 Welcome back, so we will start with the clarification session, so to begin with what I will do is I will talk about the upcoming lab in the afternoon, the second lab, after that I will take some questions from you related to the lab and after that we will do some questions that were uploaded on the Google survey which all remote centers have uploaded a bunch of questions, I will pick up a few questions and answer them. So going with the lab, so today's afternoon lab is on demultiplexing again which you have probably already seen as part of lab 1 and we will also explore the protocol ARP, automatic resolution protocol. So the first exercise is kind of similar to the previous exercises except that we will explore SSH protocol, so for this SSH has to work, so it is kind of a stride forward thing, you basically need to establish two SSH sections from the same host, in other words so this is, so what you are going to do is, so this is your machine and you have to identify another machine which will be within your subnet, so you find out what are the other machines within the lab where you are doing, determine their IP address and also the username password, so this will be the login details corresponding to this other machine, so let me call it host2, host2 has a login, you need to know what this login information is as well as the IP address or the name of this particular machine and what you are going to do is, you are going to establish two SSH sessions, so basically in host1 you will open two terminals, terminal1 and terminal2 and what you are going to do is, within this terminal you are going to run SSH to this other host and in terminal2 also you will do SSH this other host, ok. By the way as I have mentioned earlier, before you do any of these things, you have to run TCP dump with the right filters, so that is your first step, this is the second step, the second step is to run this SSH in these two terminals, terminal1 and terminal2, so if you notice the IP address of host1, host2, so there are two sessions that have similar source as well as destination IP addresses, so this exercise is about figuring out how does host2 as well as host1 distinguish between these two different SSH sessions, even though they have the same source as well as destination IP address, so that is with respect to the first exercise. So, the next exercise is on the ARP protocol, so the role of ARP is to determine the MAC address given an IP address, so if you have seen the slides you would have this is something which is obvious, so before I get into the details of ARP there is something which I would like to clarify, so there are, so as far as routing is concerned before we get into the ARP I will give you some details, suppose this is again your machine, let me call it host1 and you are trying to reach URL, let us say you are trying to reach www.google.com, let us say you also used DNS and obtain the IP address of Google which I am representing as IPG, now what you are going to do as a consequence of this is you are going to assemble a HTTP packet which will have this get request saying I want this particular URL and then you are going to open a TCP connection, it will have some TCP header, let us assume the TCP handshake is done and then you will have the IP header where you are going to specify the source IP as your IP host, this host1 and the destination IP as the IP address of the Google, so this is what you are going to specify, so there is some portion that is here which I am reproducing here, so here is the IP that we are seeing there, so this and this is the same, then you have to put a link layer header, even here there is a source MAC, so even here there is, so let me put it here, there is a source MAC which will be the host1's MAC, let me call it MACH1 and there will be a destination MAC, now what should this destination MAC be, so this is a function of what the router does, so what the router does is it is going to look at the destination IP address which is here and it will determine if this destination IP address is within these same subnet or a different subnet, now how does this know this information, so when you configure the router we will deal with this later, you would have mentioned that your subnet is let us say 102.29.star.star, so this is your subnet, so this host may have an IP address which is 102.29.5.1, so this may be the host's IP address that belongs to this particular subnet, now Google's IP address will definitely not belong to this IP address, for example I am just writing some random number here, 55.25.1.2 let us say is Google's IP address, you will notice that this is not in the same subnet, once you determine that it is not in the same subnet, what you do is you know that this packet has to go through your next hop router, so this destination MAC should correspond to your next hop router, but often what you know is the IP address of your next hop router, this information you would have obtained when you did DHCP, so when you are doing DHCP apart from giving you what your own IP address is, it will also give you information on who this next hop router is, what is the IP address of it, so once you have this next hop IP address information that is when the ARP protocol comes into play, you invoke the ARP to ask what is the MAC address corresponding to this IP address of the next hop router, let me represent it as an ARP, so once ARP protocol gives you that particular MAC address, here you are going to fill it with the MAC address of the next hop router, so this is where the host, the destination IP address did not belong to the same subnet, thereby you are using the MAC address of the next hop router, by the way typically this information you do not always invoke ARP, because this information is cached, but in case it is not in the cache, you will use ARP to get the MAC address corresponding to your next hop router, now this is for a case where your destination IP address was outside your subnet, let us look at the case where the destination IP address is within the same subnet, so we are talking about a case where the destination IP is within the subnet, so for example you are this host 1 whose IP address is 102.29.5.1, let us say there is another host within your subnet called host 2 whose IP address is 102.29.5.2 and in the terminal that you have let us say you did ping 10.1, 102.29.5.2, so this is what you did, now as a consequence of this ping message, ping message basically is works on ICMP, so you will have an ICMP packet and then you will have an IP header where the source IP address will be IP corresponding to host 1, destination IP address will be IP corresponding to host 2. Then you add a link layer packet, this is the link layer packet where again the source will be MAC corresponding to H1 which you will know, the destination has to be MAC corresponding to H2 but you do not know this information, so again what you do, the router at the network level will again look at this destination IP address which is 102.29.5.2 and it will determine that this is within the same subnet as 102.29.star.star, thereby this end host since it is within the same subnet, it is going to invoke the ARC protocol where it is going to ask what is the MAC address corresponding to IP 102.29.5.2. In return to this once you invoke this ARC protocol it is going to return the MAC address corresponding to H2. Once you obtain that MAC address you will put it in here and send it out on the local area network and because it is destined it will reach the host 2 correctly. So, this is the forwarding mechanism behavior. So, as you can see the role of ARC is basically to determine the MAC address provided you give a IP address. So, the exercise 2 is basically for you to more or less whatever I have said is what you are going to work out on. So, a few things to note here is that you will be doing three things, one is you will send a packet to a host within the subnet. So, these IP addresses your workshop coordinator has to specify what are the IP addresses that fall within a subnet that are at that are working as well as you do not necessarily need a login information because just ping will suffice. You have to ping these machines. So, check that he is giving you IP addresses which are reachable. You also need IP addresses of host that are outside the subnet again your coordinator has to provide this information. Apart from this your coordinator should also provide IP addresses of host within the same subnet that are non-existent. In other words if you were to ping any of these machines you will not get a reply based on ping. In this first case within subnet you would get a reply that are reachable and in this non-existent host within the same subnet you will not get a ping reply because they are unreachable. So, you have to figure out what ARP does in each of these cases. So, the behavior you see should correspond to what I have explained. In other words that is the behavior the returning MAC address should conform to the behavior that I have explained. So, that is with respect to exercise 2. Now, coming to exercise 3, exercise 3 is on Gratius ARP. Now, you would be wondering what is this Gratius ARP. So, we are dealing with, so let me write we are dealing with. So, what we are so Gratius ARP is like any other ARP except that this ARP can be a reply or a request. Let us look at request first. When a Gratius ARP is generated as a request you are not expecting a reply. Earlier when you generated a ARP you were expecting a reply. You asked what is the MAC address corresponding to the specific IP address. You want to know what that MAC address is, but when you are doing a Gratius ARP this is what we call self-broadcast. You yourself are telling that this is my MAC and this is my IP. So, you are basically giving the relation between your IP address and your MAC address you are telling everyone. So, when you send this Gratius ARP as a request you are not expecting a reply because you know I mean this is the information you are conveying every to everyone. You are not really this IP address corresponds to your own IP address. So, there is not and you know your MAC address. So, there is not anything you expect from others. Similarly, Gratius ARP is sent as a reply no one asked for this information you are just giving yourself. So, you are not this did not proceed there was no request no preceding request you are just sending a reply. Now, what is the use of such Gratius ARP? So, there are multiple reasons why you may want to generate Gratius ARP. One is to detect duplicate IP addresses. So, for example, let us say you want to use an IP address. So, what you will do is when you assign an IP address you have not checked whether others in the subnetwork have the same IP address you just chose some IP address because it happens to be your lucky IP address and you assigned it to yourself and it is often useful as soon as you assign yourself an IP address to send a Gratius ARP. Let me call it GARP for Gratius ARP. Now, as a result of this you are going to send out a mapping that says this IP address that I have assigned to myself corresponds to my MAC. Now, if it so happens that this IP address was also assigned to some other host this IP H1 which you have chosen is also assigned to some other host with MAC address H2. Now, this host will complain it will send a reply saying no this is my IP address in which case you will detect that and thereby you. So, in other words when you do this you are going to get a reply that will say this corresponds to this then you will detect a duplicate IP address and thereby you have to change your IP address. So, this is one use of Gratius ARP not only that there are other uses of Gratius ARP which have to do with caching ARP entries. So, whenever you have sent an ARP. So, you have changed your IP address, but your other machines within your network may remember your previous. So, for example, this is your host one which had MAC address H1 and you have now either changed your IP address. So, earlier you were using IP H1 now let us say you are using IP H11. So, you have changed your IP address. So, this is what you are using earlier now you have changed to IP H11. Now, you want everyone to know that this IP H11 now corresponds to MAC H1. So, when you send this Gratius ARP they are going to make a note of this. So, it is like a broadcast that is telling everyone that see I have changed my IP address. So, start using this. Similarly, if you were to retain the same IP address, but if you were to change your network card even then you can advertise to everyone that this is my new information. So, this way you are telling everyone what your new information is. This is also useful in switches I do not know whether you I mean this was covered as part of the course. There are these switches that are learning switches where they remember that if a packet came from on port 0 with some MAC address corresponding to H1 they know that any packet that is destined to this MAC H1 should be sent out in this direction that is what switches remember. Now, if you send a Gratius ARP you are basically telling the switch this information that whatever packets you are getting send it to me in this particular direction. So, that the switches can also avoid broadcast of the packet to everyone and thereby use this Gratius ARP information to send it on the right port. So, these are some of the uses of Gratius ARP. So, what you are going to do in this exercise is use this tool called ARPing which generates Gratius ARPs. In order to manipulate ARP itself you need root permissions. So, since you do not have root permissions ARPing is a thing that will help you generate Gratius ARPs. Even though I have talked about a little bit of spoofing as part of this exercise you actually are not doing any spoofing because in order to do spoofing first of all it is not correct. Secondly, you need root permissions and so on which you do not have. So, what you are going to do is you are just going to generate a Gratius ARP for your own IP address. In other words you will say this IP address of my machine corresponds to this MAC address of my own machine. In other words you are not claiming somebody else's IP address. You are still advertising your own IP address and relate it to your own MAC. So, this one you will see how Gratius in this exercise you are going to see how Gratius ARPs work in reality by using this particular ARPing tool. Yeah, I think that is with respect to the lab exercises. So, what we will do next is I will take some questions related to the lab. So, let me emphasize again I want to handle questions only related to the lab right now. So, we will do this for the next 20 minutes or something and then we will take questions related to concepts. Yeah, 1319. How to access desktop of a password protected terminal password was site through Vino preferences in the yesterday's lab using SSH. I mean this is something your coordinator has to tell I have no idea what the setup there is. Okay ma'am second question is also there how to trace a website using its IP address in TCP dump. How to trace a website using IP address yeah. So, you have so TCP dump has this filters. So, you can so for example, you want to know what is the traffic that is coming from that particular web server or going to that particular web server. You can use the host and specify the IP address corresponding to that particular web server you can even specify the host name TCP dump will in turn do a resolution and get it. Does that answer your question? Basically, you need to use the host filter and specify the IP address of the server. If you want to capture all traffic that is going to the server as well as coming from the server. Okay ma'am. Hello ma'am. Yesterday when I was doing the lab and the exercise for and the question select the first TCP packet listed. So, in that question you said that to present the corresponding process a protocol the packet is passed on. My doubt is that when a packet arrives at the operating system systems. So, how the operating system is handling that process? Do you want us to mention that how the process is related to that or the other question is that if a packet arrives is that single process that is handling that packet or does the operating system create separate processes to handle that packet like each layer for each layer the operating system is generating a single process or is the operating system creating separate threads to actually encapsulate or decapsulate this packet. Okay. So, the use of the word process is typically at the application layer. We do not use processes for representing the kernel level stuff. So, whenever we say process, it is an application process that is listening on some particular port. So, the way the protocol stack is implemented is at the kernel level. So, there are these. So, whenever so there is some code at the kernel, whenever you get a packet it is going up the protocol stack. So, there is the code for example, as soon as the physical layer gets a packet it is there is an associated driver associated with that particular card and the driver is a piece of software that is sitting in your machine and the packet that you receive at the physical layer is passed on to that particular driver program and what the driver does is it is going to examine it will process that particular packet at the link layer and apart from that it is going to examine the details at the link layer in that you will see that demultiplexing key. It will specify that after this you have to pass on this packet to the IP layer. Thereby there will be some other module within the kernel that is dealing with IP. So, it is going to pass that packet to the IP. Now IP again is a module that is going to look at the IP header, it will do some processing and within it it will have the protocol field. Based on the protocol field it will decide should I pass it to UDP, TCP or whatever other transport protocols are there and again it is going to pass it to a kernel module that is handling TCP or UDP and that will in turn again look at the TCP headers. It will look at a port number and in turn it will pass it to the process that is listening on that particular port. So, that is how a packet goes up the protocol stack. So, when you say process when you are dealing with the application layer the users just listen on the ports, but internally within the kernel there are lot of different pieces of code that runs at the kernel level that is going to handle this packet as it goes up. One more question related to the web like PC-1 like for example PC-1 and PC-2 are in the same subnet. So, I am running a TCP dump in the PC-1 which will capture the frames that is sent by PC-1 or received by PC-1. So, can I use any other options of PC-P dump or Vaishak or any other tool to capture the frame from PC-1 that I will be able to capture the frames that is being sent by PC-2 or received by PC-2. PC-1 and PC-2 are in the same subnet. They are able to communicate successfully. So, can I use tool from PC-1 to capture the frames that is being sent by PC-2 or that is going to be received by PC-2? Okay. So, actually the voice was not very clear, but let me answer it. I think this is probably what you are asking. So, you are asking whether you can capture packets that are somehow your host has received the packets. Either they were destined to it or originated from it or they were broadcast thereby your host still received them. If you generally want to capture packets that belong to other conversations within your LAN. In other words, some other host H2 is communicating with some other host H3 and you as host 1 still want to capture some of these packets. For this you need to put the card. So, this needs special privileges. Not all cards may support it. You need to put the card in what is called promiscuous mode whereby it will capture all the packets and pass them up. Not all drivers may support it. Not all cards may support it. It is a function of the specific hardware drivers so on so forth. But there is a facility where you can put with root permissions a card in promiscuous mode whereby it will capture whatever traffic whether it is destined for it or not that is going on in the subnet. I would not say within the local area network. But I will put a clause there with the recent use of switches. Switches especially when they work very effectively where they learn they are not going to broadcast the packets everywhere. They know very clearly in which port to send this packet on. With the use of switches it is not so easy to trace what is happening in the land in some other portion because the switches will not forward those packets towards you. Thank you ma'am. My question is related to the via shark. So, I just want to know what is the scope of the via shark. So, yesterday you told it is being used for capturing and analyzing the network traffic data. So, whether I can modify the data and write it back to the network traffic. And second part of the question is what are the SNIFR programs how they work and can you design an experiment for illustrating TCPIP spoofing in the lab? Okay. So, regarding the first question I had already mentioned this via shark is a very passive tool you it all it does is copy packets both in the upward direction and the downward direction and store them and for you to do you cannot really take packets from it and re-inject it for that you have to write your own program dealing with keep peak cap and so on. So, you have to write a kernel module that is going to take the packets and do whatever it is if you want with it. TCP dump via shark are passive tools all they do is copy the packets and write that information into a file for you to look at. So, you cannot do anything other than that anything else you want to do you have to do kernel programming to do what you want with the packets. Regarding your second question on whether you could demonstrate spoofing as part of a exercise. So, for this I mean you so first of all so this is a security thing you need again it depends upon lot of stuff unless you have full control over your land domain web server whatever it is you could definitely design an experiment to demonstrate it but for example I would not do it at IIT Bombay because there are enough spoof detection software that run and the administrators network administrators will definitely not be happy with me demonstrating things like this to the students because they will do all kinds of mischief and there is also software that runs that catches such kind of behavior and stop it before it happens. So, I will talk a little bit about ARP spoofing sometime later. So, but typically we do not design experiments based on this more as a safety thing rather than but if you are interested in showing you can definitely set up such an experiment but lot of things should be in your control you should have control over the switch control over the web server you cannot generally do it in your come your university's network because the system administrators will not like it. I have a very basic question regarding what is the difference between static IP address and dynamic IP address. Ok. So, static IP address is what again it is a function of the context. So, in the in a generic context what static IP address means you have been assigned this IP address for your use for however long you want and typically the configuration of it is done manually. So, if you are using windows you go to the settings and you can set the IP address within some place there. The dynamic IP address on the other hand will be handled by a DHCP server. So, you can whenever you want an IP address you contact the server often the server allocates the same IP address as it has done before but there is no guarantee you can get another IP address. So, in other words your IP address may change over time though most DHCP servers try to assign you the same IP address. How we get know about the dynamic IP address of a machine? So, if you were so for example this also involves configuration. So, if you are in a windows machine instead of manually setting you will select the protocol called DHCP then it will dynamically assign. If you want to know what is the IP address that got dynamically assigned you can open a terminal and using the CMD command in windows and type IP config it will tell you what is the IP address that has was assigned to you. There is a demo of this as part of DHCP in the course content that I have uploaded. Thank you. Hello, good afternoon ma'am. I just wanted to ask you in windows if you want to send a message to any other computer near you those computers those were connected in LAN. So, we use the messenger service and we use the command net send and what is the command used for sending instant messages on the nearby PC connected in LAN in Ubuntu? So, there isn't any such Ubuntu it doesn't have any such service that it provides as far as I know I could be mistaken though. Yeah, fine. Thank you. Hello. Yes, go ahead. In why is that there is a property tcp.ln and data.ln data.ln what is the difference between them? tcp.ln and data.ln Okay, so tcp.ln I mean I have to actually look at it specifically but tcp.ln probably refers to the tcp payload and the data length may refer to the entire packet unless I actually pull it up I cannot answer offhand. If you look at the sizes you should be able to make out as in when you click on like I mentioned if you click on tcp header it will point out what are all the fields corresponding to it based on the size you should be able to figure this out. I don't I mean unless I look at the option I cannot answer now. Why is that it is also available in Windows? Yes, you can just download it on Windows. Yes. Yeah, this is Soham Singapta a very good afternoon to Dr. Kameswari. So, I was to ask you certain questions but prior to that I would like to tell the participant who was asking the question just before me that this data.ln.tcp.ln that is not directly a part of Weishik rather than that that's a part of WinPC cap that that's a packet capture framework developed by so it's open source and you can explore on it so data.ln I think it's the payload length that the tcp carries maybe what the transport layer carries and tcp.length is something which takes part of the tcp header plus the payload. So now my question comes so I was I have worked a lot on this EIP spoofing so when I work for let's say inside the intranet I have made some my workshop to work on a promise mode so it can capture all these things so given that some of my students I made them sit with a terminal and make some intranet working activity like checking their mail and I captured the MAC address of particular machine on which my student was sitting and I was able to replicate the problem of EIP spoofing with some trick so in a sequel to this experiment I found that it's very easy to spoof the MAC address of a machine or at the hardware of the machine so from my point of view so if there is a public LAN where a person can spoof the MAC address of another machine by some mode and data of someone else so this is very dangerous so I have discovered a new way to prevent such attacks by augmenting the network layer by creating a new EIP engine which works in accordance with art of cryptology as well as it does not interfere with the existing EIP engine so there is no complete in their traditional internet working but still it works for the people who wish to use them so do you think this can be a new topic if I want to go for a CQARP? Ok first of all I am not a security expert so I don't really know and I also need to know lot more detail as to what exactly you have done but at a very high level if you say that it means changes to any of the switches or individual host they have to install something which doesn't automatically come then it's unless it comes it becomes very popular and Ubuntu is ready to install it as part of its unless it takes on that kind of a role it's difficult to say whether something will catch on or not so I mean I don't have a ready answer for you I need to look at what your method is and whether it is good or bad is a function of I need lot more detail than that and I don't want to get into security in here because that is outside the scope of this workshop So in brief I wanted to elaborate as ways as your identity because it's an operating system in which the network layer and the transport layer resides so if I augment the network layer or the transport layer of course without loss of backward interoperability I don't think it's going to be good for us to get anything which needs a kernel patch no one likes to install I will not install a kernel patch that is coming from some person unless Ubuntu itself tests it thoroughly and installs it within the it's a personal networking for people who want to make their own communication secure that is fine as I said it is there are plenty of ARP spoofing tools that are available integrated as part of switches so unless you demonstrate that yours is something it does better than those tools there is no incentive to try yours and as I said I mean it's a moot because I don't even know what is it that yours does so I need to need a lot more detail for that so in the interest of time I think let's put an end to that I have one more question so as per the landing switches GARP is concerned and GARP is concerned so will it not be very wise to use switches means I am talking about layer 3 switches I am talking about layer 3 switches because they don't have access to the IP addresses so most of the switches we see nowadays they belong to the layer 3 group family so is it very necessary to use GARP for them because they already work as a router they are working at layer 2 but ARP is a layer 2 protocol so most of these switches do make note of see when you generate an ARP you are basically going to it's not that they are looking at the so when I said that it is beneficial for switches this is what I meant it's not that the switches is looking at the IP header it is still looking at the MAC address so for example you are located at some other on some other port and you have moved your machine to some other port right now the fact that you have sent an ARP which will have gracious ARP which is basically going to have information on that your MAC address has changed and thereby the switch can now know on which port that particular MAC address belongs to it need not have been gracious ARP any link layer message you send it would have figured it out based on that but gracious ARP apart from this has other advantages where other machines can clear their cash based on what they are seeing ok one last question yeah 1 3 4 1 good afternoon madam regarding yesterday lab SSH command is not working properly ok what is not working so when I am typed SSH command checker share so when I am typing SSH followed by the IP address it shows that the root sorry there is no root to host some other time the port number refuses to connect the cutler system so typically SSH so again I mean your workshop coordinator should have handled it but to our extent typically SSH there should be an SSH server running on that particular machine listening on that particular port only then will it accept SSH connections so you could test whether SSH open SSHD is installed on all the machines and whether it is listening on the specific port the port 22 on that particular machine you can use net stat if you know how to use that command you can use net stat to see what are all the ports that are active if the port 22 is not listed on that machine that means the server is not running you need to ensure that the server is running for you to be able to do SSH ok in the interest of time I mean we will stop the lab discussions now again as mentioned we have some TAs available to help you with any questions you have about the lab so you can use the chat email on two email addresses bothytree.itb at gmail.com as well as t10kt.itb at gmail.com apart from this we also provided you the helpline information all this information is there on the slides that were shared as part of the Google Drive so under Google Drive look at the overview slides you will know how to contact us so if you have any concerns questions related to the lab write email chat or call us on those helplines so what we will do now is we will answer some concept based questions that were asked by the different remote centers so I will tell what was the question that was asked and I will also provide answer to that particular question so the first question this was asked by remote center 1073 the question was how to calculate the efficiency of a protocol does it depend on transmission rate so for this actually the answer is a function of what the protocol is and what exactly are you trying to measure about the protocol so for example if you have designed a media access control protocol so if you are dealing with MAC protocols which is the media access control protocols their goal is to ensure that the system throughput is pretty high in other words for example you are providing them with a 10 Mbps link and there are 100 users that are going to use this link the quality of the MAC protocol or the efficiency of the MAC protocol can be along different metrics one is you could see how much of this 10 Mbps is being used this is called system throughput in other words if out of 10 Mbps counting all the packets that got transmitted independent of who they belong to you see that I am able to get 9 Mbps that is pretty good utilization of the link so but this is system throughput now you could maintain very high system throughput by giving all the bandwidth to just one single user and starve all the other users but that is not a good thing your system throughput may be very high but the fairness across the users is not going to be good so another metric which is often used in here is fairness where you will measure what are the throughputs that individual users are getting so if there are let us make it 10 for ease if there are 10 users you want each user to be getting one Mbps provided he has the same so when you are designing MAC protocols you will evaluate them based on this but on the other hand if you are do dealing with routing protocols by the way within this the transmission speed has a role to play but when you are designing routing protocol what you may want to design is protocols that have less overhead in other words in order for you to determine the paths for each of the destination how many messages were exchanged as part of the routing protocol for example in order to determine routes to all the nodes if one protocol is taking 1000 packets whereas other protocol is taking only 100 packets the second protocol is better not only that you may also want to quantify what the protocol convergence time is in other words to determine the routes is it taking 10 seconds or is it taking 1 second again based on that you will evaluate the protocol so in summary the effectiveness of a protocol is dictated by what the protocol is and accordingly you define matrix to measure the performance of the protocol so 1073 center does that answer your question whoever your question or you have anything specific regarding white shark so this question came from your center so I just passing back control to you to ensure that does it answer your question or if you have any follow up question based on this I don't want to take other questions I understood your concept these questions anything else as I said write to us by email or chat and we will answer so another question again dealing with the protocol stack is we always follow the TCP IP model in computer networks so what is the use of OSI model so again this has some precedence so OS so when people started working on the internet in the academia they were working on this TCP IP protocol stack and then there was a major standardization effort which thought that all these layers which are the 7 layers are necessary and they came up with this OSI protocol stack but academia was focusing on the TCP IP and they came up with only 5 layers and they had already implemented them on many machines which people were using so later when OSI standardized it and wanted people to use it it was very difficult for them to push their model because the current implementations had this 5 stacks already so OSI never caught on not only that it was also felt that lot of the functionality which is the presentation and session layer of OSI could be subsumed within the application layer itself so there wasn't any real need for those 2 separate layers so this has led to OSI not being used and TCP IP being used so that is the answer this question has come from center 1325 hello yes I can hear you speak I would like to ask you one question if we do not have a direct indication of the connection establish if we compare with the client and server program then we have the direct indication in the client program that there is indication of the connection but we do not have the connection establishment in the SSS terminal or the SSS session so if you are able to SSH there is traffic running out so when you run TCP dump you will notice that as because as soon as you type SSH some IP address you will see that a TCP connection will be established to that particular IP address and you will have the TCP handshake followed by the SSH data and it will ask you for a password so that means the connection is being established if you are not able to there is no SSH server running on the other end the very first TCP packet that you send after that you will not get any more you will get that ICMP error message or some SS some error message which gets displayed to you ma'am there is one another question from last exercise we have done in yesterday suppose we run the TCP dump and give a ping command to google.com and we capture some packets and with the help of that packets how we came to know what is the MAC address of google.com or relevant IP of this google you cannot know you cannot determine the MAC address of google because it is not within your same subnet whatever messages you are sending are going to your router so router is hiding everything else from you so you cannot know the connection address we came to know that what is the next MAC address of next hop node and that is the router but we are not able to find the MAC address of google.com okay thank you okay so going back to the questions so another question that was asked is why should layers work under isolation in TCP IP protocol stack it is not very clear to me what is this isolation so if it means that there are different layers which have very specific tasks and you are providing an interface between them so the reasons for this were discussed as part of the course itself there are multiple advantages of using this kind of layering and we talked about modular the complex task into some simple tasks and then there is reuse in other words the same module could be used by multiple higher layers for example if you create a TCP module the same TCP can be used by web it can be used by email it can be used by FTP so on so forth so this leads to reuse of a specific module and not only that it also leads to this abstraction concept where tomorrow you change some routing protocol you do not have to change TCP similarly you change your physical layer you do not have to change your link layer so this kind of reuse is extremely important when you are dealing with such a complex network so that is the reason why there are isolated this question had come from 1161 so any follow up for this specific question I clear with the idea I clear with the concept with the answer the thing is suppose if the protocols if they are developed under object oriented and where we can have this modularity abstraction and all and suppose if the protocols were implemented with the C programming but how we can expect that the modularity abstraction and reusability can be seen in the protocol so the idea that you are going to implement as I said as long as you specify that the interfaces are well defined what is internally implemented is a black box you do not have to care how exactly they are implemented according to my terms the isolation here is each and every layer is working unaware of the other layer and that is my intention in keeping it as an isolation yeah that is what that is a good thing because of these three advantages that I have mentioned but there are a few disadvantages with respect to this also and these disadvantages are more apparent when you deal with wireless networks where there is lot of emphasis on cross layer optimization in other words sometimes it makes sense for you to know what is happening at the lower layers so for example the network layer may want to know what the error rate is at the physical layer so that it can choose paths differently so this is called cross layer optimization currently it is not supported by this TCP IP protocol stack but going forward there are some so it is not very strict layering some information does get passed up and down but kind of orthogonal to this so the layering is good for many reasons but there are certain reasons where layering is not that good also ok so this question is from remote center 1321 so what was asked is can you suggest some of the interesting pedagogy to explain the physical layer concept actually wait let me ask another question before that so this question is from remote center 1136 which was PR computer science engineering background is it necessary to read physical layer protocols so this is from 1136 so normally when I teach computer networks the amount of time I spend on the physical layer is very little so as you can see even from the concepts that were provided only 3 concepts were provided about the physical layer rest all were at the higher layers that said I think it is important to understand what happens at the physical layer that way you get a complete knowledge of what is happening in computer networks you may not have to well win deep into the physical layer but at least what does it do what are some of the common things it employs is something I think it is useful to know so I mean whatever I have covered I think is the bare minimum which will help you put the entire perspective of computer networks in place including the physical layer so 1136 so does that answer or is there anything else you would like to ask ok I will take it to mean that it answers so now let us get back to the earlier question which was 1321 remote center can you suggest some of the interesting pedagogy to explain physical layer concept by which I mean animation clips are simulator so physical layer as I said we do not cover in too much detail but Bhaskar was also mentioning this so at IIT Bombay we use this experiment where we use this torch lights to enable communication so this kind of deals with the physical layer as well as the link layer concepts where the students are basically given so there are two groups each group is given a torch light and I give them a sequence of bits let us say 8 bits or depending upon 30 bits whatever it is and ask them to convey this bits building a framework using torch lights and at the other end I check whether whatever bits the other end receives matches the bits that they had sent so this tests many concepts including how do they encode so what does one mean does it mean light on for certain duration off for certain duration or do they have something even clever it also tests the framing concept which is more or less link layer but I think it is important how do you distinguish so I may give random bits sometimes I may give 8 bits sometimes I give 30 bits so you have to divide up the bits and accordingly send so how do you know when is the start when is the end of a particular frame what if you did do something but the other end interpreted one as a 0 and 0 as a 1 in which case what kind of error recovery would you do so all these aspects are covered as part of this particular design and they also tend to appreciate how communication actually works where by they design all the necessary framework to enable this communication so that is an example of a pedagogical thing that we employ other than that unless you get into lot of detail so there is a lot of modulation there is simulators for it animations for it but I do not get into that level of detail for an undergrad computer science electrical maybe you can get into but for computer science we do not get into that level of detail can you transfer it to 1 3 2 1 any questions from the center actually we have a doubt in simulator oriented teaching which simulator you prefer to teach network delay and network delay oriented configuration which by which simulator we can concept behind network delay I mean NS2 will you can show some of these things via network simulator too which in fact there is an exercise on NS2 which does capture some of these things so wait till the exercise there is any simulator is available like Cisco packet tracer it is a more graphical user interface simulator in open source so when you I do not understand what you mean simulator or emulator or actual implementation the TCP dump type of thing it is not clear to me what you are asking packet tracer is something like TCP dump kind of a thing or it could be a tool that is trace root is a tool that will tell you what are is the path being taken by a packet so it is not clear to me what exactly you want actually we have worked with the Cisco packet tracer is more user friendly for us we can able to develop or set a network with packet tracer we are familiar with that but Cisco packet tracer is not open source is there any open source simulator or emulator whatever it may be is there anyone is there any tool available for doing that kind of job so you tell me what your intended goal is I do not know what Cisco packet tracer does because I have never used it so you tell that this is what I want to achieve and then I can tell whether there is any open source tool for it actually in packet tracer we can set a network we can develop a unique network and we can do subnetting we can assign IP address for different systems we can do routing also graphically so this is all you create the topology and you so this is all being done on the same machine there is no implementation component to it right actually we have I mean macOS command also by that we can set a network in packet tracer that is what that network is residing on a single machine it is just a simulated network is that right okay like that is it possible to do with any open source one yeah NS3 also NS2 is there NS3 is a recent one NS3 is open source you can create topologies I think NS3 is supports some graphical user interface also but it may not be as sophisticated as your Cisco thing but NS3 is something you can check out platform you prefer for NS3 platform you mean windows or linux or what NS3 I think works on both so you can use it on either in windows also possible to install NS3 okay this question is from center 1309 so what was asked is during communication between two systems presented two different locations how does one measure the drifting of clocks for synchronization purpose so the answer for this is you do not necessarily have to measure drifting of clocks because measuring drift is not an easy task often done is you re-synchronize the clocks periodically so basically you send a synchronizing bit pattern which could be alternating ones and zeros periodically so that based on that you are re-synchronizing the receiver with the sender that way your drift again gets back to 0 and from that point on you will again start using again after sometime you re-synchronize yourself with the sender by sending the synchronization bits which typically are a sequence of ones and zeros so if you see many of the link layer headers the first few bits are the synchronization bits okay this is the last question for today so this question is from 1224 where asked was does interframe space matter the size of the frame is there any relation between the interframe size interframe space and frame size then what is it or how so that was the question that was asked so this interframe spacing is a concept that is part of many link level technologies so let us focus on Ethernet so Ethernet requires that one maintain interframe space of 96 bit durations I do not know if it is 96 bits but when you are dealing with 10 Mbps Ethernet it expects you to maintain an interframe space of 96 microseconds let me just check the value so Ethernet expects that 10 Mbps Ethernet expects to maintain an interframe space of 9.6 microseconds what this means is you send a transmitted a frame by the time the frame ends before you can send after you receive the last bit of that particular frame before you transmit you have to wait for this much duration which is the interframe space before you can start transmitting again the reason why the space is there is for example you are a transmitter and you have transmitted so this is where you have transmitted the last bit and supposedly there is another host that is starting to send data for you and if you did not maintain this interframe space let us say that started transmitting before this interframe space somewhere here then you have just now finished transmission you need to switch to reception so there is a different circuitry that is used for reception and to switch from transmission mode to reception mode is going to take some time for the circuit to ramp up ramp down so on so forth so this interframe spacing allows for that switch especially for the transmitter you in order for you to switch from transmission to reception you need this interval so this interframe spacing is mainly to help for that interframe space has got no relation with the frame size frames can be as long as they want but the spacing between two successive frames there should be at least this interframe space gap so for 10 mbps it is 9.6 microseconds but if you are dealing with 1 gbps ethernet it is 96 nanoseconds is the interframe space so going to the remote center which is 1224 suppose if the receiving goes to do not reply back to the sender the ack is not there if there is no ack from the receiving goes to the sender no if there is no ack there is no reply if there is no acknowledgement from receiver to the sender ethernet does not support acknowledgments so there are no acknowledgments in ethernet yeah that's why in such cases there is no need to switch over from receiving mode to the send transmission mode no but why should you purposefully so for example if this packet was destined for this particular transmitter then why do you want to purposefully lose that particular packet fine there are no acknowledgments at the link layer that doesn't mean the packet is not lost you have to recover it at the tcp layer then you should never design a system where you know if you did this you are purposefully going to corrupt packets then this IFS is only for switching over from one transmitter mode to receiver mode yeah in a given host to switch from transmission to reception there is some delay involved so this IFS takes care of the delay in other words you just transmitted a packet and someone else is sending a packet to you if you don't give this time you cannot receive that packet okay then one more thing is the we said that for 10 mps to align IFS is 9.6 microseconds yes yeah if I use a large buffer in receiving a host can I play with using buffer can I reduce the interface sorry interframe spacing as I said is a function of how much time it takes for the circuitry to switch from transmitter to receiver it has got nothing to do with buffers so it is a function of the hardware your hardware should be fast typically when you are transmitting there is a power ramp up and a power ramp down once you finish so your transmitter design should be such that it can quickly ramp down as soon as finishes transmission that is a function of the capacitors you are using whatever it is so that is what is going to dictate this it's a function of the hardware so if you are going for let's say one GBP the hardware is more sophisticated that it can actually do the switching in 96 nanoseconds so we will end here it's already one so it's a lunch break