Unit 3

1. List and explain functions of Network Layer.

Functions of the layer
The third layer's main functions involve providing the means to transfer packets from a
source to a destination using one or more networks. Data is sent as packets or small
sections for reassembly on another computer. These packets include a header that
contains information about the packet and the body, which is the data being sent
1. Routing
 Definition: Routing is the process of selecting the optimal path for data packets to
travel from the source to the destination across interconnected networks.
 How It Works: The Network Layer uses routing protocols like OSPF, RIP, and BGP
to dynamically determine the best path, ensuring data is delivered efficiently even
in complex networks.
2. Logical Addressing
 Definition: Logical addressing involves assigning unique identifiers (e.g., IP
addresses) to devices on the network to ensure data packets are sent to the
correct destination.
 Purpose: Logical addresses (like IPv4 and IPv6) are necessary for uniquely
identifying devices across different networks and ensuring end-to-end delivery.
3. Datagram Encapsulation
 Definition: The Network Layer encapsulates data from the Transport Layer into
packets or datagrams by adding a header that includes routing and addressing
information.
 Purpose: This encapsulation allows the data to traverse the network, with the
header containing essential metadata such as the source and destination IP
addresses.
4. Fragmentation and Reassembly
 Fragmentation: When a data packet exceeds the maximum transmission unit (MTU)
of a network, the Network Layer breaks it into smaller fragments for transmission.
 Reassembly: At the destination, these fragments are reassembled into the original
packet.
 Purpose: Ensures data can travel through networks with varying MTU sizes without
loss.
5. Error Handling and Diagnostics
 Definition: The Network Layer detects and reports errors in packet delivery, such
as unreachable destinations or timeouts.
  Key Protocols: ICMP (Internet Control Message Protocol) is commonly used for
diagnostics (e.g., ping and traceroute commands).
 Purpose: Provides feedback to identify and troubleshoot network issues.
6. Congestion Control
 Definition: Congestion control involves managing data flow to prevent network
overload, which can degrade performance.
 How It Works: The Network Layer may slow down data transmission or reroute
traffic during congestion to optimize network performance.
 Purpose: Ensures reliable and efficient communication by preventing packet loss
and delays caused by congested networks.

2. Differentiate between Circuit Switching, Message Switching and

Packet Switching.
Feature Circuit Switching Packet Switching Message
Switching
1. Path Physical connection is No physical path is No physical path is
established. established. pre-set.
2. Data Path All packets use the Packets travel Packets are stored
same path. independently. and forwarded.
3. Setup End-to-end path No end-to-end path is Same as packet
Requirement required before required. switching.
transmission.
4. Bandwidth Entire bandwidth is Bandwidth is not Same as packet
Reservation reserved in advance. reserved. switching.
5. Charging Based on distance Based on the number Based on the
Basis and time, not traffic.of bytes and connect number of bytes and
time. distance.
6. Bandwidth Bandwidth waste is No bandwidth is No bandwidth is
Efficiency possible. wasted. wasted.
7. Congestion Congestion occurs per Congestion occurs per Minimal or no
minute. packet. congestion.
8. Store-and- Does not support Supports store-and- Supports store-and-
Forward store-and-forward forward transmission. forward
transmission. transmission.
9. Interactive Not suitable for Suitable for interactive Same as circuit
Traffic handling interactive traffic. switching.
traffic.
10. Recording Recording of packets Recording of packets is Same as packet
is not possible. possible. switching.

3. Write short note on network address translation.

Network Address Translation (NAT) is a method used by network devices, such as routers,
to translate the IP addresses of devices in a private network to a single IP address in
order to communicate with the internet. This allows multiple devices to share a single
public IP address and access the internet through a single connection.
You can commonly use NAT in home networks, allowing multiple devices to connect to
the internet using a single internet connection and a public IP address. It is also used in
more extensive networks, such as corporate or academic networks, to conserve the
number of public IP addresses needed and provide an additional security layer.
Addresses of NAT
In a network that uses Network Address Translation, there are two types of IP addresses:
 Private IP addresses (inside address)
 Public IP addresses (outside address)
Let’s explore each of these two types of IP addresses in detail.
 Private IP addresses: Devices in the private network use these addresses in order
to communicate with each other. These addresses are not unique and are not
reachable from the internet. Private IP addresses are assigned from a range of
reserved addresses, such as 192.168.0.0/16 or 10.0.0.0/8.
 Public IP addresses: Devices on the internet use these addresses in order to
communicate with devices in the private network. These addresses are unique and
are assigned by the Internet Service Provider (ISP). A device in the private network
can be reached from the internet using its public IP address.
The Network Address Translation device translates the private IP addresses and port
numbers of the devices in the private network to public IP addresses and unique port
numbers when they communicate with the internet. This allows the devices to share a
single public IP address and access the internet through a single connection.

Advantages of NAT:
1. IP Address Conservation: Reduces the need for a large number of public IP
addresses, conserving the global IP address space.
2. Security: Hides internal IP addresses from external networks, providing a layer of
security against external threats.
3. Flexibility: Allows internal network changes without affecting external connections.
Disadvantages of NAT:
1. Performance Overhead: Introduces a slight delay due to the address translation
process.
2. Compatibility Issues: Some protocols and applications may not work well with NAT,
particularly those that embed IP address information within the payload.

4. Draw and explain IPV4 header.

Packets in the IPv4 layer are called datagrams. A datagram is a variable length packet
consisting of two parts : Header and data.

 Version: The first 4-bit header field informs about the current IP version in use,
which, in this case, is IPv4
 Internet Header Length (IHL): The IHL has four bits that specify the number of 32-
bit words in the header – the minimum header length is 20 data bytes and the
minimum value of this field is five
 Service Type: This field provides the queuing of the IP packets in their transmission
 Total Length: This is the total size of the header and data in bytes, where the
minimum size of the Total length field is 20 bytes and the maximum size is 65,535
bytes
 Identification: If the IP datagram is fragmented (broken into smaller pieces), the ID
field helps identify fragments and determine to which IP packet they belong to
 IP Flags: This is a 3-bit field that uses a few possible configuration combinations of
control flags for fragmentation:
 Bit 0 is reserved and always set to 0
 Bit 1 represents the Don’t Fragment (DF) flag, which indicates that this packet
should not be fragmented
  Bit 2 represents the More Fragments (MF) flag, which is set on all fragmented
packets except the last one
 Fragmentation Offset (Fragment Offset): The Fragment Offset field takes up 13
bits, and it performs packet tracing by representing the data bytes ahead; i.e., it
determines where in the original packet the particular fragment belongs
 Time to Live (TTL): TTL limits the datagram’s lifetime to prevent packets from an
endless loop in the internet system by causing undeliverable datagrams to be
discarded automatically
 Protocol: This 8-bit field defines which protocol is used in the data portion of the
packet
 Header Checksum: If there are any communication errors in the header, the Header
Checksum field detects them
 Source IP Address: The 32-bit IPv4 address of the sender of the packet
 Destination IP Address: The 32-bit IPv4 address of the receiver of the packet
 Options: This optional feature is used when the value in the Internet Header Length
is greater than five, hence the header length field increases (it may contain Time
Stamp, Record Route or another optional field)

5. Explain the concept of classful (A, B, C, D and E) and classless

addressing.
Need For Classful Addressing
Initially in 1980’s IP address was divided into two fixed part i.e., NID(Network ID) = 8bit,
and HID(Host ID) = 24bit. So there are 28 that is 256 total network are created and
224 that is 16M Host per network.
There are one 256 Networks and even a small organization must buy 16M
computer(Host) to purchase one network. That’s why we need classfull addressing.
Classful Addressing
The 32-bit IP address is divided into five sub-classes. These are given below:
Class A
Class B
Class C
Class D
Class E
Each of these classes has a valid range of IP addresses. Classes D and E are reserved for
multicast and experimental purposes respectively. The order of bits in the first octet
determines the classes of the IP address.
Class A
IP addresses belonging to class A are assigned to the networks that contain a large
number of hosts.
 The network ID is 8 bits long.
  The host ID is 24 bits long.
The higher-order bit of the first octet in class A is always set to 0. The remaining 7 bits in
the first octet are used to determine network ID. The 24 bits of host ID are used to
determine the host in any network. The default subnet mask for Class A is 255.x.x.x.
Therefore, class A has a total of:
2^24 – 2 = 16,777,214 host ID
IP addresses belonging to class A ranges from 0.0.0.0 – 127.255.255.255.

Class B
IP address belonging to class B is assigned to networks that range from medium-sized to
large-sized networks.
 The network ID is 16 bits long.
 The host ID is 16 bits long.
The higher-order bits of the first octet of IP addresses of class B are always set to 10. The
remaining 14 bits are used to determine the network ID. The 16 bits of host ID are used
to determine the host in any network. The default subnet mask for class B is 255.255.x.x.
Class B has a total of:
 2^14 = 16384 network address
 2^16 – 2 = 65534 host address
IP addresses belonging to class B ranges from 128.0.0.0 – 191.255.255.255.

Class C
IP addresses belonging to class C are assigned to small-sized networks.
 The network ID is 24 bits long.
 The host ID is 8 bits long.
The higher-order bits of the first octet of IP addresses of class C is always set to 110. The
remaining 21 bits are used to determine the network ID. The 8 bits of host ID are used to
determine the host in any network. The default subnet mask for class C is 255.255.255.x.
Class C has a total of:
 2^21 = 2097152 network address
 2^8 – 2 = 254 host address
IP addresses belonging to class C range from 192.0.0.0 – 223.255.255.255.

Class D
IP address belonging to class D is reserved for multi-casting. The higher-order bits of the
first octet of IP addresses belonging to class D is always set to 1110. The remaining bits
are for the address that interested hosts recognize.
Class D does not possess any subnet mask. IP addresses belonging to class D range from
224.0.0.0 – 239.255.255.255.

Class E
IP addresses belonging to class E are reserved for experimental and research purposes.
IP addresses of class E range from 240.0.0.0 – 255.255.255.255. This class doesn’t have
any subnet mask. The higher-order bits of the first octet of class E are always set to
1111.

Classless Inter-Domain Routing (CIDR) is a method of IP address allocation and IP

routing that allows for more efficient use of IP addresses. CIDR is based on the idea that
IP addresses can be allocated and routed based on their network prefix rather than their
class, which was the traditional way of IP address allocation.
CIDR addresses are represented using a slash notation, which specifies the number of
bits in the network prefix. For example, an IP address of 192.168.1.0 with a prefix length
of 24 would be represented as 192.168.1.0/24. This notation indicates that the first 24
bits of the IP address are the network prefix and the remaining 8 bits are the host
identifier.
6. A host was given the 192.168.2.64/27 IP address, indicate : i)
Netmask of the network ii) The network broadcast address to which
the host belongs. iii) The total number of hosts available in the
network.

7. Describe in short the importance and working of ARP protocol ? What

is ARP cache.
The acronym ARP stands for Address Resolution Protocol which is one of the most
important protocols of the Data link layer in the OSI model. It is responsible to find the
hardware address of a host from a known IP address. There are three basic ARP terms.
Note: ARP finds the hardware address, also known as the Media Access Control (MAC)
address, of a host from its known IP address.
Importance of ARP (Address Resolution Protocol):

1. Mapping IP to MAC Address: ARP is essential for communication in a Local Area

Network (LAN), as it resolves an IP address (logical address) into a MAC address
(physical address) needed for data transmission.
2. Seamless Communication: Without ARP, devices in the same network could not
communicate effectively, as Ethernet relies on MAC addresses to deliver packets.
3. Dynamic Address Resolution: ARP eliminates the need for manual configuration of
device addresses in the network.

How ARP Works:

 ARP Request: When a device needs to communicate with another device but does
not know its MAC address, it broadcasts an ARP request packet containing the target
IP address to all devices on the local network.
 ARP Reply: The device with the matching IP address sends an ARP reply packet,
containing its MAC address, back to the requesting device.
 Caching: The requesting device stores the IP-to-MAC mapping in its ARP cache for
future use, reducing the need for repeated ARP requests.
ARP Cache
The ARP Cache is a table maintained by each device on a network, containing the
mappings of IP addresses to MAC addresses. This cache improves network efficiency by
storing recent mappings, reducing the need for frequent ARP requests.
Features of ARP Cache:
1. Temporary Storage: Entries in the ARP cache are temporary and are usually
removed after a certain period or when they become stale.
2. Dynamic Updates: The ARP cache is dynamically updated whenever new ARP
requests and replies are processed.
3. Manual Entries: Administrators can also manually add static entries to the ARP
cache for critical devices.

8. Give short note on : i) ICMP ii) IGMP iii) RARP

i)ICMP
The Internet Control Message Protocol It is a companion to the IP protocol. It has
been designed to compensate for the two deficiencies of IP protocol. IP provides
unreliable and connectionless. So The IP protocol has no error-reporting or error-
correcting mechanism. So if something goes wrong, ICMP can report it.
ICMP can send two Types of Messages: error-reporting messages and query messages.
The error-reporting messages report problems that a router or a host (destination) may
encounter when it processes an IP packet. The query messages, which occur in pairs,
help a host or a network manager get specific information from a router or another host.
 Destination Unreachable When a router cannot route a datagram/packet
 Source Quench If the datagrams are received much faster than they can be
forwarded or processed, the queue ( buffer memory where packets are stored in
router) may overflow. This message is sent by that router to inform source to slow
down
 Time Exceeded Due to some error in routing , the packets pass through more than
required routers , & when „time to live‟ field in the packet reaches zero at a router ,
then that router informs the source through this ICMP message
 Parameter Problem when there is ambiguity in the header part of a datagram
 Redirection : Redirect requests data packets are sent on an alternate route. The
message informs a host to update its routing information (to send packets on an
alternate route).

 The combination of echo-request and echo-reply messages determines whether

two systems (hosts or routers) can communicate with each other at IP level. it is proof
that the intermediate routers are receiving, processing, and forwarding IP datagrams.
Ping command uses this
 Timestamp Request and Reply Two machines (hosts or routers) this messages to
determine the round-trip time needed for an IP datagram to travel between them. It
can also be used to synchronize the clocks in two machines.
 Address-Mask Request and Reply A host may know its IP address, but it may not
know the corresponding mask. To obtain its mask, a host sends an address-mask-
request message to a router on the LAN
 Router Solicitation and Advertisement a host that wants to send data to a host
on another network needs to know the address of routers connected to its own
network. Also, the host must know if the routers are alive and functioning A host can
broadcast (or multicast) a router-solicitation message. The router or routers that
receive the solicitation message. broadcast their routing information using the router-
advertisement message.
ii)Internet Group Management Protocol (IGMP)
Internet Group Management Protocol (IGMP) is a communication protocol used by
hosts and adjacent routers on IP networks to establish multicast group memberships.
IGMP is an essential component of the IP multicast protocol suite, which is used to deliver
packets to multiple recipients efficiently.
Key Features:
Multicast Group Management: IGMP is used to manage the membership of Internet
Protocol (IP) multicast groups. Hosts use IGMP to report their multicast group
memberships to any immediately neighboring multicast routers.
Efficient Data Distribution: By joining a multicast group, hosts can receive only the
multicast traffic intended for that group, making data distribution more efficient in
applications like streaming media and online gaming.
How IGMP Works:
Host Membership Report: When a host wants to join a multicast group, it sends an
IGMP Membership Report message to the multicast address. This informs the local router
of the host's desire to receive multicast traffic for that group.
Query and Report: Routers periodically send IGMP Query messages to all hosts to
check if they are still interested in receiving multicast traffic. Hosts respond with IGMP
Report messages if they still want to receive the multicast traffic.
Leave Group: When a host wants to leave a multicast group, it sends an IGMP Leave
Group message. This helps the router to stop forwarding the multicast traffic to that host
if it is the last member of the group.
Advantages of IGMP:
Efficient Multicast Delivery: IGMP helps in efficient delivery of multicast traffic by
ensuring that only interested hosts receive the multicast data.
Reduced Network Load: By managing group memberships, IGMP reduces unnecessary
multicast traffic on the network, conserving bandwidth.
Dynamic Membership Management: IGMP allows hosts to join and leave multicast
groups dynamically, providing flexibility in multicast applications.

iii)RARP (Reverse Address Resolution Protocol)

RARP is a network protocol used to map a device's MAC address (hardware address) to
its corresponding IP address. It operates at the data link layer and is the reverse of
the Address Resolution Protocol (ARP).
Key Functions:
IP Address Assignment:
RARP is used by diskless devices (like network terminals or printers) that know their MAC
address but do not have an IP address stored locally.
It helps such devices obtain their IP address from a RARP server.
Bootstrapping:
Commonly used during the boot process of devices without local storage or configuration
to initialize their network identity.
How It Works:
Request: A device broadcasts a RARP request on the network. This request contains the
device's hardware address (MAC address).
Server Response: A RARP server, typically a router or a specially designated host,
receives the request and looks up the device's MAC address in a pre-configured table. It
then sends a reply containing the corresponding IP address.
IP Address Assignment: The device receives the IP address and configures itself with
this address, allowing it to communicate on the network.
Advantages of RARP:
1. Simplifies Device Initialization: Useful for devices that do not have non-volatile
storage to save their IP addresses.
2. Automates IP Assignment: Automates the process of IP address assignment,
reducing manual configuration.
Disadvantages of RARP:
1. Server Configuration: Requires a RARP server to be configured with a table
mapping MAC addresses to IP addresses.
2. Limited Functionality: RARP is less flexible than more modern protocols like DHCP,
which provide additional configuration options beyond IP addresses.
9. Give short note on i) RIP ii) MPLS iii) BGP iv) OSPF v) Mobile IP.
i)Routing Information Protocol (RIP)
Routing Information Protocol (RIP) is one of the oldest distance-vector routing
protocols used to determine the best route for data packets within a network. It uses hop
count as the metric to measure the distance to a destination and operates at the
network layer of the OSI model.
Key Features of RIP:
1. Hop Count Metric: RIP uses hop count (the number of routers a packet must pass
through) as its routing metric. The maximum number of hops allowed for RIP is 15,
making it suitable for smaller networks.
2. Periodic Updates: RIP routers broadcast their entire routing table to their immediate
neighbors every 30 seconds, ensuring that all routers have up-to-date routing
information.
3. Distance-Vector Algorithm: Each router maintains a routing table that contains the
best known routes to various network destinations and the number of hops to reach
them. Routes are updated based on information received from neighboring routers.
RIP Message Types:
RIP messages are encapsulated within UDP packets, using port 520. The main types of
RIP messages include:
 Request: Sent by a router to ask for an update of the routing table from a neighbor.
 Response: Contains the entire routing table of the sending router. These are sent
periodically or in response to a request.
Advantages of RIP:
1. Simplicity: Easy to configure and understand due to its simple algorithm and
message format.
2. Compatibility: Widely supported and implemented in various networking devices.
3. Periodic Updates: Ensures that all routers have consistent and up-to-date routing
information.
Disadvantages of RIP:
1. Limited Scalability: The maximum hop count of 15 limits RIP to small and medium-
sized networks.
2. Slow Convergence: RIP can be slow to converge after network changes, leading to
temporary routing loops or suboptimal routing.
3. Higher Bandwidth Usage: Periodic broadcasting of the entire routing table can
consume significant network bandwidth, especially in large networks.

ii)MPLS (Multiprotocol Label Switching)

MPLS is a high-performance data forwarding technique used in computer networking. It
directs data from one node to another based on labels rather than traditional IP-based
 routing. This improves speed and efficiency while enabling advanced features like traffic
engineering and VPN support.
How MPLS Works:
1. Packet Labeling
 When a data packet enters an MPLS-enabled network, the ingress router (Label
Edge Router, LER) assigns a label to the packet.
o The label is a short, fixed-length identifier that replaces the traditional IP lookup
process.
o Labels are based on routing information, service quality, or traffic class.
2. Label Switching
 Once labeled, the packet moves through the MPLS network. Instead of examining IP
headers at each hop, core routers (Label Switch Routers, LSRs):
1. Read the label: The label identifies the path the packet should take.
2. Swap the label: The LSR replaces the current label with a new one that tells the next
hop where to forward the packet.
3. Forward the packet: The packet is forwarded based on the new label.
This process is highly efficient as it avoids complex IP routing table lookups at each
router.
3. Explicit Path
 MPLS supports Traffic Engineering (TE), allowing operators to define explicit paths
for packets instead of relying solely on shortest-path algorithms like traditional IP
routing.
 Paths can be optimized for bandwidth, latency, or other network conditions.
4. Packet Delivery
 At the egress router (Label Edge Router, LER), the label is removed (label "popping"),
and the packet is forwarded to its final destination using standard IP routing.
Key Components in MPLS Working
1. Label Edge Router (LER):
o Ingress LER assigns labels, and egress LER removes them.
2. Label Switch Router (LSR):
o Core routers within the MPLS network that switch packets by reading and replacing
labels.
3. Forwarding Equivalence Class (FEC):
o A group of packets that are forwarded along the same path based on their label.
4. Label Distribution Protocol (LDP):
o Protocol used by routers to exchange label information and establish label-switched
paths (LSPs).
Advantages of MPLS Working
Speed: Label switching is faster than IP routing because it avoids complex lookups.
Traffic Optimization: Packets can take pre-defined paths, avoiding congestion.
Quality of Service (QoS): Prioritizes traffic like VoIP or streaming over less critical data.
Scalability: MPLS works seamlessly in large, multi-protocol environments.

iii)Border Gateway Protocol (BGP)

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed
to exchange routing information between autonomous systems (AS) on the internet. BGP
is classified as a path vector protocol, and it is crucial for maintaining a table of IP
networks or 'prefixes' which designate network reachability among autonomous systems.

How BGP Works:

Establishing Peers: BGP routers, also known as BGP speakers, establish connections
with other BGP routers (peers) using TCP port 179.
Exchanging Routing Information: Once a connection is established, BGP peers
exchange routing information. Each BGP router advertises the routes it knows along with
path attributes.
Maintaining Routing Tables: BGP routers maintain routing tables that include the best
paths to various network destinations. These tables are updated as new routing
information is received.
Path Selection: BGP selects the best path based on various attributes such as AS-PATH
length, origin type, MED (Multi-Exit Discriminator), and local preference.
BGP Message Types:
OPEN: Used to establish a peering session between BGP routers.
UPDATE: Used to advertise new routes or withdraw previously advertised routes.
KEEPALIVE: Used to maintain the connection between BGP peers.
NOTIFICATION: Used to indicate errors or to terminate a session.
Advantages of BGP:
1. Scalability: BGP is highly scalable and can handle a large number of routes, making
it suitable for the global internet.
2. Flexibility: Supports complex routing policies and fine-grained control over route
selection.
3. Interdomain Routing: Essential for interdomain routing, allowing different
organizations to manage their networks independently while sharing routing
information.
Disadvantages of BGP:
1. Complexity: BGP configuration and management can be complex, requiring skilled
network administrators.
2. Convergence Time: BGP convergence times can be slow, especially in the case of
large-scale network changes.
3. Security: BGP is susceptible to various security threats, such as route hijacking and
misconfigurations, though mechanisms like BGPsec have been developed to address
these issues.

iv)OSPF (Open Shortest Path First)

OSPF is a widely used link-state routing protocol in IP networks. It is designed for
efficient and scalable routing within an autonomous system (AS) and is part of the
TCP/IP suite. OSPF dynamically calculates the shortest path between routers using the
Dijkstra algorithm.
Key Features:
1. Link-State Protocol: OSPF routers exchange information about their direct
connections (links) and build a complete map of the network topology.
2. Fast Convergence: Changes in the network topology are quickly propagated and
computed, ensuring minimal downtime.
3. Hierarchical Design: Supports network scalability using areas (e.g., backbone area
0).
4. Metric: Uses cost as its metric, which is typically based on link bandwidth. Lower
cost routes are preferred.
5. Classless: Supports CIDR and variable-length subnet masking (VLSM).
How OSPF Works:
1. Neighbor Discovery: OSPF routers identify and form adjacencies with directly
connected routers by exchanging Hello packets.
2. Link-State Advertisements (LSAs): Routers send LSAs to share information about
their links (e.g., status, cost). This information is flooded throughout the network.
3. Topology Database: Each router uses the received LSAs to construct a link-state
database (LSDB), which represents the entire network topology.
4. Shortest Path Calculation: Routers apply the Dijkstra algorithm to the LSDB to
compute the shortest path to each destination.
5. Routing Table Update: The calculated paths are used to populate the routing table.
OSPF Areas:
 OSPF supports a hierarchical structure by dividing the network into areas, reducing
the size of routing tables and LSDBs.
o Backbone Area (Area 0): The central area to which all other areas connect.
o Non-Backbone Areas: Subdivisions to reduce overhead and simplify management.
Advantages:
1. Scalability: Hierarchical design allows OSPF to work in large networks.
2. Fast Convergence: Quickly adapts to changes in the network.
3. Loop-Free: Link-state protocol design prevents routing loops.
4. CIDR and VLSM Support: Allows efficient use of IP address space.
Disadvantages:
1. Complexity: Configuration and maintenance can be more complex compared to
simpler protocols like RIP.
2. Resource-Intensive: Requires more CPU and memory for LSDB maintenance and
Dijkstra calculations.

V)Mobile IP
Mobile IP is a protocol that enables devices (mobile nodes) to maintain seamless
connectivity and reachability while moving across different networks. It ensures that the
mobile node retains the same IP address, regardless of its physical location, enabling
uninterrupted communication.
Key Components:
1. Mobile Node (MN): The device that moves between different networks, such as a
smartphone or laptop.
2. Home Agent (HA): A router in the mobile node's home network that keeps track of
its current location and forwards data to the mobile node.
3. Foreign Agent (FA): A router in the visited network that provides services to the
mobile node while it is away from its home network.
4. Care-of Address (CoA): A temporary address assigned to the mobile node while it is
in the foreign network. This address identifies the node’s current location.
How Mobile IP Works:
1. Registration:
o When the mobile node moves to a foreign network, it registers its Care-of Address
(CoA) with its Home Agent (HA).
o The foreign agent assists in this process.
2. Tunneling:
o The home agent encapsulates data packets destined for the mobile node and
forwards them to the care-of address via a tunnel.
o The foreign agent decapsulates the packets and delivers them to the mobile node.
3. Data Flow:
o Data from the mobile node is sent directly to the correspondent node (a device
communicating with the mobile node).
o Data destined for the mobile node first goes to the home agent, which forwards it to
the care-of address.
Advantages:
1. Seamless Mobility: Maintains uninterrupted communication as the mobile node
moves across networks.
2. Transparency: Applications and devices do not require reconfiguration when the
mobile node changes networks.
3. Scalability: Works in large, distributed networks.
Disadvantages:
1. Triangular Routing Problem: Packets follow an indirect route through the home
agent, leading to inefficiencies.
2. Latency: Increases due to tunneling and additional routing.
3. Security Concerns: Vulnerable to attacks like impersonation or session hijacking.
10. 192.168.5.71 / 26 for given address find out the i) Subnet mask? ii)
What is first ip address for given series? Iii)What is last ip address for
given series?
To solve the problem, let’s analyze the given IP address 192.168.5.71 / 26.
1. Subnet Mask:
o CIDR notation /26 means the first 26 bits are the network portion.
o This corresponds to the binary subnet mask:
11111111.11111111.11111111.11000000
o Converting to decimal:
Subnet Mask = 255.255.255.192
2. First IP Address:
o The first address in the range is the network address, where all host bits are 0.
o IP address in binary: 192.168.5.71 = 11000000.10101000.00000101.01000111
o Keeping only the network bits (26 bits) and setting host bits (last 6 bits) to 0:
11000000.10101000.00000101.01000000 = 192.168.5.64
o First IP Address = 192.168.5.64
3. Last IP Address:
o The last address in the range is the broadcast address, where all host bits are 1.
o Starting with the network bits (26 bits) and setting the host bits (last 6 bits) to 1:
11000000.10101000.00000101.01111111 = 192.168.5.127
o Last IP Address = 192.168.5.127
11. Draw and explain Header format of IPV6.

1. Version (4 bits):
o Specifies the IP version number. For IPv6, this value is set to 6.
2. Traffic Class (8 bits):
o Used for packet classification and prioritization. It allows differentiated services and
quality of service (QoS).
3. Flow Label (20 bits):
o Used to identify and handle packets that belong to the same flow. A flow is a
sequence of packets with the same source and destination, requiring special handling.
4. Payload Length (16 bits):
o Specifies the length of the payload (data) in bytes. It does not include the length of
the IPv6 header.
5. Next Header (8 bits):
o Identifies the type of header immediately following the IPv6 header. It can indicate
protocols like TCP, UDP, or extension headers.
6. Hop Limit (8 bits):
o Replaces the Time to Live (TTL) field in IPv4. It specifies the maximum number of hops
a packet can traverse. It is decremented by one at each hop, and the packet is
discarded if the value reaches zero.
7. Source Address (128 bits):
o The IPv6 address of the originator of the packet.
8. Destination Address (128 bits):
o The IPv6 address of the intended recipient of the packet.
12. Explain Distance vector routing.
Principle :In this protocol each node maintains a vector (table) of minimum
distances(minimum cost/metric) to every node Here distance mean any chosen metric.
( i.e. number of hops or delay or throughput etc) It is based on algorithm called Bellman-
Ford to find the shortest path between routers in a graph, given the distance between
routers. It was the routing algorithm used in first internet “ ARPANET”
Each router keeps a table ( called a vector) mentioning distance( cost) to all other
routers & output port ( interface or next node ) to reach to all other routers. Then least
distances ( cost of the chosen metric ), are computed using information from the
neighbors‟ distance vectors.
It has three stages 1) Initialization 2) Sharing 3) Updating
Initialization each router starts creating its own routing table when it is booted. After
booting ,each node sends a Hello message to the immediate neighbors and find the
distance between itself and these neighbors.
Distance Vector Table Initialization –
● Distance to itself = 0
● Distance to neighboring routers = distance ( cost of metric ) as seen from graph
● Distance to ALL other routers = infinity number , but for practical purpose it is set to 99
Initial tables of routers

Sharing After initialization nodes share their tables with neighbors to improve their
routing tables periodically and when there is a change in network (such as a failure in a
link or in a node)
Updating Whenever a node receives a two-column table from a neighbor, it needs to
update its routing table. Updating takes three steps:
1) The receiving node needs to add the cost between itself and the sending node to each
value in the second column. The logic is clear . If node C claims that its distance to
destination is x, and the distance between A and C is y, then the Distance between A and
that destination, via C,is x+y. This is Bellman-Ford algorithm
2) The receiving node needs to add the name of the sending node to each row as the
third column if the receiving node uses information from any row. The sending node is
the next node in the route.

Example of new table of A after modifying its table after receiving table from C.
Whichever is entry is less , is copied in new table , with corresponding next hop .
Previously, node A did not know how to Reach E (distance of infinity); now it knows that
the cost is 6 via C

Similarly Each node can update its table by using the tables received from other nodes.
In a short time, Node reaches a stable condition in which the contents of its table
remains the same. Final tables of all routers

Sharing of tables is done both periodically and when there is a change in the table.
Problem with DVR 1. Two node instability 2. Three node instability
Eg. Of protocol using DVR is RIP.
13. Explain Link state routing.
Link State Routing
Link State Routing is a dynamic routing protocol used in computer networks to
determine the best path for data packets. Unlike Distance Vector Routing, which shares
the entire routing table with neighbors, Link State Routing shares information about the
state of its directly connected links (e.g., cost, status) with all routers in the network.
Key Concepts of Link State Routing:
1. Network Topology Awareness: Each router maintains a complete map (or
topology) of the entire network.
2. Link State Advertisements (LSAs): Routers periodically generate LSAs to share
information about their directly connected links.
3. Shortest Path Algorithm: Uses Dijkstra's algorithm to compute the shortest path
to every destination.
4. Routing Table Calculation: After building the network topology, each router
calculates the best paths independently.
How Link State Routing Works:
1. Neighbor Discovery: Routers identify their directly connected neighbors using a
process like Hello packets.
2. Exchange of Link State Information: Each router creates an LSA containing
information about its directly connected links (e.g., link cost, link status). LSAs are
flooded throughout the network to all routers.
3. Building the Link State Database (LSDB): Each router maintains an LSDB that
stores the topology information received from LSAs.
4. Shortest Path Tree Calculation: Routers use the Dijkstra algorithm to compute
the shortest path to each destination based on the LSDB.
5. Routing Table Creation: The shortest paths from the Dijkstra algorithm are used to
populate the router's forwarding table.
Advantages of Link State Routing:
1. Fast Convergence: Changes in the network are quickly propagated and processed.
2. Scalability: Suitable for large and complex networks.
3. Loop-Free Routing: Each router independently calculates the best path, avoiding
routing loops.
4. Efficient Updates: Only link state changes are propagated, reducing unnecessary
traffic.
Disadvantages of Link State Routing:
1. Complexity: More complex to configure and maintain compared to Distance Vector
protocols.
2. Resource Intensive: Requires more memory and CPU to store and process the
topology database.
3. Flooding Overhead: LSAs are flooded throughout the network, which can cause
overhead in very large networks.
Protocols Using Link State Routing:
1. OSPF (Open Shortest Path First):
o A widely used link state protocol in IP networks.
o Supports areas to divide large networks into manageable segments.

14. Explain Path vector routing.

Path Vector Routing
Path Vector Routing is a dynamic routing protocol that extends the principles of Distance
Vector Routing to provide better scalability and prevent issues like routing loops in
large-scale networks, such as between autonomous systems (AS). It is primarily used in
inter-domain routing, with the Border Gateway Protocol (BGP) being the most
common implementation.
Key Concepts of Path Vector Routing
1. Path Information: Each route includes a list of AS (Autonomous System)
numbers that the route has traversed. This helps routers make informed decisions
and avoid loops.
2. Routing Table:Each router maintains a table with:
 Destination network.
 Path to reach the destination (sequence of AS numbers).
 Attributes such as cost or policies.
3. Policy-Based Routing:
o Routing decisions can be influenced by policies rather than just metrics like
distance or cost.
o Policies may prioritize business agreements, security, or performance.
4. Avoidance of Loops: Loops are avoided because a router can detect its own AS
number in the path and reject such routes.
How Path Vector Routing Works
1. Initialization: Each router advertises its directly connected networks with its AS
number to its neighbors.
2. Route Propagation:
o Routers exchange route updates that include the entire path (AS numbers) to
reach a destination.
o For example: To reach Network A, Path = AS1 → AS2 → AS3.
3. Route Selection: When a router receives multiple paths to the same destination, it
selects the best path based on attributes such as:
 Shortest path (fewest AS hops).
 Administrative policies.
 Preferred routes.
4. Routing Table Update: Routers update their routing tables with the best path and
forward updates to their neighbors.
Advantages of Path Vector Routing
1. Loop Prevention: By tracking the AS path, routers can easily identify and discard
looping routes.
2. Scalability: Suitable for large-scale networks like the Internet, where many
autonomous systems are interconnected.
3. Policy Control: Enables routing decisions based on business or operational policies,
not just metrics.
4. Flexibility: Supports flexible path selection based on various attributes and
agreements between AS.
Disadvantages of Path Vector Routing
1. Complexity: Path vector protocols like BGP are complex to configure and manage.
2. Convergence Time: Convergence in large networks can be slow, especially after
significant topology changes.
3. Resource Usage: Requires significant memory and processing power to store and
analyze path attributes.
4. Manual Configuration: Often requires human intervention to configure policies and
attributes, increasing administrative overhead.
15. A host was given the 192. 168.2.64 /25 IP address, indicate: i) Net
mask of the network in dotted decimal notation. ii) iii) The network
address to which the host belongs. The network broadcast address to
which the host belongs. iv) The total number of hosts available in the
network.
i) Netmask in Dotted Decimal Notation
The /25 indicates that the first 25 bits are used for the network portion.
 Binary Subnet Mask: 11111111.11111111.11111111.10000000
 Converting to decimal:
Subnet Mask = 255.255.255.128
ii) The Network Address
The network address is the first IP address in the range, where all the host bits are set
to 0.
 The given IP: 192.168.2.64 = 11000000.10101000.00000010.01000000
 Set the host bits (last 7 bits) to 0:
11000000.10101000.00000010.00000000 = 192.168.2.0
Network Address = 192.168.2.0
iii) The Broadcast Address
The broadcast address is the last IP address in the range, where all the host bits are
set to 1.
 Set the host bits (last 7 bits) to 1:
11000000.10101000.00000010.01111111 = 192.168.2.127
Broadcast Address = 192.168.2.127
iv) Total Number of Hosts
The total number of available IP addresses in a /25 network is determined by the number
of host bits.
 Host bits = 32 - 25 = 7
 Total IPs = 2^7 = 128
 Usable Hosts = 128 - 2 = 126 (subtracting 2 for network and broadcast addresses)
Total Number of Hosts = 126
16. Suppose a router has built up the routing table as shown in the
following table. The router can deliver packets directly over interfaces
eth0 and eth1, or it can forward packets to other routers in the table.

 The Netmask determines how many bits of the IP address must match the
destination network.
 More specific entries (longer prefixes) take precedence.
i) 156.26.10.66
1. Convert Netmask and Destination:
o 156.26.10.0/26 (Netmask: 255.255.255.192 → 26 bits) → Range: 156.26.10.0 to
156.26.10.63.
o 156.26.10.128/25 (Netmask: 255.255.255.128 → 25 bits) → Range:
156.26.10.128 to 156.26.10.255.
o 156.26.0.0/16 → Range: 156.26.0.0 to 156.26.255.255.
2. 156.26.10.66 does not fall into:
o 156.26.10.0/26 (range ends at 156.26.10.63).
However, it does fall into:
o 156.26.0.0/16 (broader range).
3. Action: The packet will be forwarded to 156.26.10.1 based on the
156.26.0.0/16 route.
ii) 156.26.10.226
1. Convert Netmask and Destination:
o 156.26.10.128/25 → Range: 156.26.10.128 to 156.26.10.255.
2. 156.26.10.226 falls within 156.26.10.128/25.
3. Action: The packet will be delivered directly over Eth1.
iii) 168.130.12.27
1. This IP address does not match any of the specific networks in the table:
o 156.26.10.0/26 → Does not match.
o 156.26.10.128/25 → Does not match.
o 156.26.0.0/16 → Does not match.
2. Since no specific match is found, the router uses the default route (0.0.0.0/0).
3. Action: The packet will be forwarded to 156.10.1.30.

Unit 4
1. Draw and explain TCP header format.
Source port: this is a 16 bit field that specifies the port number of the sender.
Destination port: this is a 16 bit field that specifies the port number of the receiver.
Sequence number: the sequence number is a 32 bit field that indicates how much data
is sent during the TCP session. When you establish a new TCP connection (3 way
handshake) then the initial sequence number is a random 32 bit value. The receiver will
use this sequence number and sends back an acknowledgment. Protocol analyzers like
wireshark will often use a relative sequence number of 0 since it’s easier to read than
some high random number.
Acknowledgment number: this 32 bit field is used by the receiver to request the next
TCP segment. This value will be the sequence number incremented by 1.
DO: this is the 4 bit data offset field, also known as the header length. It indicates the
length of the TCP header so that we know where the actual data begins.
RSV: these are 3 bits for the reserved field. They are unused and are always set to 0.
Flags: there are 9 bits for flags, we also call them control bits. We use them to establish
connections, send data and terminate connections:
URG: urgent pointer. When this bit is set, the data should be treated as priority over
other data.
ACK: used for the acknowledgment.
PSH: this is the push function. This tells an application that the data should be
transmitted immediately and that we don’t want to wait to fill the entire TCP segment.
 RST: this resets the connection, when you receive this you have to terminate the
connection right away. This is only used when there are unrecoverable errors and it’s not
a normal way to finish the TCP connection.
SYN: we use this for the initial three way handshake and it’s used to set the initial
sequence number.
FIN: this finish bit is used to end the TCP connection. TCP is full duplex so both parties
will have to use the FIN bit to end the connection. This is the normal method how we end
an connection.
Window: the 16 bit window field specifies how many bytes the receiver is willing to
receive. It is used so the receiver can tell the sender that it would like to receive more
data than what it is currently receiving. It does so by specifying the number of bytes
beyond the sequence number in the acknowledgment field.
Checksum: 16 bits are used for a checksum to check if the TCP header is OK or not.
Urgent pointer: these 16 bits are used when the URG bit has been set, the urgent
pointer is used to indicate where the urgent data ends.
Options: this field is optional and can be anywhere between 0 and 320 bits.

2. List and explain transport layer services

1. Process-to-Process Communication
o The transport layer ensures communication between specific processes (applications)
on two devices.
 It uses port numbers to identify the sending and receiving application processes.
 For example, HTTP uses port 80, while FTP uses port 21.

2. Segmentation and Reassembly

o Large messages from the application layer are divided into smaller segments at the
transport layer for transmission.
o Upon reaching the destination, these segments are reassembled to reconstruct the
original message.
  Each segment is labeled with a sequence number to ensure proper ordering
during reassembly.

3. Connection-Oriented and Connectionless Services

o The transport layer supports two types of communication:
 Connection-Oriented Service (TCP):
 Establishes a connection before data transfer.
 Ensures reliable, ordered, and error-free delivery.
 Example: TCP provides this service.
 Connectionless Service (UDP):
 No connection is established prior to sending data.
 It is faster but does not guarantee delivery or order.
 Example: UDP provides this service.

4. Reliable Data Transfer

o Ensures the data is delivered accurately and without loss.
 Techniques like acknowledgments (ACK), retransmission of lost data, and
error detection are used.
 Example: TCP provides reliable data transfer.

5. Flow Control
o Prevents a fast sender from overwhelming a slow receiver.
 Flow control mechanisms like the sliding window protocol are used to regulate
the amount of data sent.
 Example: TCP implements flow control.

6. Error Control
o Ensures corrupted or lost data is detected and retransmitted.
 Error detection techniques such as checksums are used.
 When an error is detected, the sender retransmits the affected segment.
 Example: TCP provides error control.

7. Congestion Control
o Controls the amount of data sent to avoid overwhelming the network.
 Congestion control mechanisms reduce the rate of data transmission during
network congestion.
 Example: TCP implements congestion control using algorithms like Slow Start and
Congestion Avoidance.

8. Multiplexing and Demultiplexing

o Enables multiple applications to share the same network connection.
 Multiplexing: The transport layer assigns different port numbers to data from
multiple applications before transmission.
 Demultiplexing: On the receiving side, the transport layer uses port numbers to
direct data to the correct application.
 Example: TCP/UDP header contains source and destination port numbers for this
purpose
3. e2 a7 00 0D 00 20 74 9e 0e ff 00 00 00 01 00 00 00 using this UDP
hexadecimal dump find out in decimal numbers i. Source port no., ii.
Destination port no., iii. Total length of user datagram.
The structure of a UDP Header is as follows (8 bytes):
Byte Field
s
0 - 1 Source Port
2 - 3 Destination
Port
4 - 5 Total Length
6 - 7 Checksum
4. Draw and explain UDP header format.
UDP header is an 8-byte fixed and simple header, while for TCP it may vary from 20
bytes to 60 bytes. The first 8 Bytes contain all necessary header information and the
remaining part consists of data. UDP port number fields are each 16 bits long, therefore
the range for port numbers is defined from 0 to 65535; port number 0 is reserved. Port
numbers help to distinguish different user requests or processes.

UDP Header
 Source Port: Source Port is a 2 Byte long field used to identify the port number of
the source.
 Destination Port: It is a 2 Byte long field, used to identify the port of the destined
packet.
 Length: Length is the length of UDP including the header and the data. It is a 16-bits
field.
 Checksum: Checksum is 2 Bytes long field. It is the 16-bit one’s complement of the
one’s complement sum of the UDP header, the pseudo-header of information from the
IP header, and the data, padded with zero octets at the end (if necessary) to make a
multiple of two octets.
5. What is socket? What are different types of socket? Explain socket
functions used in connection oriented services with diagram.
A socket is an endpoint for sending or receiving data across a computer network. It
serves as a communication channel between two nodes, allowing them to exchange
data. Sockets provide a standardized way for programs to communicate over a network,
abstracting the complexities of underlying protocols.
Types of Sockets
There are several types of sockets, each suited for different communication needs:
1. Stream Sockets (TCP Sockets):
o Uses the Transmission Control Protocol (TCP).
o Provides reliable, connection-oriented communication.
o Guarantees data delivery and order.
2. Datagram Sockets (UDP Sockets):
o Uses the User Datagram Protocol (UDP).
o Provides connectionless communication.
o Does not guarantee delivery or order.
3. Raw Sockets:
o Provides access to lower-level network protocols.
o Allows sending and receiving of packets bypassing the transport layer.
o Typically used for network diagnostics and research.
4. Sequenced Packet Sockets (SCTP Sockets):
o Uses the Stream Control Transmission Protocol (SCTP).
o Supports multi-streaming and multi-homing.
o Ensures reliable, message-oriented communication.
Socket Functions in Connection-Oriented Services (TCP)
Here are the primary socket functions used in connection-oriented services (TCP) along
with a diagram:
1. socket():
o Creates a new socket.
o Syntax: int socket(int domain, int type, int protocol);
2. bind():
o Binds the socket to a specific local address and port.
o Syntax: int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
3. listen():
o Marks the socket as a passive socket, indicating it will be used to accept incoming
connection requests.
o Syntax: int listen(int sockfd, int backlog);
4. accept():
o Accepts an incoming connection request.
o Syntax: int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
5. connect():
o Initiates a connection to a remote socket.
o Syntax: int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
6. send() and recv():
o Used to send and receive data over a connected socket.
o Syntax for send: ssize_t send(int sockfd, const void *buf, size_t len, int flags);
o Syntax for recv: ssize_t recv(int sockfd, void *buf, size_t len, int flags);
7. close():
o Closes the socket.
o Syntax: int close(int sockfd);

6. Explain SCTP protocol in detail.

Stream Control Transmission Protocol (SCTP) is a reliable, message-oriented
transport layer protocol, designed to transport Public Switched Telephone Network
(PSTN) signaling messages over IP networks. SCTP offers some features similar to TCP
and UDP while providing additional benefits for more complex communication
requirements.
Key Features of SCTP:
1. Multi-Streaming:
o Supports multiple independent streams within a single SCTP connection (association).
Each stream can deliver messages independently, preventing a single lost message in
one stream from blocking delivery in other streams.
2. Multi-Homing:
o Allows an endpoint to be identified by multiple IP addresses. This provides redundancy
and fault tolerance, enabling seamless failover to an alternate path if one path
becomes unavailable.
3. Message-Oriented:
o Unlike TCP, which is byte-oriented, SCTP is message-oriented. It preserves message
boundaries, ensuring that messages are delivered in complete, distinct units.
4. Reliable Data Transfer:
o Provides reliable, in-sequence transport of messages with congestion control
mechanisms. It ensures that data is delivered accurately and in the correct order.
5. Path and Heartbeat Management:
o Monitors the status of each path using heartbeat messages. This helps detect failures
and allows rerouting of data without interrupting the association.
6. Flow Control:
o Manages data flow to ensure that a sender does not overwhelm the receiver. This is
similar to TCP’s window-based flow control.
SCTP Header Format:
The SCTP header is composed of several fields, including:
1. Source Port: The port number of the sender.
2. Destination Port: The port number of the receiver.
3. Verification Tag: Used to identify the association to which a packet belongs.
4. Checksum: Ensures data integrity by detecting errors in the header and payload.

Benefits of SCTP:
1. Improved Reliability: Redundant paths and multi-streaming enhance reliability
and fault tolerance.
2. Preserved Message Boundaries: Ensures that messages are received exactly as
sent, which is crucial for certain applications like signaling.
3. Enhanced Performance: Reduces latency and improves throughput by allowing
multiple streams of data within a single association.
 4. Security: SCTP’s design includes mechanisms to protect against common types of
network attacks like SYN flooding.
Use Cases:
1. Telecommunications: Transporting PSTN signaling messages over IP networks
(e.g., SS7 over IP).
2. Real-Time Applications: Suitable for VoIP, video conferencing, and online gaming
where message boundaries and reliability are critical.
3. Financial Transactions: Ensures secure and reliable transaction processing in
banking and finance.
7. Explain socket functions used in connection less services with
diagram.
In connectionless communication (like UDP), the communication is unreliable,
meaning there is no established connection between sender and receiver before data
transmission. This makes it different from connection-oriented services like TCP,
where data transmission happens over a reliable, established connection.
In connectionless services (UDP), sockets are used to send and receive datagrams
(packets of data) without ensuring delivery, order, or flow control.
Socket Functions Used in Connectionless Services (UDP)
socket(): The client or server creates a socket using the socket() function with
SOCK_DGRAM to specify the use of UDP.
bind(): The socket is bound to a specific port (and optionally an IP address) using the
bind() function. This step is required on the server side but optional on the client side.
sendto(): The sender uses the sendto() function to send a datagram (UDP packet) to a
specified destination (IP address and port).
recvfrom(): The receiver uses the recvfrom() function to receive a datagram, which also
provides the sender's address.
close(): The socket is closed when the communication is done.
8. Explain TCP congestion control in transport layer?
TCP congestion control refers to the mechanism that prevents congestion from
happening or removes it after congestion takes place.
When congestion takes place in the network, TCP handles it by reducing the size of the
sender’s window. The window size of the sender is determined by the following two
factors:
 Receiver window size
 Congestion window size
Receiver Window Size
It shows how much data can a receiver receive in bytes without giving any
acknowledgment.
Things to remember for receiver window size:
1. The sender should not send data greater than that of the size of receiver window.
2. If the data sent is greater than that of the size of the receiver’s window, then it
causes retransmission of TCP due to the dropping of TCP segment.
3. Hence sender should always send data that is less than or equal to the size of the
receiver’s window.
4. TCP header is used for sending the window size of the receiver to the sender.
Congestion Window
It is the state of TCP that limits the amount of data to be sent by the sender into the
network even before receiving the acknowledgment.
Following are the things to remember for the congestion window:
1. To calculate the size of the congestion window, different variants of TCP and methods
are used.
2. Only the sender knows the congestion window and its size and it is not sent over the
link or network.
The formula for determining the sender’s window size is:
Sender window size = Minimum (Receiver window size, Congestion window size)
Congestion in TCP is handled by using these three phases:
1. Slow Start
2. Congestion Avoidance
3. Congestion Detection
Slow Start Phase
In the slow start phase, the sender sets congestion window size = maximum segment
size (1 MSS) at the initial stage. The sender increases the size of the congestion window
by 1 MSS after receiving the ACK (acknowledgment).
The size of the congestion window increases exponentially in this phase.
The formula for determining the size of the congestion window is
Congestion window size = Congestion window size + Maximum segment size
Round trip time Congestion window size result

After a round trip of 1 (2)1 2 MSS

After a round trip of 2 (2)2 4 MSS

After a round trip of 3 (2)3 8 MSS

 This is how you calculate the size of the
congestion window and it goes on for n number of values.
The general formula for determining the size of the congestion window is (2)round trip time
This phase continues until window size reaches its slow start threshold.
The formula for determining the threshold is given:
Threshold = Maximum number of TCP segments that the receiver window can
accommodate / 2
= (Receiver window size / Maximum Segment Size) / 2
2. Congestion Avoidance Phase
In this phase, after the threshold is reached, the size of the congestion window is
increased by the sender linearly in order to avoid congestion. Each time an
acknowledgment is received, the sender increments the size of the congestion window
by 1.
The formula for determining the size of the congestion window in this phase is
Congestion window size = Congestion window size + 1
This phase continues until the size of the window becomes equal to that of the receiver
window size.
3. Congestion Detection Phase
In this phase, the sender identifies the segment loss and gives acknowledgment
depending on the type of loss detected.
Case-01: Detection On Time Out
1. In this, the timer time-out expires even before receiving acknowledgment for a
segment.
2. It suggests a stronger possibility of congestion in a network
3. In this, there are chances that a segment has been dropped in the network
Reaction in response to Detection on time out:
 Setting the threshold to start at half of the current size of the window
 Decreasing the size of the congestion window to MSS
 Slow start phase is resumed
Case-02: Detection Of Receiving 3 Duplicate Acknowledgements
This case suggests the weaker possibility of congestion in the network. In this, the
sender receives three duplicate acknowledgments for a network segment. The chances
are that fewer segments have dropped while the one sent later might have reached.
Reaction on receiving 3 duplicate acknowledgments:
 Setting the threshold to start at half of the current size of the window
 Decreasing the size of the congestion window to that of the slow start threshold
 The congestion avoidance phase is resumed

9. What is Quality of Service? Explain any two methods to improve QoS?

Quality of Service (QoS) is a set of techniques used to manage and prioritize network
traffic to ensure the performance of critical applications and services. QoS aims to
provide a reliable and consistent user experience by controlling bandwidth, reducing
latency, minimizing jitter, and preventing packet loss for important data flows. QoS is
essential in networks that handle diverse traffic types, such as VoIP, video streaming,
online gaming, and data applications.
Methods to Improve QoS
Here are two common methods to improve QoS in a network:
1. Traffic Shaping (Policing)
Traffic Shaping is a technique used to regulate network traffic flow and ensure that
data conforms to a specified rate. By controlling the amount of data sent over the
network, traffic shaping helps avoid congestion and ensures that high-priority traffic gets
the necessary bandwidth.
How Traffic Shaping Works:
 Token Bucket Algorithm: A popular method for traffic shaping, where tokens
represent the right to send a certain amount of data. Tokens accumulate at a fixed
rate, and data packets can only be sent if there are enough tokens.
 Rate Limiting: Limits the data transmission rate to a predefined value, smoothing
out bursts of traffic and ensuring a consistent flow.
Benefits:
 Prevents Congestion: By controlling the rate of data transmission, traffic shaping
helps avoid network congestion.
 Ensures Bandwidth Availability: Guarantees that critical applications have the
necessary bandwidth to function properly.
Example: Consider a network with both VoIP calls and file transfers. Traffic shaping can
be used to prioritize VoIP traffic and limit the rate of file transfers to ensure clear and
uninterrupted voice communication.
2. Prioritization and Queuing
Prioritization and Queuing are techniques used to manage network traffic based on
priority levels. Different types of traffic are assigned to different queues, with higher-
priority traffic being transmitted before lower-priority traffic.
How Prioritization and Queuing Work:
 Class-Based Queuing (CBQ): Divides traffic into classes based on predefined
criteria (e.g., application type, source/destination IP). Each class is assigned a
priority level and a share of the bandwidth.
 Weighted Fair Queuing (WFQ): Ensures that all traffic flows get a fair share of
the bandwidth, with higher-priority flows getting a proportionally larger share.
10. Explain RTP protocol in detail.
The Real-time Transport Protocol (RTP) is a network protocol designed for delivering
audio and video over IP networks in real-time. It is widely used in applications that
require real-time data transmission, such as streaming media, video conferencing, and
VoIP (Voice over Internet Protocol).
Key Features of RTP:
1. Real-time Data Delivery: RTP is optimized for real-time data delivery, ensuring that
audio and video streams are transmitted with minimal latency.
2. End-to-End Delivery: Provides end-to-end network transport functions suitable for
applications transmitting real-time data.
3. Payload-Type Identification: RTP includes mechanisms to identify the type of
payload being carried (e.g., audio codec, video codec), enabling proper decoding at
the receiver.
4. Sequence Numbering: Each RTP packet includes a sequence number, allowing the
receiver to detect packet loss and reorder packets if they arrive out of order.
5. Timestamping: Each RTP packet contains a timestamp that reflects the sampling
instant of the first byte in the RTP data packet. This is crucial for synchronization and
jitter compensation.
6. Synchronization Source Identification (SSRC): Identifies the source of the RTP
stream, helping to associate related streams (e.g., audio and video streams from the
same source).
RTP Header Format:

Explanation of RTP Header Fields:

1. Version (V): 2 bits indicating the version of RTP, currently 2.
2. Padding (P): 1 bit indicating if there are extra padding bytes at the end of the RTP
packet.
3. Extension (X): 1 bit indicating if there is an extension header present after the RTP
header.
4. Contributing Source Count (CC): 4 bits indicating the number of contributing
source identifiers (CSRC).
5. Marker (M): 1 bit used for application-specific marking of significant events (e.g., the
start of a video frame).
6. Payload Type (PT): 7 bits identifying the format of the RTP payload (e.g., codec
type).
7. Sequence Number: 16 bits used to detect packet loss and restore packet sequence.
8. Timestamp: 32 bits representing the sampling time of the first byte in the RTP packet
payload.
9. Synchronization Source (SSRC) Identifier: 32 bits identifying the source of the
RTP stream.
10. Contributing Source (CSRC) Identifiers [Optional]: List of CSRC identifiers
contributing to the payload.
RTP Control Protocol (RTCP):
RTP Control Protocol (RTCP) works alongside RTP to provide control and monitoring
functionalities. RTCP packets are periodically sent by participants in an RTP session to
provide feedback on the quality of the data distribution.
Key Functions of RTCP:
1. Quality Monitoring: Provides reports on the quality of data distribution (e.g., packet
loss, jitter).
2. Synchronization: Aids in synchronizing multiple streams (e.g., audio and video) by
providing timing information.
3. Session Control: Helps manage and control the RTP session, including participant
identification and media control.
11. 06 32 00 0D 001C E2 17 using this UDP hexadecimal dump find out
in decimal numbers i. Source port no., ii. Destination port no., iii. Total
length of user datagram.
Hexadecimal Dump: 06 32 00 0D 001C E2 17
Breaking it into the UDP header components:
1. Source Port: First 2 bytes (06 32)
2. Destination Port: Next 2 bytes (00 0D)
3. Length: Next 2 bytes (00 1C)
Now, let's convert these hexadecimal values into decimal.
Step-by-Step Conversion
1. Source Port Number:
Hex 06 32 = Decimal:
06 in hex = 6,
32 in hex = 50
So, Source Port = 6 * 256 + 50 = 1558 (Decimal)
2. Destination Port Number:
Hex 00 0D = Decimal:
00 in hex = 0,
0D in hex = 13
So, Destination Port = 0 * 256 + 13 = 13 (Decimal)
3. Total Length of User Datagram:
Hex 00 1C = Decimal:
00 in hex = 0,
1C in hex = 28
So, Total Length = 0 * 256 + 28 = 28 (Decimal)
12. Give the difference between TCP and UDP.
Factor TCP UDP
Connection type Requires an established No connection is needed to
connection before transmitting start and end a data transfer
data
Data sequence Can sequence data (send in a Cannot sequence or arrange
specific order) data
Data Can retransmit data if packets fail No data retransmitting. Lost
retransmission to arrive data can’t be retrieved
Delivery Delivery is guaranteed Delivery is not guaranteed
Check for errors Thorough error-checking Minimal error-checking covers
guarantees data arrives in its the basics but may not
intended state prevent all errors
Broadcasting Not supported Supported
Speed Slow, but complete data delivery Fast, but at risk of incomplete
data delivery
13. For each of the following applications, determine whether TCP or
UDP is used as the transport layer protocol and justify the reason(s)
for your choice. i) File Transfer ii) Watching a real time streamed video
iii) Web browsing iv) A Voice over IP (VoIP) telephone conversation. v)
YouTube video
i) File Transfer
Protocol Used: TCP
Justification:
 Reliability: File transfer applications require reliable data transmission to ensure that
the entire file is received accurately without any corruption or loss. TCP provides
mechanisms for error detection, correction, and retransmission of lost packets.
 Ordered Delivery: File transfers need the data to be received in the correct order.
TCP ensures that packets are delivered sequentially, making it ideal for file transfer
protocols like FTP (File Transfer Protocol).
ii) Watching a Real-Time Streamed Video
Protocol Used: UDP
Justification:
 Low Latency: Real-time video streaming applications prioritize low latency over
reliability. UDP allows for faster transmission of data by foregoing error checking and
retransmission, which helps in reducing delays.
 Tolerance to Packet Loss: Video streaming can tolerate some degree of packet
loss without significantly affecting the viewing experience. UDP’s lack of error
correction is acceptable in this context as it avoids additional delays.
iii) Web Browsing
Protocol Used: TCP
Justification:
 Reliability: Web browsing requires reliable data transmission to ensure that web
pages are loaded correctly and completely. TCP provides the necessary reliability
features, including error detection, retransmission, and acknowledgment of received
packets.
 Ordered Delivery: TCP ensures that the data packets are delivered in the correct
sequence, which is important for rendering web pages properly.
iv) A Voice over IP (VoIP) Telephone Conversation
Protocol Used: UDP
Justification:
 Low Latency: VoIP applications require low latency to maintain real-time voice
communication. UDP’s lack of error correction and retransmission allows for minimal
delay, which is crucial for interactive voice communication.
 Tolerance to Packet Loss: VoIP can tolerate some packet loss without significantly
degrading call quality. UDP’s characteristics are suitable for this, as it avoids the
overhead of ensuring perfect reliability.
v) YouTube Video
Protocol Used: TCP
Justification:
 Reliability: Despite being a video streaming service, YouTube typically uses TCP to
ensure that video data is delivered reliably. This is important for buffering and
ensuring that the video plays smoothly without corruption.
 Ordered Delivery: TCP ensures that video packets are delivered in the correct order,
which is important for playback without glitches.
14. Explain TCP state transition diagram?

Key States in TCP State Transition Diagram:

1. CLOSED: The initial state. No connection is active or pending.
2. LISTEN: The server is waiting for an incoming connection request from a client.
3. SYN-SENT: The client has sent a connection request (SYN) and is waiting for a
response.
4. SYN-RECEIVED: The server has received a connection request (SYN) and sent a
response (SYN-ACK) but is waiting for the client's acknowledgment (ACK).
5. ESTABLISHED: The connection is fully established. Data can be sent and received.
6. FIN-WAIT-1: The process has requested to close the connection and is waiting for the
acknowledgment from the remote TCP.
7. FIN-WAIT-2: The remote TCP has acknowledged the connection termination request,
and the process is now waiting for a connection termination request from the remote
TCP.
8. CLOSE-WAIT: The local TCP has received a termination request and is waiting for the
application to close.
9. CLOSING: Both sides have sent termination requests, and they are waiting for the
acknowledgments of the connection termination requests.
10. LAST-ACK: The local TCP is waiting for the final acknowledgment to the
termination request sent to the remote TCP.
11. TIME-WAIT: The local TCP is waiting to ensure that the remote TCP has received
the acknowledgment of its termination request.
15. Explain TCP connection establishment process with suitable
diagram.
The process of establishing a TCP connection is known as the three-way handshake.
This mechanism ensures that both the client and server are ready for data transmission,
and it synchronizes the sequence numbers used for the data packets.
Steps in the Three-Way Handshake:
SYN (Synchronize):
The client sends a TCP segment with the SYN flag set to 1. This segment includes an
initial sequence number (ISN) chosen by the client.
The client transitions from the CLOSED state to the SYN-SENT state.
SYN-ACK (Synchronize-Acknowledge):
The server, upon receiving the SYN segment, responds with a TCP segment with both the
SYN and ACK flags set to 1. This segment includes the server's own initial sequence
number and an acknowledgment number, which is the client's ISN plus 1.
The server transitions from the LISTEN state to the SYN-RECEIVED state.
ACK (Acknowledge):
The client sends a TCP segment with the ACK flag set to 1, acknowledging the server's
SYN. The acknowledgment number is the server's ISN plus 1.
The client transitions to the ESTABLISHED state, and the server also transitions to the
ESTABLISHED state upon receiving this ACK.

16. What causes silly window syndrome? How is avoided? Explain.

Silly Window Syndrome is a problem that occurs in TCP (Transmission Control Protocol)
communication when small segments of data are sent repeatedly over the network,
leading to inefficient use of network resources. It can be caused by either the sender or
the receiver.
Causes of Silly Window Syndrome:
1. Receiver-Initiated:
o The receiver advertises a very small window size (i.e., a small amount of available
buffer space) frequently. This occurs when the receiver's application reads data one
byte at a time from the buffer, leading to a continually small window size being
advertised.
2. Sender-Initiated:
o The sender transmits very small segments of data instead of waiting to accumulate a
larger amount of data. This can happen when the application sends data one byte at a
time, leading to many small segments being sent.
How to Avoid Silly Window Syndrome:
To prevent Silly Window Syndrome, both the sender and the receiver can implement
certain strategies:
1. Nagle's Algorithm (Sender Side):
 Objective: To reduce the number of small packets sent over the network.
 Mechanism:
o When the sender has data to send, it checks if there is any unacknowledged data in
the network.
o If there is unacknowledged data, the sender waits until an acknowledgment is
received or until enough data has been accumulated to send a maximum segment
size (MSS) packet.
o This reduces the number of small packets sent, improving network efficiency.
2. Clark's Solution (Receiver Side):
 Objective: To prevent the receiver from advertising small window sizes.
 Mechanism:
o The receiver waits until it has enough buffer space available to advertise a larger
window size.
o Specifically, the receiver only advertises a new window size if it can handle at least a
full segment (MSS) or if the buffer is completely empty.
o This prevents the receiver from continually advertising small window sizes, which
would prompt the sender to send small segments.
17. Following is a dump of UDP header in Hexadecimal format 06 32 00
0D 00 1C E2 17 i) What is source port number? ii) iii) What is
destination port number? What is total length of the user datagram?
iv) What is the length of the data? v) Is packet directed from a client
to server or vice versa? vi) What is the client process?
i. Source Port Number:
 First 2 bytes: 06 32
 Convert 06 32 from hexadecimal to decimal:
o 06 in hex = 6 in decimal
o 32 in hex = 3 * 16 + 2 = 48 + 2 = 50 in decimal
o Combining these: 6 * 256 + 50 = 1536 + 50 = 1586
 Source Port Number: 1586
ii. Destination Port Number:
 Second 2 bytes: 00 0D
 Convert 00 0D from hexadecimal to decimal:
o 00 in hex = 0 in decimal
o 0D in hex = 13 in decimal (since D = 13 in hex)
o Combining these: 0 * 256 + 13 = 0 + 13 = 13
 Destination Port Number: 13
iii. Total Length of User Datagram:
 Third 2 bytes: 00 1C
 Convert 00 1C from hexadecimal to decimal:
o 00 in hex = 0 in decimal
o 1C in hex = 1 * 16 + 12 = 16 + 12 = 28 in decimal
o Combining these: 0 * 256 + 28 = 0 + 28 = 28
 Total Length of User Datagram: 28 bytes
iv. Length of the Data:
 UDP header length is fixed at 8 bytes.
 Total Length (user datagram) = 28 bytes
 Length of Data = Total Length - Header Length = 28 - 8 = 20 bytes
 Length of the Data: 20 bytes
v. Direction of the Packet:
 The source port number 1586 is typically used by clients, and the destination port
number 13 (which is a well-known port number for the "Daytime" service) suggests
that the packet is directed from a client to a server.
 Direction: Packet is directed from a client to a server.
vi. Client Process:
 Based on the source port number 1586, which is a dynamically allocated port by
the client, it indicates a client process engaging in a service.
 Client Process: Could be any user application initiating a UDP request, commonly
a time query or other service.
Unit 5
1. What is the difference between persistent & non persistent HTTP?
Explain HTTP Request & Response message format.

An HTTP (Hypertext Transfer Protocol) request message is sent by the client to a

server to request data or perform an action. It consists of several components, including
the request line, headers, and an optional body.
Structure of an HTTP Request:
1. Request Line:
o Method: The HTTP method to be applied (e.g., GET, POST, PUT, DELETE).
o URI: The Uniform Resource Identifier (resource) being requested.
o HTTP Version: The version of HTTP being used (e.g., HTTP/1.1).
Example:
GET /index.html HTTP/1.1
2. Headers:
o Provide additional information about the request or the client.
o Each header consists of a name and a value, separated by a colon.
Common headers:
o Host: Specifies the domain name of the server.
o User-Agent: Provides information about the client's browser.
o Accept: Indicates the types of media that the client can process.
Example:
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html
3. Body (Optional):
o Contains data to be sent to the server (used with methods like POST or PUT).
Example:
name=John&age=30
HTTP Response Message Format
An HTTP response message is sent by the server to the client in reply to an HTTP
request. It consists of several components, including the status line, headers, and an
optional body.
Structure of an HTTP Response:
1. Status Line:
o HTTP Version: The version of HTTP being used (e.g., HTTP/1.1).
o Status Code: A three-digit code indicating the result of the request (e.g., 200,
404, 500).
o Reason Phrase: A brief textual description of the status code.
Example:
HTTP/1.1 200 OK
2. Headers:
o Provide additional information about the response or the server.
o Each header consists of a name and a value, separated by a colon.
Common headers:
o Content-Type: Specifies the media type of the response body.
o Content-Length: Indicates the length of the response body in bytes.
o Server: Provides information about the server software.
Example:
Content-Type: text/html
Content-Length: 138
Server: Apache/2.4.41 (Ubuntu)
2. What is DHCP? Explain DHCP working with client state diagram.
Dynamic Host Configuration Protocol (DHCP) is a network management protocol
used to dynamically assign IP addresses and other network configuration parameters to
devices on a network. This allows devices to communicate efficiently without the need
for manual configuration.
Key Functions of DHCP:
1. Automatic IP Assignment: Assigns IP addresses to devices automatically,
avoiding conflicts and manual configuration.
2. Network Configuration: Provides other essential network configuration
parameters, such as subnet masks, default gateways, and DNS server addresses.
3. Address Leasing: Allocates IP addresses for a specific lease period, allowing the
re-use of IP addresses once the lease expires.
DHCP Working with Client State Diagram
The DHCP process involves several steps to assign an IP address to a client. Here is an
explanation of the key states and messages exchanged during the process, along with a
client state diagram.
DHCP Process Overview:
1. DHCPDISCOVER: The client broadcasts a DHCPDISCOVER message to locate
available DHCP servers on the network.
2. DHCPOFFER: DHCP servers respond with a DHCPOFFER message, which includes an
available IP address and other configuration parameters.
3. DHCPREQUEST: The client selects one of the offers and broadcasts a DHCPREQUEST
message to request the offered IP address from a specific DHCP server.
4. DHCPACK: The chosen DHCP server responds with a DHCPACK message, confirming
the allocation of the IP address and providing the necessary network configuration
details.
5. DHCPNAK: If the server cannot provide the requested IP address, it sends a
DHCPNAK message, indicating that the request is denied. The client must restart the
process.
6. DHCPRELEASE: When the client no longer needs the IP address, it sends a
DHCPRELEASE message to the server, indicating that the IP address can be reclaimed
and reassigned to another device.
DHCP Client State Diagram:
Explanation of States:
1. INIT: The client starts in the INIT state and sends a DHCPDISCOVER message to
locate DHCP servers.
2. SELECTING: The client waits for DHCPOFFER messages from DHCP servers. Upon
receiving offers, it selects one and moves to the REQUESTING state.
3. REQUESTING: The client sends a DHCPREQUEST message to request the offered IP
address. If a DHCPACK is received, the client moves to the BOUND state.
4. BOUND: The client is now assigned the IP address and can use it for communication.
It will periodically renew the lease by sending DHCPREQUEST messages.
5. RENEWING: The client attempts to renew its lease before it expires. If successful, it
remains in the BOUND state; otherwise, it moves to the REBINDING state.
6. REBINDING: If the lease renewal fails, the client attempts to rebind with any
available DHCP server. If successful, it returns to the BOUND state.
7. RELEASE: When the client no longer needs the IP address, it sends a DHCPRELEASE
message and returns to the INIT state.
3. Differentiate between POP & IMAP protocol.
Feature POP (Post Office Protocol) IMAP (Internet Message
Access Protocol)
Purpose Used to retrieve emails from a Allows access and management of
server to a local device. emails directly on the server.
Email Storage Downloads emails to the local Emails are stored on the server,
device; removes from the server and the client only views them
by default. remotely.

Synchronization No synchronization; once Full synchronization; changes

downloaded, emails are on the made on one device are reflected
local device. on all devices.

Access Type One-time download of emails to Continuous access to the emails

a local device. stored on the server.
Multiple Device Limited; emails are only available Full support for multiple devices,
Support on the device where they were as emails remain on the server.
downloaded.

Email Limited to the local device; Allows folders, flags, and labels to
Management deleting emails removes them be managed on the server.
permanently.

Offline Access Emails are available offline after Emails can be accessed offline
download. only if downloaded first.
 Default Port Port 110 (unencrypted), Port 995 Port 143 (unencrypted), Port 993
(encrypted). (encrypted).
Security Less secure because emails are More secure; data is stored
downloaded and stored locally. remotely and can be encrypted.
Email Deletion Deleting emails on the device Deleting emails on the client does
usually removes them from the not necessarily remove them from
server. the server unless specified.

Use Case Best suited for users who access Ideal for users who need to access
email from a single device and emails from multiple devices and
don’t need synchronization. require synchronization.

4. Explain how DNS query resolved?

Step-by-Step DNS Query Resolution:
User Request: When you type a domain name (like example.com) into your browser, your
device (the DNS client) begins the DNS query process.
DNS Resolver: The DNS client sends the query to a DNS resolver. This resolver is often
provided by your ISP (Internet Service Provider) or a third-party DNS provider (like
Google DNS or Cloudflare).
Cache Check: The DNS resolver first checks its cache to see if it has a recent answer for
the domain query. If it finds a match, it returns the IP address to the DNS client and the
process ends here.
Root Server Query: If the cache doesn't have the answer, the DNS resolver queries a
root DNS server. The root server doesn't know the exact IP address but directs the
resolver to the appropriate Top-Level Domain (TLD) server (for example, .com TLD server).
TLD Server Query: The DNS resolver queries the TLD server for the domain. The TLD
server doesn't know the specific IP address either, but it points the resolver to the
authoritative DNS server responsible for that domain (for example, the authoritative
server for example.com).
Authoritative Server Query: The resolver then queries the authoritative DNS server
for the domain name. This server contains the actual DNS records, including the specific
IP address for example.com.
IP Address Return: The authoritative server returns the IP address to the DNS resolver.
Cache and Return: The DNS resolver caches the IP address for future queries and
returns the IP address to the DNS client.
User Access: The DNS client sends the IP address back to your browser, which uses it to
establish a connection to the web server hosting the domain, and the website loads on
your screen.
5. Explain FTP w.r.t. control and data connection? Explain any two FTP
commands.
FTP uses two separate connections for communication between the client and server:
1. Control Connection:
o Purpose: The control connection is used for sending commands and receiving
responses. It manages the session and is responsible for logging in, setting file transfer
parameters, and other command-related tasks.
o Connection Type: It is established over TCP (Transmission Control Protocol) and usually
uses port 21.
o Persistence: The control connection remains open for the duration of the session,
allowing ongoing communication between the client and server.
2. Data Connection:
o Purpose: The data connection is used for the actual transmission of files. It handles the
transfer of file contents between the client and server.
o Connection Type: It can use various ports, with the default being port 20 for active
mode. In passive mode, the server specifies a random port for data transfer.
o Persistence: Unlike the control connection, the data connection is opened and closed as
needed for each file transfer.
FTP Commands
Here are explanations for two common FTP commands:
1. USER Command:
o Purpose: The USER command is used to send the username to the FTP server. It
initiates the login process by providing the client's username.
o Example: USER exampleUser
o Response: The server responds by prompting for a password if the username is
valid, or it may reject the login attempt.
2. RETR Command:
o Purpose: The RETR command is used to retrieve (download) a file from the FTP
server. It initiates the transfer of the specified file from the server to the client's
device.
o Example: RETR exampleFile.txt
o Response: The server opens a data connection and begins transmitting the
requested file to the client.
6. When web pages containing emails are sent out, they are prefixed by
MIME Header, why? Explain MIME Header.
When web pages containing emails are sent out, they are prefixed by MIME
(Multipurpose Internet Mail Extensions) headers to allow emails to support various types
of content beyond plain text. This includes text in character sets other than ASCII, non-
text attachments, multipart message bodies, and even multimedia content like images
and videos.
Why MIME Headers are Used:
1. Content Type Specification: MIME headers specify the type of content being sent.
This can include text, images, audio, video, and application-specific data, allowing
emails to carry more than just plain text.
2. Character Encoding: They specify the character encoding used, ensuring that
special characters and different languages are correctly displayed.
3. File Attachments: MIME headers facilitate the inclusion of attachments. They
describe the type and format of the attached files, allowing email clients to correctly
handle and display them.
4. Multipart Messages: They enable emails to be composed of multiple parts, such as
HTML and plain text versions of the same email, ensuring compatibility with different
email clients.
MIME Header Explanation:
Here are a few important MIME headers and their purposes:
1. Content-Type:
o Purpose: Indicates the media type of the message content.
o Example: Content-Type: text/html; charset=UTF-8
o Explanation: This header specifies that the content is HTML text encoded in UTF-8.
2. Content-Disposition:
o Purpose: Provides information about how the content should be displayed or
handled.
o Example: Content-Disposition: attachment; filename="example.pdf"
o Explanation: This header tells the email client that the content is an attachment with
the specified filename.
3. Content-Transfer-Encoding:
o Purpose: Indicates the method used to encode the message body to ensure safe
transmission over SMTP, which may not handle binary data directly.
o Example: Content-Transfer-Encoding: base64
o Explanation: This header specifies that the content is encoded using base64, a
common encoding method for binary data.
7. Write short notes on FTP and MIME.
FTP (File Transfer Protocol)
FTP is a standard network protocol used to transfer files between a client and server over
a TCP/IP network. It's commonly used for uploading and downloading files to and from a
server.
Key Features of FTP:
Control and Data Connections:
Control Connection: Manages the session by sending commands and receiving
responses. It's usually established over TCP port 21 and remains open throughout the
session.
Data Connection: Used for the actual transfer of files. This can be established on
various ports, with the default being port 20 in active mode or a random port in passive
mode.
Active and Passive Modes:
Active Mode: The client opens a port and waits for the server to connect to it for data
transfer. The client sends the port number to the server using the control connection.
Passive Mode: The server opens a port and waits for the client to connect to it. The
server sends the port number to the client using the control connection, which is useful
when the client is behind a firewall.
Commands and Responses:
FTP uses a set of standardized commands to communicate between the client and
server. For example:
USER: Sends the username to the server.
PASS: Sends the password to the server.
RETR: Retrieves (downloads) a file from the server.
STOR: Stores (uploads) a file to the server.
Authentication:
FTP requires users to log in with a username and password. However, some servers
support anonymous FTP, allowing users to log in with a generic username (usually
"anonymous") and their email address as the password.
File Transfer:
FTP supports both binary and ASCII modes of file transfer, ensuring proper handling of
different file types. Binary mode is used for transferring non-text files like images and
executables, while ASCII mode is used for text files.
Advantages:
 Reliable and efficient file transfer mechanism.
 Supports large file transfers.
  Allows resumption of interrupted transfers in some implementations.
Disadvantages:
 Transfers data in plaintext, making it insecure (unless used with FTPS or SFTP).
 Requires manual configuration of firewalls for active mode.8

MIME (Multipurpose Internet Mail Extensions)

MIME is an essential Internet standard that extends the format of emails to support a
variety of content types beyond plain text. It's what allows you to send images, audio,
video, and other types of files via email.
Key Features of MIME:
1. Content Types:
o MIME allows emails to contain different types of content, such as:
 Text: Plain text and HTML
 Images: JPEG, PNG, GIF
 Audio: MP3, WAV
 Video: MP4, AVI
 Application Data: PDF, Word documents
o Each type of content is identified by a Content-Type header, informing the email client
how to handle and display the content.
2. Encoding Methods:
o MIME uses various encoding methods to ensure that different types of data can be
safely transmitted over email systems:
 Base64: Encodes binary data into ASCII text, ensuring safe transmission over
protocols that handle only text.
 Quoted-Printable: Encodes data where characters are mostly ASCII but some
special characters need encoding.
3. Multipart Messages:
o MIME supports multipart messages, allowing emails to contain multiple parts, such as:
 Plain text and HTML versions: Ensures compatibility with email clients that can
only display plain text.
 Attachments: Files like images or documents can be attached to the email,
described by Content-Disposition: attachment.
o Each part of a multipart message is separated by a unique boundary string defined in
the MIME headers.
4. MIME Headers:
Key headers in MIME that describe the content include:
MIME-Version: Indicates the MIME version used (commonly 1.0).
Content-Type: Describes the media type and subtype (e.g., text/html; charset=UTF-8).
Content-Transfer-Encoding: Specifies the encoding method used (e.g., base64).
Content-Disposition: Provides information on how the content should be displayed or
handled (e.g., attachment; filename="example.pdf").

8. Write short notes on TELNET

Telnet (Teletype Network)
Definition:
Telnet is a network protocol used to provide text-based, bidirectional, interactive
communication between a client and a server. It allows users to remotely access and
manage devices such as servers, routers, and other networked systems over a TCP/IP
network.
Key Features of Telnet:
1. Remote Access: Allows users to connect to and control a remote system as if they
were physically present.
2. Text-Based Communication: The protocol transmits commands and responses in
plain text.
3. Port Number: Telnet operates on TCP port 23 by default.
4. No Encryption: Telnet does not encrypt the data being transmitted, including
credentials, making it insecure for sensitive or public networks.
5. Interactive Sessions: Provides a command-line interface (CLI) for managing remote
systems.
How Telnet Works:
1. Client Initiates Connection: The user runs a Telnet client to connect to a remote
server using the server’s IP address and port number.
2. Login Prompt: The server prompts the user for a username and password.
3. Interactive Session:
Once authenticated, the user can execute commands on the remote system as if they
were physically present.
4. Connection Termination:
The session ends when the user logs out or disconnects.
Advantages:
 Simple and lightweight protocol.
 Useful for accessing CLI on remote systems.
 Compatible with most operating systems.
Disadvantages:
 Insecure: Transmits data in plaintext, making it vulnerable to eavesdropping and
attacks.
 Replaced by SSH: Due to its lack of encryption, Telnet has largely been replaced by
SSH (Secure Shell), which provides secure remote access.
Telnet Commands:
 open [hostname/IP]: Connect to a remote server.
 close: Close the current connection.
 quit: Exit the Telnet program.

9. Write short notes on SMTP

SMTP (Simple Mail Transfer Protocol)
SMTP is a protocol used for sending and receiving email messages over the Internet. It
operates on a client-server model and is essential for the transmission of emails from
one mail server to another.
Key Features of SMTP:
1. Transmission of Emails:
o SMTP is responsible for the transfer of email messages from the sender's mail server
to the recipient's mail server.
o It works primarily for sending (outgoing) emails, whereas protocols like POP and IMAP
are used for retrieving (incoming) emails.
2. Client-Server Model:
o The email client (e.g., Outlook, Gmail) acts as the SMTP client that sends the email to
the SMTP server, which then relays it to the recipient's mail server.
3. Ports:
o SMTP uses port 25 for default communication.
o Secure SMTP (SMTPS) uses port 465, and Message Submission uses port 587.
SMTP Workflow:
1. Mail Submission:
o The user composes an email and hits send.
o The email client (SMTP client) sends the email to the SMTP server, which is typically
provided by the user's ISP or email service provider.
2. Mail Transfer:
o The SMTP server examines the recipient's email address to determine the domain.
o The server uses DNS to look up the recipient's mail server (MX records).
3. Mail Relay:
o The SMTP server connects to the recipient's mail server using SMTP.
o It relays the email message to the recipient's server.
4. Mail Receipt:
o The recipient's mail server receives the email and stores it in the mailbox of the
recipient.
o The recipient can then retrieve the email using protocols like POP3 or IMAP.
SMTP Commands:
1. HELO/EHLO:
o Purpose: Initiates the conversation between the SMTP client and server. HELO is used
in older implementations, while EHLO is the extended version.
o Example: EHLO example.com
o Response: The server responds with its domain and a list of supported extensions.
2. MAIL FROM:
o Purpose: Specifies the sender's email address.
o Example: MAIL FROM: <sender@example.com>
o Response: The server acknowledges with a response code.
3. RCPT TO:
o Purpose: Specifies the recipient's email address.
o Example: RCPT TO: <recipient@example.com>
o Response: The server confirms the recipient's address.
4. DATA:
o Purpose: Indicates that the email content will follow.
o Example: DATA
o Response: The server responds with a code, prompting the client to send the email
content.
5. QUIT:
o Purpose: Ends the SMTP session.
o Example: QUIT
o Response: The server closes the connection.

10. What is SNMP? Explain SNMP working.

SNMP is a protocol used for managing and monitoring devices on a network. It allows
network administrators to monitor network performance, detect faults, and configure
network devices. SNMP operates at the application layer of the Internet Protocol Suite.
How SNMP Works
SNMP consists of three main components: managed devices, agents, and network
management systems (NMS). Here’s how they interact:
1. Managed Devices:
o These are network devices such as routers, switches, servers, printers, and other IP-
enabled devices that are monitored and managed using SNMP.
o Managed devices have SNMP agents running on them to facilitate communication
with the NMS.
2. SNMP Agents:
o Agents are software modules installed on managed devices.
o They collect data about the device’s performance, configuration, and status.
o Agents store this information in a Management Information Base (MIB), a
hierarchical database of managed objects.
3. Network Management Systems (NMS):
o NMS are software applications that communicate with SNMP agents to retrieve and
set information.
o The NMS processes and analyzes the data, presenting it in a user-friendly format for
network administrators.
SNMP Communication
SNMP communication involves several key operations: GET, GET-NEXT, SET, TRAP, and
INFORM.
1. GET:
o The NMS sends a GET request to retrieve the value of a specific MIB object from an
agent.
o Example: The NMS might request the current CPU usage of a router.
2. GET-NEXT:
o The NMS sends a GET-NEXT request to retrieve the value of the next object in the MIB
hierarchy.
o This is useful for traversing the MIB tree to collect sequential data.
3. SET:
o The NMS sends a SET request to modify the value of a specific MIB object on a
managed device.
o Example: The NMS might change the configuration of a network interface.
4. TRAP:
o An agent sends a TRAP message to the NMS to report significant events or alarms,
such as a device failure or threshold crossing.
o TRAP messages are unsolicited and help in real-time monitoring.
5. INFORM:
o Similar to TRAPs, but INFORM messages include a confirmation from the NMS,
ensuring that the notification has been received.
SNMP Message Flow
Here’s a typical flow of SNMP operations:
1. NMS Initialization:
o The NMS initializes communication by discovering devices on the network and
querying their MIBs.
2. Data Retrieval:
o The NMS uses GET and GET-NEXT requests to collect data from SNMP agents.
3. Data Configuration:
o The NMS uses SET requests to configure device settings as needed.
4. Event Notification:
o SNMP agents send TRAP or INFORM messages to the NMS to notify about significant
events.
Example SNMP Interaction
 GET Request:
o NMS: GET 1.3.6.1.2.1.1.5.0 (Request for the device name)
o Agent: Response: "Router1"
 SET Request:
o NMS: SET 1.3.6.1.2.1.2.2.1.7.2 = 2 (Disable the second network interface)
o Agent: Response: "Success"

11. Write short notes on POP3 and Webmail.

POP3 (Post Office Protocol Version 3)
Overview:
 POP3 is a protocol used by email clients to retrieve emails from a mail server. It is the
third version of the Post Office Protocol.
 POP3 is designed to work offline, which means emails are downloaded from the server
to the local device, and then deleted from the server by default.
Key Features:
1. Storage:
o Emails are stored on the client’s device after being downloaded from the
server, making them accessible offline.
o Server storage is minimized as emails are typically deleted after download.
2. Synchronization:
o POP3 does not support synchronization between devices. Actions taken on
one device (like deleting an email) are not reflected on other devices.
3. Simplicity:
o POP3 is straightforward and easy to set up, making it a popular choice for
simple email access needs.
4. Ports:
o Default port 110 is used for non-encrypted communication.
o Port 995 is used for secure communication (POP3S) with SSL/TLS encryption.
Workflow:
 The email client connects to the mail server using POP3.
 The client issues commands to log in and download emails.
 Emails are downloaded and stored locally, and optionally deleted from the server.
Webmail
Overview:
 Webmail refers to email services that can be accessed using a web browser.
Common examples include Gmail, Yahoo Mail, and Outlook.com.
 Webmail allows users to manage their email accounts directly through a web
interface, without the need for an email client application.
Key Features:
1. Accessibility:
o Webmail can be accessed from any device with an internet connection and a web
browser.
o Users can manage their emails from anywhere without needing specific software
installed.
2. Synchronization:
o Webmail services typically use IMAP, which allows for real-time synchronization across
multiple devices.
o Changes made in the webmail interface are reflected on other devices using the same
email account.
3. User Interface:
o Webmail interfaces are designed to be user-friendly and often include additional
features like spam filtering, calendar integration, and contact management.
o Many webmail services offer rich text formatting, attachment handling, and powerful
search capabilities.
4. Security:
o Webmail providers implement various security measures, such as HTTPS for
encrypted communication, two-factor authentication, and phishing protection.
o They often offer extensive spam and malware filtering to protect users.
Workflow:
 Users log in to their webmail account via a web browser.
 Emails are managed and accessed directly through the web interface.
 Actions taken on the webmail interface (such as reading, deleting, or organizing
emails) are synchronized across all devices using the same account.
Unit 6
1. Draw and explain ITU-T X.800 Security Architecture for OSI.
1. Draw and explain ITU-T X.800 Security Architecture for OSI.
ITU-T X.800 Security Architecture for OSI
The ITU-T X.800 recommendation provides a framework for security in open systems. It
defines a comprehensive set of security services and mechanisms that can be applied to
various layers of the OSI (Open Systems Interconnection) model.
Here's a simplified diagram of the ITU-T X.800 Security Architecture for OSI:
Security Services
The X.800 architecture defines the following primary security services:
1. Authentication:
o Ensures that the communicating entity is the one that it claims to be.
o Authentication can be applied at various layers, for example, end-user authentication
at the application layer.
2. Access Control:
o Prevents unauthorized use of network resources.
o Access control mechanisms can be enforced at different OSI layers to restrict who
can access certain data or services.
3. Data Confidentiality:
o Protects data from unauthorized disclosure.
o Encryption mechanisms can be applied to ensure that data remains confidential
during transmission.
4. Data Integrity:
o Ensures that data is not altered or tampered with during transmission.
o Techniques like checksums and cryptographic hash functions can be used to verify
the integrity of data.
5. Non-repudiation:
o Provides proof of the origin or delivery of data to prevent denial by the sender or
receiver.
o Digital signatures are commonly used to achieve non-repudiation.
6. Data Availability:
o Ensures that network services are available to authorized users when needed.
o Mechanisms like redundancy, failover, and load balancing help maintain data
availability.
Security Mechanisms
To achieve these security services, X.800 defines several security mechanisms:
1. Encipherment:
o The process of converting plaintext into ciphertext to protect confidentiality.
o Examples include symmetric and asymmetric encryption algorithms.
2. Digital Signature:
o A cryptographic mechanism that provides authenticity, integrity, and non-repudiation.
o It involves creating a signature using a private key that can be verified using the
corresponding public key.
3. Access Control:
o Mechanisms that enforce rules and policies to regulate who can access specific
resources.
o Examples include access control lists (ACLs) and role-based access control (RBAC).
4. Data Integrity:
o Techniques that ensure the integrity of data during transmission.
o Cryptographic hash functions and message authentication codes (MACs) are used to
verify data integrity.
5. Authentication Exchange:
o Protocols that verify the identities of communicating entities.
o Examples include challenge-response mechanisms and Kerberos authentication.
6. Traffic Padding:
o Adding extra data to network traffic to obscure the actual data being transmitted.
o This helps to prevent traffic analysis attacks.
7. Routing Control:
o Managing the routing of data to ensure secure transmission paths.
o Techniques include using secure routing protocols and filtering.
8. Notarization:
o Using a trusted third party to verify and timestamp transactions.
o This provides additional assurance of the transaction's integrity and authenticity.

2. Give short note on HTTPS.

Definition:
HTTPS is an extension of HTTP (Hypertext Transfer Protocol) that provides secure
communication over a computer network. It is widely used for secure transactions on the
web, such as online banking, e-commerce, and accessing sensitive websites.
Key Features of HTTPS:
1. Encryption:
HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security)
protocols to encrypt data transmitted between the client (usually a web browser)
and the server. This ensures that the data is unreadable to any unauthorized
parties.
2. Authentication:
HTTPS authenticates the server to ensure that the client is communicating with the
intended website. It prevents man-in-the-middle attacks by verifying the server’s
identity through digital certificates.
3. Data Integrity:
HTTPS ensures that the data sent between the client and server is not altered in
transit. If any changes are made to the data, the communication is immediately
flagged, and the data is rejected.
 4. Port 443:
While HTTP uses port 80 by default, HTTPS uses port 443 to establish secure
communication.
5. SSL/TLS Handshake:
During the initial connection, HTTPS performs an SSL/TLS handshake to
exchange encryption keys and authenticate the server. This ensures a secure
connection is established before any data is transferred.
How HTTPS Works:
1. Client Requests:
The user’s browser makes a request to the server for a secure HTTPS connection
(e.g., https://www.example.com).
2. Server Responds with SSL Certificate:
The server responds with its SSL/TLS certificate. The certificate contains the
server's public key, which is used for encryption.
3. SSL/TLS Handshake:
o The browser and server perform a handshake to establish a secure
connection.
o They agree on the encryption algorithms and exchange keys securely.
4. Data Transmission:
After the handshake, data is encrypted using symmetric encryption (faster and
more efficient). Both the browser and server can now securely exchange data.
5. Closing the Connection:
Once the communication is complete, the connection is closed, and the session
keys used for encryption are discarded.
Advantages of HTTPS:
 Security: Protects sensitive data (e.g., passwords, credit card information) from
interception.
 Trust and Authentication: Ensures the user is communicating with the intended
website, preventing spoofing and phishing attacks.
 SEO Benefits: Search engines like Google prioritize HTTPS websites, giving them a
ranking boost.
 Privacy: Ensures that the user’s browsing activity is private and cannot be easily
tracked.
3. Give short note on IDS.
IDS (Intrusion Detection System)
Definition:
An Intrusion Detection System (IDS) is a security tool used to monitor network traffic
and system activities for signs of malicious activity or policy violations. IDS helps detect
unauthorized access, attacks, and anomalies in a network or system and alerts
administrators about potential security breaches.
Types of IDS:
1. Network-Based IDS (NIDS):
o Monitors network traffic for suspicious activity.
o It analyzes traffic coming in and out of the network and looks for attack patterns.
o It is typically deployed at key points in the network (e.g., routers, firewalls).
2. Host-Based IDS (HIDS):
o Monitors individual devices (hosts) such as servers or workstations for suspicious
activities.
o It checks system logs, file integrity, and user activities to detect any unusual behavior.
3. Hybrid IDS:
o Combines both NIDS and HIDS functionalities, providing more comprehensive
monitoring.
How IDS Works:
1. Data Collection:
IDS collects data from various sources, including network traffic, system logs,
application logs, and configuration files.
2. Traffic Analysis:
The system analyzes this data in real-time or after collection to identify patterns that
match known attack signatures or detect anomalies.
3. Alerting:
If malicious activity is detected, IDS generates alerts to notify administrators or
automated systems to take action (e.g., block traffic, isolate affected systems).
4. Logging:
IDS logs detected events and activities for further analysis and forensic investigation.
Detection Methods:
1. Signature-Based Detection:
o Detects known patterns of attacks, such as virus signatures or specific exploit
patterns.
o It works similarly to antivirus software by matching data to predefined signatures of
known threats.
2. Anomaly-Based Detection:
o Identifies deviations from normal behavior, such as unusual traffic volume or
abnormal system behavior.
o This method can detect new or unknown attacks by spotting unusual activity but may
produce more false positives.
3. Stateful Protocol Analysis:
o Examines the state and sequence of protocol transactions to ensure they follow
expected patterns. It helps detect protocol anomalies that could indicate attacks.
4. Differentiate between Symmetric and Asymmetric Key Cryptography.
Feature Symmetric Key Asymmetric Key Cryptography
Cryptography

Key Usage Uses a single key for both Uses a pair of keys: a public key and a
encryption and decryption private key

Key Key must be securely shared Public key can be shared openly;
Management between parties private key must be kept secret

Speed Generally faster due to simpler Slower due to more complex

algorithms algorithms

Security Less secure if the key is More secure as private key is never
intercepted during exchange transmitted

Algorithm AES (Advanced Encryption RSA (Rivest–Shamir–Adleman), ECC

Examples Standard), DES (Data (Elliptic Curve Cryptography)
Encryption Standard)
 Usage Suitable for encrypting large Suitable for secure key exchange,
amounts of data digital signatures, and encryption of
small amounts of data

Complexity Simpler, requires only one key More complex, involves key pair
generation and management

Key Length Typically shorter (128-256 bits) Typically longer (1024-4096 bits or
more)

5. Explain SSL in detail.

SSL (Secure Sockets Layer)
SSL, which stands for Secure Sockets Layer, is a standard security technology for
establishing an encrypted link between a server and a client—typically a web server
(website) and a browser, or a mail server and a mail client (e.g., Outlook). SSL ensures
that all data transmitted between the web server and browser remains encrypted and
secure.
Key Features of SSL
1. Encryption:
o SSL encrypts data sent between the client and server, ensuring that even if the data
is intercepted, it cannot be read by unauthorized parties.
o Encryption uses cryptographic algorithms to transform readable data into unreadable
data.
2. Authentication:
o SSL uses digital certificates to authenticate the identity of websites. A trusted
Certificate Authority (CA) issues these certificates.
o Authentication prevents "man-in-the-middle" attacks by ensuring that users are
communicating with the legitimate website.
3. Data Integrity:
o SSL ensures that the data sent between the client and server is not altered or
tampered with during transmission.
o It uses checksums and hash functions to verify the integrity of the data.
How SSL Works
1. Handshake Process:
o When a client (like a web browser) connects to an SSL-enabled server (like a website),
the client and server perform an SSL handshake.
o During the handshake, they agree on the encryption algorithms and cryptographic
keys to use for the session.
2. Server Authentication:
o The server sends its digital certificate to the client to prove its identity.
o The client verifies the certificate against a list of trusted CAs. If the certificate is valid,
the client proceeds with the connection.
3. Session Key Establishment:
o After verifying the server’s identity, the client generates a session key (a symmetric
key) and encrypts it with the server's public key.
o The server decrypts the session key using its private key.
4. Secure Communication:
o Once the session key is established, both the client and server use it to encrypt and
decrypt the data they exchange.
o This symmetric encryption allows for efficient and secure data transfer.
Benefits of SSL
1. Security:
o SSL provides robust security for data transmitted over the internet, protecting it
from eavesdropping, tampering, and forgery.
2. Trust:
o Websites using SSL display a padlock icon in the browser’s address bar, indicating
to users that the connection is secure.
o SSL certificates enhance trust by verifying the authenticity of the website.
3. SEO Advantage:
o Search engines like Google favor websites using SSL, potentially improving their
search ranking.
Example of SSL Usage
 URL: When a website uses SSL, the URL begins with https:// instead of http://, where
"s" stands for secure.
 Padlock Icon: Most modern web browsers display a padlock icon next to the URL in
the address bar to indicate a secure connection.

6. Give short note on Firewalls.

Firewalls
A firewall is a network security device or software designed to monitor and control
incoming and outgoing network traffic based on predetermined security rules. Firewalls
are typically used to protect networks from unauthorized access, cyberattacks, and other
security threats by acting as a barrier between a trusted internal network and an
untrusted external network, such as the internet.
Types of Firewalls:
1. Packet-Filtering Firewalls:
o These are the simplest type of firewalls.
o They inspect individual packets of data and make decisions based on the
packet's source IP address, destination IP address, protocol, and port number.
o Advantages: Fast and easy to implement.
o Disadvantages: Limited in functionality and can be bypassed by more
sophisticated attacks.
2. Stateful Inspection Firewalls:
o These firewalls keep track of the state of active connections and make
decisions based on the context of traffic, such as whether a packet is part of
an established connection.
o Advantages: More secure than packet-filtering firewalls because they track
the state of connections.
o Disadvantages: More resource-intensive than packet filtering.
3. Proxy Firewalls (Application Layer Firewalls):
o These firewalls operate at the application layer of the OSI model and can
inspect the entire packet, including the data portion.
o Proxy firewalls act as intermediaries between the internal network and the
external network, filtering traffic based on specific application protocols (e.g.,
HTTP, FTP).
 o Advantages: Highly secure, as they can block potentially dangerous traffic
and even analyze the content of data packets.
o Disadvantages: Can introduce latency and performance overhead.
4. Next-Generation Firewalls (NGFW):
o NGFWs combine traditional firewall capabilities with additional features like
intrusion prevention, application control, deep packet inspection, and SSL
decryption.
o Advantages: Provides a high level of security by inspecting network traffic
more deeply and blocking more sophisticated threats.
o Disadvantages: Can be expensive and complex to configure.
How Firewalls Work:
 Packet Inspection: Firewalls inspect packets of data to determine whether to
allow or block them based on a set of security rules or policies.
 Traffic Filtering: Based on pre-configured security rules, firewalls either allow or
block network traffic. These rules can be based on IP addresses, ports, protocols,
and application types.
 Logging and Alerting: Firewalls often log traffic data and alert administrators to
potential security incidents or unauthorized access attempts.
 Network Address Translation (NAT): Many firewalls perform NAT, which
translates private internal IP addresses into a public IP address. This helps to
conceal internal network addresses and adds an extra layer of security.
Key Functions of Firewalls:
1. Access Control:
Firewalls prevent unauthorized users and devices from accessing a network or
system by applying rules about which traffic is allowed to enter or exit the
network.
2. Traffic Monitoring and Logging:
Firewalls log the traffic they inspect, providing a record of activities and potentially
malicious behavior. This is useful for detecting threats and auditing network usage.
3. Intrusion Prevention:
Firewalls can identify and block known malicious activities, such as denial-of-
service (DoS) attacks or attempts to exploit vulnerabilities in network services.
4. Virtual Private Network (VPN) Support:
Many firewalls can support VPNs, which allow secure connections between remote
devices and the corporate network by encrypting traffic.
7. Explain Types of Network Attacks.
Types of Network Attacks
Network attacks aim to disrupt, disable, or gain unauthorized access to a computer
network or its resources. Understanding the various types of network attacks is crucial
for implementing effective cybersecurity measures. Here are some common types of
network attacks:
1. Denial of Service (DoS) Attack
 Description: An attacker aims to make a network resource unavailable to its
intended users by overwhelming it with a flood of illegitimate requests.
 Impact: Causes network or service downtime, affecting availability.
 Example: Flooding a web server with excessive traffic, making it unreachable for
legitimate users.
2. Distributed Denial of Service (DDoS) Attack
 Description: Similar to DoS, but the attack is launched from multiple
compromised systems (botnet), amplifying the attack's scale and impact.
  Impact: More difficult to mitigate due to the distributed nature.
 Example: Coordinated attack from multiple sources targeting a single web server.
3. Man-in-the-Middle (MitM) Attack
 Description: An attacker intercepts communication between two parties,
potentially altering or eavesdropping on the exchanged data.
 Impact: Compromises confidentiality and integrity of the data.
 Example: Intercepting sensitive information like login credentials during
transmission.
4. Phishing Attack
 Description: Attackers masquerade as a trustworthy entity in electronic
communications to trick individuals into providing sensitive information.
 Impact: Leads to data breaches, identity theft, and financial loss.
 Example: Emails that appear to be from legitimate institutions requesting
personal information.
5. SQL Injection Attack
 Description: An attacker inserts malicious SQL code into a query input field to
manipulate the database.
 Impact: Unauthorized access to and manipulation of database information.
 Example: Retrieving or altering sensitive data from a database by exploiting input
vulnerabilities.
6. Eavesdropping Attack (Sniffing)
 Description: Attackers listen to unencrypted network traffic to capture sensitive
information.
 Impact: Breach of confidentiality.
 Example: Using packet-sniffing tools to capture login credentials transmitted over
the network.
7. Cross-Site Scripting (XSS) Attack
 Description: Attackers inject malicious scripts into web pages viewed by other
users, exploiting vulnerabilities in web applications.
 Impact: Execution of unauthorized scripts in the user's browser, leading to data
theft or session hijacking.
 Example: Embedding malicious JavaScript code in a comment section of a
website.
8. Brute Force Attack
 Description: Attackers use automated tools to guess passwords by trying multiple
combinations until the correct one is found.
 Impact: Unauthorized access to accounts.
 Example: Repeatedly trying different passwords to gain access to an email
account.
9. Malware Attack
 Description: Malicious software, such as viruses, worms, trojans, and
ransomware, is used to disrupt, damage, or gain unauthorized access to a network.
 Impact: System corruption, data loss, unauthorized access, and financial loss.
 Example: Ransomware encrypts data and demands a ransom for decryption.
10. Zero-Day Attack
 Description: Exploits vulnerabilities in software that are unknown to the vendor or
developers.
 Impact: High potential for damage as there is no prior knowledge or patch
available.
 Example: Exploiting a newly discovered vulnerability in a widely used application
before it is patched.
8. Explain IPSec in detail.
IPSec (Internet Protocol Security)
IPSec is a suite of protocols designed to secure Internet Protocol (IP) communications by
authenticating and encrypting each IP packet of a communication session. It provides
robust security measures to ensure data confidentiality, integrity, and authenticity over
IP networks, such as the Internet.
Key Components of IPSec:
1. Protocols:
o AH (Authentication Header): Provides data integrity and authentication of IP
packets. It ensures that the data has not been tampered with and verifies the identity
of the sender.
o ESP (Encapsulating Security Payload): Provides data encryption for
confidentiality, as well as data integrity and authentication. It can be used alone or in
combination with AH.
2. Modes:
o Transport Mode: Only the payload (the actual data) of the IP packet is encrypted
and/or authenticated. The IP header is left intact. Transport mode is commonly used
for end-to-end communication between hosts.
o Tunnel Mode: The entire IP packet (header and payload) is encrypted and/or
authenticated, and then encapsulated in a new IP packet with a new header. Tunnel
mode is typically used for network-to-network or gateway-to-gateway
communications, such as in VPNs (Virtual Private Networks).
3. Key Exchange:
o IKE (Internet Key Exchange): A protocol used to set up a secure, authenticated
communication channel and negotiate cryptographic keys. IKE automates the process
of mutual authentication and establishing shared secret keys.
How IPSec Works
1. Establishing the Security Association (SA):
o SA is a set of parameters that define the security attributes for communication, such
as cryptographic algorithms, keys, and protocols to be used.
o The process begins with the negotiation of SAs using the IKE protocol.
2. Mutual Authentication:
o During the IKE phase, both parties authenticate each other using mechanisms such as
pre-shared keys, digital certificates, or public key infrastructure (PKI).
3. Key Generation and Exchange:
o Cryptographic keys are generated and securely exchanged between the
communicating parties using IKE.
4. Securing Data Transmission:
o Once the SAs are established and keys are exchanged, IPSec can secure data
transmission using AH, ESP, or both, depending on the required level of security.
o Data packets are encrypted, ensuring confidentiality, and authenticated, ensuring data
integrity and authenticity.
IPSec Protocols in Action
 AH (Authentication Header):
o AH adds an authentication header to each IP packet, providing integrity and
authentication.
o Example AH Header:
o [ IP Header ] [ AH Header ] [ Data ]
 ESP (Encapsulating Security Payload):
o ESP encrypts the payload and adds an ESP header and trailer. It also provides
optional authentication.
o Example ESP Header:
o [ IP Header ] [ ESP Header ] [ Encrypted Data ] [ ESP Trailer ] [ ESP Authentication ]
Use Cases for IPSec
1. VPNs (Virtual Private Networks):
o IPSec is widely used to create secure VPN tunnels between remote sites or users and
corporate networks. It ensures that data transmitted over the public Internet is
encrypted and secure.
2. Secure Remote Access:
o IPSec allows remote users to securely connect to corporate networks, providing
access to resources as if they were on the local network.
3. Site-to-Site Connectivity:
o IPSec can be used to establish secure communication channels between different
network locations, ensuring that data remains secure as it travels between sites.
9. Give short note on S/MIME.
S/MIME is a widely accepted protocol for sending digitally signed and encrypted
messages. It is an extension of the MIME standard, which allows for the inclusion of non-
text attachments in emails. S/MIME enhances the security of email communications by
providing authentication, message integrity, and data privacy.
Key Features of S/MIME:
1. Encryption:
o S/MIME encrypts the email content, ensuring that only the intended recipient can read
the message. Encryption is done using the recipient's public key, and the message
can be decrypted only with the recipient's private key.
2. Digital Signatures:
o S/MIME allows users to digitally sign their emails, providing proof of the sender's
identity and ensuring that the message has not been altered in transit. The digital
signature is created using the sender's private key and can be verified by anyone with
the sender's public key.
3. Certificate-Based Security:
o S/MIME uses digital certificates issued by trusted Certificate Authorities (CAs) to verify
the identity of the sender and the recipient. These certificates are used to manage the
public and private keys needed for encryption and signing.
4. Interoperability:
o S/MIME is supported by most major email clients, including Microsoft Outlook, Apple
Mail, and Mozilla Thunderbird, making it a versatile solution for secure email
communications.
How S/MIME Works
1. Digital Signature:
o When sending an email, the sender's email client creates a hash of the message
content.
o The hash is then encrypted with the sender's private key to create a digital signature.
o The signed message, along with the sender's certificate, is sent to the recipient.
2. Encryption:
o The sender's email client encrypts the message using the recipient's public key.
o The encrypted message is sent to the recipient, along with the sender's certificate.
3. Verification and Decryption:
o Upon receiving the message, the recipient's email client uses the sender's public key
(from the attached certificate) to verify the digital signature and ensure the message
has not been altered.
o The recipient's email client then decrypts the message using the recipient's private
key.
10. Give short note on Security Policy and mechanisms.
A security policy is a formalized set of rules and guidelines that dictate how an
organization manages and protects its information and IT resources. It is an essential
component of a comprehensive cybersecurity strategy, providing a framework for
ensuring data integrity, confidentiality, and availability.
Key Aspects of a Security Policy:
1. Purpose and Scope:
o Defines the objectives of the security policy and the scope of its application within the
organization.
2. Asset Management:
o Identifies and classifies information assets to ensure appropriate protection based on
their value and sensitivity.
3. Access Control:
o Establishes rules for who can access specific information and resources, and the
conditions under which access is granted.
4. User Responsibilities:
o Outlines the responsibilities and expected behavior of users, including compliance
with security practices and reporting incidents.
5. Incident Response:
o Provides procedures for detecting, reporting, and responding to security incidents to
minimize impact and recover quickly.
6. Training and Awareness:
o Mandates regular training programs to educate employees about security policies,
threats, and best practices.
7. Compliance:
o Ensures that the organization adheres to relevant laws, regulations, and industry
standards related to information security.
Security Mechanisms
Security mechanisms are the tools and methods used to enforce the security policies and
protect information systems from threats. They provide specific protections and controls
to safeguard data and resources.
Key Security Mechanisms:
1. Encryption:
o Protects data confidentiality by converting information into an unreadable format that
can only be deciphered by authorized parties.
2. Authentication:
o Verifies the identity of users and systems before granting access. Examples include
passwords, biometrics, and multi-factor authentication (MFA).
3. Access Control:
o Enforces rules about who can access what information and resources. Techniques
include role-based access control (RBAC) and access control lists (ACLs).
4. Firewalls:
o Monitor and control incoming and outgoing network traffic based on security rules to
prevent unauthorized access.
5. Intrusion Detection Systems (IDS):
o Monitor network and system activities for malicious activities or policy violations and
alert administrators to potential threats.
6. Anti-Malware Software:
o Detects and removes malicious software such as viruses, trojans, and worms to
protect systems from infection and damage.
7. Data Backup:
o Regularly backs up data to secure locations to ensure that it can be recovered in the
event of data loss or corruption.
8. Security Audits and Monitoring:
o Conducts regular audits and continuous monitoring of systems and networks to
ensure compliance with security policies and detect vulnerabilities.
11. Explain model for network security.
Model for Network Security
A network security model provides a framework for understanding, designing, and
implementing security measures to protect networked systems and data. The model
encompasses various elements, including security policies, services, mechanisms, and
protocols, to ensure comprehensive protection against threats.
Key Components of a Network Security Model
1. Security Policy:
o A set of rules and guidelines that define how data and resources are to be protected.
o It includes policies for access control, user authentication, data encryption, and
incident response.
2. Security Services:
o Services that provide specific security capabilities to protect data and resources.
Common security services include:
 Authentication: Verifying the identity of users and systems.
 Authorization: Granting or denying access to resources based on policies.
 Confidentiality: Ensuring that data is not disclosed to unauthorized parties.
 Integrity: Ensuring that data is not altered or tampered with.
 Non-repudiation: Ensuring that actions or transactions cannot be denied by their
originators.
 Availability: Ensuring that resources are available to authorized users when needed.
3. Security Mechanisms:
o Techniques and tools used to enforce security policies and provide security services.
Common mechanisms include:
 Encryption: Protecting data confidentiality by converting it into an unreadable
format.
 Firewalls: Monitoring and controlling network traffic based on security rules.
 Intrusion Detection Systems (IDS): Detecting and alerting on suspicious
activities.
 Access Control Lists (ACLs): Defining which users or systems can access specific
resources.
 Digital Signatures: Verifying the authenticity and integrity of data.
4. Security Protocols:
o Protocols that implement security services and mechanisms in network
communications. Examples include:
 SSL/TLS: Securing communication over the Internet by providing encryption and
authentication.
 IPSec: Providing secure IP communications by authenticating and encrypting each IP
packet.
 SSH: Securing remote terminal access by encrypting the session and authenticating
the user.
Conceptual Model for Network Security
The conceptual model for network security can be visualized as a layered approach, with
each layer representing a different aspect of security. Here’s a simplified diagram of the
model:
plaintext
+----------------------------+
| Policies and Procedures |
+----------------------------+
| Security Services |
+----------------------------+
| Security Mechanisms |
+----------------------------+
| Physical Security |
+----------------------------+
Layers of the Network Security Model:
1. Policies and Procedures:
o Define the overarching security strategy and guidelines.
o Ensure that all security measures align with organizational goals and compliance
requirements.
2. Security Services:
o Provide the specific protections needed to secure data and resources.
o Address various aspects of security, including confidentiality, integrity, and
availability.
3. Security Mechanisms:
o Implement the tools and techniques necessary to enforce security policies and
provide security services.
o Include encryption, firewalls, IDS, and access control.
4. Physical Security:
o Protects the physical infrastructure of the network, including servers, data centers,
and network devices.
o Ensures that physical access to network resources is controlled and monitored.
Implementation of the Network Security Model
1. Risk Assessment:
o Conduct a thorough risk assessment to identify potential threats and vulnerabilities.
o Determine the likelihood and impact of various risks.
2. Security Architecture Design:
o Design a security architecture that incorporates the necessary policies, services,
mechanisms, and protocols.
o Ensure that the architecture addresses identified risks and aligns with organizational
goals.
3. Deployment and Configuration:
o Deploy and configure security mechanisms, such as firewalls, IDS, and encryption
systems.
o Implement access controls and user authentication measures.
4. Monitoring and Maintenance:
o Continuously monitor the network for security incidents and anomalies.
o Regularly update security policies and mechanisms to address new threats and
vulnerabilities.
5. Incident Response and Recovery:
o Establish an incident response plan to quickly address and mitigate security breaches.
o Implement data backup and recovery procedures to ensure business continuity.
12. List and explain various elements of Information Security.

Information security encompasses a variety of elements aimed at protecting data and

systems from threats and ensuring their integrity, confidentiality, and availability. Here
are the key elements of information security:

1. Confidentiality:
o Definition: Ensuring that sensitive information is accessible only to those
authorized to have access.
o Mechanisms: Encryption, access controls, and authentication mechanisms such as
passwords, biometrics, and two-factor authentication.
2. Integrity:
o Definition: Ensuring the accuracy and completeness of data, and protecting it from
being altered or tampered with by unauthorized individuals.
o Mechanisms: Checksums, cryptographic hash functions, digital signatures, and
data validation processes.
3. Availability:
o Definition: Ensuring that information and systems are accessible to authorized
users when needed.
o Mechanisms: Redundancy, failover mechanisms, load balancing, regular
maintenance, and denial-of-service (DoS) attack prevention measures.
4. Authentication:
o Definition: Verifying the identity of users and systems to ensure that only
authorized entities can access resources.
o Mechanisms: Passwords, biometrics (fingerprint, retina scan), smart cards, and
multi-factor authentication (MFA).
5. Authorization:
o Definition: Granting or denying specific access rights to resources based on the
identity of the user or system.
o Mechanisms: Access control lists (ACLs), role-based access control (RBAC), and
user permissions.
6. Non-repudiation:
o Definition: Ensuring that a party in a transaction cannot deny the authenticity of
their signature or the sending of a message that they originated.
o Mechanisms: Digital signatures and audit logs.
7. Accountability:
o Definition: Ensuring that actions of an entity can be traced uniquely to that entity,
which helps in detecting and responding to security breaches.
o Mechanisms: Audit trails, logging, and monitoring.
8. Risk Management:
o Definition: Identifying, assessing, and mitigating risks to information and systems
to minimize the impact of security incidents.
o Mechanisms: Risk assessments, threat modeling, and implementing security
controls.
9. Security Policy:
o Definition: A set of rules and guidelines that define how an organization manages
and protects its information assets.
o Mechanisms: Policies on access control, incident response, data protection, and
employee training.
10. Physical Security:
 o Definition: Protecting the physical infrastructure of information systems from
damage or unauthorized access.
o Mechanisms: Security guards, surveillance cameras, secure access controls, and
environmental controls like fire suppression systems.
11. Incident Response:
o Definition: Developing and implementing processes to detect, respond to, and
recover from security incidents.
o Mechanisms: Incident response plans, forensic analysis, and post-incident reviews.
12. Compliance:
o Definition: Adhering to laws, regulations, and standards related to information
security.
o Mechanisms: Regular audits, compliance checks, and adherence to standards
such as GDPR, HIPAA, and ISO/IEC 27001.

13. Explain Secure Socket Layer handshake Protocol.

SSL Handshake Protocol
The Secure Socket Layer (SSL) handshake is a crucial process in establishing a secure
connection between a client (such as a web browser) and a server. It ensures that both
parties authenticate each other and agree on encryption methods to protect the data
transmitted during the session. Here's a step-by-step explanation of the SSL handshake
protocol:
Steps of SSL Handshake
1. Client Hello:
o The client sends a "Client Hello" message to the server. This message includes:
 The SSL/TLS version supported by the client.
 A randomly generated number (client random).
 A list of supported cipher suites (encryption algorithms).
 A list of supported compression methods.
2. Server Hello:
o The server responds with a "Server Hello" message. This message includes:
 The SSL/TLS version selected by the server.
 A randomly generated number (server random).
 The chosen cipher suite.
 The chosen compression method.
3. Server Certificate:
o The server sends its digital certificate to the client. This certificate contains the
server's public key and is issued by a trusted Certificate Authority (CA).
o The client uses this certificate to verify the server's identity.
4. Server Key Exchange (Optional):
o If the chosen cipher suite requires a key exchange, the server sends a "Server Key
Exchange" message.
o This message may include additional keys or parameters needed for the key
exchange process.
5. Certificate Request (Optional):
o The server may request a certificate from the client for mutual authentication.
o If requested, the client will send its certificate in a later step.
6. Server Hello Done:
o The server sends a "Server Hello Done" message to indicate that it has finished its
part of the handshake.
7. Client Certificate (Optional):
o If the server requested a client certificate, the client sends its digital certificate to the
server.
8. Client Key Exchange:
o The client generates a pre-master secret and encrypts it using the server's public key
(from the server's certificate).
o The encrypted pre-master secret is sent to the server in the "Client Key Exchange"
message.
9. Certificate Verify (Optional):
o If client authentication is required, the client sends a "Certificate Verify" message to
prove ownership of the private key corresponding to its certificate.
10. Change Cipher Spec:
o The client sends a "Change Cipher Spec" message to inform the server that it will
start using the negotiated encryption and compression methods for all subsequent
messages.
11. Client Finished:
o The client sends a "Finished" message containing a hash of all previous handshake
messages, encrypted with the session key.
o This message indicates that the client part of the handshake is complete.
12. Change Cipher Spec (Server):
o The server sends a "Change Cipher Spec" message to inform the client that it will
start using the negotiated encryption and compression methods for all subsequent
messages.
13. Server Finished:
o The server sends a "Finished" message containing a hash of all previous handshake
messages, encrypted with the session key.
o This message indicates that the server part of the handshake is complete.
Post-Handshake
 Once the handshake is complete, both the client and server have securely
exchanged all necessary keys and parameters.
 They can now securely exchange application data using the agreed-upon
encryption methods.
14. Differentiate between Active attacks and Passive Attacks.
Feature Active Attacks Passive Attacks
Definition Attempts to alter system Attempts to intercept and monitor
resources or affect their communications without altering
operation. them.
Objective Disrupt, manipulate, or Steal or gain unauthorized access to
destroy data and services. information.
Examples Denial of Service (DoS), Eavesdropping, Traffic Analysis,
Man-in-the-Middle (MitM), Sniffing.
SQL Injection.
Impact Directly affects system Compromises confidentiality without
operations and data immediate impact on system
integrity. operations.
Detection Easier to detect due to Harder to detect as there are no
noticeable disruptions and immediate signs of interference.
anomalies.
Defense Firewalls, Intrusion Detection Encryption, Secure Communication
Mechanisms Systems (IDS), Anti- Protocols (e.g., SSL/TLS), Strong
malware. Access Controls.
 15. Draw and explain Operational Model of Network Security.
1. Security Policy Framework:
o Definition: The foundation of any network security plan. It consists of high-level policies
that define the rules and guidelines for securing the network and its data. These policies
determine the acceptable use of resources, access control rules, and the organization's
stance on threats.
o Key Functions:
 Establishing the goals of network security (confidentiality, integrity, availability).
 Identifying assets to protect (servers, databases, etc.).
 Defining security standards and procedures.
2. Network Security Architecture:
o Definition: A structured design of the security measures implemented across the
network to ensure its protection. This architecture lays out firewalls, intrusion
detection/prevention systems (IDS/IPS), and network segmentation techniques to
safeguard against threats.
o Key Functions:
 Protecting internal and external network boundaries.
 Implementing intrusion detection and prevention systems.
 Using segmentation to isolate sensitive data from other network resources.
3. Access Control & Authentication:
o Definition: This process ensures that only authorized users and devices can access
network resources. Authentication verifies the identity of users, while access control
regulates what resources authenticated users can access.
o Key Functions:
 Authentication methods (passwords, biometrics, multi-factor authentication).
 Access control mechanisms (role-based access control, discretionary access
control).
4. Encryption & Key Management:
o Definition: This involves encrypting data to protect it from unauthorized access
during transmission or while stored. Key management ensures that cryptographic
keys are securely generated, distributed, and stored.
o Key Functions:
 Implementing encryption protocols like SSL/TLS for secure data transmission.
 Ensuring key lifecycle management, including key generation, distribution, and
destruction.
 Protecting sensitive data (e.g., in transit or at rest).
5. Firewalls & IDS (Intrusion Detection Systems):
o Definition: Firewalls control incoming and outgoing network traffic based on
predefined security rules. IDS detects and alerts on potential security breaches or
malicious activities in the network.
o Key Functions:
 Firewalls: Prevent unauthorized access based on IP addresses, protocols, and ports.
 IDS: Monitors network traffic for signs of attacks, such as unusual traffic patterns or
signatures of known malware.
6. Monitoring & Logging:
o Definition: Continuous monitoring of the network to detect abnormal activities and
threats. Logging involves recording events, user actions, and network traffic for later
analysis or forensic investigation.
o Key Functions:
  Real-time monitoring for signs of security breaches.
 Logging user actions, system events, and network activity for auditing and
compliance purposes.
 Analyzing logs to identify potential security incidents or vulnerabilities.
7. Response & Recovery Mechanisms:
o Definition: These mechanisms are implemented to respond to security incidents and
recover from potential breaches. A proper incident response plan is critical for
minimizing the damage caused by attacks.
o Key Functions:
 Incident Response: Quickly detect, analyze, and respond to network security breaches
or incidents.
 Disaster Recovery: Plans for recovering from system failures or breaches to restore
normal network operations.
 Business Continuity Planning: Ensuring that critical business operations can continue
even during security incidents.
 Unit 3
1. List and explain functions of Network Layer.
2. Differentiate between Circuit Switching, Message Switching and
Packet Switching.
3. Write short note on network address translation.
4. Draw and explain IPV4 header.
5. Explain the concept of classful (A, B, C, D and E) and classless
addressing.
6. A host was given the 192.168.2.64/27 IP address, indicate : i)
Netmask of the network ii) The network broadcast address to
which the host belongs. iii) The total number of hosts available in
the network.
7. Describe in short the importance and working of ARP protocol ?
What is ARP cache.
8. Give short note on : i) ICMP ii) IGMP iii) RARP
9. Give short note on i) RIP ii) MPLS iii) BGP iv) OSPF v) Mobile IP.
10.192.168.5.71/ 26 for given address find out the i) Subnet mask? ii)
What is first ip address for given series? Iii)What is last ip address
for given series?
11. Draw and explain Header format of IPV6.
12. Explain Distance vector routing.
13.Explain Link state routing.
14.Explain Path vector routing.
15.A host was given the 192. 168.2.64 /25 IP address, indicate: i) Net
mask of the network in dotted decimal notation. ii) iii) The network
address to which the host belongs. The network broadcast address
to which the host belongs. iv) The total number of hosts available in
the network.
16.Suppose a router has built up the routing table as shown in the
following table. The router can deliver packets directly over
interfaces eth0 and eth1, or it can forward packets to other routers
in the table.
 Unit 4
1. Draw and explain TCP header format.
2. List and explain transport layer services
3. e2 a7 00 0D 00 20 74 9e 0e ff 00 00 00 0100 00 00 using this UDP
hexadecimal dump find out in decimal numbers i. Source port no.,
ii. Destination port no., iii. Total length of user datagram.
4. Draw and explain UDP header format.
5. What is socket? What are different types of socket? Explain socket
functions used in connection oriented services with diagram.
6. Explain SCTP protocol in detail.
7. Explain socket functions used in connection less services with
diagram.
8. Explain TCP congestion control in transport layer?
9. What is Quality of Service? Explain any two methods to improve
QoS?
10.Explain RTP protocol in detail.
11. 06 32 00 0D 001C E2 17 using this UDP hexadecimal dump find out in
decimal numbers i. Source port no., ii. Destination port no., iii. Total
length of user datagram.
12. Give the difference between TCP and UDP.
13.For each of the following applications, determine whether TCP or
UDP is used as the transport layer protocol and justify the
reason(s) for your choice. i) File Transfer ii) Watching a real time
streamed video iii) Web browsing iv) A Voice over IP (VoIP)
telephone conversation. v) YouTube video
14.Explain TCP state transition diagram?
15.Explain TCP connection establishment process with suitable
diagram.
16.What causes silly window syndrome? How is avoided? Explain.

1. Following is a dump of UDP header in Hexadecimal format 06 32 00 0D 00 1C E2

17 i) What is source port number? ii) iii) What is destination port number?
What is total length of the user datagram? iv) What is the length of the data?
v) Is packet directed from a client to server or vice versa? vi) What is the client
process?
 Unit 5
1. What is the difference between persistent & non persistent HTTP?
Explain HTTP Request & Response message format.
2. What is DHCP? Explain DHCP working with client state diagram.
3. Differentiate between POP & IMAP protocol.
4. Explain how DNS query resolved?
5. Explain FTP w.r.t. control and data connection? Explain any two FTP
commands.
6. When web pages containing emails are sent out, they are prefixed
by MIME Header, why? Explain MIME Header.
7. Write short notes on FTP and MIME.
8. Write short notes on TELNET
9. Write short notes on SMTP
10.What is SNMP? Explain SNMP working.
11. Write short notes on POP3 and Webmail.
Unit 6
1. Draw and explain ITU- T X.800 Security Architecture for OSI.
2. Give short note on HTTPS.
3. Give short note on IDS.
4. Differentiate between Symmetric and Asymmetric Key
Cryptography.
5. Explain SSL in detail.
6. Give short note on Firewalls.
7. Explain Types of Network Attacks.
8. Explain IPSec in detail.
9. Give short note on S/MIME.
10.Give short note on Security Policy and mechanisms.
11. Explain model for network security.
12. List and explain various elements of Information Security.
13.Explain Secure Socket Layer handshake Protocol.
14.Differentiate between Active attacks and Passive Attacks.
15.Draw and explain Operational Model of Network Security.