Types of Delay

• Nodal processing delay:

– The time required to examine the packet’s header and determine where
to direct the packet is part of the processing delay. Processing delays in
high-speed routers are typically on the order of microseconds or less.
• Queuing delay
– At the queue, the packet experiences a queuing delay as it waits to be
transmitted onto the link. Queuing delays can be on the order of
microseconds to milliseconds in practice.
• Transmission delay
– The amount of time required to push (that is, transmit) all of the packet’s
bits into the link. Transmission delays are typically on the order of
microseconds to milliseconds in practice.
• Propagation delay
– The time required to propagate from the beginning of the link to router is
the propagation delay.
• The processing delay can also include other factors, such as the time needed
to check for bit-level errors in the packet that occurred in transmitting the
packet’s bits from the upstream node to router A. After this nodal processing,
the router directs the packet to the queue that precedes the link to router B.
• The length of the queuing delay of a specific packet will depend on the
number of earlier-arriving packets that are queued and waiting for
transmission onto the link.
• If the length of the packet by L bits, and denote the transmission rate of the
link from router A to router B by R bits/sec then the transmission delay is L/R.
• The propagation speed depends on the physical medium of the link (that is,
fiber optics, twisted-pair copper wire, and so on) and is in the range of 2*108
meters/sec to 3*108 meters/sec which is equal to, or a little less than, the
speed of light.
• If we let dproc, dqueue, dtrans, and dprop denote the processing, queuing,
transmission, and propagation delays, then the total nodal delay is given by
dnodal = dproc + dqueue + dtrans + dprop
• The nature of the queuing delay depends on the rate at which
traffic arrives at the queue, the transmission rate of the link,
and the nature of the arriving traffic, that is, whether the
traffic arrives periodically or arrives in bursts.
• R=link bandwidth (bps)
• L=packet length (bits) traffic intensity = La/R
• a=average packet arrival
rate
• La/R ~ 0: average queuing delay small
• La/R -> 1: delays become large
• La/R > 1: more “work” arriving than can be
serviced, average delay infinite!
 Throughput
• throughput: rate (bits/time
unit) at which bits
transferred between
sender/receiver
– instantaneous: rate at given
point in time
– average: rate over longer
period of time
server pipe that can pipe that can
sends bits carry carry
(fluid) into fluid at rate fluid at rate
pipe Rs bits/sec) Rc bits/sec)
throughput = min{Rs, Rc}
 Layered Architecture

Horizontal layering of airline functionality

 Protocol Layering

message
segment

datagrams

frames
 Similarities between OSI Reference
Model and TCP/IP Reference Model.

• Both have layered architecture.

• Layers provide similar functionalities.
• Both are protocol stack.
• Both are reference models.
 Differences between ISO OSI and
TCP/IP Model
OSI(Open System Interconnection)
OSI is a generic, protocol independent
standard, acting as a communication
gateway between the network and end
user.
In OSI model the transport layer
guarantees the delivery of packets.
Follows vertical approach.
OSI model has a separate Presentation
layer and Session layer
Transport Layer is Connection Oriented.
Network Layer is both Connection
Oriented and Connection less.
TCP/IP(Transmission Control Protocol /
Internet Protocol)
TCP/IP model is based on standard
protocols around which the Internet has
developed. It is a communication
protocol, which allows connection of
hosts over a network.
In TCP/IP model the transport layer does
not guarantees delivery of packets. Still
the TCP/IP model is more reliable.
Follows horizontal approach.
TCP/IP does not have a separate
Presentation layer or Session layer.
Transport Layer is both Connection
Oriented and Connection less.
Network Layer is Connection less.
 OSI(Open System Interconnection) TCP/IP(Transmission Control Protocol /
Internet Protocol)
OSI is a reference model around which TCP/IP model is, in a way implementation
the networks are built. Generally it is used of the OSI model.
as a guidance tool.
Network layer of OSI model provides both The Network layer in TCP/IP model
connection oriented and connectionless provides connectionless service.
service.
OSI model has a problem of fitting the TCP/IP model does not fit any protocol
protocols into the model.
Protocols are hidden in OSI model and are In TCP/IP replacing protocol is not easy.
easily replaced as the technology
changes.
OSI model defines services, interfaces and In TCP/IP, services, interfaces and
protocols very clearly and makes clear protocols are not clearly separated. It is
distinction between them. It is protocol also protocol dependent.
independent
• During transmission, each layer adds a header to the data
that directs and indentifies the packet. This process is
called encapsulation.
• The header and data together form the data packet for the
next layer that, in turn, adds its header and so on. The
combined encapsulated packet is then transmitted and
received.
• The receiving computer reverses the process, de-
encapsulating the data at each layer with the header
information directing the operations. Then, the application
finally uses the data.
• The process is continued until all data is transmitted and
received.
 Virtual Circuit (VC) vs. Datagram Switching

Virtual Circuit Datagram Switching

Computer networks that provide only a
connection service at the network layer
are called virtual circuit (VC) networks.
They are connection-oriented, which
means that there is a reservation of
resources like buffers, bandwidth, etc. for dedicated path for a connection session.
the time during which the newly setup VC
is going to be used by a data transfer
session.
A VC network uses a fixed path for a
particular session, after which it breaks
the connection and another path has to
be set up for the next session.
Computer networks that provide only a
connectionless service at the network
layer are called datagram networks .
It is connectionless service with no need
for reservation of resources with no
A Datagram based network is a true
packet switched network with no fixed
path for transmitting data.
All the packets follow the same path and
hence a global header is required only for
the first packet of connection and other
packets will not require it.
Packets reach in order to the destination
as follows the same path.
Virtual Circuits are highly reliable.
Implementation of VCs is costly as each
time a new connection has to be set up
with reservation of resources and extra
information handling at routers.
Every packet is free to choose any path,
and hence all the packets must be
associated with a header containing
information about the source and the
upper layer data.
Data packets reach the destination in
random order, which means they need
not reach in the order in which they were
sent out.
Datagram networks are not reliable as
VCs.
It is always easy and cost-efficient to
implement datagram networks as there is
no need of reserving resources and
making a dedicated path each time an
application has to communicate.
 Data Encapsulation
• The term “encapsulation” is used to describe a
process of adding headers and trailers around
some data.
• It refers to sending data where the data is
augmented with successive layers of control
information before transmission across a
network.
• The term “decapsulation” refers to the process of
removing headers and trailers as data passes
from lower to upper layers. This process happens
on a computer that is receiving data.
• Frame – the term “frame” refers to the encapsulated data defined
by the Network Access layer. A frame can have a header and a
trailer that encapsulate a data section.

• Packet – the term “packet” is used to describe the encapsulated

data defined by the Internet layer. A packet can have a header with
the source and destination IP addresses.

• Segment – the term “segment” describes encapsulated data

defined by the Transport layer. A segment can have a header with
informations such as source and destionation port numbers,
sequence and acknowledgment numbers, etc.
 Network Vulnerabilities
• Malware: The unwanted stuff along with good stuff that can also
enter and infect our devices is collectively known as Malware.
• “Malware” is short for “malicious software” - computer programs
designed to infiltrate and damage computers without the users
consent.
• “Malware” is the general term covering all the different types of
threats to your computer safety such
as viruses, spyware, worms, trojans, rootkits and so on.
• The compromised host may also be enrolled in a network of
thousands of similarly compromised devices, collectively known as
a botnet, which the bad guys control and leverage for spam email
distribution or distributed denial-of-service attacks (soon to be
discussed) against targeted hosts.
• self-replicating malware- once it infects one host, from that host it seeks entry
into other hosts over the Internet, and from the newly infected hosts, it seeks
entry into yet more hosts. In this manner, self-replicating malware can spread
exponentially fast.
• Viruses are malware that require some form of user interaction to infect the
user’s device.
• Spyware is a type of malware that's hard to detect. It collects information
about your surfing habits, browsing history, or personal information (such as
credit card numbers), and often uses the Internet to pass this information
along to third parties without you knowing.
• Worms are malware that can enter a device without any
explicit user interaction.
• A Trojan horse or Trojan is a type of malware that is often disguised as
legitimate software. Trojans can be employed by cyber-thieves and hackers
trying to gain access to users' systems.
• A rootkit is a clandestine computer program designed to provide continued
privileged access to a computer while actively hiding its presence.
 Denial-of-Service (DoS) attacks
• A DoS attack renders a network, host, or other piece of
infrastructure unusable by legitimate users.
• It is an attack meant to shut down a machine or network,
making it inaccessible to its intended users.
• It is a security event that occurs when an attacker takes action
that prevents legitimate users from accessing targeted
computer systems, devices or other network resources.
• Popular flood attacks include:
– Buffer overflow attacks – the most common DoS attack. The concept
is to send more traffic to a network address than the programmers
have built the system to handle. It includes the attacks listed below, in
addition to others that are designed to exploit bugs specific to certain
applications or networks
 – ICMP flood – leverages misconfigured network devices by sending
spoofed packets that ping every computer on the targeted network,
instead of just one specific machine. The network is then triggered to
amplify the traffic. This attack is also known as the smurf attack or ping of
death.
– SYN flood – sends a request to connect to a server, but never completes
the handshake. Continues until all open ports are saturated with requests
and none are available for legitimate users to connect to.
• Alternatively,
– Vulnerability attack. This involves sending a few well-crafted messages to
a vulnerable application or operating system running on a targeted host. If
the right sequence of packets is sent to a vulnerable application or
operating system, the service can stop or, worse, the host can crash.
– Bandwidth flooding. The attacker sends a deluge of packets to the
targeted host—so many packets that the target’s access link becomes
clogged, preventing legitimate packets from reaching the server.
– Connection flooding. The attacker establishes a large number of half-open
or fully open TCP connections at the target host. The host can become so
bogged down with these bogus connections that it stops accepting
legitimate connections.
• In a distributed DoS (DDoS) attack, the attacker controls multiple
sources and has each source blast traffic at the target.
• A Packet Sniffer is a program that can record all
network packets that travel past a given network interface, on a
given computer, on a network. It can be used to troubleshoot
network problems, as well as to extract sensitive information
such as Credentials from unencrypted Login Session's.
• A person with a packet sniffer can view the data as it crosses
the network.
• IP Spoofing is a technique used to gain unauthorized access to
machines, whereby an attacker illicitly impersonates another
machine by manipulating IP packets. IP Spoofing involves
modifying the packet header with a forged (spoofed)
source IP address, a checksum, and the order value.
• It is the creation of Internet Protocol (IP) packets with a false
source IP address, for the purpose of hiding the identity of the
sender or impersonating another computing system.
 Application Layer
The application architecture:
• The client-server architecture
• The peer-to-peer (P2P) architecture.

In the context of a communication session between a pair of processes, the

process that initiates the communication (that is, initially contacts the other
process at the beginning of the session) is labeled as the client. The process
that waits to be contacted to begin the session is the server.
The Interface Between the Process and the
Computer Network
• A process sends messages into, and receives messages from, the
network through a software interface called a socket.
• A socket is the interface between the application layer and the
transport layer within a host, also referred to as the Application
Programming Interface between the application and the network,
since the socket is the programming interface with which network
applications are built.
Transport Services Provided by the
Internet
 TCP Service
• The TCP service model includes a connection-oriented service and a reliable data
transfer service. When an application invokes TCP as its transport protocol, the
application receives both of these services from TCP.
• TCP has the client and server exchange transport layer control information with
each other before the application-level messages begin to flow. This so-called
handshaking procedure alerts the client and server, allowing them to prepare for
an onslaught of packets. After the handshaking phase, a TCP connection is said to
exist between the sockets of the two processes. The connection is a full-duplex
connection in that the two processes can send messages to each other over the
connection at the same time. When the application finishes sending messages, it
must tear down the connection
• Because privacy and other security issues have become critical for many
applications, the Internet community has developed an enhancement for TCP,
called Secure Sockets Layer (SSL). TCP-enhanced-with-SSL not only does
everything that traditional TCP does but also provides critical process-to-process
security services, including encryption, data integrity, and end-point
authentication.
• TCP also includes a congestion-control mechanism, a service for the general
welfare of the Internet rather than for the direct benefit of the communicating
processes.
 UDP Service
• UDP is connectionless, so there is no handshaking
before the two processes start to communicate.
• UDP provides an unreliable data transfer service—that
is, when a process sends a message into a UDP socket,
UDP provides no guarantee that the message will ever
reach the receiving process. Furthermore, messages
that do arrive at the receiving process may arrive out
of order.
• UDP does not include a congestion-control mechanism,
so the sending side of UDP can pump data into the
layer below (the network layer) at any rate it pleases.
 Few Application Layer Protocols
• An application-layer protocol defines how an
application’s processes, running on different end
systems, pass messages to each other.
• In particular, an application-layer protocol defines:
– The types of messages exchanged, for example, request
messages and response messages
– The syntax of the various message types, such as the fields
in the message and how the fields are delineated
– The semantics of the fields, that is, the meaning of the
information in the fields
– Rules for determining when and how a process sends
messages and responds to messages
 The Web and HTTP
• A Web page (also called a document) consists of objects. An object is simply a
file—such as an HTML file, a JPEG image, a Java applet, or a video clip—that is
addressable by a single URL. Most Web pages consist of a base HTML file and
several referenced objects.
• Web browsers (such as Internet Explorer and Firefox) implement the client side of
HTTP, in the context of the Web, we will use the words browser and client
interchangeably.
• Web servers (such as Apache ad Microsoft Internet Information Server), which
implement the server side of HTTP, house Web objects, each addressable by a
URL.
• The HyperText Transfer Protocol (HTTP), the Web’s application-layer protocol, is at
the heart of the Web .
• HTTP is implemented in two programs: a client program and a server program. The
client program and server program, executing on different end systems, talk to
each other by exchanging HTTP messages.
• HTTP defines the structure of these messages and how the client and server
exchange the messages