 Let us get started with the lab, so here is the lab assignment for today, so in this lab you are going to understand various protocols that operate at the network layer. So you will look at how IP fragmentation works, you will also look at the DHCP protocol and ICMP protocol, so let us see what the exercises are. So the first exercise is on IP fragmentation, I mean if you have covered the concepts you will know that, so what happens is this is your host and you are sending some packets over multiple hops, so these are this intermediate routers, let me call them R1, R2, R3, finally there is another host at the end point. So this is the path the packets are going to take, now the empty new size which is the maximum transmission unit that can be carried on a link can vary from link to link, Ethernet has a size of 1500 but there may be other technologies in between that may have different size, for example if you are using a PPP link for in the middle you can have a size of only 512. So whenever you send a packet that exceeds the size of the underlying maximum transmission unit size, you have to break up the packet that is IP fragmentation, I will not get into too much detail you can look into the slides to understand how IP fragmentation is done. So this exercise is going to show you a demonstration of what is happening to the IP headers when the packet gets fragmented, so what you are going to do as part of this exercise is you will first we have provided some scripts called send UDP I think, I will, so I think it is send UDP but does not matter the name, so this is a script, this is a code that has been provided for you, what this code does is it is going to send a packet of the specified size. So what you are going to use is use this program to send packets that exceed 1500, so you should definitely send a large packet that is greater than 1500 let us say 4000 and you could also try sending a packet that is under 1500 let us say 500 and in each case you can see what is happening when the packet goes out, so in your particular case your host is connected over Ethernet which has an MPU size of 1500, so what you are doing is at the protocol the socket programming level you are generating a large packet of size 4000, so this means that your network level which is the IP layer is going to fragment this particular packet and create multiple fragments whereas in this particular case where you are sending only 500 bytes it has no reason to fragment, so it will just send it out. So when you are using the send UDP dot C you have to specify I mean I will let you figure out how to use the code it is kind of rather straight forward, so use this code to generate a packet and send it out and experiment with different packet sizes and just like before you first have to run TCP dump with the right filters then you use the send UDP program to send the required packets and then you are going to stop TCP dump and analyze your trace through wire shark where when you are analyzing the trace to wire shark you will look at the IP headers to see how the packet has been fragmented, so that is part of exercise 1. So when you are using this IP fragmentation a point to note is this is a send UDP dot C it will generate a single IP packet of a given size and it is going to send it to a specific destination IP address which destination IP address you should use try both an existing host and a non-existing host and see what happens that is something for you to figure out. The next exercise is on DHCP which is basically this dynamic host configuration protocol. This protocol is used to obtain an IP address apart from obtaining an IP address often you get additional information such as who the DNS server is, who your next hop router is so on so forth. So normally in order to run DHCP you need root permissions since you may not have root permissions on your machines if you have you can by all means go ahead run this particular so basically all you need to do in case you have root permissions is in a terminal you have to type DHCP and the ethernet the interface information is 0 yeah what you need to type is DHCP not DHCP because that is the program that is going to execute the DHCP protocol so just type DHCP is 0 on any terminal with root permission so you run TCP dump in a terminal you run DHCP is 0 and then close the TCP dump open it via shark you will see a trace but if you do not have root permissions that is also fine I have provided you a trace within that Google Drive in fact your coordinator will also provide you that information all you need to do is evaluate that particular trace that I have provided and in the process understand how DHCP works and answer these following questions. Exercise 3 is about this protocol called ICMP it stands for internet control message protocol so the objective of ICMP is to provide some kind of feedback at the network layer so the routers whenever they are unable to do a task for example if they are dropping a packet mostly they have no obligation to tell you that they have dropped a packet but sometimes they do tell similarly end hosts also if you are sending a packet to a port where no one is listening at the end host the end host often sends a packet saying no one is listening on this particular port routers for example could tell that there is no such destination at the other end but that is totally up to the router to tell some routers do not reply back based on ICMP some routers do so the fact that you did not get a reply means you do not have much feedback on what is happening so this exercise 3 is about generating different type of ICMP types type 0 code 0 type 3 code 3 type 8 code 0 if you are not clear what it is I would ask that you look at the ICMP slides to understand what this type and code is you can also Google to learn a little bit more about the ICMP protocol. So basically in this exercise you need to figure out what do this type code refer to and accordingly use that particular tool to generate ICMP packets corresponding to this particular type. So in the last exercise which is exercise 4 we are going to make use of this very special tool called trace route you are free to use either trace route or trace path whatever is installed on your system both work in a similar fashion so I do not know what your workshop coordinators have installed but they should install one of either trace route or trace path trace route is slightly better than trace path but it really does not matter. So what you are going to use is use this tool trace route or trace path that relies underneath on ICMP to determine what is the path your packet is sending so for example packet is taking for example if you were to say trace route www dot let us say google dot com from your host it is going to take many hops via some intermediate routers. So what trace route will tell you is the name of this intermediate routers how much time it took for the packet to go from you to that intermediate router and also at what hops how many hops did your packet take so across every hop so first hop this is the router second hop this is the router third hop this is the router. So it is going to give this particular information so you can experiment using trace route to find out the paths to different hosts. So when you are doing it ensure that you are always selecting a host that is not on the same physical LAN. If you for example do that it will just be a hop count of one which is not giving much information. So ask your workshop coordinator to provide you a name of a machine that is many hops away from your particular host. By the way there are also some trace route utilities available on the internet just do a google it will provide you a command where you can type trace route to whatever destination and it will do for you. So for example this is a tool that is available online there are in fact many such tools I just googled quickly and I found this. So for example let us try something else www.readif.com ok. So if you do it is processing this information. So as you can see from wherever this particular server is located it is kind of figuring out where all it is going. So it is starting from here it reads some Juniper whose IP address is here then it reads some code 21.hardsner. So if this is something located far away. So it is kind of trying to figure out what is the route from wherever the server is located looks like it is located in some country or not in India. So it is going through some so it is going to give you the name of the intermediate routers how much time it takes to reach this particular routers. Something that you may notice is this thing where it kind of hangs it does not give any additional information that is because the other routers are not responding to or in other words they are not getting back to you with the ICMP replies that is why you cannot find out what that information is. There are many such tools you could use any of the tools to kind of figure out the trace route. So more or less that is the lab for today and I am open to taking questions about the lab. We will do this for the next half an hour after that we will do some concept based questions. Actually madam as far as Gratitude Sharp is concerned. So who invokes this Gratitude Sharp and at what point of time exactly it is being invoked? Okay. Okay. So Gratitude Sharp as I said what you have used is a tool that you that they have given at the user level to run. But typically Gratitude Sharp is incorporated as part of the kernel often whenever you change your IP address it is automatically triggered internally within the kernel to send a Gratitude Sharp. But by the way that is again if you do a TCP dump and see I change my IP address and I do not see a Gratitude Sharp that is very implementation specific. Certain implementations implement certain may not do it. So typically it is a feature that comes about when you are changing your IP address or your MAC address for that matter. Okay. One more question. So that is inside the ETC HOSTS configuration file. So there are basically two entries I found. One is for loopback address that is 127.0.0.1 having the local host as the host name and one more entry that is 127.0.1.1 having the corresponding host name and whenever we are specifying the host name command so it is giving us that particular host name as the name of the host of the machine. Okay. Exactly what this 127.0.1.1 signifies because there is no interface being assigned with this particular address. Yeah. So typically in a given machine you have something called local host IP address that is what corresponds to 127.0.0.1. This address is useful especially in fact when you do socket programming exercise which is coming on the last the sorry not on Friday this address is very useful. So for example you are writing some sockets you are writing some server you want to write some client. In a typical setting maybe your server is running somewhere your client is running server somewhere but as a programmer you want to test the functionality. So what you do is you run both the server and the client on your own machine where but typically the server client work with IP addresses and because they are running on the same machine you will use this local host IP address to achieve that. So basically this is the same address that is going so each local host is assigned this IP address so that you can use it for your socket programming kind of a thing. So apart from an IP address which is external where everyone else can use it internally if you want to communicate between processors using sockets this address is very useful. What about the 127.0.1.1.1? Huh. So whatever. What this signifies 127.0.1.1 okay that is being assigned as the host name. What has it been assigned as? Host name if you give the host name command so that particular name is going to be given for you 127.0. Yeah so anything in this space is all related to this local host loopback thing itself. I have to kind of begin once on yeah I think that is related to IPv6. I mean I really have to I mean I vaguely remember it but I actually have to begin a little bit more to answer that particular question. So with the use of IPv6 certain things have emerged that you want to create what is it called an IP address that IPv6 has more sophisticated features where you do not even need an IP address but you can communicate within a particular local area network without an IP address some kind of a thing. So this may be related to it but as I said I really need to look it up in order to answer that question. So let me I mean I will get back to this question. Good morning ma'am and actually there was some problem in running ARP script command and I tried to install it by sudo apt get install ARPing command. Are you talking about ARPing? ARPing. I had mentioned this earlier also if you use if the kernel already has ARPing and you try to install it again your network interface card will not work. So don't install it it is already there as part of the kernel. Good morning ma'am. Tell me. In lab session while we are trying with SSH session in TCP dump as per your instruction we tried with two different terminals but this TCP dump is not capturing the packets from two different terminals and we googled for this SSH and put it in a single command line both SSH and TCP dump even then it is not capturing and the capture file shows zero bits of data. So what could be the potential problem or where would have went wrong? So as I said something you have done wrong because TCP dump will capture whatever is going out of your interface. It is independent of how many ever terminals you open. Maybe you didn't give a right filter at the TCP level and I mean unless I actually know the sequence of steps you followed it's not easy to debug. You can take the help of the TAs in the afternoon to debug it. Thank you. Okay when I am running one program one client program and one server program using socket programming, TCP socket programming we are I am running both the programs in a single host. We are tracing in the background using TCP dump or what are the packet transmission are happening between them? So TCP dump I mean off hand I don't know maybe I wouldn't be surprised if TCP dump does not capture those packets because they are going through the loopback it is not quite going out of the host. TCP dump typically captures packets that are going out as well as coming in through whatever interface you are specifying. Since these packets never leave the machine you may not be able to capture it but it is possible to change the setting like in other words that minus I interface if you were to give the loopback interface then you should be able to capture it. Okay thank you ma'am. Thank you so much. There's another question. Hello. Yeah whenever I am going for a filter in workshop for IPv6 so most of the packet that is coming with the protocol MDNS is a multiple DNS service. MDNS multiple DNS is showing it is a protocol but can we mention MDNS as a protocol because it is a service so far in my knowledge. Why it is shown in the protocol in the workshop if I filter it for IPv6 packets only. MDNS protocol it is multicast domain name service. Oh MDNS. It is showing if I yeah yeah yeah it is multicast DNS that is the showing but if I filter it for IPv6 packets only through workshop can we declare MDNS as a protocol? No no so that is again something very internal to wire shark if for example as part of it some IPv6 header was used it may show it as part of because it happened to use an IPv6 header or internally there is an IPv6 address as part of the DNS resolution it may show. While doing this gratidious ARP how many number of nodes this particular node is sending this ARP in a subnet or beyond the subnet? Anything that is related to broadcast is contained within the subnet it will not go outside your only in the subnet. In fact I will be more in fact that is also a little bit loose anything your broadcasting will be contained within your local area network it could be an extended local area network but it is all whatever you define it as a link layer network it would not go. Typically the subnets you could have multiple subnets on the same physical network in which case it can reach other subnets but typically that is not the case. So it it does not go beyond if all switches are interconnected it will be contained within all those interconnections whenever it hits the router it stops at the router. Hello. I can hear you. Good morning ma'am. Question is about network simulator. At present time we used many of a simulator which one is best simulator in mobility just like as Glomos in NS2, GNS3 or QNAT. Okay see I mean I have no experience with using any other simulator other than NS2 so I really cannot compare most of the research community tends to use NS2 because it is open source and you often we would like to write our own modules as part of the simulator because we are doing research there is nothing that is out there we need to write our own protocols. So for which NS2 is very conducive some of these proprietary things do not let you access the internals that easily from a teaching perspective when you are trying to do maybe some of these other simulators are better because they come with nice graphical user interface with lot of features for teaching but since we use NS2 for research we use it for teaching also so I do not have an answer. Typically in any of the research papers we typically see NS2 and not these other simulators but they do appear once in a while but that is not common. Good morning. In TCP dump or Wireshark can we directly interface through some programming language and we can directly access the data. So TCP dump is basically collecting data into a file and once things are in the file you can use any scripting language or whatever other programs you want to evaluate the data to mine it in whatever fashion you want that is totally available. So you are running TCP dump collecting the logs and then you can run scripts over the logs to extract whatever information you want. Yes that is very much feasible. One more question. Namashaya this is like this is regarding today's lab like the IP fragmentation. So when we like in the TA of this workshop like when we are doing the lab we had given the total data as like 4000 and then we got the first fragment as like we are in the 100 Mbps subnet and then we got the first fragment as one first fragment contains 1480 bytes of data and then like second fragment contains another 1480 bytes of data and the next in the third fragment it showed us like the remaining is totally made a count of 4008 instead of giving 4000. So we would like to know what is that 8 bytes which the IP fragment added on the data. Well I mean it is like giving away the solution I will give you a hint I will not give the solution because people others also need to figure this information out. The name of so you figure out it is a header of some kind that is also being counted. So you figure out what this header is and you can also look a little bit at the code you do not really need to know socket programming in a detail but it is kind of self-explanatory. If you look at the code you understand what is happening so there is some headers that are getting added so you kind of look into it to figure out where that 8 is coming from. The name of the program also should give you a hint. Thank you thank you ma'am. I am working with ARP I do not have any interest in the ARP but working with the Greece's ARP while using ARP with the request and reply. Well reply I found out the answer was our target MAC address. While using request I do not find any thing like MAC or something. I can differentiate how does the request and reply actually work with your Greece's ARP. See I do not so one thing which I have seen when people do this ARP exercise is getting confused with the link player header and the ARP payload. So if you see this ARP packets themselves will have an Ethernet header attached to it and within the Ethernet header there will be a destination and a source MAC address. So that is one aspect and within the ARP content itself which is the payload of that Ethernet packet also there is a source and destination address as part of that payload. You have to be clear what is it that you are talking about. So a reply or a request ARP is broadcast. So no matter what you see you will see at the MAC level the Ethernet header the destination will be broadcast. But if you were to look within the content of the ARP packet itself which is talking about what the destination MAC source MAC is things may be different based on whether it is a request or a reply. And that said it is also heavily implementation dependent you could for all practical purpose repeat the same IP address and the MAC combination in both the source and the destination because you are generating that particular packet you could put it in both the fields within the ARP packet or you could put it in the source ignore the destination depending upon whether it is request reply. So that is a very much an implementation artifact. So in different implementations may fill the data differently. What matters is the fact that the MAC header destination is broadcast and within the ARP packet the source IP and the source MAC will correspond to your own MAC and the target can be anything else it is it is all right if you do not fill it properly. Is that answer your question? Yes, thank you madam. My question is regarding to the use of Weissach tool ma'am. Yeah first question how can I capture other computers packets on the same network ma'am? So as I I mean I mentioned this earlier also in order to capture other packets not any packet that comes to your own machine whether be broadcast or unicast you can capture. But if you want to capture other people's packet I had mentioned this earlier you need support from the hardware as well as your driver not all drivers hardware support it you should basically put your card in what is called promiscuous mode then you should be able to capture it. But as I said it is very much dependent on the card that you have and the driver that you have. Yeah second question. Yeah that is how to capture packets using Weissach in a switch switch the ethernet work. Yes I think the concept I mean there is no difference anything so switched whenever you use switched ethernet more often than not you will not see other people's packets because the switch if it is clever it would have learned that they are not directed towards your port. So it will not pass those packets on your interface so it is not possible for you to capture. Only whatever switch design means to pass to your host you can capture. So that is one of the advantages of switching it hides a broadcast of course if it is being broadcast you will get but if it is some neighbor transmitting some unicast packet to some other neighbor you will not be able to listen in on that conversation. Good afternoon ma'am. Ma'am my question is related to SSH protocol yesterday when I am working on SSH protocol and I am giving this I was giving this command but it always ask for password root password. Root password. So when when I give this password yes and I give this root password it didn't take so what password I am I will give host or host to password. See typically when you are SSH'ing into the other machine you have to specify what your username is. So for example you will do SSH you have to for example if I am logging in into my machine whose username is Chebrolou I will do SSH Chebrolou at IP address of my machine. So where if you do not specify the username it typically gives it as a root. So it is often a good practice to specify who are you so typically it will be SSH username at the IP address or the host name. So once you type it in it will ask for a password and the password should be of the not your local machine password it should be the password of the machine into which you are SSH'ing into. Ma'am I give that password to that particular user. Yes ma'am I specify the username then IP address and I give the password also but it's not a SSH'ing password. Then I mean something wrong with maybe that password is incorrect. Again this question I would say bring it up with the in the afternoon session with the TA because it needs more detail. I don't want to get into the detail during this session. Please contact I mean I will also be available so bring it up in the afternoon during the chat session. Can we make R-Ping for the previous sub name is maintaining under the same gateway? See R when you use R-Ping you basically what it does is it generates an R packet where the content of the R packet is you will specify your IP address and MAC address combination and send it out as a broadcast. So this packet will reach all the machines that are part of that particular physical local area network. Typically that is often the same subnet so they will not go beyond your subnet. Ma'am in the same land suppose in our in our college local area network they are we maintaining different subnets different subnets for the different network. So my question is whether we can apply R-Ping to generate various R-P or not. I mean what do you mean apply if you apply it apart from your own subnet it may go to other subnet also but often they may not have any need for it because their router as soon as it detects that this is not part of the same subnet it will contact the router. So it is the case that when you generate this it will go to other host belonging to other subnet because they are part of the same physical land but that information is useless for them because they are not part of the same subnet because the machine will contact the router rather than so it is just discarded or it can even be cached but it won't be used. See if you are switching them both for example you connect the land and your wireless land via layer to switch then whatever you send in your physical the Ethernet side of it will go to the wireless side of it also that means they are both in the same extended land setup. So it is a broadcast it will go everywhere. Hi Maan yesterday in the exercise 2 we were supposed to send ARP packets within the subnet to a host which is reachable it was mentioned that there should be four ARP packets that needs to be exchanged in the list when we trace it but we just got to so could you just tell us why it should be four. So again I mean I won't be surprised if it is a different number because again it's a function of the implementation and so on so forth typically whenever you are trying to reach well let me say there are multiple factors at play here. So if you have used ping to reach this non-existent host and you did not use minus c option there in other words you just ran ping the address and then you are running TCP dump to capture the very first packet of ping you try to resolve its MAC address and you try you send the first ARP no reply has come. So ARP is going to time out and again it will try then again no reply so there is a typical number which is I don't know whether it is 3 or 4 whatever it is it will try those many number of times and it will time out but then what happens is then the second ping packet that you have sent is waiting in the buffer right then it will look at the second ping packet look at the IP address and again it's because it doesn't have it in the cache because there is no MAC corresponding to it it will again initiate another ARP for that. So if you see this you may see 10, 20 or even 50 ARP packets going asking for what is the MAC address corresponding to this particular IP address. So the way if you really want to know the ARP timeout in other words how many times does it try before giving it up you should use ping minus C1 which is basically telling ping only with one packet then you will see how many times ARP tries before giving up that number I don't know whether it is 3 or 4 but that is the correct answer. Ma'am that would be for a host which is not reachable right. This will be for a host that is not reachable yes. Yeah but I was asking for a host that's reachable. For a host that is reachable what happened you are saying you saw 4. So during periodically as you are sending packets whatever is in the cache at sometimes gets cleared out in which case it will can send ARP again if it's an extended ping which is you are doing for a again it's a configuration parameter for some the cache entries are stored for a long duration for some they are stored only for a few seconds. So each time it gets cleared out it will send an additional ARP so it is a function of what this value is said to. Thank you. In wire shark while capturing a frame we have come across the checksum field in network and transport level is it possible for us to capture packets in which the checksum is not correct and I would also like to know that error control that we have learned at Ethernet but we don't see these fields when we see that space in wire shark. That's all my question is over. The second portion I did not understand so let me answer the first portion then maybe you can ask the second portion. In order for you to capture packets where the checksum has failed so naturally when you are sending out the packets you have just calculated the checksum so there is no scope for it failing but if you are receiving packets from somewhere else it's possible for the checksum to fail but that is a function of the underlying fiber what errors has it introduced so on so forth. Typically over a fiber it's not easy for you to what is it called see that kind of losses corruption where you can actually capture where the bits are corrupted with wireless it may be slightly better but even there also the chances of you capturing a packet where the checksum has failed is very difficult. So in reality capturing such packets is not an easy task. It doesn't show in the wire shark field. It doesn't I mean it does it does tell you whether the checksum has passed or not so when you click on it it does show you the CRC checksum. My second question is in MAC layer also we have error control but when we open that phrase for the Ethernet we don't see any checksum or error control. So only field that we see are very few but that is definitely not destination source and type. Yeah it is conceivable that see normally the checksum when you are sending a packet out the checksum field is appended at the tail and often the checksum calculation of checking whether this packet has been received correctly or not is implemented in hardware not in software. So you do that calculation if it has failed you just dump the packet it doesn't even come to the driver level. So wire shark or TCP dump can only capture those packets that are at the software level only then you will it will make a copy. If this packet is being dropped at that hardware level itself and mostly the CRC implementations are in hardware you will not see it. Thank you. Hello. Yes. Actually it is regarding the lab one. There was one question about DNS and we were supposed to get the DNS IP address from result.conf file but at our place it was having the local address that is 127.0.0.1. So I just want to clarify whether it is required to have the DNS sent you over there or does it fetch it from the gateway router or how exactly then work out when actual DNS IP is not there in the result.conf. Okay. So it looks like you have more latest version of Ubuntu definitely I think with what Ubuntu 14.04 do you know? Maybe we need to get back and check that. So the earlier versions of Ubuntu had DNS implemented via the DNS server where the IP address of the DNS is or even the host name is stored in the slash etc.resolve.conf in the later versions of Ubuntu I don't know from where definitely 14.04 implements it where the local machine itself implements the DNS service. So when you are making a query your DNS server is running within your own host and it is replying that is why it shows you as a local host address which is 127.0.0.1 address. What your internal DNS server is doing is contacting the other so it does lot of caching so it will serve locally based on the cache but if it is not there in the cache it will contact your department's DNS server but this information is not easy to access because the so whenever you do DHCP whatever information you get this local DNS server gets that information and stores it but you as such that etc.resolve.conf is no more valid for later versions of Ubuntu. And maybe because of the same reason we didn't get the host name I mean it was not there in the host file as well so yeah whenever we used to try to get host of DNS it was giving error. Yeah because as I said it will give you local host if you try to because that is one who is serving your DNS request. Okay thank you. So we will now move on to some concept clarification. Okay this question is from remote center 1, 2, 6, 3. So what was asked is the first question is what is a backlogged host. So backlogged host often means that this is a host that has lot of traffic to send. The buffer is full but it always has a packet to send if given an opportunity. So that is what the definition of a backlogged host is. What the second question that was asked there is why are the number of repeaters or hubs limited in Ethernet LAN. Instead why don't we connect many repeaters such that we can make a link of larger length by avoiding attenuation. So this question it's an interesting question. So what happens typically is each for example again I am talking off my head these things may not quite be true. So Ethernet has multiple standards 10 base 5, 100 base 5 so on so forth. For each of the standard there is a limit on the number of repeaters you can have for example for the 10 Mbps Ethernet the limit is 4 repeaters and I think the separation is about 500 meters between them leading to an overall length of 2500 meters. By the way I am just telling this off my head but I would think this is correct but anyway the concept doesn't rely on the numbers. So the reason the question is why should we restrict ourselves to 4 repeaters if we had used many more repeaters we could extend the length all the way to 10,000 meters on so on so forth. I covered this again as part of the concept there is a limit in Ethernet on the frame size which is a function of the propagation delay which is the two-way propagation delay let me call it 2 times TP. Now the reason why this relation holds is because this is what will facilitate collision detection properly in other words you should continue to transmit bits till you get a feedback in the form of so the first bit went and you got a feedback in the form of twice the propagation delay you shouldn't stop before this. So now what happens is if you were to extend this length what is going to happen is this value is going to become very large. Now if this value becomes very large your frame size which is the minimum frame size also has to be large because you have to continue to transmit during that time. Now if you say insist that Ethernet use a frame size of let's say 3000 bytes or whatever bytes it is then if you have smaller size packets to send you unnecessarily have to pad them so this is unnecessary wastage of resources. So you want the frame size to be so there is a trade of here you don't want too big a frame size because then there is a lot of redundant padding information you have to send and if you go with very small frame size then you cannot support longer Ethernet segments in other words you will be restricted to a few 100 meters or 1000 meters and so on so forth. So this frame size that currently Ethernet use is a compromise between the length you want to achieve versus so for 2500 meters this frame size is about 512 bytes so that's a compromise that people have worked out. The second question many people have asked in fact this has come from multiple remote centers variance of this is why do we need error detection and correction at the link layer when the transport layer also does it in fact network layer also does some kind of error detection so what is when do you do error correction when do you do error detection at what layer should you be doing it so there are these aspects of things related to it so let me explain what is happening here. So which layer should you do error detection so let's first just focus on error detection for now let's get to error correction later so where should you do error detection should you do at the link layer should you do at the network layer should you do at the transport layer. Now there is a principle called end to end arguments that is used extensively I mean if you do any of these research side papers there is a famous paper called end to end arguments in it internet design so when people were originally designing internet of course they had to answer some of these questions if you look at a functionality where exactly should be implement this functionality which layer should be implement this functionality certain things like this error detection can be applicable at multiple layers another such functionality could be duplicate packet suppression you can see duplicates at the link layer you can see duplicates at the network layer you can see duplicates at the transport layer application layer so on so forth. So where should one suppress duplicates so there are many such functionalities and it's a question of where should one apply this particular functionality. So what the end to end argument suggests is that you should apply this functionality at the highest layer possible by which I mean application layer but in reality things are slightly different I will get to that why is it that you should apply at the highest layer it is because things can go wrong. So for example let's say you decide that I will apply error detection only at the link layer so fine when you send a packet from one node to the neighbor that is where link layer operates you were able to detect some errors and you were able to drop that packet or take some corrective action because of it but what if your network layer corrupted the bits for example the IP protocol all of these involve reading from some memory writing into some memory when you are reading into the memory or writing into the memory let's say you corrupted some bits. Now who is going to capture this errors similarly if you say fine then I will implement something at the network layer then the same logic applies at the transport layer what if some corruption happened at the transport layer. So if things can go wrong if any of the bottom layers the best way to handle it is to subsume all these and handle it at the highest layer possible which in this case turns out to be the application layer because then you can kind of take care of all the errors that are happening at the link layer or the network layer or the transport layer but what happens in reality is that certain times there is a trade off if you do everything at the application layer efficiency is going to take a hit. So for example if you look at error detection let's look at let's say we are using a wireless link which has lot of errors. Now if you are not doing error detection and correcting it through some ARQ mechanism you are now putting this burden on the application layer which by the way this packets may have traversed many hops over multiple links to reach the other destination. So if you are not correcting at the link layer then the burden comes on the application layer and that becomes a very big burden which will lead to lot more delay or increase in your response time. So the contrast so the trade off is if you are doing at the higher layers it is good because you are taking care of lot of errors but if you push everything there your response time or the delay is going to be significantly higher. So you should use your judgment in deciding where you want to apply functionality. So when it comes to error detection if you are very confident that your link the chances of it corrupting your packets because you are using a fiber optics link you don't have to do error detection at the link layer because the link is very reliable whatever errors that creep in you can handle it at some of the higher layers. But on the other hand if you are using a wireless link which can corrupt packets significantly you may want to do error detection at the link layer because if you quickly correct there your response time is going to be much better. So those are some of the reasons that go into deciding where you want to implement certain functionality. Lot of this error detection and recovery happens at the transport layer because many applications want that feature. So if you instead of telling I will put the burden of doing this on each and every application it makes sense for you to implement it in a common place that is the layering concept and let each applications use this. In the hope that the number of errors that will creep in beyond this is minimal but you may always want to check at the application layer the integrity of your data. So for example if you are transferring a file you may want to do a hash of the file at the end to check that indeed the file I received is the same as the file that was sent. So most applications do this as well but the burden of recovering from errors is on the transport layer because many applications need that functionality. Now coming to error correction the question is when do you do error detection, when do you do error correction? So for that again this is a function of what the error rates are. So typically what happens is this is your link and let's say you have 50% loss rate. In this type of cases where the error rates are very high correction makes sense because almost every packet every other packet there will be some errors. So you might as well correct those errors instead of if you were doing error detection what would happen is you send a packet this guy will detect that the packet is an error then it will send a saying see the packet is an error that let me call it as a knack then this guy is going to retransmit the packet let me call D1 D1 again it is going to retransmit. So this results in around trip time. For cases where you do not want to incur this overhead and when typically that cases happen when the loss rates are high you want to do error correction. In fact there is a problem as part of the bodhi tree that in fact gives a trade-off between what error rate one will do better than the other. So I would if whoever is interested in understanding this I would ask them to work out the problem to get more information on when does it make sense to do error correction versus error detection. This question was asked by center 1314 as well as 1085 as well as 1295. Moving on so another question that was asked I think by center 1107 is how is performance improved in CSMA CD compared to CSMA. So CSMA is just career sense multiple access all that is telling is before you transmit you sense the channel if you find there is a career which means energy then you refrain from transmitting. Contrasting this with CSMA CD where it is adding this additional feature called collision detection which is saying that you also try to detect if there is a collision. Now why is this better than CSMA? So what happens if you were to employ just CSMA is you are careful so when you before you transmit you are sensing the channel let us say you did not find any transmission and you sent your frame. So this is the frame but because of reasons other reasons it is very much conceivable but someone else also sense the channel at the same time as you or even slightly off if this was within the round trip time I again went into a lot of detail in the videos. It is possible that you may not have received the earlier transmission so you may still have sense the channel idle and transmitted so this is going to result in a collision. Now if you had collision detection you would have detected the collision somewhere here and stopped the transmission. This portion on which I am showing in this particular fashion is not going to be wasted anymore in CSMA CD whereas if you just did CSMA CA if your frame is really long you may continue to transmit for a really long time only here you would stop and then access the channel whereas in collision detection you would have stopped right here. So this wastage is prevented in collision detection if you employ collision detection. So this is remote center 1107 ok. Another common question that was asked again by multiple centers is can we assign anyone's IP to our own MAC address basically this is called ARP spoofing. So how does one tackle this kind of ARP spoofing? So as I mentioned ARP is basically a protocol where if someone says what is the MAC address corresponding to this particular IP address you get the MAC address and thereby receive the packet. Now in ARP spoofing what happens is the following. So in ARP spoofing so there is this host let me call host1 whose IP address is h1 and MAC address is h1. Now there is this other host2 which is a malicious host what it is trying to do is capture packets corresponding to host1. So what it will do is it has a different MAC but it is going to assign itself the same IP address as host1. So whenever a request comes that says what is the MAC address corresponding to IP host1 this host somehow I will not get into the details of how is going to tell that this corresponds to MAC h2 and thereby capture packets corresponding to host1. For example you could do this by launching a denial of service attack on this bringing this host1 and then using gratchus ARP broadcast this so that others will start to contact you. There are many ways to do this but let us just focus on how so this is called ARP spoofing so how does one go about detecting such ARP spoofing and correcting this particular mechanism. So there are multiple ways lot of these switches the Ethernet switches which you use do come with features to detect that kind of ARP spoofing. So basically any switch which has multiple ports so this host1 may be on port1 port0 and host2 may be on port1 and if it sees ARP from here as well as here and figure out that both are advertising their different MAC addresses but both have the same IP address it is then going to raise the flag and send an email to the network administrator saying that something like this is happening. So lot of the switches do monitor this kind of information but a malicious user who is really intent on ARP spoofing can for example launch this denial of service attack bring down host1 and do something like this. So it is in general difficult to prevent some of these the best way to overcome some of these things is employ security at the highest level by which I mean this guy is trying to capture packets of host1 basically from some server. So the server has to have some cryptographic techniques where it has to identify that it is indeed host1 that is accessing my packets and not someone else by insisting that for example through a password username mechanisms or some cryptographic keys that are exchanged between them and thereby take the help of these switches also to ensure that this is happening. By the way this is a bit more complicated topic it falls under security I do not want to get into too many details but at a high level this is how things are currently you need to address things at a higher layer in terms of security. This question has come from 1, 2, 2, 2. So another question which what is the relationship between bandwidth and transition when you are doing encoding this has come from remote center 1196. So let us look at NRZ encoding. So in NRZ encoding you have this 1s and 0s represented in this particular fashion where you have a sequence of 1s and 0s this is being sent at a specific rate typically when we say something is being sent at 1 megabits per second it basically means in a duration of 1 second there are 1 million bits. So this is the data rate. I also mentioned that this signal has a corresponding bandwidth. So if you look at the bandwidth corresponding to this signal it will be something like this. So in fact it will have infinite bandwidth that is going on and on but most of the power is concentrated here. So this will be a function of 1 over f which is the rate at which the transitions are happening. So if you see here if this is 1 megabits per second this will be about 1 megahertz. Now when you are doing encoding in the computer networks you since you use NRZ this is the kind of relation that you have but often this is a very primitive encoding there are lot more sophisticated encoding mechanisms like you could do BPSK, QPSK, QAM so on so forth. What they do is they try to pack more bits into something called a symbol and it is going to occupy. So for example if you went for an encoding like let me call 64 QAM even though your data rate is 1 MBPS the amount of bandwidth that you are going to occupy is 1 over 3 megahertz. So you are doing better in that particular case that is to do with how the kind of modulation you are doing so on so forth. So typically a rule of thumb especially when you deal with binary sequences at a specific rate like this is the amount of bandwidth that you occupy roughly if you are using 2 MBPS it will be 2 megahertz, 10 MBPS, 10 megahertz but this kind of encoding is not very spectrally efficient there are lot more sophisticated encoding techniques that are really good in terms of spectrum efficiency. So you would achieve something like so you will occupy bandwidth that is 1 third, 1 fourth, 1 fifth of the data rate depending upon the type of encoding you are using. This is 1196 another question since there is some more time. So this was asked by remote center 1150 what is the difference between layer 2 switch and layer 3 switch. So switching as a concept is a case where you have a device it has some input lines it has output lines switching is about moving the packets that come on some input lines to some output lines determining which output lines to send them to. So that is the basic concept of switching. Now the switching is applicable at the link layer as well as the network layer. The difference often is one very simple way to characterize it is what header are you looking at. So the link layer switches will look at the link layer headers and the network layer switches will look at the network layer headers which is typically the IP header. The link layer switches for example Ethernet will look at the Ethernet headers to figure out how to switch. So that is more or less the very simple way of saying the protocols employed are also very different. For example Ethernet switches will use some spanning tree protocols and so on whereas at the network layer they use routing protocols like RIP or OSPF, BGP so on so forth. So the functionality is taking packets from an input line and sending out on some other output line but which layer are you operating on and according to that layer the header values will be different and the kind of mechanisms you employ is also going to be different. So this is 1150 ok. I do not remember which remote center sometime back they asked between CRC some longitudinal redundancy check vertical horizontal redundancy check so on so forth what is used where. So there are all kinds of so all these are error detection algorithm there are all kinds of error detection algorithms that are employed in different settings. For example some are employed in telecommunication network some are employed in when you are writing to a hard disk some are employed when you are reading from the DVDs some are employed in the internet so on so forth. So the kind of things that are employed in the internet are typically the cyclic redundancy check which is the CRC at the link layer naturally if you are using wireless there are more sophisticated detection as well as correction techniques that are employed error correction you could use convolution codes turbo codes blah blah. At the network layer there is the concept of internet checksum at the transport layer also there is a checksum which is based on internet checksum. So it is a function of using the right approach in the right setting certain things are better. So for example in the internet checksum you do not use CRC because you just want something very lightweight that will run very fast on the routers and internet checksum and the loss rates are not so high so internet checksum suffices whereas at the link layer you want a little bit more reliability especially if it is a wireless thing so you want something which better error detection capabilities so you go for CRC it is totally based on the context. So we will do one last question. So one question that was asked is in Aloha scheme when did the sender know the status of the packet either after each packet transmission or at the end of the whole transmission. So in Aloha you actually transmit only one packet at a time so you transmit the packet and you expect that the acknowledgement comes right after it. So you do get to know the status of this packet right after the packet transmission. So this was from remote center 1013. So it is 1 o clock I think we should break for lunch.