 So, this is now become a question and answer session. So you can ask questions related to the content that was covered, as well as lab, whatever questions you have, I am happy to answer. Yeah. Good morning, ma'am. Actually, a question is related to Wireshark and basically we are running this Wireshark in window-based version. So I want to know that what is the advantage that if you use the TCP dump, because the packet capturing this scan we can do in the window-based GUI and all. Even that ERP request and ERP this also we can do on command prompt window. Yeah. So I mean the same point. But I am saying that whether it is in the main workshop also we have to do in the same way what you have. Actually it is a question of whatever it is you be consistent in what you tell your participants. The reason why I said TCP dump, again I am emphasizing is in Wireshark when you say capture is going to capture a whole bunch of packets, right. And then you have to put a filter where when you sort the packets you have to specify what the filter is and then it will sort it and display the select set of filters. That is perfectly fine. If you are comfortable with it, finally what matters is that they evaluate the packet and they are comfortable with it that is perfectly fine. As I said it is to me to filter I somehow find Wireshark filtering to be generally a bit maybe because I am not that familiar with because I already learned TCP dump I know how to filter. I have not learned Wireshark filtering thereby I don't find it very easy to filter. But if you are starting from scratch and you want to learn how to filter in Wireshark, specify how to specify host, this number, port, this number, ARP, whatever it is. If you learn it and you convey it to them, fine. That I will leave it up to you as a remote center in charge. So I am but which will be the more advantageous that I want. There is a personal preference I am sure there are people here who will say I love Wireshark I will do everything in Wireshark. People who will say I love TCP dump I will do everything. It is good to know both tools. It doesn't hurt what I mean you are learning two tools in one shot. So it's but your personal preference finally what matters is they evaluate the trace. Whatever method you want to follow you follow. For which you become comfortable, you become familiar, you should know how to filter. I think to install this TCP dump and all these on you went to or this Linux platform please provide us some guidelines. Yes, so there will so don't I mean let's not get into questions about that. There is a specific section where I will specify what exactly do you need to do to conduct the labs in the main workshop. There is a specific this is on the final day. Thank you. Madam can we show the DSCP packet sitting at the client side? Like DSCP packet capture can we show? DHCP? Dynamic host configuration packet. Yes. Sitting at client side. Yes there is an exercise for that also. Madam we usually say that IP address is a logical one because we can change it very easily. It is also true with MACID means we can change the MACID. What things happens behind the screen? Okay. As far as IP address is concerned it has been designed as a goal is to change it. The MAC has not been designed if you are changing it it is a hack or it is something you are not supposed to do your doing. So that's the high level thing. When it was designed people came up with IP addresses. They were supposed to be changed based on location. When people came up with MAC addresses they are not supposed to be changed based on. They are supposed to be fixed. I mean it's like a security or not supposed to do something but people still do it. You are not supposed to steal. People still steal but it's one of those things. MAC addresses are not supposed to change but people can hack them for some malicious purposes. Even system administrators may do something like that for valid purposes also. But all I am saying is by default they are not supposed to change. What is the difference between protocol number and port number? Create confusion with that some having the protocol number some not having the... For example TCP having the 617 protocol number I think and UDP having the... Actually it's at what layer you are looking at. So protocol number is something that the network layer uses to determine which transport layer process it has to pass the packet to. That is the protocol number. So TCP has 6 and UDP has whatever. ICMP has 1. So whatever are these this is what the network layer is using to determine which of the other network layer processes which is ICMP in this case or the transport layer processes it has to pass the packet down. Port number is being used by the transport layer to determine which of the application layer. So it's... Port number is working at the transport layer. Protocol number is working at the network layer. My question is related with forwarding. There are various mechanisms or there are various methods of forwarding like host is specific, network is specific, router is specific. I know that each and every method has its own... I don't digest and I just don't digest. But just to confirm here in the lab session, I just want to confirm whether it's like a router-based forwarding mechanisms or network-based forwarding scheme. I just want to confirm like in lab sessions which method it is useful. Useful as in there is... So there is something that is implemented. So when you are talking about forwarding, the one that is visible for you as a user is network layer forwarding. Switch layer forwarding you can't even see because it is transparent. It just goes... So let me just... So let's say this is a switch and this is your host that is connected to the switch. The switch in turn is connected to another switch. This in turn is maybe connected to another switch. And here is maybe... Let me call it router that is there. In turn this is connected to some other. So let's say this is somehow the way things are set up. Now when you are sending a packet, this destination let's say it is somewhere this side. Let's say this router is directly connected to a switch and this is where the host... Let me call this host B and this is host A. Now when host A is sending a packet to host B, what you are going to do is... So the packet that you assemble as I said there are... You have to take care of the MAC addresses as well as the IP addresses. So from the MAC perspective, the source is kind of straight forward. You assign your own source MAC address and the destination MAC address, you are going to assign it to that of this router R. Because as far as you are concerned these switches are transparent. They are not... They will just forward internally but as you see you are not directly connected to the router. It is going through many switches. Now when this... And as far as IP address is concerned with respect to the source you will put your own IP address which is corresponding to host A and the destination will be... Let me call this RM to represent the MAC address of R. This one will be B. Now this packet will come through the switch. If the switch knows where this router MAC is, it will directly send like this. Otherwise it will just broadcast everywhere. Finally when it broadcasts it will come to the router. Router will now look at this packet, figure out that it has to go through this destination B and it knows that this destination B is on this side. So thereby it will again maybe call ARP which is again broadcast. It will get the MAC address of B and it will assemble a packet where on the top is AB, a source and destination at the IP level. At the MAC level it will put router MAC as the source and B MAC as the destination and send it. And B will get it because the switch again if it knows it will forward otherwise it will flood everywhere. So that is how things happen where the network layer is interspersed with link layer in this particular fashion. My question is related to TCP. Like in heterogeneous network suppose multiple senders are communicating with multiple receivers via common bottleneck link. Then I believe that my sender window size has to be equivalent to BDP. Is it correct or it has to be divided by the number of flows? It is deterministic environment for example. So it depends upon how you are defining BDP. BDP is often defined as client specific. It already factors in, so if there is bottleneck bandwidth let's say is 1 Mbps, right? TCP is, there is some fairness to TCP. It's not perfect fairness. Then let's say there are 10 hosts that are sharing this bottleneck bandwidth. Now TCP is, there is some fairness to it. So what it will do is 1 Mbps it is going to divide by 10. So each is going to get 100 Kbps. Now the BDP that you are going to experience through this whatever windowing mechanism will correspond to 100 Kbps. So TCP has it factored into the way it operates. So there isn't anything like the BDP is 1 Mbps. BDP is not 1 Mbps really. The bottleneck bandwidth is 1 Mbps but the bandwidth delay product each client sees will be already that factors in the fairness that will be 100 Kbps which is corresponding to what you should get. When we set this value for example on sender if my BDP is very small and let's say I keep this very small I can exploit the available bandwidth. Right, so what I am saying is I need to set that value minimum equivalent to BDP. You have to set it to a value equal to not don't call it BDP. BDP you call it bottleneck bandwidth along the path. Whatever bottleneck... So for example this tuning of the window size in a typical setting it doesn't occur. The default values are what are going to play but suppose you are using a satellite link where the delays are rather large then it's important to tune because otherwise you are not going to utilize the bandwidth. So the tuning should happen with the knowledge only with the knowledge that you know where the bottleneck is what you are experiencing then you should tune. In general there is no tuning typically for the kind of throughputs that you experience in a typical internet setting they are already tuned to operate they are typically set at a higher value. So that you can utilize the... And how Q-Size will affect the performance in the same scenario like Q-Size on intermediate route or where there is a bottleneck or maybe Q-Size on each sender. Yeah. So what is going to happen is... TCP again if you have gone through the video it's a very dynamically adaptive protocol. So what it does is it... as it gets feedback from the network it is going to adapt its behavior where really it's going to change the window size based on it will increase if there is more bandwidth it will decrease if there is less bandwidth. So it'll adapt to what it is seeing. So currently if it is able to... its fair share is only 100 kbps it'll start sending data corresponding... the window size it'll set such that the delay corresponds roughly to 100 kbps. Now but if other flows have went away the queue has become smaller now we are starting to get 200 kbps. TCP will again adapt it'll increase the window size such that you are able to get 200 kbps. In fact that is the beauty of TCP it's extremely... I mean each time I look at TCP I will... this is... TCP is like the... of all the protocols I have it's a personal favorite. So that's the function of TCP the way it does it. So queuing, so what happens is as condition sets in packets will get dropped because queues have overflowed this is a feedback to the TCP to cut down its window and as condition goes away and you are able to... go through that to increase to see whether it can get more. So it's a dynamic protocol that automatically manages all these things. There are two kind of forwarding or routing that is source based routing and the destination based routing. I think whatever you explained here it is a destination based routing. That is the default. Can you show the mechanism how source based routing is carried out in networks? Well source based routing is not used in the internet that is why we don't cover much about it. So source based routing is used in the majority of the internet we don't use our source based routing because it's not efficient. It's not just that you're putting the burden of figuring out the root on the source and people like you and me who have computers it's not an easy task to figure out what the root is. So source based routing is used in very specific scenarios typically by these the ISPs where they know the path and they kind of know a lot of details where they will install a source based thing to for example ensure that certain traffic goes along a path and not through some other path because of some competition or because of security concerns or whatever it is. So source based routing is not often used just by ISPs in a very specific setting or in the research domain where people like in red-hawk networks that kind of setup you will see internet doesn't use as such source based routing. Ma'am actually I tried number of time to go through this topic but I was not able to understand the concept of actually forwarding mechanism of source based routing I'm clear about this. Source based routing is in fact even simpler than this all you're specifying the entire path you're seeing that for example again let me there are 2, 3 there is lose whatever strict source routing means your packet has to take the entire path that is specified the non strict I don't know what it is called is lose source routing is it has to cover whatever is mentioned but in between it can take other paths. So I'll probably okay so here is the source whatever this is the destination so this let me call it R1, R2, R3, R4 okay so this is so when you are specifying to reach destination you basically specify that this packet has to go through R1, R2, R3 R4. Okay so when it comes to R1 it knows it has to go to R2 and not this let me call it X1, X2, X3 it should not go through X1 so it will forward the packet here. R2 knows that it has to go to R3 so it will forward it may have other interfaces it's not going to send on them. R3 knows it has to go it will come here this knows that this is the destination it will send it here now the strict and lose people have. I think it is some kind of a virtual connection which we use in frame relay or FDDI networks. This is no virtual connect well you are insisting that this is the path it has to take there is no connection set up a priority for this path to take that is not that is virtual circuit switching this is not virtual circuit switching this is regular routing except that you are specifying the entire path so the job of the router in destination base routing is to look at the routing table the job of a router in source base routing is just to look at the header figure out who is the router figure out which among the interfaces corresponding to it and push it out on that. So how this router R1 will come to know that it how to forward only to the R2 and not to the X1 or X2. This source route is carried in the header of the packet that this guy sends yeah so this source sender that is sending this packet there is a header field in the packet right in the network layer header in this network like a header you are specifying the path that it take SR1 R2 R3 R4 and D this entire path is specified as part of the header so a router just needs right now a header has only the destination address which you look on a routing table to forward that is destination base routing here a router will look at the header figure out the entire path it is telling which the next stop is it doesn't have to consult any routing table it will just forward based on that that is source base route. Thank you. We can consider the MAC addresses the bunch of MAC addresses are allocated to different different NIC manufacturers. Suppose if I can consider the Cisco X number of MAC addresses are given to the Cisco but Cisco is manufacturing more number of NICs compared to only the X numbers so is it that the Cisco is supplying the same MAC address NIC1 to the India and same MAC address NIC2 US or UK or Australia. All I know is there are 2 to power of 48 which is a huge number you are not going to exhaust that space anytime soon so there are enough MAC address space. MAC address space is definitely not a problem so often what is done is each company so there is the company portion of it the first 8 bits or whatever is assigned to the different companies within that they can again subdivide it India may have the next 4 bits others may have other bits but what exact mechanisms do these people use to distribute the MAC addresses I don't know but scarcity of MAC addresses is not quite there consider they are manufacturing the NIC 80s onward then again the NICs are life of NIC is only 3 to 4 years normal life of NIC so again they have manufactured even if you use it 2 to the power of 48 is such a I think even if you are doing this for the past 100 years or 200 years it will not be I mean you know the it is something like it is a huge number even the total machine over the globe are including the routers even the 2 to the power of 48 you do the calculation 2 to the power of 48 is a huge number it is like the IP thing when they talk 2 to the power of 128 is I mean some of it is I don't know how much to believe it is like since big bank theory the number of milliseconds that has passed is still less than some such statistic is there with respect to IPv6 but in this 48 because they have to reuse the same thing that is what do they have to reuse life is less if I can consider the IP okay IP usability is possible because it is reconfigurable but if the manufacturer has manufactured one NIC in 80s with the address X1 but that life of that particular NIC is not more than 30 to 4 years that is fine but all I am saying is you worry about the problem when there is address space I don't think the address space is there yet because that number is really huge if it's a smaller number like 16 I would say yes 32 also fine but 48 is still from 30 to 48 I mean each one is a doubling you imagine like it's a huge number I don't think you are going to run out of MAC addresses anytime maybe for the next maybe I have to do the calculation but my gut feeling is for the next few generations you don't have to worry Comparing the IPv4 and IPv6 packet format we are observing that some portions are not present in the IPv6 packet format is it advantage or disadvantage comparing with the IPv4 and IPv6 and there is another small question that is it affect the security of the routing protocol whenever the IPv6 is used can it affect the secure routing protocol or in the routing protocol is it the some fields are not present in the IPv6 and how can you manage the so first of all when people went from IPv4 to IPv6 they know all the troubles of IPv4 so whatever they do I mean if they are intelligent people will be such that it addresses many of the shortcomings of IPv4 and doesn't security by the time is also people are aware of the kind of secure issues people are facing so IPv6 header is a very streamlined header and there is a reason why they have removed some of the fields this is mainly for multiple reasons so for example you do not see fragmentation in IPv6 the reason why they have removed fragmentation is it puts additional load on some of these intermediate routers to fragment the packet and that tends to increase the speed of the router so and then does it mean that there is still a need for fragmentation in other words you cannot really say all packets along a path will support the MTU size that may not be true but the burden of fragmentation has been pushed to the source source has to figure out what is the right fragment to use along a path and then once it figures out all the packets will just pass because you are not going to do fragmentation as far as the routers are concerned so it has streamlined some of these things keeping in mind the capabilities of the routers and so on and so forth in fact I would say it has removed a lot of these options the header also is options are there but they have been cleverly designed such that if there are not options the router is very efficient in reading the header because it's a fixed block but if there are options there then it's been designed cleverly that it's a pointer based system so it again improves the router processing speed the way it had happened in IPv4 is if there are options there you don't know where I mean it's a they're spread about you have to interpret each and everything for you to figure out what it leads to router delays so all these things are nice features that IPv6 has handled now the question is the compatibility now if you're using IPv6 and the fact that you have removed some of the fields what if there is an intermediate router that is IP version 4 and now we have a packet that is IP version 6 now what is to be done about it so that's the migration issues so a lot of the migration issues till the transition has happened by transition I mean everyone shifting to IPv6 from IPv4 till this transition has happened lot of this migration issues are handled a bit manually in other words the ISPs when they change the routers they tunnel they establish a tunnel so such that in case there is so all these are configured specifically it's not automated where things happen no they don't happen so you ISPs have to configure the routers such that the portions that are handled by IPv4 you tend to put an extra header such that they do and they do that kind of thing this is manually configured by ISPs thank you ma'am can we establish TCP between different subnet different subnets you can establish TCP within your own host so there is no question of TCP is just a transport layer mechanism for the endpoints can be the same IP address but different port numbers within the same machine you can establish for example within a lab if you are trying to SSH to your neighboring machine that SSH is operating over TCP which means you are establishing TCP between one host and other host that are neighbors as far as the network you can this is when you do socket programming assignment maybe you will also see you will when you do socket programming for debugging you don't want to involve another machine because that means traffic has to go so often you establish the two processes are running on your own machine and they are using TCP to communicate with each other or sockets the TCP UDP is up to you but you can communicate with different processes within the same machine using TCP TCP is a connection oriented so things and in the network actually IP data packets will be forwarded through different path I think so how this connection oriented we call this connection oriented then so when we say TCP is connection oriented all it is meaning is before you start sending the data the both endpoints have to manage their state or exchange their state so what happens with TCP is again let me so here is a host let me call it A it is going through many routers R1 R2 R3 and here is another host B and now I am establishing a TCP connection from A to B so this is the TCP connection now before sending data on TCP I am going to exchange some information to B so I am going to say for example that I can support SAC or I am using so some of these features you can specify or I am using this sequence number starting from X whatever is this information this is the state that you are exchanging with B only this is connection oriented in other words when you get a packet you just don't send it off to the other guy unless the state it needs to know what sequence number this connection is going to start all this information it needs before it is ready to receive the data connection oriented means this state exchange has to happen before you send the data connection less means you don't maintain any state first packet comes push it now if you see A and B are using this routing infrastructure to exchange this data so A is going to send this information B will send ok fine do whatever you want that kind of exchange happens then data transfer happens now when you look at the router R1 once it receives this packet corresponding to this A to B so the source is A destination is B and this is the packet what it is going to do is it will just send it out it is not establishing a connection with R2 telling expect this packet from it is not it will somehow figure out a path and it is going to send it out to R2 R2 intern also will send it out to R6 it will go to B so connection oriented is in that context the TCP is exchanging information before it can send the data between A and B and it doesn't care whether there is 1 hop 10 hops 100 hops in between because to it that doesn't matter for all practical purposes they are both on the same host also it doesn't matter as far as TCP is concerned but it has to exchange this data that means 2 end process are always ready in router when you do connection less in connection less you are design the protocol such that you don't have to exchange any data and still act on whatever you are getting whereas in TCP the protocol has been designed such that you have to exchange the data before exchange some connection state before you can start acting on the functionality so that is the difference between connection oriented and connectionless ma'am what exactly what is the load balancer and what is the role of the load balancer in transport layer, network layer and the link layer I give an example for my network say I have a lot of lines for the internet I simply connect those lines on the load balancer and I simply pass some lines to various networks for my network architecture so how this load balancer works so that is when you point it out load balancing can be done at different layers of the protocol stack it can be even done at application most of the load balancing that you see at the server levels is at the application level so for example I have a server that is set up and when there are many connections coming I will push some connections on to some other server and some other connections on to another server they are going to handle that is server level load balancer ma'am that is the application level load balancer as a hardware some load balancer as a hardware this work on the network layer also ma'am so the network layer load balancing works in this fashion so for example so there are two ways to reach a particular so for example if you have when you run the routing protocol you figure out that you can reach this destination through P1 or P2 often again what is this router R will maintain only one entry corresponding to D which is suppose this is going via R2 it will say to reach D sent to R2 it typically maintains only one but if you want to do load balancing what you can do is when you do this you may also associate that this path has a cost of let's say 10 and you will say D to reach through R3 this path has a cost of what is it called let's say 20 okay now this is a very crucial functionality of the routing protocol if with this for example if you receive let's say packets you can decide that since this cost is more I will send 80% of the packets on this path I will send 20% of the packets on this path you can do something like that but if your routing protocol is not aware of this for example if you are using distance vector of a routing protocol this can lead to routing loops because it's a dynamic thing each one thinks the path on the other side then you start to looping but if you are using some for example in adhoc routing or whatever where the protocol is not distance vector but some other version of the protocol which is load balancing compatible and you ensure that routing loops do not happen then what you can potentially do is you can send 80% of the traffic and send 20% of the traffic here so that is how load balancing works at the network layer where if there are multiple paths between the same source destination depending upon the capabilities of the path you try to split it ma'am there are one watchguards watchguards simply for example my network is connected with the proxy server and my proxy cannot pass some particular IP but using a watchguard I simply pass on those packets which are having the destination of that particular IP which are blocked by the proxy server so how the watchguard work on the network layer ma'am tightly bombay also we have this proxy server and if you want to access certain websites that are restricted in other words the proxy will not permit the access to those websites and you still want to access those websites so there are some of these other servers you can contact to get that particular content is that what you are trying to circumventing the operation of the proxy ma'am there are two ways either I simply put some filter on proxy server simply filter these packets from the proxy server but for the same subnet the subnet is blocked but for the same subnet only one particular IP can be allowed to pass the packets so for this in our network architecture administrator simply put one IP my IP on the watchguard watchguard is simply a hardware unit there simply put some IP and the packets from my IP pass on through the proxy server okay so I mean I think probably what you are referring to is the firewall rules that so typically whenever there is a firewall which has been configured so for example it may say block all packets coming from let's say 10.105.star.star which means everything is blocked but you can also put an exception saying that the longer prefix but do not block packets from 10.105.10. level which may be your IP address so this is a function of how you set the rules within the firewall to act upon this I mean that's an entire use so most of the the firewall configuration is again a very complicated thing but it provides a rich set of functionality for you to set rules so it depends upon how you set the rules within it to implement the required functionality you want like let this traffic pass don't let that traffic pass allow this user, don't allow that user in fact you can do it at the user level you can do it at the IP address level you can do it at the port level there are many things you can set as part of the firewall but all this are actually going up the protocol stack to the application which is doing this looking at all the things dropping the packets and then again they go down and go ma'am can I identify this with the help of command that particular packet is drop had or drop tell ma'am there are two types of drop had and drop tell in a queue then how can I identify with the help of command that this particular packet is drop had and drop tell as such you cannot so this is a queue so a router typically implement drop tell they don't implement a drop head now if a packet is dropped you have unless the router conveys that information to you in fact you don't even know where it got dropped there is an entire path taking R1, R2, R3, R4 unless R3 tells I dropped your packet through some ICMP message you cannot even know where your packet got dropped so that kind of feedback is expecting a lot from the internet which is best effort which often doesn't convey this kind of information