Example, Simple Mini Network.

(Assume TTLs are always sufficiently large.)

(A) Suppose the systems administrator wants to achieve that all packets 
that reach router 1 and have as destination the IP address of Host L+1 
on network 2 are delivered to the port of Host L+1 on Network 1. What 
ROUTE (entry in the routing table) does that system administrator put 
in the routing table of R1 to achieve this?
What do you call this kind of route?

(B) Suppose the same system administrator wants to achieve that all 
packets in R1 destined to an address on network 2 (but not host L+1) 
are forwarded to R3. What  ROUTE  does the system administrator 
put into R1 to achieve this? 

(C) Suppose the same system administrator wants to achieve that all 
packets that reach router R3 and have a destination address neither 
on network 1 nor on network 2 are forwarded to router 1. What  ROUTE  
does that system administrator put into R3 to achieve this?
What do you call this kind of route?

5. (A) When the ARP software in a computer broadcasts an ARP request, 
   does it use an IP broadcast address? If yes, which one?
   (B) Or does it use an address for a physical broadcast?
   (C) Or both?
   (D) or neither?
   BRIEFLY  explain your answer.

   Harder question: Suppose that in question 5 your answer is 
   ``physical broadcast only''. What additional information do 
   you need to be able to find out the actual physical broadcast 
   address? 

   (answer: you have to know the hardware type! If it is ethernet,
   the physical broadcast address is 48 ones).

6. Explain what the ``10'' and ``2'' and ``5'' and ``T'' mean in
   10Base2, 10Base5, 10Base-T .

7. In the ``classfull'' scheme, what is the class of 128.235.204.127 ?
   (Any address could be used!).

8. Describe the mask of the network (or subnetwork) 170.170.0.0/20  .

9. Suppose you did not know that the Ether Type of IPv6 is 86DD (hex).
   How would you find out? Give enough detail that ``anybody'' can
   follow your directions.

   Hint for this Saturday: Do it, and memorize the names of the URLs
   you use, items you click on, patterns you search for.
   This is one of the few cases where I encourage memorizing!

10. Given a specific network, and a specific router in that network, 
    and a specific IP packet, (will be given if this question is asked),
    describe what output interface the packet leaves from and the 
    fields in the packet. (Like the examples i did 02/09/2002).

11. Given a specific packet, and an MTU, describe how the packet will
    be fragmented to satisfy the MTU.
    (I  COULD  be tricky and give you a packet with  DF = 1).

12. Suppose we have an IPv6 packet inside an IPv4 packet, inside an
    ethernet packet.
    Give the Frame Type in the ethernet header, the version numbers 
    in the IPV4 and IPv6 headers, and the protocol identifier in the 
    IPv4 header.

13. Describe how a host gets the physical address of a different host 
    on the same subnet, of which it knows the IP address.

14. Look at the following output:

berman-41 ott>: ping -s ftp.nl.net 100 10
PING ftp.nl.net: 100 data bytes
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=0. time=111. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=1. time=108. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=2. time=115. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=3. time=88. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=4. time=113. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=5. time=120. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=6. time=116. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=7. time=102. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=8. time=109. ms
108 bytes from ftp0.svc.ops.eu.uu.net (195.129.111.8): icmp_seq=9. time=90. ms

----ftp.nl.net PING Statistics----
10 packets transmitted, 10 packets received, 0% packet loss
round-trip (ms)  min/avg/max = 88/107/120

What is the meaning of the numbers 100 and 10 in the command line?
What is the meaning of the number 108 on the next lines?
Give another name for the computer  ftp.nl.net  .
What is the IP address of  ftp0.svc.ops.eu.uu.net  ?

What is the size of the whole IP packets? (include ICMP and IP 
headers, but exclude frame headers, because you do not know the 
hardware type: probably is different on the multiple hops anyhow). 

Roughly, what is the distance from   berman  to   ftp.nl.net  in km?

(c = 300,000 km/sec, for the speed of light in glass and for the speed 
of electrical signal in coax etc take  c x .7 ).

Do not confuse one way delay and round trip time! (factor 1/2).

(Added 04/07/02)

All questions listed above are also typical for the second midterm and 
the final. Questions may be repeated. Other examples:

15. Draw the UDP header of a packet. Give the sizes of all fields, and
where appropriate the units. BRIEFLY describe for each field what it
means, what it is used for, etc.

16. Draw the TCP header of a packet (without options). Give the sizes
of all fields, and where appropriate the units. BRIEFLY describe for
each field what it means, what it is used for, etc.

17. Same for the ICMP echo request and echo reply packet (whole packets, not just header).

Of other ICMP packets you must know the function, but I do not expect
you to remember details of the packet layout.

VERY likely:

18. Look at TCPdump output, at the line(s) marked.

What is the timestamp?
What is the ethernet source address?
What is the ethernet dest address?
What is the ethertype?
What is the size of the ethernet packet (not counting Preamble, SFD, CRC)?
etc.
Is this an IP packet? why?
Is this a TCP packet? why?
Is this a UDP packet? why?

What is the IP source address? destination address?
What are the portnumbers?
How many data bytes in this packet?
(How many IP data bytes? UDP data bytes? TCP data bytes? etc).

Look at the packets marked A, B, C, D, ... .
Which of these are duplicate acknowledgements? How can you tell?
(To tell whether a packet is a dup.ack you need to look at more packets
than the packet itself! In general I like questions where you have to look
at several packets to see the answer.).

etc. Lots more possible questions about TCPdump.

19. Questions about nslookup, ping, traceroute .

20. I may ask questions about strict sourceroute. Only the kind of questions
everybody who worked hard on project B can answer.

21 Similar, Fragmentation, packets that do direct broadcast, limited 
broadcast, etc.

22. Describe how an IP (logical) multicast address is translated into an
ethernet (physical) multicast address.

23. Describe Nagle's algorithm ... . (Or any other such algorithm you are 
supposed to understand).

24. Describe how Nagle's algorithm and the ``delayed acknowledgement''
mechanism work together to keep the silly window syndrome under control.

25. Why is VoIP sent over UDP, and not over TCP? 
Keep your response clear, concise, and short! 

26. Why are RPCs (almost always) sent over UDP, not over TCP?

27. Questions about RTT estimation, setting the time-out intervals, etc.

28. Questions about cwnd, ssthresh. 

29. Describe how the cwnd evolves during the ``slow start phase'' of TCP. 

30. Describe (briefly) how packet loss is detected in TCP Tahoe (the old 
    version). 

31. Describe briefly how packet loss is detected in TCP Reno (the new
    version).

---

Don't forget: this was a  SAMPLE  only. I tried to give examples of 
the TYPE of questions I may ask. Not examples of specific questions I 
am likely to ask. 

A few specific ones are actually likely:
Packet headers,
Interprete outputs of nslookup, ping, traceroute, tcpdump.