Computer Networks Course

Reliable Transport Protocol

Done by
Fatma taha
Moustafa Ashmawy
Tarek Yasser
Yahya Ashraf

Under the supervision of

Dr. Mohamed Samir Eid

1
 GitHub project files
https://github.com/mouashmawy/Reliable-Transport-Protocol

Code implementation

Some Definitions
● We set the Maximum chunk size to 1024
● We set the Window Size to 4

Sender

1. Dividing the picture into packets

Function head
● def divide_picture_into_packets(picture_path, max_chunk_size)
Implementation
1. Reading image data with img_file.read()
2. Dividing it into chunks based on the max chunks defined
3. Returning a list of chunks

2. Adding Header to the packets

Function head
● def AddingHeadersToThePackets(picturepath, File_id)
Implementation
1. Get the list of chunks of the pictures
2. Adding trailer values either 0x0000 or 0xFFFF
3. Return a list of packets with all picture chunks having headers

Page | 2
3. Sending packets to the receiver
Function head
● def send_packets_to_receiver(packets, window_size, timeout, file_id)
Implementation
1. Creating the socket on port 9000
2. Creating an unacknowledged list with first packets with a length of window size
3. The following will run until the unacknowledged list is empty
4. Set the timeout
5. Establishing the connection with the receiver with his IP
6. Send the first window packets to the receiver
7. Wait for receiving the acknowledgments
8. Checking if the ack is in the expected IDs and it is the same file
9. Start popping the packets of received ACK out of the queue
10. Looping again from point 5 and when the packages ends it start putting nulls in
the list until we finish

Page | 3
 Receiver

1. Extract message ID
Function head
● AckId(RecievedMessage)
Implementation
1. Extract the first two bytes from the message header as it’s the message id in the
required format.
2. Transform the bytes into an integer
3. Return the integer value.

2. Extract File ID
Function head
● AckFileId(RecievedMessage)
Implementation
1. Extract the last two bytes from the message header as it’s the file id in the
required form.
2. Transform the bytes into integer
3. Return the integer value.
3. Extract Data
Function head
● Write_data(filename,data_buffer)
Implementation
1. Use function open to write the data in text format in data buffer

4. Merge data into an image file

Function head
● save_data_as_image(data, output_file)

Page | 4
Implementation
1. Use function open to rewrite the data into image format
5. Receiver main code
Implementation
1. Check the message id if it’s the expected one
2. Then extract the data and the header from the message
3. Accumulate the expected message id by one
4. Send the acknowledgement

First The lost rate:

This code simulates a scenario where packets are being processed, and
there is a 10% chance that a packet might be lost during processing. It
achieves this by generating a random integer between 0 and 9 using the
random.randint() function, and if the generated number is less than 1, the
code skips over the processing of the packet and does not send an
acknowledgement.

Second variable window size:

We added a threshold variable on the window size in a sliding window
protocol is to control the rate of data transmission and avoid overloading
the network. The window size starts at 4 and increases by 1 after each
successful transmission. If two timeouts occur, the window size is
reduced by 2 to avoid congestion. This approach dynamically adapts to
network conditions to maximize efficiency while avoiding congestion.

Page | 5
 (1) Wiِreshark data
A photo of packages sent and acknowledgments from wireshark

First package sent at time 13.98

Page | 6
Last package sent at time 33.89

The duration is about 20 seconds and this is similar to the statistics generated by the
sender & receiver.

Page | 7
(2) Plots

Small File

Page | 8
Medium File

Page | 9
Large File

Page | 10
(3) Without loss & With loss

Small File

Page | 11
Medium File

Page | 12
Large File

Page | 13
 (4) Log for test cases
Small File

Medium File

Large File

Page | 14
 (5) Study Case (Using selective repeat)
Here are the key differences if we used the Selective Repeat protocol over the
Go-Back-N (GBN) protocol:

1. Acknowledgements
a. In the GBN protocol, the receiver acknowledges every Nth packet, where
N is the size of the sender's window. In contrast, the Selective Repeat
protocol allows the receiver to selectively acknowledge individual packets.
2. Retransmission
a. If the sender does not receive an acknowledgement within a certain time
period, in GBN protocol, it retransmits all packets starting from the oldest
unacknowledged packet. In the Selective Repeat protocol, the sender
retransmits only the lost or corrupted packet(s), rather than retransmitting
all packets from a certain point in the stream.
3. Handling Out-of-Order Packets
a. In GBN protocol, all packets are sent in order, and the receiver discards
out-of-order packets. In contrast, the Selective Repeat protocol buffers
out-of-order packets until they can be correctly ordered and delivered to
the application.
4. Complexity
a. The Selective Repeat protocol requires additional bookkeeping to handle
selective acknowledgements and buffering of out-of-order packets, making
it more complex to implement than the GBN protocol.
5. Performance
a. The Selective Repeat protocol can potentially provide faster recovery from
packet loss or corruption, as it only requires retransmission of lost or
corrupted packets, rather than retransmission of entire segments.
However, it also requires more complex buffering and acknowledgement
mechanisms to handle out-of-order delivery. The GBN protocol, on the
other hand, may be more suitable for applications with low error rates.

Page | 15
 6. Efficiency
a. The GBN protocol may be more bandwidth-efficient than Selective Repeat
because the sender doesn't need to buffer as many packets as the
Selective Repeat protocol does.

In summary, the GBN protocol is simpler to implement and may be more suitable for
applications with low error rates, while the Selective Repeat protocol is more complex
but provides potentially faster recovery from packet loss or corruption.

Page | 16
 (6) Possible Attacks
As known as long as there's an Internet there are hackers who use several techniques
to sniff the packets transferred in order to know important information or install some
kind of viruses or malwares.
There are several types of attacks with several purposes and each purpose has its own
technique.
Here we are going to discuss a technique called Packet spoofing attack & Man in the
Middle.

1. Packet spoofing attack

a. Definition
i. Packet spoofing is a type of attack in which the sender manipulates
the source IP address of the packets it sends to make it appear as
if they are coming from a different location.

ii.
b. How it works

Page | 17
 i. The attacker modifies the headers of the packets to contain a
different source IP address than the actual address of the sender.
This is done to deceive the recipient into accepting packets that it
would otherwise reject. The goal of packet spoofing is to launch
attacks such as DDoS, bypass security measures, and gain
unauthorized access to a network or system.
c. suggested mitigation methods.
i. Several techniques can be used such as IP address filtering,
reverse path forwarding (RPF), and packet authentication. IP
address filtering involves examining the source IP address of
incoming packets and rejecting those that have a spoofed address.
RPF checks that the source IP address of an incoming packet
matches the interface on which it was received. Packet
authentication involves using digital signatures or other
cryptographic techniques to verify the authenticity of the packets.
d. Possible protocol updates list
i. Source IP Address Verification: The GBN sender can verify the
source IP address of incoming packets using IP address filtering.
The sender can examine the source IP address of the incoming
packets and reject those with a spoofed address.
ii. Packet Authentication: The sender can implement packet
authentication to verify the authenticity of the packets. This can be
done using digital signatures or other cryptographic techniques to
ensure that the packets are coming from the expected source.
iii. Encryption: The GBN protocol can be updated to include encryption
to ensure the confidentiality of the data being transmitted. This can
be done using protocols such as Transport Layer Security (TLS) or
Datagram Transport Layer Security (DTLS).

Page | 18
 iv. Time-based Packet Filtering: The GBN sender can limit the number
of packets that can be sent in a certain time frame to prevent
flooding and other types of attacks.
e. Regulations and laws
i. In the United States, for example, the Computer Fraud and Abuse
Act (CFAA) makes it illegal to intentionally access a computer
network without authorization or to exceed authorized access,
including the use of packet spoofing attacks.
ii. United Kingdom and Australia, have similar laws that criminalize
unauthorized access to computer networks, which can include
packet spoofing attacks. Additionally, many Internet Service
Providers (ISPs) have their own policies and terms of service that
prohibit the use of packet spoofing attacks on their networks.
iii. In Egypt:
1. the Cybercrime Law No. 175 of 2018 criminalizes various
cyber activities, including unauthorized access to a computer
system or network, and the intentional interception or
transmission of data without authorization. These provisions
cover packet spoofing attacks, as such attacks involve the
unauthorized modification of network traffic.
2. Article 4 of the Cybercrime Law stipulates that whoever
intentionally gains unauthorized access to a computer
system or network or part thereof shall be punished with
imprisonment for a period not less than six months and a
fine not less than EGP 100,000 and not exceeding EGP
1,000,000.
3. Moreover, Article 5 of the Cybercrime Law criminalizes the
intentional interception or transmission of data without
authorization, with penalties ranging from imprisonment for a
period not less than six months and a fine not less than EGP

Page | 19
 100,000 and not exceeding EGP 1,000,000 to life
imprisonment if the offense is committed with the intent to
harm the national security of the country.
4. Therefore, performing a packet spoofing attack in Egypt is
illegal and can result in severe legal consequences. It is
essential for individuals and organizations to comply with the
regulations and take necessary measures to prevent such
attacks.

Page | 20
2) Man-in-the-Middle (MITM) attack is a sort of cyber-attack in which an attacker
intercepts and modifies communications to and from a wireless network without the
wireless client being aware that the link has been compromised.

MITM attacks have not been common for a long time. This type of attack is typically
carried out when the attacker has a specific target in mind. This is not a typical attack,
such as phishing or malware or ransomware.

This attack's primary purpose is to compromise user account credentials during a

wireless penetration test. MITM attacks are commonly used to collect user account
information on Web-based applications, clear-text passwords, and sniff and break
Windows password hashes.

Suppose you are connected to a Wi-Fi network and doing a transaction with your
bank. An attacker is also connected to the same Wi-Fi. The attacker does the
following:

Key Concepts of Man-in-the-Middle Attack:

Page | 21
 1. The attackers intercept the client-server conversation in order to obtain
confidential data.
2. The data transfers that take place during this attack remain undetected.
3. The attacker tries to perform this attack by using various tricks like sending
attachments or links or duplicate websites.

Advantages of Man-in-the-Middle Attack:

1. If the user connects to a public Wi-Fi network, the attacker can use a Man in the
Middle attack.
2. If the user's connection is intercepted by the attacker, the user might receive
certain fake software updates in the form of pop-ups.

Disadvantages of Man-in-the-Middle Attack:

This attack occurs when the victim clicks on the link or attachment, or gains access to
any public Wi-Fi network. The assault will not take place if the victim does not click on
any of the anonymous links or gains access to any public Wi-Fi. So, raising awareness
can help to avert this attack forever.

Man-in-the-Middle Attack Types In cyber security, a man-in-the-middle attack is defined

as any situation in which a threat actor places themselves between a user and an entity
such as a network, website, or application in order to gather information. Hackers gain
the information using various sorts of spoofing, which is a means of imitating trusted
internet entities or websites. The following are the most common types of MITM
attacks:

1. IP Spoofing
2. DNS Spoofing
3. HTTPS Spoofing
4. Email Hijacking
5. Wi-Fi Eavesdropping
6. SSL Hijacking

Page | 22
 7. Session Hijacking

As an illustration, the attacker targeted a bank. The attacker notifies the customer via
email that someone has attempted to get into their bank account and that they need
their information to authenticate. The email sent to the consumer was a phishing
attempt. As a result, the victim will click on the link in the email and be directed to a fake
website. The fake website will appear to be real. When the victim enters their
information, they will be redirected to the original website. The attacker has now gained
access to the victim's account.

Real-world example: Equifax website spoofing exposes millions of users.

In 2017, Equifax confirmed a data breach that exposed over 143 million Americans. As
a result, Equifax launched equifaxsecurity2017.com to help customers determine
whether the breach affected them. The problem was that the website used a shared
SSL certificate for hosting, which was shared by thousands of other websites. DNS
spoofing (via fake websites) and SSL spoofing were used to redirect users to a bogus
website or intercept data from the site.

The man-in-the-middle attacks affected 2.5 million customers, bringing the total number
of customers affected by the Equifax incident to 145.5 million.

For the previous reasons the MITM are illegal world wide.

Examples of MITM-related laws and regulations in some countries:

1. The United States: Both the Computer Fraud and Abuse Act (CFAA) and the
Electronic Communications Privacy Act (ECPA) forbid unauthorised access to
electronic communications, including the use of an MITM attack to intercept such
communications.

Page | 23
 2. United Kingdom: The Computer Misuse Act of 1990 prohibits unauthorised
access to computer systems and the interception of electronic communications
via an MITM attack.
3. Canada: The Criminal Code of Canada prohibits the illegal interception of
communications, which includes MITM attacks.
4. Australia: The Telecommunications (Interception and Access) Act of 1979
prohibits telecommunications interception, including the use of an MITM attack.

In Egypt, there are several laws and regulations that make man-in-the-middle attacks
illegal. These are some examples:

1. The Cybercrime Law (Law No. 175 of 2018): This law criminalises a variety of
cybercrimes, including unauthorised access to computer systems and electronic
communication interception. Article 27 expressly prohibits intercepting electronic
communications without the sender's or recipient's consent.

2. The Telecommunications Regulation Law (Law No. 10 of 2003): This law

governs Egypt's telecommunications sector and defines telecom service
providers' responsibilities and obligations. Article 33 of this law makes it illegal to
interfere with or obstruct telecommunications networks or services.

3. The Egyptian Penal Code: The Egyptian Penal Code contains provisions that
can be used to prosecute individuals who commit cybercrimes, such as
man-in-the-middle attacks. Article 302 bis, for example, criminalises unauthorised
access to a computer system, and Article 309 bis criminalises unauthorised
telecommunications interception.

In addition to these laws, Egypt has signed various international treaties and accords
dealing with cybercrime and electronic communications, including the Budapest
Convention on Cybercrime and the Arab Convention on Combating Information

Page | 24
Technology Offences. These accords also ban the unauthorized interception of
electronic communications.

The widespread availability of tools that can disrupt network communication can
have significant economic and societal impacts.

1. Disruption of Critical Infrastructure

2. Increased Cybercrime
3. Decreased Trust in Digital Services
4. Increased Government Control

Users should be aware of the following:

1. Always log in to sensitive websites using reliable networks and devices.

2. Avoid connecting to an open (unencrypted) Wi-Fi network.

3. Keeping networks safe from unauthorized external access.

4. If you must use a public computer, verify its browser for the presence of any
rogue certificates and ensure that none exist. Examine the hosts file as well.

5. When connected to a public network or using a public computer, do a

traceroute to the website you want to access and look for anything suspicious in
the packets' route. For example, packets sent to an IP address other than the
one whose last octet is 1 (the IP address of your gateway).

6. Manage and preserve your TLS certificates and keys effectively to avoid the
use of hacked or expired certificates.

7. Be careful of any phishing emails from attackers requesting that you update
your password or other login information. Instead of clicking on the link in the
email, manually type the website address into your browser.

Page | 25
Man-in-the-Middle Attack Detection

1. Slow or disconnected services: If a user tries to log in to an account and keeps

getting timed out, it's conceivable that a spammer is disconnecting the session to
intercept credentials. The service itself may be clearly slow because it is faked
and thus not configured properly in the manner of a real website or app.

2. Discovering unusual websites or email addresses: Small changes, such as

removing a few characters from the addresses in the website search field,
suggest a likely DNS spoof. Furthermore, one type of email hijacking occurs
when a spammer sends and receives messages or executes orders using a
domain similar to the one they're impersonating.

3. Using packet inspections: Deep packet inspection (DPI) tools analyse network
traffic to detect odd events such as an outsider investigating vulnerabilities or
intercepting traffic data.

4. Connecting to unsecured WiFi or websites: A user may unknowingly connect

to a "unsecure" WiFi network—a potential MITM attack to lure devices. They may
also wish to visit a website that employs HTTPS but get redirected to a
non-secure, HTTP site.

In Conclusion: Although the Man in the Middle Attack is uncommon, it is still used
when an attacker has a specific target in mind. During a wireless penetration test, this
method is frequently used to compromise user account credentials. Users can avoid this
attack by being cautious of public Wi-Fi networks and refraining from clicking on
anonymous links or attachments.

Page | 26