Department of Computer Science

COMSATS University, Islamabad, Abbottabad Campus

Computer Networks

Adapted From:
Computer Networking: A Top-Down Approach
8th edition: Jim Kurose, Keith Ross Pearson, 2020
Chapter 1: roadmap
 What is the Internet?
 What is a protocol?
 Network edge: hosts, access
network, physical media
 Network core: packet/circuit
switching, internet structure
 Performance: loss, delay,
throughput
 Security
How do packet delay and loss occur?
 packets queue in router buffers, waiting for turn for transmission
 queue length grows when arrival rate to link (temporarily) exceeds output link
capacity
 packet loss occurs when memory to hold queued packets fills up
packet being transmitted (transmission delay)

B
packets in buffers (queueing delay)
free (available) buffers: arriving packets
dropped (loss) if no free buffers
Packet delay: four sources
transmission
A propagation

B
nodal
processing queueing

dnodal = dproc + dqueue + dtrans + dprop

dproc: nodal processing dqueue: queueing delay

 check bit errors  time waiting at output link for
 determine output link transmission
 typically < microsecs  depends on congestion level of
router
Packet delay: four sources
transmission
A propagation

B
nodal
processing queueing

dnodal = dproc + dqueue + dtrans + dprop

dtrans: transmission delay: dprop: propagation delay:
 L: packet length (bits)  d: length of physical link
 R: link transmission rate (bps)  s: propagation speed (~2x108 m/sec)
 dtrans = L/R  dprop = d/s
dtrans and dprop
very different
Packet loss
 queue (aka buffer) preceding link in buffer has finite capacity
 packet arriving to full queue dropped (aka lost)
 lost packet may be retransmitted by previous node, by source end
system, or not at all
buffer
(waiting area) packet being transmitted
A

B
packet arriving to
full buffer is lost

* Check out the Java applet for an interactive animation (on publisher’s website) of queuing and loss
 Throughput
 throughput: rate (bits/time unit) at which bits are being sent from
sender to receiver
• instantaneous: rate at given point in time
• average: rate over longer period of time

link
pipecapacity
that can carry linkthat
pipe capacity
can carry
serverserver,
sends with
bits Rsfluid at rate
bits/sec Rfluid
c
at rate
bits/sec
(fluid)
fileinto
of Fpipe
bits (Rs bits/sec) (Rc bits/sec)
to send to client
Throughput
Rs < Rc What is average end-end throughput?

Rs bits/sec Rc bits/sec

Rs > Rc What is average end-end throughput?

Rs bits/sec Rc bits/sec

bottleneck link
link on end-end path that constrains end-end throughput
Throughput: network scenario
 per-connection end-end
Rs throughput:
Rs Rs min(Rc,Rs,R/10)
 in practice: Rc or Rs is
R
often bottleneck
Rc Rc
Rc
* Check out the online interactive exercises for more
examples: http://gaia.cs.umass.edu/kurose_ross/

10 connections (fairly) share

backbone bottleneck link R bits/sec
Chapter 1: roadmap
 What is the Internet?
 What is a protocol?
 Network edge: hosts, access
network, physical media
 Network core: packet/circuit
switching, internet structure
 Performance: loss, delay, throughput
 Security
 Protocol layers, service models
 History
Network security
 Internet not originally designed with (much) security in
mind
• original vision: “a group of mutually trusting users attached to a
transparent network” 
• Internet protocol designers playing “catch-up”
• security considerations in all layers!
 We now need to think about:
• how bad guys can attack computer networks
• how we can defend networks against attacks
• how to design architectures that are immune to attacks
Network security
 Internet not originally designed with (much) security in
mind
• original vision: “a group of mutually trusting users attached to a
transparent network” 
• Internet protocol designers playing “catch-up”
• security considerations in all layers!
 We now need to think about:
• how bad guys can attack computer networks
• how we can defend networks against attacks
• how to design architectures that are immune to attacks
Bad guys: packet interception
packet “sniffing”:
 broadcast media (shared Ethernet, wireless)
 promiscuous network interface reads/records all packets (e.g.,
including passwords!) passing by

A C

src:B dest:A payload

B

Wireshark software used for our end-of-chapter labs is a (free) packet-sniffer

Bad guys: fake identity
IP spoofing: injection of packet with false source address

A C

src:B dest:A payload

B
Bad guys: denial of service
Denial of Service (DoS): attackers make resources (server,
bandwidth) unavailable to legitimate traffic by
overwhelming resource with bogus traffic

1. select target
2. break into hosts
around the network
(see botnet)
target
3. send packets to target
from compromised
hosts
Lines of defense:
 authentication: proving you are who you say you are
• cellular networks provides hardware identity via SIM card; no such
hardware assist in traditional Internet
 confidentiality: via encryption
 integrity checks: digital signatures prevent/detect tampering
 access restrictions: password-protected VPNs
 firewalls: specialized “middleboxes” in access and core
networks:
 off-by-default: filter incoming packets to restrict senders, receivers,
applications
 detecting/reacting to DOS attacks
… lots more on security (throughout, Chapter 8)