### Computer Network and Security Exam Questions and Answers

#### Q1) a) Explain distance vector routing algorithm.

1. **Definition**: Distance vector routing is a dynamic routing protocol.
2. **Algorithm Basis**: Uses the Bellman-Ford algorithm to calculate the
best path to each network node.
3. **Routing Updates**: Routers periodically send their routing tables to
neighboring routers.
4. **Metric**: Routes are selected based on the distance metric, typically
hop count.
5. **Table Structure**: Each router maintains a routing table listing the
best known distances to each destination and the next hop.
6. **Convergence**: It has a slow convergence and can suffer from
routing loops.
7. **Count to Infinity Problem**: It can lead to counting to infinity issues,
where routing loops can cause endless updates.
8. **Triggered Updates**: It supports triggered updates to speed up
convergence in case of network changes.
9. **Split Horizon**: A technique used to prevent routing loops by not
sending updates back to the router from which they came.

#### Q1) b) A host was given the 192. 168.2.64 /25 IP address, indicate:
1. **Net mask in dotted decimal**: 255.255.255.128.
2. **Network address**: 192.168.2.0.
3. **Broadcast address**: 192.168.2.127.
4. **Total number of hosts**: 126 (2^7 - 2, as the first and last addresses
are reserved for network and broadcast addresses).
5. **First Usable Address**: 192.168.2.1.
6. **Last Usable Address**: 192.168.2.126.
7. **Subnetting**: This subnet mask divides the 192.168.2.0 network into
two subnets.
8. **Classful/less**: The /25 subnet mask is a classless addressing
technique (CIDR).
9. **Purpose**: Useful for creating smaller subnets to manage and
optimize IP address allocation.

#### Q1) c) Explain IPv4 header format in detail.

1. **Version**: 4-bit, indicates the version of IP, which is 4.
2. **Header Length**: 4-bit, specifies the length of the header in 32-bit
words.
3. **Type of Service (TOS)**: 8-bit, specifies the priority of the packet.
4. **Total Length**: 16-bit, the entire packet size in bytes, including the
header and data.
5. **Identification**: 16-bit, used for uniquely identifying fragments of an
original IP datagram.
6. **Flags**: 3-bit, used to control or identify fragments.
- **DF (Don't Fragment)**: Indicates that the packet should not be
fragmented.
- **MF (More Fragments)**: Indicates that there are more fragments.
7. **Fragment Offset**: 13-bit, used for fragment reassembly.
8. **Time to Live (TTL)**: 8-bit, limits the packet's lifetime to prevent it
from circulating indefinitely.
9. **Protocol**: 8-bit, defines the protocol used in the data portion of the
IP datagram (e.g., TCP, UDP).

#### Q2) a) What is ARP? How it works?

1. **Definition**: Address Resolution Protocol (ARP) is used to map IP
addresses to MAC addresses.
2. **ARP Request**: Broadcasts a request packet to all devices on the
local network to find the MAC address associated with a known IP
address.
3. **ARP Reply**: The device with the matching IP address sends back
an ARP reply with its MAC address.
4. **ARP Cache**: Stores the IP-to-MAC address mappings temporarily
to reduce network traffic.
5. **Broadcast**: The ARP request is sent to the broadcast MAC address
(FF:FF:FF:FF:FF:FF).
6. **Unicast**: The ARP reply is sent directly (unicast) to the requesting
device.
7. **Protocol Layer**: ARP operates at the Link Layer (Layer 2) in the OSI
model.
8. **Usage**: Essential for IP networking over Ethernet.
9. **Security**: Vulnerable to ARP spoofing attacks, where an attacker
can intercept network traffic by sending fake ARP messages.

#### Q2) b) Router actions for specific packets:

1. **156.26.10.66**: Matches the 156.26.10.0/26 network (255.255.255.192),
and the packet is delivered via Eth0.
2. **156.26.10.226**: Matches the 156.26.10.128/25 network
(255.255.255.128), and the packet is delivered via Eth1.
3. **168.130.12.27**: Matches the default route 0.0.0.0 (0.0.0.0), and the
packet is forwarded to gateway 156.10.1.30.
4. **Routing Table**: The router uses the longest prefix match rule to
determine the best route.
5. **Direct Delivery**: If the destination network matches a directly
connected network, the packet is delivered to the corresponding
interface.
6. **Next-Hop**: If no direct match is found, the router forwards the
packet to the next-hop gateway specified in the routing table.
7. **Default Route**: The router uses the default route as a last resort if
no specific route matches the destination IP.
8. **Subnet Mask**: Helps the router determine which portion of the IP
address to use for matching against the routing table.
9. **Static vs. Dynamic**: The routing table can be populated with static
routes configured by the network administrator or dynamically learned
routes from routing protocols.

#### Q2) c) Explain Network Address Translation (NAT) process.

1. **Definition**: NAT translates private IP addresses to a public IP
address for internet communication.
2. **Types of NAT**: Static NAT, Dynamic NAT, and Port Address
Translation (PAT).
3. **Static NAT**: One-to-one mapping between a private IP address and
a public IP address.
4. **Dynamic NAT**: Maps a private IP address to a public IP address
from a pool of available addresses.
5. **PAT (Overloading)**: Maps multiple private IP addresses to a single
public IP address using different ports.
6. **Translation Table**: The router maintains a table to keep track of
active translations.
7. **Security**: NAT provides a basic level of security by hiding internal
IP addresses.
8. **Address Conservation**: Helps in conserving public IP addresses.
9. **Session Management**: Ensures that incoming traffic is directed to
the correct internal device based on the translation table.

#### Q3) a) Determine transport layer protocol (TCP/UDP):

1. **File Transfer**: TCP - Reliable delivery is crucial to ensure complete
and accurate file transfer.
2. **Real-time video**: UDP - Low latency is required, and some packet
loss is acceptable for real-time playback.
3. **Web browsing**: TCP - Ensures reliable and ordered delivery of web
pages and resources.
4. **VoIP**: UDP - Minimal delay and lower overhead are necessary for
real-time voice communication.
5. **YouTube video**: TCP - Ensures reliable streaming, buffering helps
manage delays.
6. **Email (SMTP)**: TCP - Reliable and ordered delivery is essential for
sending emails.
7. **DNS Queries**: UDP - Quick queries with minimal overhead, but TCP
is used for larger responses.
8. **Remote Desktop**: TCP - Reliable connection to maintain session
integrity.
9. **Online Gaming**: Often UDP - Lower latency is more important than
reliability in many cases.

#### Q3) b) Explain TCP state transition diagram.

1. **Closed**: No connection; initial state.
2. **Listen**: Server is waiting for an incoming connection request.
3. **Syn-Sent**: Client has sent a SYN segment to initiate a connection.
4. **Syn-Received**: Server has received SYN and sent SYN-ACK.
5. **Established**: Connection is established, both sides have
exchanged SYN and ACK.
6. **Fin-Wait-1**: One side starts closing the connection by sending a
FIN segment.
7. **Fin-Wait-2**: Waiting for the other side to close after receiving an
ACK for its FIN.
8. **Close-Wait**: The other side has received the FIN and is waiting to
close the connection.
9. **Last-Ack**: The side that received the first FIN waits for an ACK after
sending its FIN.

#### Q3) c) Define Socket and explain socket primitives.

1. **Socket Definition**: A socket is an endpoint for sending or receiving
data across a computer network.
2. **Client Primitives**:
- **Socket**: Create a socket.
- **Connect**: Establish a connection to a server.
- **Send**: Transmit data through the socket.
 - **Receive**: Read data from the socket.
- **Close**: Terminate the connection.
3. **Server Primitives**:
- **Socket**: Create a socket.
- **Bind**: Attach the socket to an IP address and port.
- **Listen**: Prepare the socket to accept incoming connections.
- **Accept**: Accept a connection request.
- **Send**: Transmit data through the socket.
- **Receive**: Read data from the socket.
- **Close**: Terminate the connection.
4. **Socket Types**: Stream sockets (TCP), Datagram sockets (UDP).
5. **Address Family**: Defines the

address structure (e.g., AF_INET for IPv4).

6. **Protocol**: Specifies the transport protocol (e.g., IPPROTO_TCP for
TCP).
7. **Non-blocking Mode**: Sockets can be set to non-blocking mode to
prevent operations from blocking the program flow.
8. **Error Handling**: Proper error handling is crucial to manage
connection failures and other issues.
9. **Multiplexing**: Techniques like `select()` or `poll()` can be used to
manage multiple socket connections simultaneously.

#### Q4) a) Explain TCP connection establishment process with suitable

diagram.
1. **Three-Way Handshake**:
- **SYN**: Client sends a SYN segment to the server to initiate a
connection.
- **SYN-ACK**: Server responds with a SYN-ACK segment to
acknowledge the SYN and synchronize.
- **ACK**: Client sends an ACK segment to acknowledge the SYN-ACK
and complete the connection.
2. **Step 1**: Client sends a SYN packet to the server with a sequence
number (Seq=X).
3. **Step 2**: Server receives the SYN and responds with a SYN-ACK
packet (Seq=Y, Ack=X+1).
4. **Step 3**: Client receives the SYN-ACK and sends an ACK packet
back to the server (Ack=Y+1).
5. **Connection Established**: Both client and server are now in the
"ESTABLISHED" state and can start data transmission.
6. **Half-Open Connections**: Managed by timers to prevent resource
exhaustion.
7. **Security**: SYN cookies can be used to prevent SYN flood attacks.
8. **Retransmission**: If any segment is lost, it will be retransmitted
according to TCP's reliability mechanisms.
9. **State Transition**: Moves through CLOSED -> SYN_SENT/RECEIVED
-> ESTABLISHED.

#### Q4) b) Causes and prevention of silly window syndrome.

1. **Causes**:
- **Small Window Size**: Sending small amounts of data inefficiently.
- **Application Behavior**: Applications generating data slowly.
- **Immediate Acknowledgments**: Sending ACKs for small amounts
of received data.
2. **Prevention**:
- **Nagle’s Algorithm**: Combines small messages into larger
segments before sending.
- **Clark’s Solution**: Receiver advertises a larger window size only
when it can handle a significant amount of data.
- **Delayed ACKs**: Receiver delays sending ACKs to allow more data
to accumulate.
3. **Algorithm**: Nagle’s Algorithm waits for either a maximum segment
size to be reached or an acknowledgment to be received.
4. **Receiver Strategy**: Avoids advertising small window sizes unless
absolutely necessary.
5. **Window Scaling**: TCP option that allows for larger window sizes.
6. **Application Layer**: Applications should try to buffer and send
larger chunks of data.
7. **Network Layer**: Should support efficient handling of TCP flows.
8. **Buffer Management**: Proper management of buffer space at both
sender and receiver.
9. **Adaptive Algorithms**: Dynamically adjust strategies based on
network conditions.

#### Q4) c) Analysis of UDP header in Hexadecimal.

1. **Hexadecimal Representation**: Example provided in the question.
2. **Source Port**: 1586.
3. **Destination Port**: 13.
4. **Length**: 28 bytes.
5. **Checksum**: Used for error-checking.
6. **Data Length**: 20 bytes (Total length - header length).
7. **Direction**: Client to server.
8. **Client Process**: Typically determined by examining the port number
and application.
9. **Hex Analysis**: Conversion of hex to binary and decimal to verify
values.

#### Q5) a) Difference between persistent and non-persistent HTTP.

1. **Persistent HTTP**:
- **Single Connection**: Multiple requests can be sent over the same
TCP connection.
- **Reduced Latency**: Eliminates the overhead of establishing
multiple connections.
- **Connection Reuse**: Connections are kept open for reuse.
- **Keep-Alive**: HTTP header used to maintain the connection.
2. **Non-persistent HTTP**:
- **Multiple Connections**: Each request requires a new TCP
connection.
- **Higher Latency**: Due to connection setup and teardown for each
request.
- **Simpler Implementation**: Easier to implement in some cases.
- **Resource Consumption**: Higher resource consumption due to
more frequent connection establishment.
3. **Performance**: Persistent connections generally provide better
performance.
4. **HTTP/1.0 vs. HTTP/1.1**: Persistent connections are the default in
HTTP/1.1.
5. **Pipelining**: In persistent HTTP, pipelining allows multiple requests
to be sent without waiting for the corresponding responses.
6. **Network Load**: Non-persistent HTTP increases network load due to
more connection overhead.
7. **Timeouts**: Persistent connections may be closed after a timeout if
inactive.
8. **Use Cases**: Persistent HTTP is preferred for web browsing, where
multiple objects are requested from the same server.

#### Q5) b) Explain working of DHCP.

1. **Discovery**: Client broadcasts a DHCPDISCOVER message to find
available DHCP servers.
2. **Offer**: DHCP servers respond with a DHCPOFFER message
offering an IP address.
3. **Request**: The client selects an offer and broadcasts a
DHCPREQUEST message to request the IP address.
4. **Acknowledge**: The DHCP server responds with a DHCPACK
message, confirming the IP address lease.
5. **Lease Duration**: The IP address is assigned for a specific lease
duration.
6. **Rebinding**: Before the lease expires, the client can request to
extend the lease.
7. **Release**: The client can send a DHCPRELEASE message to
relinquish the IP address.
8. **Inform**: DHCPINFORM message can be used to obtain other
configuration parameters without a new IP address.
9. **Renewal**: The client periodically renews the lease by sending a
DHCPREQUEST message.

#### Q5) c) Differentiate between POP and IMAP protocol.

1. **POP (Post Office Protocol)**:
- **Download and Delete**: Emails are downloaded from the server and
usually deleted.
- **Offline Access**: Emails are stored locally and accessible offline.
- **Single Device**: Primarily designed for use on a single device.
2. **IMAP (Internet Message Access Protocol)**:
- **Server Storage**: Emails remain on the server and can be accessed
from multiple devices.
- **Synchronization**: Synchronizes the email state (read/unread,
folder structure) across devices.
- **Selective Download**: Only the email headers are downloaded
initially, and the body is fetched on demand.
3. **Email Management**:
- **POP**: Limited management capabilities, mostly downloads and
deletes.
- **IMAP**: Advanced management with server-side folders, labels, and
search capabilities.
4. **Use Case**:
- **POP**: Suitable for users with limited internet connectivity who
need offline access.
- **IMAP**: Ideal for users with consistent internet access and multiple
devices.
5. **Resource Usage**:
- **POP**: Lower server resource usage due to fewer stored messages.
- **IMAP**: Higher server resource usage due to stored emails and
synchronization.
6. **Security**: Both can use SSL/TLS for secure communication.
7. **Protocol Ports**:
- **POP**: Typically uses port 110 (unencrypted) and 995 (encrypted).
- **IMAP**: Typically uses port 143 (unencrypted) and 993 (encrypted).
8. **Client Configuration**:
- **POP**: Clients need to be configured to leave a copy on the server if
access from multiple devices is needed.
- **IMAP**: Automatically handles multiple devices without additional
configuration.
9. **Support for Advanced Features**: IMAP supports more advanced
features like partial message fetch, message status flags, and
server-side searches.

#### Q6) a) Explain how DNS query resolved.

1. **Recursive Query**: Client sends a query to the DNS resolver, which
takes responsibility for the query.
2. **Root Server**: Resolver queries a root DNS server, which responds
with a referral to a TLD (Top-Level Domain) server.
3. **TLD Server**: Resolver queries the TLD server (e.g., .com), which
responds with a referral to the authoritative DNS server for the domain.
4. **Authoritative Server**: Resolver queries the authoritative DNS server
for the domain, which provides the IP address of the requested
hostname.
5. **Caching**: Intermediate DNS servers and clients cache the results to
reduce future query times.
6. **Iterative Query**: DNS resolver may perform iterative queries where
each server refers the resolver to the next server.
7. **Response**: The resolver returns the final IP address to the client.
8. **DNS Record Types**: Common types include A (IPv4 address),
AAAA (IPv6 address), MX (Mail Exchange), CNAME (Canonical Name).
9. **TTL (Time to Live)**: Specifies how long a DNS record should be
cached by clients and DNS servers.

#### Q6) b) Explain FTP with control and data connection.

1. **Control Connection**: Established on port 21, used for sending
commands and receiving responses.
2. **Data Connection**: Established on port 20 (or a different port in
passive mode), used for transferring files.
3. **Command Types**: FTP commands include USER (username), PASS
(password), RETR (retrieve file

), STOR (store file), LIST (list directory).

4. **Active Mode**: Server initiates the data connection to the client's
specified port.
5. **Passive Mode**: Client initiates the data connection to the server's
specified port.
6. **Authentication**: User must provide a username and password to
log in.
7. **File Transfer**: Supports binary and ASCII file transfer modes.
8. **Security**: Basic FTP is not secure; FTPS (FTP Secure) or SFTP
(SSH File Transfer Protocol) are used for secure transfers.
9. **Session Management**: Control connection remains open
throughout the session, while data connections are opened and closed
as needed for each file transfer.

### Q6) c) When web pages containing emails are sent out, they are
prefixed by MIME Header, why? Explain MIME Header.

1. **Purpose of MIME**: MIME (Multipurpose Internet Mail Extensions)

headers extend the format of email messages to support text in
character sets other than ASCII, as well as attachments of audio, video,
images, and application programs.

2. **Content-Type**: Indicates the media type of the message content

(e.g., text/plain, text/html, image/jpeg). This helps email clients
understand how to process and display the content.

3. **Content-Transfer-Encoding**: Specifies the encoding transformation

that has been applied to the message body to enable it to be safely
transported (e.g., base64, quoted-printable).

4. **Content-Disposition**: Provides information about how the content

is to be displayed (e.g., inline or as an attachment) and suggests a
filename for attachments.
5. **Multipart Messages**: MIME allows for messages to be divided into
multiple parts (e.g., multipart/mixed, multipart/alternative). This is
essential for sending emails with both plain text and HTML versions.

6. **Charset Parameter**: Indicates the character encoding used in the

message body (e.g., UTF-8), which is crucial for correctly displaying
non-ASCII characters.

7. **Boundary String**: In multipart messages, a boundary string is used

to separate different parts. This allows the client to parse and separate
individual components.

8. **Enhancing Security**: MIME headers can include security-related

information, such as digital signatures (e.g., S/MIME) and encryption
details, to ensure the authenticity and confidentiality of the message.

9. **Interoperability**: By using standard MIME headers, email clients

across different platforms and email services can interpret and display
complex email messages uniformly, ensuring compatibility and user
experience.

### Q7) a) Draw and explain Operational Model of Network Security.

1. **Components**: The operational model of network security includes

confidentiality, integrity, availability, authenticity, and non-repudiation.

2. **Confidentiality**: Ensures that information is only accessible to

authorized users. Techniques include encryption and access controls.

3. **Integrity**: Ensures that information is not altered during

transmission. Methods include hashing and digital signatures.

4. **Availability**: Ensures that information and resources are accessible

when needed. This is achieved through redundancy, fault tolerance, and
proper maintenance.

5. **Authenticity**: Verifies the identity of users and systems. This is

implemented using authentication protocols and certificates.
6. **Non-repudiation**: Ensures that a sender cannot deny sending a
message. Digital signatures and audit logs are commonly used.

7. **Security Policies**: These are rules and practices that dictate how an
organization manages, protects, and distributes sensitive information.

8. **Risk Management**: Involves identifying, assessing, and mitigating

risks to the network. This includes regular security assessments and
updates.

9. **Incident Response**: A structured approach to addressing and

managing the aftermath of a security breach or cyberattack, aiming to
limit damage and reduce recovery time and costs.

### Q7) b) Discuss the working of IPSec? What are the different security
services offered by IPSec?

1. **Overview**: IPSec (Internet Protocol Security) is a suite of protocols

for securing IP communications by authenticating and encrypting each
IP packet in a communication session.

2. **Authentication Header (AH)**: Provides connectionless integrity and

data origin authentication for IP packets, and protects against replay
attacks.

3. **Encapsulating Security Payload (ESP)**: Provides confidentiality, as

well as optional authentication, integrity, and anti-replay services.

4. **Security Associations (SAs)**: Define the parameters for how two

entities communicate securely. Each SA includes a key and the type of
encryption/authentication.

5. **Key Management**: Typically handled by IKE (Internet Key

Exchange), which negotiates and manages security associations.

6. **Modes**: IPSec operates in two modes - Transport mode (encrypts

only the payload of the IP packet) and Tunnel mode (encrypts the entire
IP packet).
7. **Confidentiality**: Achieved through encryption algorithms such as
AES or DES, ensuring that data remains private during transmission.

8. **Integrity**: Ensured by hashing algorithms like SHA or MD5,

verifying that data has not been altered.

9. **Authentication**: Confirms the identity of the communicating

parties, often using digital certificates and pre-shared keys.

### Q7) c) Differentiate between Active attacks and Passive Attacks.

1. **Active Attacks**:
- **Definition**: Attempts to alter system resources or affect their
operation.
- **Types**: Include masquerading, replay, message modification, and
denial-of-service attacks.
- **Detection**: Easier to detect due to their disruptive nature.
- **Example**: A hacker altering the content of a transmitted message.

2. **Passive Attacks**:
- **Definition**: Attempts to learn or make use of information from the
system without affecting system resources.
- **Types**: Include eavesdropping and traffic analysis.
- **Detection**: Harder to detect as they do not alter data or system
resources.
- **Example**: Sniffing network traffic to capture sensitive information.

3. **Impact**: Active attacks can cause immediate damage or disruption,

while passive attacks are focused on data gathering for future
exploitation.

4. **Prevention**: Active attacks require strong authentication, access

controls, and regular monitoring, whereas passive attacks need robust
encryption to protect data.

5. **Goal**: Active attacks aim to disrupt or manipulate data, while

passive attacks aim to gain unauthorized access to information.

6. **Examples in Real World**:

- **Active**: SQL injection, Man-in-the-Middle (MITM) attacks.
 - **Passive**: Monitoring unencrypted communications.

7. **Complexity**: Active attacks often require more sophisticated

methods and tools compared to passive attacks.

8. **Response**: Active attacks often necessitate immediate response

actions such as system shutdowns or countermeasures, while passive
attacks require forensic analysis to understand the extent of the breach.

9. **Legal Implications**: Both types of attacks are illegal, but active

attacks often lead to quicker legal actions due to the evident damage
caused.

### Q8) a) List and explain various elements of Information Security.

1. **Confidentiality**: Ensures that sensitive information is accessed

only by authorized users. Implemented through encryption and access
controls.

2. **Integrity**: Ensures that information is accurate and has not been

tampered with. Achieved using hashing, checksums, and digital
signatures.

3. **Availability**: Ensures that information and resources are available

to authorized users when needed. Ensured through redundancy, load
balancing, and failover mechanisms.

4. **Authentication**: Verifies the identity of users and systems. Methods

include passwords, biometrics, and digital certificates.

5. **Authorization**: Determines what an authenticated user is allowed to

do. Managed through access control lists (ACLs) and role-based access
control (RBAC).

6. **Non-repudiation**: Ensures that a party cannot deny the authenticity

of their signature on a document or a sent message. Implemented using
digital signatures and audit logs.
7. **Risk Management**: The process of identifying, assessing, and
controlling threats to an organization’s capital and earnings. Includes
risk assessment and mitigation strategies.

8. **Incident Response**: A structured approach to handle the aftermath

of a security breach or cyberattack, aiming to manage and mitigate the
impact.

9. **Compliance**: Adherence to laws, regulations, and policies

governing data protection. Ensures that the organization meets legal
and regulatory requirements.

### Q8) b) Compare Symmetric Key and Asymmetric key encryption

techniques.

1. **Symmetric Key Encryption**:

- **Key Usage**: Uses the same key for both encryption and
decryption.
- **Speed**: Generally faster due to simpler algorithms.
- **Security**: Key distribution is a major challenge; if the key is
compromised, all communications are at risk.
- **Algorithms**: Examples include AES, DES, and 3DES.

2. **Asymmetric Key Encryption**:

- **Key Usage**: Uses a pair of keys - a public key for encryption and a
private key for decryption.
- **Speed**: Slower due to more complex algorithms.
- **Security**: More secure for key distribution; the public key can be
shared openly while the private key remains confidential.
- **Algorithms**: Examples include RSA, ECC, and DSA.

3. **Use Cases**:
- **Symmetric**: Ideal for encrypting large amounts of data quickly,
such as file encryption and VPNs.
- **Asymmetric**: Used for secure key exchange, digital signatures,
and certificates.

4. **Key Management**: Symmetric encryption requires secure key

management and distribution systems, while asymmetric encryption
simplifies this with public and private key pairs.
5. **Scalability**: Symmetric key systems are less scalable as each pair
of users needs a unique key, whereas asymmetric systems can scale
more easily with a single pair of keys for each user.

6. **Encryption Strength**: Both can offer strong encryption, but

asymmetric keys need to be longer (e.g., 2048 bits) to achieve similar
security levels as symmetric keys (e.g., 256 bits).

7. **Hybrid Approach**: Often used together in hybrid encryption, where

asymmetric encryption secures the exchange of a symmetric key, which
is then used for the actual data encryption.

8. **Computational Requirements**: Symmetric encryption requires less

computational power, making it more suitable for devices with limited
resources.

9. **Legacy and Modern

Systems**: Symmetric key encryption has been in use longer and is

widely implemented in legacy systems, while asymmetric encryption is
integral to modern security protocols like SSL/TLS.

### Q8) c) Explain Secure Socket Layer handshake Protocol.

1. **Initiation**: The client sends a "ClientHello" message to the server,

proposing SSL parameters such as version, cipher suites, and
compression methods.

2. **Server Response**: The server responds with a "ServerHello"

message, selecting the SSL parameters to be used from the client’s list.

3. **Server Authentication**: The server sends its digital certificate to the

client for authentication, proving its identity.

4. **Key Exchange**: The server might also send a

"ServerKeyExchange" message if it's using a key exchange algorithm
that requires it (like Diffie-Hellman).
5. **Certificate Request**: Optionally, the server can request a certificate
from the client to authenticate the client in mutual authentication
scenarios.

6. **Client Authentication**: The client verifies the server’s certificate

and sends a "ClientKeyExchange" message, which includes a
pre-master secret, encrypted with the server’s public key.

7. **Session Keys**: Both client and server generate session keys from
the pre-master secret and other agreed-upon values, which will be used
to encrypt the session.

8. **Finished Messages**: The client and server send "Finished"

messages to each other, encrypted with the session keys, indicating that
future messages will be encrypted.

9. **Secure Communication**: After the handshake is complete, the

client and server can exchange encrypted messages using the
established session keys, ensuring confidentiality and integrity.

##############2nd oNE#############

### Answer to Question 1(a): Differentiate between Circuit Switching and

Packet Switching
1. **Circuit Switching**:
- **Definition**: Establishes a dedicated communication path between
nodes.
 - **Connection Type**: Requires a pre-established path for the duration
of the communication session.
- **Resource Allocation**: Resources (bandwidth) are reserved for the
entire duration of the connection.
- **Example**: Traditional telephone networks.
- **Latency**: Lower latency once the circuit is established, but setup
time can be significant.
- **Efficiency**: Inefficient for bursty traffic, as resources are
underutilized during silent periods.

2. **Packet Switching**:
- **Definition**: Data is broken into packets and each packet is routed
independently.
- **Connection Type**: No dedicated path; uses dynamic routing based
on current network conditions.
- **Resource Allocation**: Resources are used on a per-packet basis,
allowing for better utilization.
- **Example**: Internet data transmission.
- **Latency**: Can have variable latency due to differing packet routes
and network congestion.
- **Efficiency**: Highly efficient for bursty and variable data traffic.

3. **Comparison Points**:
- **Flexibility**: Packet switching is more flexible and can better handle
network failures and congestion.
- **Scalability**: Packet switching scales better with the increase in the
number of users and data volume.
- **Quality of Service**: Circuit switching can guarantee QoS more
easily as it has a reserved path, while packet switching relies on QoS
protocols and mechanisms.

### Answer to Question 1(b): Short Note on RIP (Routing Information

Protocol)
1. **Definition**: RIP is a distance-vector routing protocol used in local
and wide-area networks.
2. **Algorithm**: Uses the Bellman-Ford algorithm to determine the best
path based on hop count.
3. **Hop Count Limit**: Maximum hop count is 15, making it suitable for
smaller networks.
4. **Updates**: Periodic updates (every 30 seconds) are sent to all
neighboring routers.
5. **Metric**: Uses hop count as the metric to determine the best path,
where each router hop counts as one unit.
6. **Protocol Type**: Works at the application layer using UDP as the
transport protocol.
7. **Routing Table**: Maintains a routing table which is updated based on
information received from neighboring routers.
8. **Version**: Two versions, RIP version 1 (RIP v1) and RIP version 2
(RIP v2), with v2 supporting subnet masks and authentication.
9. **Limitations**: Not suitable for larger networks due to limited hop
count and slow convergence.

### Answer to Question 1(c): 192.168.5.71 /26

1. **Subnet Mask**:
- **Calculation**: /26 means 26 bits are set to 1 in the subnet mask.
- **Result**: Subnet mask is 255.255.255.192 (binary:
11111111.11111111.11111111.11000000).

2. **First IP Address**:
- **Network Address Calculation**: The first IP in the subnet is the
network address plus one.
- **Result**: 192.168.5.64 is the network address; the first usable IP is
192.168.5.65.

3. **Last IP Address**:
- **Broadcast Address Calculation**: The last IP in the subnet is the
broadcast address minus one.
- **Result**: 192.168.5.127 is the broadcast address; the last usable IP
is 192.168.5.126.

### Answer to Question 2(a): IPv6 Header Format

1. **Version**: 4-bit field set to 6 for IPv6.
2. **Traffic Class**: 8-bit field for QoS and priority handling.
3. **Flow Label**: 20-bit field used to identify traffic flows requiring
special handling.
4. **Payload Length**: 16-bit field specifying the length of the payload.
5. **Next Header**: 8-bit field indicating the type of the next header
(similar to the Protocol field in IPv4).
6. **Hop Limit**: 8-bit field that specifies the maximum number of hops a
packet can take.
7. **Source Address**: 128-bit field containing the address of the
originating device.
8. **Destination Address**: 128-bit field containing the address of the
receiving device.
9. **Diagram**: Should illustrate the fields and their sizes in the IPv6
header.

### Answer to Question 2(b): Short Note on BGP (Border Gateway

Protocol)
1. **Definition**: BGP is a path vector protocol used to exchange routing
information between autonomous systems (ASes) on the Internet.
2. **Version**: The most commonly used version is BGP-4.
3. **Operation**: BGP routers establish TCP connections and exchange
routing information in the form of network prefix announcements.
4. **Path Attributes**: Uses path attributes such as AS-path, next-hop,
and MED to select the best route.
5. **Types**:
- **External BGP (eBGP)**: Used between different ASes.
- **Internal BGP (iBGP)**: Used within the same AS.
6. **Convergence**: Known for slower convergence compared to other
routing protocols due to its complexity and the need for policy-based
routing.
7. **Policy Control**: Allows for complex routing policies using
attributes and filters.
8. **Scalability**: Highly scalable, capable of handling a large number of
routes on the global Internet.

### Answer to Question 2(c): Functions of Network Layer

1. **Routing**: Determines the best path for data to travel from source to
destination.
2. **Logical Addressing**: Assigns IP addresses to devices on a
network.
3. **Packet Forwarding**: Moves packets from the input interface to the
output interface on routers.
4. **Fragmentation and Reassembly**: Splits large packets into smaller
fragments to fit the network MTU and reassembles them at the
destination.
5. **Error Handling**: Detects and handles errors that may occur during
packet transmission.
6. **Congestion Control**: Manages network congestion by controlling
the rate of data transmission.
7. **Security**: Provides mechanisms for authenticating and encrypting
data to ensure secure transmission.
8. **Quality of Service (QoS)**: Ensures certain performance parameters
like bandwidth, delay, jitter, and packet loss are met.

### Question 3

#### (a) What is a socket? What are different types of sockets? Explain
socket functions used in connectionless services with a diagram.

**Socket Definition**:
1. **Socket**: An endpoint for sending and receiving data across a
computer network.

**Types of Sockets**:
2. **Stream Sockets (SOCK_STREAM)**:
- Uses TCP for data transmission.
- Connection-oriented and reliable.

3. **Datagram Sockets (SOCK_DGRAM)**:

- Uses UDP for data transmission.
- Connectionless and unreliable.

4. **Raw Sockets (SOCK_RAW)**:

- Provides access to lower-level protocols.
- Typically used for network analysis.

**Socket Functions for Connectionless Services (UDP)**:

5. **Socket Creation**: `socket()`
- Creates a new socket.
- Syntax: `socket(domain, type, protocol)`

6. **Binding**: `bind()`
- Assigns a local address to the socket.
- Syntax: `bind(socket, address)`
7. **Sending Data**: `sendto()`
- Sends data to a specific address.
- Syntax: `sendto(socket, message, flags, dest_address)`

8. **Receiving Data**: `recvfrom()`

- Receives data from a socket.
- Syntax: `recvfrom(socket, buffer, flags)`

**Diagram**:
- Include a diagram showing the interaction of these functions for a
typical UDP communication.

#### (b) Explain TCP congestion control in the transport layer.

**TCP Congestion Control Mechanisms**:

1. **Slow Start**:
- Starts with a small congestion window (cwnd).
- Increases exponentially with each acknowledgment received.

2. **Congestion Avoidance**:
- Transition from exponential to linear growth once a threshold is
reached.

3. **Fast Retransmit**:
- Retransmits a packet immediately upon receiving three duplicate
ACKs.

4. **Fast Recovery**:
- Avoids slow start after packet loss.
- Reduces cwnd by half, then grows linearly.

5. **Additive Increase/Multiplicative Decrease (AIMD)**:

- Increases cwnd linearly for each RTT.
- Decreases cwnd exponentially upon detecting congestion.

6. **Congestion Detection**:
- Uses packet loss as a signal of congestion.
- Adjusts the congestion window to manage data flow.
#### (c) What is Quality of Service? Explain any two methods to improve
QoS.

**Quality of Service (QoS)**:

1. **Definition**: Ensures the efficient and reliable transmission of data
with minimal delay and packet loss.

**Methods to Improve QoS**:

2. **Traffic Shaping**:
- Controls the flow of packets into the network.
- Uses techniques like leaky bucket and token bucket.

3. **Resource Reservation Protocol (RSVP)**:

- Reserves resources along a network path.
- Ensures bandwidth for critical applications.

4. **Priority Queuing**:
- Assigns priority levels to packets.
- Ensures higher-priority packets are transmitted first.

### Question 4

#### (a) Explain RTP protocol in detail.

**RTP (Real-time Transport Protocol)**:

1. **Purpose**: Facilitates real-time data transmission for audio and
video over IP networks.

2. **Components**:
- **RTP Data Transfer Protocol**: Manages real-time data transfer.
- **RTCP (RTP Control Protocol)**: Monitors data delivery for QoS.

3. **Features**:
- Provides payload type identification.
- Supports sequence numbering and time-stamping.

4. **Header Format**:
- **Version**: 2 bits.
- **Padding**: 1 bit.
- **Extension**: 1 bit.
 - **CSRC Count**: 4 bits.
- **Marker**: 1 bit.
- **Payload Type**: 7 bits.
- **Sequence Number**: 16 bits.
- **Timestamp**: 32 bits.
- **SSRC**: 32 bits.
- **CSRC**: 0 to 15 items, 32 bits each.

5. **Use Cases**:
- Video conferencing.
- Streaming media.

#### (b) List and explain transport layer services.

**Transport Layer Services**:

1. **Segmentation and Reassembly**:
- Breaks down large messages into segments.
- Reassembles them at the destination.

2. **Connection Management**:
- Establishes, maintains, and terminates connections.
- Uses TCP for reliable communication.

3. **Flow Control**:
- Manages data flow to prevent overwhelming the receiver.
- Uses mechanisms like sliding window protocol.

4. **Error Detection and Correction**:

- Detects errors in transmission.
- Uses checksums and retransmissions.

5. **Multiplexing and Demultiplexing**:

- Allows multiple applications to share the same network connection.
- Uses port numbers to distinguish data streams.

6. **Reliable Data Transfer**:

- Ensures complete and accurate data delivery.
- Uses acknowledgment and retransmission strategies.

#### (c) Convert the UDP hexadecimal dump to decimal numbers.

**Hexadecimal Dump**: `06 32 00 0D 001C E2 17`

1. **Source Port Number**:

- Hex: `06 32`
- Decimal: `1586`

2. **Destination Port Number**:

- Hex: `00 0D`
- Decimal: `13`

3. **Total Length of User Datagram**:

- Hex: `001C`
- Decimal: `28`

### Question 5

#### (a) What is HTTP? Explain HTTP request and reply messages.

**HTTP (Hypertext Transfer Protocol)**:

1. **Definition**: Protocol for transferring hypertext requests and
information on the web.

**HTTP Request Messages**:

2. **Structure**:
- **Request Line**: Method, URI, HTTP version.
- **Headers**: Host, User-Agent, Accept.
- **Body**: Optional data.

3. **Example**:
- `GET /index.html HTTP/1.1`

**HTTP Reply Messages**:

4. **Structure**:
- **Status Line**: HTTP version, status code, reason phrase.
- **Headers**: Date, Server, Content-Type.
- **Body**: Requested data.

5. **Example**:
- `HTTP/1.1 200 OK`
#### (b) Write short notes on SMTP and MIME.

**SMTP (Simple Mail Transfer Protocol)**:

1. **Purpose**: Transfers emails between servers.
2. **Process**:
- Establishes connection.
- Transfers email data.
- Closes connection.

**MIME (Multipurpose Internet Mail Extensions)**:

3. **Purpose**: Extends email format to support text in character sets,
non-text attachments.
4. **Components**:
- **Headers**: `Content-Type`, `Content-Transfer-Encoding`.
- **Multipart Messages**: Combines multiple parts into a single
message.

### Question 6

#### (a) What is DHCP? Explain DHCP working with client state diagram.

**DHCP (Dynamic Host Configuration Protocol)**:

1. **Purpose**: Automatically assigns IP addresses to devices on a
network.

**DHCP Working**:
2. **Steps**:
- **DHCPDISCOVER**: Client broadcasts a discover message.
- **DHCPOFFER**: Server responds with an offer.
- **DHCPREQUEST**: Client requests the offered address.
- **DHCPACK**: Server acknowledges and assigns the address.

**Client State Diagram**:

3. **States**:
- **INIT**: Client starts and sends DHCPDISCOVER.
- **SELECTING**: Waits for DHCPOFFER.
- **REQUESTING**: Sends DHCPREQUEST.
- **BOUND**: Uses the assigned IP.
- **RENEWING**: Renews the IP lease.
#### (b) Write short notes on POP3 and Webmail.

**POP3 (Post Office Protocol 3)**:

1. **Purpose**: Retrieves emails from a server.
2. **Features**:
- Downloads emails to the local device.
- Operates in offline mode.

**Webmail**:
3. **Purpose**: Accesses emails via a web browser.
4. **Features**:
- Provides email access from any device with internet.
- Offers user-friendly interfaces.

### Question 7

#### (a) Differentiate between Symmetric and Asymmetric Key

Cryptography.

**Symmetric Key Cryptography**:

1. **Definition**: Uses the same key for encryption and decryption.
2. **Speed**: Faster.
3. **Key Management**: Challenging, as the key must be shared
securely.

**Asymmetric Key Cryptography**:

4. **Definition**: Uses a pair of keys (public and private).
5. **Speed**: Slower.
6. **Key Management**: Easier, as the public key can be shared openly.

#### (b) Explain the model for network security.

**Network Security Model**:

1. **Components**:
- **Sender**: Sends the secure message.
- **Receiver**: Receives the secure message.
- **Transmission Medium**: Channel over which the message is sent.

2. **Security Services**:
 - **Confidentiality**: Ensures that the message is only accessible to
the intended recipient.
- **Integrity**: Ensures that the message is not altered.

- **Authentication**: Verifies the identity of the sender and receiver.

- **Non-repudiation**: Ensures that the sender cannot deny sending
the message.

#### (c) Give a short note on Security Policy and mechanisms.

**Security Policy**:
1. **Definition**: A set of rules and practices that specify how a system
or organization manages, protects, and distributes sensitive information.

**Security Mechanisms**:
2. **Examples**:
- **Encryption**: Protects data by converting it into a secure format.
- **Firewalls**: Prevent unauthorized access to or from a private
network.
- **Intrusion Detection Systems (IDS)**: Monitors network traffic for
suspicious activity.

### Question 8

#### (a) Explain Types of Network Attacks.

**Types of Network Attacks**:

1. **Denial of Service (DoS)**: Overwhelms a system with traffic, making
it unavailable.
2. **Man-in-the-Middle (MitM)**: Intercepts and alters communication
between two parties.
3. **Phishing**: Deceives users into providing sensitive information.
4. **Spoofing**: Masquerades as another device or user to gain
unauthorized access.

#### (b) Explain IPSec in detail.

**IPSec (Internet Protocol Security)**:

1. **Purpose**: Secures IP communications by authenticating and
encrypting each IP packet.

2. **Components**:
- **Authentication Header (AH)**: Provides integrity and authentication.
- **Encapsulating Security Payload (ESP)**: Provides confidentiality,
integrity, and authentication.

3. **Modes**:
- **Transport Mode**: Encrypts only the payload of the IP packet.
- **Tunnel Mode**: Encrypts the entire IP packet.

4. **Protocols**:
- **IKE (Internet Key Exchange)**: Establishes a shared security policy
and authenticates keys.

#### (c) Give a short note on S/MIME.

**S/MIME (Secure/Multipurpose Internet Mail Extensions)**:

1. **Purpose**: Provides a way to send secure emails.
2. **Features**:
- **Encryption**: Ensures confidentiality of email content.
- **Digital Signatures**: Provides authentication and integrity.
3. **Usage**: Widely used for securing email communications in various
industries.

#####################3RD one ##################

######

### Question 1

#### (a) Explain Path vector routing. [6]

**Path Vector Routing**:

1. **Definition**: A type of network routing protocol where each router
maintains the path information that gets updated dynamically to ensure
the best path to reach network destinations.
2. **Routing Information**: Each router maintains the entire path
(sequence of ASes) to reach each destination.
3. **Loop Prevention**: The protocol avoids routing loops by maintaining
the path information for each route.
4. **BGP (Border Gateway Protocol)**: The most common example of a
path vector protocol used in the Internet for inter-domain routing.
5. **Operations**: Routers send path information updates only when
there are changes, minimizing the bandwidth used for updates.
6. **Route Selection**: BGP uses policies, attributes like AS path length,
and other criteria to select the best route.

#### (b) Give short notes on:

##### i) Mobile IP [3]

1. **Definition**: Protocol that enables mobile devices to move across

different networks while maintaining a permanent IP address.
2. **Home Agent and Foreign Agent**: The home agent maintains the
mobile node’s IP address, and the foreign agent assists in routing
packets to the mobile node’s current location.
3. **Tunneling**: The process of forwarding packets to the mobile node
via the home agent, which encapsulates the original packet in a new
packet.

##### ii) MPLS (Multiprotocol Label Switching) [3]

1. **Definition**: A method for speeding up and shaping traffic flows

across enterprise and service provider networks.
2. **Labels**: Packets are assigned short path labels instead of long
network addresses, which reduces the complexity of lookups in the
routing table.
3. **Advantages**: Improves data flow efficiency, supports a wide range
of access technologies, and enhances scalability and performance of
networks.

#### (c) For 192.168.5.131/26, find:

##### i) Subnet mask? [2]

- **Subnet Mask**: 255.255.255.192

##### ii) First IP address for the given series? [2]

- **First IP Address**: 192.168.5.128 (Network address)

##### iii) Last IP address for the given series? [2]

- **Last IP Address**: 192.168.5.191 (Broadcast address)

### Question 2

#### (a) Draw and explain the header format of IPv4. [6]

**IPv4 Header Format**:

1. **Version**: 4 bits, indicates the IP version (4 for IPv4).

2. **Header Length (IHL)**: 4 bits, specifies the length of the header.
3. **Type of Service (ToS)**: 8 bits, specifies the priority of the packet.
4. **Total Length**: 16 bits, length of the entire packet.
5. **Identification**: 16 bits, used for uniquely identifying the fragments
of an original IP datagram.
6. **Flags**: 3 bits, used to control or identify fragments.
7. **Fragment Offset**: 13 bits, used for fragment reassembly.
8. **Time to Live (TTL)**: 8 bits, limits the packet’s lifetime.
9. **Protocol**: 8 bits, indicates the next layer protocol (TCP, UDP, etc.).
10. **Header Checksum**: 16 bits, error-checking of the header.
11. **Source Address**: 32 bits, IP address of the sender.
12. **Destination Address**: 32 bits, IP address of the receiver.
13. **Options**: Optional, used for network testing, debugging, security,
etc.

#### (b) Give a short note on OSPF. [6]

**OSPF (Open Shortest Path First)**:

1. **Definition**: A link-state routing protocol used within an
autonomous system (AS).
2. **Metric**: Uses the cost based on link bandwidth.
3. **Hierarchical Design**: Utilizes areas to optimize traffic and simplify
management.
4. **Convergence**: Fast convergence due to Dijkstra's algorithm.
5. **Types of OSPF Routers**: Internal routers, area border routers
(ABRs), and backbone routers.
6. **LSAs (Link-State Advertisements)**: Routers exchange information
about network topology changes.

#### (c) List and explain functions of the Network Layer. [6]

1. **Routing**: Determines the optimal path for data transmission.

2. **Logical Addressing**: Assigns IP addresses to devices and
manages their assignment.
3. **Packet Forwarding**: Forwards packets from the source to the
destination across multiple networks.
4. **Fragmentation and Reassembly**: Splits packets that are too large
for the network and reassembles them at the destination.
5. **Error Handling and Diagnostics**: Uses ICMP for error reporting and
diagnostic functions.
6. **Congestion Control**: Manages network congestion and ensures
efficient data flow.

### Question 3

#### (a) Give the difference between TCP and UDP. [6]

1. **Connection**:
- **TCP**: Connection-oriented.
- **UDP**: Connectionless.

2. **Reliability**:
- **TCP**: Reliable delivery with error checking and acknowledgments.
- **UDP**: Unreliable, no guaranteed delivery.

3. **Ordering**:
- **TCP**: Ensures data is received in order.
- **UDP**: No ordering of data.

4. **Flow Control**:
- **TCP**: Provides flow control using windowing mechanisms.
 - **UDP**: No flow control.

5. **Use Cases**:
- **TCP**: Suitable for applications requiring reliability (e.g., HTTP,
FTP).
- **UDP**: Suitable for applications needing speed and low overhead
(e.g., DNS, streaming).

6. **Overhead**:
- **TCP**: Higher overhead due to connection management.
- **UDP**: Lower overhead, simpler protocol.

#### (b) Explain RTP protocol in detail. [6]

**RTP (Real-time Transport Protocol)**:

1. **Purpose**: Facilitates real-time data transmission for audio, video,
and simulation data over IP networks.
2. **Components**:
- **RTP Data Transfer Protocol**: Manages the delivery of real-time
data.
- **RTCP (RTP Control Protocol)**: Provides QoS feedback and
synchronization.
3. **Features**:
- Provides payload type identification.
- Supports sequence numbering and time-stamping for proper data
reconstruction.
4. **Header Format**:
- **Version**: 2 bits.
- **Padding**: 1 bit.
- **Extension**: 1 bit.
- **CSRC Count**: 4 bits.
- **Marker**: 1 bit.
- **Payload Type**: 7 bits.
- **Sequence Number**: 16 bits.
- **Timestamp**: 32 bits.
- **SSRC**: 32 bits.
- **CSRC**: 0 to 15 items, 32 bits each.
5. **Use Cases**:
- Video conferencing.
- Streaming media.
#### (c) For the UDP hexadecimal dump `06 32 000D 001C E2 17`, find:

##### i) Source port number [2]

- **Source Port**: 1586 (Hex: `06 32`)

##### ii) Destination port number [2]

- **Destination Port**: 13 (Hex: `00 0D`)

##### iii) Total length of user datagram [2]

- **Total Length**: 28 bytes (Hex: `001C`)

### Question 4

#### (a) Explain SCTP protocol in detail. [6]

**SCTP (Stream Control Transmission Protocol)**:

1. **Purpose**: Provides reliable, message-oriented communication with
multiple streams within the same connection.
2. **Features**:
- Combines features of TCP and UDP.
- Supports multi-homing for redundancy.
- Provides multi-streaming to prevent head-of-line blocking.
3. **Chunk-Based**: Data is divided into chunks for more efficient
transfer.
4. **Error Detection**: Uses checksums for error checking.
5. **Congestion Control**: Implements congestion control similar to TCP.
6. **Use Cases**: Telecommunication signaling, VoIP.

#### (b) List and explain transport layer services. [6]

1. **Segmentation and Reassembly**:

- Breaks down large messages into smaller segments for transmission.
- Reassembles segments at the destination.

2. **Connection Management**:
- Establishes, maintains, and terminates connections.
 - Uses TCP for reliable communication.

3. **Flow Control**:
- Manages data flow to prevent sender from overwhelming the receiver.
- Implements mechanisms like sliding window protocol.

4. **Error Detection and Correction**:

- Detects errors in transmitted data.
- Uses checksums and retransmissions.

5. **Multiplexing and Demultiplexing**:

- Allows multiple applications to use the same network connection.
- Uses port numbers to distinguish data streams.

6. **Reliable Data Transfer**:

- Ensures complete and accurate delivery of data.
- Uses acknowledgment and retransmission strategies.

#### (c) What is a socket? What are different types of sockets? Explain
socket functions used in connection-oriented services with a diagram.
[6]

**Socket Definition**:
1. **Socket**: An endpoint for sending and receiving data across a
computer network.

**Types of Sockets**:
2. **

Stream Sockets (TCP)**: Provides reliable, connection-oriented

communication.
3. **Datagram Sockets (UDP)**: Supports connectionless communication
with no guarantee of delivery.

**Socket Functions in Connection-Oriented Services**:

4. **Socket()**: Creates a new socket.
5. **Bind()**: Associates a socket with a local address and port.
6. **Listen()**: Prepares the socket to accept incoming connections.
7. **Accept()**: Accepts a connection from a client.
8. **Connect()**: Establishes a connection to a server.
9. **Send() and Recv()**: Send and receive data on the socket.
10. **Close()**: Closes the socket, terminating the connection.

### Question 5

#### (a) What is DHCP? Explain DHCP working with a client state
diagram. [9]

**DHCP (Dynamic Host Configuration Protocol)**:

1. **Purpose**: Automates the assignment of IP addresses, subnet
masks, gateways, and other IP parameters.
2. **Process**:
- **Discovery**: Client broadcasts a DHCPDISCOVER message.
- **Offer**: Server responds with a DHCPOFFER message.
- **Request**: Client replies with a DHCPREQUEST message,
indicating acceptance.
- **Acknowledgment**: Server finalizes with a DHCPACK message.
3. **Client State Diagram**:
- **INIT**: Initial state, client sends DHCPDISCOVER.
- **SELECTING**: Client receives DHCPOFFER.
- **REQUESTING**: Client sends DHCPREQUEST.
- **BOUND**: Client receives DHCPACK, IP configuration is complete.
- **RENEWING**: Client tries to renew IP lease before it expires.
- **REBINDING**: Client tries to rebind if renewal fails.

#### (b) Write short notes on FTP and MIME. [8]

**FTP (File Transfer Protocol)**:

1. **Purpose**: Facilitates the transfer of files between a client and
server on a network.
2. **Modes**:
- **Active Mode**: Client opens a random port and listens, server
connects back.
- **Passive Mode**: Server opens a port and listens, client connects.
3. **Commands**: Uses commands like `GET`, `PUT`, `LIST`.
4. **Security**: Generally unencrypted; can use FTPS or SFTP for secure
transfer.

**MIME (Multipurpose Internet Mail Extensions)**:

1. **Purpose**: Extends the format of email to support text in character
sets other than ASCII, non-text attachments, and message bodies with
multiple parts.
2. **Headers**: Introduces headers like `Content-Type`,
`Content-Disposition`, `Content-Transfer-Encoding`.
3. **Content Types**: Supports various types such as text, image, audio,
video.
4. **Encoding**: Uses encoding methods like Base64 and
quoted-printable for binary data.

### Question 6

#### (a) What is HTTP? Explain HTTP request and reply messages. [9]

**HTTP (Hypertext Transfer Protocol)**:

1. **Purpose**: Basis of data communication for the World Wide Web.
2. **Request Message**:
- **Request Line**: Method (GET, POST), URL, HTTP version.
- **Headers**: Metadata about the request (Host, User-Agent, etc.).
- **Body**: Optional, used for POST data.
3. **Reply Message**:
- **Status Line**: HTTP version, status code (200 OK, 404 Not Found).
- **Headers**: Metadata about the response (Content-Type,
Content-Length).
- **Body**: Optional, contains the requested resource.

#### (b) Write short notes on TELNET and Webmail. [8]

**TELNET**:
1. **Purpose**: Provides a bidirectional interactive text-oriented
communication facility using a virtual terminal connection.
2. **Functionality**:
- Allows remote login and command execution.
- Operates on port 23.
3. **Security**: Unencrypted; replaced by SSH for secure connections.

**Webmail**:
1. **Purpose**: Allows users to access their email via a web browser.
2. **Functionality**:
- Provides email access from any internet-connected device.
 - Supports sending, receiving, organizing emails.
3. **Popular Services**: Gmail, Yahoo Mail, Outlook.com.

### Question 7

#### (a) Explain IPSec in detail. [6]

**IPSec (Internet Protocol Security)**:

1. **Purpose**: Secures IP communications by authenticating and
encrypting each IP packet.
2. **Components**:
- **Authentication Header (AH)**: Provides integrity and authentication.
- **Encapsulating Security Payload (ESP)**: Provides confidentiality,
integrity, and authentication.
3. **Modes**:
- **Transport Mode**: Encrypts only the payload of the IP packet.
- **Tunnel Mode**: Encrypts the entire IP packet.
4. **Protocols**:
- **IKE (Internet Key Exchange)**: Establishes a shared security policy
and authenticates keys.
5. **Use Cases**: VPNs, secure remote access.

#### (b) Differentiate between Symmetric and Asymmetric Key

Cryptography. [6]

1. **Key Used**:
- **Symmetric**: Same key for encryption and decryption.
- **Asymmetric**: Different keys for encryption (public key) and
decryption (private key).

2. **Speed**:
- **Symmetric**: Generally faster due to simpler algorithms.
- **Asymmetric**: Slower due to complex mathematical operations.

3. **Key Distribution**:
- **Symmetric**: Requires secure key distribution.
- **Asymmetric**: Public key can be openly shared.

4. **Security**:
- **Symmetric**: Less secure if the key is compromised.
 - **Asymmetric**: More secure due to the use of two keys.

5. **Use Cases**:
- **Symmetric**: Bulk data encryption, file encryption.
- **Asymmetric**: Digital signatures, secure key exchange.

6. **Examples**:
- **Symmetric**: AES, DES.
- **Asymmetric**: RSA, ECC.

#### (c) Give a short note on Firewalls. [5]

**Firewalls**:
1. **Purpose**: Protects a network by controlling incoming and outgoing
network traffic based on predetermined security rules.
2. **Types**:
- **Packet-Filtering Firewalls**: Inspect packets and allow/deny based
on source/destination IP, ports.
- **Stateful Inspection Firewalls**: Monitor the state of active
connections and make decisions based on the state and context of the
traffic.
- **Proxy Firewalls**: Act as an intermediary between users and the
internet.
3. **Deployment**: Can be hardware, software, or both.
4. **Functions**:
- Blocks unauthorized access.
- Monitors and logs traffic.
- Prevents cyber attacks like DoS, DDoS.
5. **Use Cases**: Enterprise networks, home networks, individual
devices.

### Question 8

#### (a) Explain the model for network security. [6]

**Network Security Model**:

1. **Components**:
- **Assets**: Data, software, hardware that needs protection.
- **Threats**: Potential dangers like viruses, hackers.
- **Vulnerabilities**: Weaknesses in the network that can be exploited.
 - **Controls**: Measures to protect assets, detect and respond to
threats.
2. **Security Services**:
- **Confidentiality**: Ensures data privacy.
- **Integrity**: Protects data from being altered.
- **Availability**: Ensures resources are accessible when needed.
- **Authentication**: Verifies identities.
- **Non-repudiation**: Ensures actions cannot be denied.
3. **Security Mechanisms**: Firewalls, encryption, IDS/IPS, access
controls.
4. **Policies**: Guidelines and rules for network security.
5. **Risk Management**: Identifying, assessing, and mitigating risks.

#### (b) Explain SSL in detail. [6]

**SSL (Secure Sockets Layer)**:

1. **Purpose**: Provides secure communication over a computer
network.
2. **Components**:
- **SSL Handshake**: Establishes a secure connection.
- **ClientHello**: Client initiates connection with supported cipher
suites.
- **ServerHello**: Server responds with chosen cipher suite and
certificate.
- **Key Exchange**: Securely exchanges keys.
- **Finished Messages**: Both parties confirm the handshake is
complete.
3. **Encryption**: Uses symmetric encryption for data transfer after the
handshake.
4. **Certificates**: Utilizes digital certificates for authentication.
5. **TLS**: SSL’s successor with improved security.
6. **Use Cases**: Web browsing (HTTPS), email, VoIP.

#### (c) Explain types of network attacks. [5]

**Types of Network Attacks**:

1. **Denial of Service (DoS)**: Overwhelms a network service, making it
unavailable.
2. **Man-in-the-Middle (MitM)**: Intercepts and alters communication
between two parties.
3. **Phishing**: Deceives users into providing sensitive information.
4. **Spoofing**: Masquerades as another device or user to gain
unauthorized access.
5. **SQL Injection**: Exploits vulnerabilities in SQL databases to execute
malicious queries.

######################4th ##################

### Question 1

#### a) Give a short note on ARP and RARP.

**ARP (Address Resolution Protocol):**

1. ARP is a protocol used to map an IP address to its corresponding
physical MAC (Media Access Control) address within a local network.
2. When a device wants to communicate with another device on the
same network, it uses ARP to discover the recipient's MAC address.
3. ARP operates at the link layer of the Internet Protocol Suite.
4. It broadcasts an ARP request packet containing the target IP address
to all devices on the network.
5. The device with the matching IP address responds with an ARP reply,
including its MAC address.
6. ARP maintains a cache to store recently acquired IP-MAC mappings to
reduce network traffic.
7. It supports both IPv4 and IPv6, though IPv6 uses a different protocol
called Neighbor Discovery Protocol (NDP).
8. ARP can be vulnerable to spoofing attacks, where a malicious device
sends fake ARP messages to associate its MAC address with the IP
address of another device.
9. ARP entries can be static (manually configured) or dynamic
(automatically learned).

**RARP (Reverse Address Resolution Protocol):**

1. RARP is used to map a physical MAC address to an IP address,
effectively the reverse operation of ARP.
2. It is primarily used by diskless workstations to determine their IP
address during the boot process.
3. The device broadcasts a RARP request with its MAC address.
4. A RARP server on the network responds with the corresponding IP
address.
5. RARP operates at the same link layer as ARP but has largely been
replaced by more modern protocols like BOOTP and DHCP.
6. It is limited to a local network segment and cannot traverse routers.
7. RARP requires a dedicated RARP server configured with a table
mapping MAC addresses to IP addresses.
8. Unlike ARP, RARP does not include a mechanism for storing the
mappings locally on the client.
9. RARP’s usage has declined due to the flexibility and functionality
provided by DHCP.

#### b) Explain Distance Vector Routing.

1. Distance Vector Routing is a routing protocol that calculates the best

path to a destination based on distance metrics, typically the number of
hops.
2. Each router maintains a routing table with the best known distances
to each destination and the corresponding next hop.
3. Routers periodically share their routing tables with their immediate
neighbors.
4. Upon receiving updates from neighbors, a router updates its own
table by comparing the received distances with its current known
distances.
5. The Bellman-Ford algorithm is often used to update routing tables,
ensuring the shortest path is selected.
6. It uses the "count to infinity" problem, where incorrect routing
information can propagate through the network, leading to long
convergence times.
7. To mitigate the "count to infinity" problem, protocols implement
techniques such as split horizon, route poisoning, and hold-down
timers.
8. RIP (Routing Information Protocol) is a widely known example of a
distance vector routing protocol.
9. Distance Vector Routing is suitable for smaller, simpler networks due
to its simplicity but is less efficient and slower to converge than
link-state routing protocols.

#### c) Differentiate between Circuit Switching, Message Switching, and

Packet Switching.

**Circuit Switching:**
1. Establishes a dedicated communication path between two devices for
the duration of the session.
2. Resources are reserved for the entire connection, ensuring consistent
quality of service.
3. Commonly used in traditional telephone networks (PSTN).
4. The path is fixed, and no other data can use the reserved resources
during the session.
5. Efficient for continuous, steady data transmission, such as voice
calls.
6. Can result in resource wastage if the connection is idle.
7. Examples include ISDN and traditional voice circuits.
8. Connection setup and teardown time can add latency.
9. Not suitable for bursty or intermittent data transmission, as resources
are not dynamically allocated.
**Message Switching:**
1. Messages are routed in their entirety from source to destination, with
intermediate nodes storing and forwarding the entire message.
2. No dedicated path is established; each message is treated
independently.
3. Messages can be of varying lengths and are stored in queues at each
node if the next link is busy.
4. Suitable for applications that can tolerate delays, such as email and
file transfer.
5. Can lead to high storage requirements at intermediate nodes.
6. Offers flexibility and efficiency for non-real-time communications.
7. Intermediate nodes can implement error checking and retransmission.
8. No resource reservation means potentially variable delivery times.
9. Can handle large, complex data transfers without needing a constant
connection.

**Packet Switching:**
1. Data is divided into small packets, each of which is routed
independently through the network.
2. No dedicated path; packets may take different routes to the
destination.
3. Used in modern IP networks, including the Internet.
4. Efficient use of network resources as packets share the same paths.
5. Suitable for both bursty and continuous data transmission.
6. Allows for dynamic rerouting of packets in case of network
congestion or failure.
7. Packets are reassembled in order at the destination.
8. Can introduce variable latency and packet loss.
9. Protocols like TCP/IP ensure reliable delivery and error recovery.

### Question 2

#### a) Give a short note on ICMP and IGMP.

**ICMP (Internet Control Message Protocol):**

1. ICMP is used by network devices to send error messages and
operational information.
2. Commonly used for diagnostic tools like ping and traceroute.
3. Operates at the network layer (Layer 3) of the OSI model.
4. Can report issues like unreachable hosts, network congestion, and
packet loss.
5. Consists of various message types, such as Echo Request/Reply,
Destination Unreachable, and Time Exceeded.
6. Integral to the functioning of IP networks by providing feedback on
network issues.
7. Not used for data transport but for error handling and diagnostics.
8. ICMP messages are typically generated and processed by network
routers and hosts.
9. Vulnerable to misuse in attacks like ICMP flooding (DDoS) and ICMP
redirection (man-in-the-middle).

**IGMP (Internet Group Management Protocol):**

1. IGMP is used to manage multicast group memberships on IPv4
networks.
2. Allows hosts to join and leave multicast groups, enabling efficient
data distribution.
3. Operates at the network layer (Layer 3) of the OSI model.
4. Used by routers to determine which interfaces have active multicast
listeners.
5. Consists of three versions: IGMPv1, IGMPv2, and IGMPv3, each with
enhanced features and functionalities.
6. Essential for applications like live streaming, online gaming, and
video conferencing.
7. Reduces network traffic by allowing data to be sent only to devices
that need it.
8. Works with multicast routing protocols like PIM (Protocol Independent
Multicast) to route multicast traffic.
9. Susceptible to attacks such as IGMP spoofing and multicast DoS.

#### b) Explain Link State Routing.

1. Link State Routing is a type of routing protocol that maintains a

complete map of the network topology.
2. Each router independently calculates the best path to every
destination in the network.
3. Uses algorithms like Dijkstra's shortest path first (SPF) to compute the
shortest path tree.
4. Routers exchange link state advertisements (LSAs) to share
information about their local network segments.
5. LSAs contain information about the router's links, including cost
metrics and status.
6. Link state protocols typically converge faster than distance vector
protocols.
7. OSPF (Open Shortest Path First) and IS-IS (Intermediate System to
Intermediate System) are common examples.
8. Link state routing reduces the risk of routing loops compared to
distance vector protocols.
9. Requires more memory and processing power due to maintaining the
entire network topology.

#### c) Given the address 192.168.5.51/26, find:

1. Subnet mask
2. First IP address in the series
3. Last IP address in the series

1. **Subnet Mask:** 255.255.255.192

- /26 notation indicates a subnet mask with 26 bits set to 1.
- Binary representation: 11111111.11111111.11111111.11000000
- Dotted decimal: 255.255.255.192

2. **First IP Address:**
- Network address calculation: 192.168.5.51 AND 255.255.255.192 =
192.168.5.0
- First usable address is one more than the network address:
192.168.5.1

3. **Last IP Address:**
- Broadcast address calculation: 192.168.5.51 OR (NOT
255.255.255.192) = 192.168.5.63
- Last usable address is one less than the broadcast address:
192.168.5.62

### Question 3

#### a) Draw and explain TCP header format.

1. **Source Port (16 bits):** Identifies the sending port.

2. **Destination Port (16 bits):** Identifies the receiving port.
3. **Sequence Number (32 bits):** Indicates the position of the first byte
of data in the segment within the overall data stream.
4. **Acknowledgment Number (32 bits):** Contains the next sequence
number that the sender is expecting to receive.
5. **Data Offset (4 bits):** Specifies the size of the TCP header in 32-bit
words.
6. **Reserved (3 bits):** Reserved for future use, set to 0.
7. **Flags (9 bits):** Control flags (NS, CWR, ECE,

URG, ACK, PSH, RST, SYN, FIN) that manage the state of the
connection.
8. **Window Size (16 bits):** Indicates the size of the sender's receive
window (flow control).
9. **Checksum (16 bits):** Used for error-checking of the header and
data.
10. **Urgent Pointer (16 bits):** Points to the end of urgent data if the
URG flag is set.
11. **Options (variable length):** May contain additional options, such as
Maximum Segment Size (MSS), timestamp, and others.
12. **Padding (variable length):** Ensures that the TCP header is a
multiple of 32 bits.

The TCP header is designed to provide reliable, ordered, and

error-checked delivery of data between applications.

#### b) Explain TCP connection management with a diagram.

1. **Connection Establishment (Three-Way Handshake):**

- **Step 1:** Client sends SYN (synchronize) packet to server.
- **Step 2:** Server responds with SYN-ACK
(synchronize-acknowledge) packet.
- **Step 3:** Client sends ACK (acknowledge) packet, establishing the
connection.

2. **Data Transfer:**
- Data is sent and acknowledged using sequence and acknowledgment
numbers.
- Flow control and congestion control mechanisms ensure efficient
and reliable transfer.
3. **Connection Termination (Four-Way Handshake):**
- **Step 1:** Client sends FIN (finish) packet to server.
- **Step 2:** Server acknowledges with an ACK packet.
- **Step 3:** Server sends its own FIN packet.
- **Step 4:** Client acknowledges with an ACK packet, closing the
connection.

The diagram illustrates the exchange of packets during connection

establishment and termination, ensuring a reliable and orderly
communication session.

### Question 4

#### a) Write short notes on:

1. Hyper Text Transfer Protocol (HTTP)
2. Persistent HTTP and Non-persistent HTTP
3. HTTPS

**Hyper Text Transfer Protocol (HTTP):**

1. HTTP is the protocol used for transferring web pages on the Internet.
2. Operates at the application layer of the Internet Protocol Suite.
3. Follows a client-server model where clients send requests and servers
send responses.
4. Utilizes standard methods like GET, POST, PUT, DELETE for
interaction.
5. Stateless protocol, meaning each request-response pair is
independent.
6. Default port for HTTP is 80.
7. Supports different media types through MIME types in headers.
8. HTTP/1.1 introduced persistent connections to improve performance.
9. Vulnerable to eavesdropping, man-in-the-middle attacks, and other
security threats.

**Persistent HTTP and Non-persistent HTTP:**

1. **Non-persistent HTTP:**
- A new TCP connection is established for each HTTP
request/response pair.
- After the server sends the response, the connection is closed.
- Can lead to high overhead due to frequent connection establishment
and teardown.
 - Inefficient for loading multiple resources like images, scripts, etc.

2. **Persistent HTTP:**
- A single TCP connection is maintained for multiple HTTP
requests/responses.
- Reduces latency by reusing the same connection.
- More efficient, especially for web pages with multiple resources.
- HTTP/1.1 uses persistent connections by default.
- Can handle pipelining, where multiple requests are sent without
waiting for corresponding responses.

**HTTPS (HTTP Secure):**

1. HTTPS is the secure version of HTTP, using SSL/TLS protocols for
encryption.
2. Ensures data confidentiality, integrity, and authenticity between client
and server.
3. Default port for HTTPS is 443.
4. Encrypts the entire HTTP request and response, protecting data from
eavesdropping and tampering.
5. Uses certificates issued by Certificate Authorities (CAs) to
authenticate servers.
6. HTTPS is critical for sensitive transactions like online banking,
shopping, and secure communications.
7. Provides a secure channel over an insecure network.
8. Establishes an SSL/TLS handshake before data transfer to negotiate
encryption keys.
9. Enhances user trust and security on the web.

### Question 5

#### a) Write short notes on:

1. SNMP (Simple Network Management Protocol)
2. FTP (File Transfer Protocol)
3. DNS (Domain Name System)

**SNMP (Simple Network Management Protocol):**

1. SNMP is a protocol for network management and monitoring.
2. Operates at the application layer of the Internet Protocol Suite.
3. Consists of a manager and agents that collect and exchange network
performance data.
4. Uses a Management Information Base (MIB) to organize and store
information about network devices.
5. SNMP messages include GET, SET, and TRAP for retrieving,
modifying, and receiving alerts from agents.
6. Provides remote monitoring and management of network devices like
routers, switches, and servers.
7. SNMPv1, SNMPv2c, and SNMPv3 are the main versions, with SNMPv3
offering enhanced security features.
8. Widely used for automated network management and fault detection.
9. Can be susceptible to security issues, particularly in earlier versions.

**FTP (File Transfer Protocol):**

1. FTP is a standard network protocol used for transferring files between
a client and a server.
2. Operates at the application layer of the Internet Protocol Suite.
3. Uses separate control (port 21) and data (port 20) connections for
communication.
4. Supports various commands for file operations like upload, download,
rename, delete, and directory listing.
5. Can operate in active or passive mode to handle firewall and NAT
traversal.
6. Provides user authentication through usernames and passwords.
7. Plain FTP transmits data in plaintext, making it vulnerable to
interception.
8. FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol) provide
secure alternatives.
9. Commonly used for transferring large files, website publishing, and
backup.

**DNS (Domain Name System):**

1. DNS translates human-readable domain names (e.g.,
www.example.com) into IP addresses (e.g., 192.0.2.1).
2. Operates at the application layer of the Internet Protocol Suite.
3. Uses a hierarchical and distributed database structure for managing
domain names.
4. Consists of different types of servers: DNS resolver, root servers,
top-level domain (TLD) servers, and authoritative name servers.
5. DNS queries involve recursive and iterative processes to resolve
domain names.
6. Supports various record types, including A (address), MX (mail
exchange), CNAME (canonical name), and TXT (text).
7. Critical for the functioning of the internet by enabling user-friendly
addressing.
8. DNSSEC (DNS Security Extensions) adds security to DNS by ensuring
data integrity and authenticity.
9. Vulnerable to attacks like DNS spoofing, cache poisoning, and DDoS.

### Question 6

#### a) Write short notes on:

1. E-Mail (Electronic Mail)
2. MIME (Multipurpose Internet Mail Extensions)

**E-Mail (Electronic Mail):**

1. E-mail is a method of exchanging digital messages over the Internet.
2. Operates at the application layer of the Internet Protocol Suite.
3. Uses standard protocols like SMTP (Simple Mail Transfer Protocol) for
sending, and POP3 (Post Office Protocol) or IMAP (Internet Message
Access Protocol) for retrieving messages.
4. Allows users to send text, attachments, images, and other multimedia
content.
5. E-mails consist of headers (metadata like sender, recipient, subject)
and body (message content).
6. Provides asynchronous communication, allowing users to send and
receive messages at their convenience.
7. Supports features like CC (carbon copy), BCC (blind carbon copy),
and reply-to for message management.
8. Vulnerable to spam, phishing, and malware attacks.
9. Can be encrypted using protocols like S/MIME (Secure/Multipurpose
Internet Mail Extensions) and PGP (Pretty Good Privacy) for enhanced
security.

**MIME (Multipurpose Internet Mail Extensions):**

1. MIME is an extension of the original email protocol, allowing the
transfer of multimedia content.
2. Specifies how to encode and encapsulate different types of data
within email messages.
3. Adds headers to emails to describe the content type and encoding
method.
4. Supports various media types, including text, images, audio, video,
and application files.
5. Enables the use of attachments in emails, supporting multipart
messages.
6. Uses Base64 encoding to safely transmit binary data over text-based
email systems.
7. Widely used for modern email communication, ensuring compatibility
across different email clients.
8. MIME types are also used in HTTP to indicate the nature and format of
web resources.
9. Enhances the functionality and usability of email by allowing rich
content and complex messages.