1 | P a g e

chapter 1:

15. MBI Corporation uses airmail, which is not Internet standard. The company

also uses Novell LAN. Novell has Internet Exchange Protocol, IPX (connectedness

datagram service) as its equivalent to Internet TCP/IP. As you know well, most of

the global a-mail traffic on the Internet uses SNMP as the mail protocol. Figure

1.27 shows the high-level configuration of the two network connected through a

gateway. Fill in the protocol layers of the gateway.

16. Picture a scenario where you are downloading a file from a server located in

Europe, which has an X.25 protocol based on the OSI Reference Model. Its

physical medium interface is X.21. Your client machine is connected to the

Internet with Ethernet as the physical medium.

a. Draw the details of the communications network in Figure 1.28(a) using priors,

routers, and a gateway between the Server and client.

b. Complete the protocol architecture in Figure 1.28(13) for the intermediate

gateway system.

2 | P a g e

3 | P a g e

17. As a network engineer in an NOC, you are following up on the following two

trouble tickets. You do not have a network management system and you have to

use the basic network tools to validate the problems before you can resolve them.

Please explain what tools you would use in each case and how it would validate the

customer's complaint.

Trouble Ticket 100: Customer says that periodically the messages he receives are

missing some characters.

Trouble Ticket 101: A customer in Atlanta complains that when She tries to log

into the System seztpez./zntlqsfr|rtec.com in New York, she gets disconnected '

with a time-out. However, her colleague in her New York office reports that he is

able to access the system.

(a) TT 100: Telnet into user workstation from NOC. You suspect packet loss and

intermittent operation. Ping destination from the user workstation. Measure %

packet loss and verify.

(b) TT 101: Telnet into user workstation from NOC. You suspect loss of

connection. Trace route to the NY. Find the connection is broken.

4 | P a g e

chapter 2:

2-1 The maximum allowed Segment for Ethernet is 500 meters and number of

segments that can be connected to repeater is limited to five. The minimum length

of the frame that can be transmitted is the sum of the round-trip delay and the

repeater delays. Assume the speed of transmission on the cable is 200 meters per

microsecond and the total round-trip delay in traversing all the repeaters is 25micro

second. Show that the minimum frame size (number of bits per frame) of an

Ethernet frame is 64 bytes. Note: The maximum frame size is 1,518 bytes.

Minimum frame size is the same as the maximum round-trip delay on the LAN.

Maximum round-trip delay = (2 x max. I-way propagation delay) + repeater delay

= (500 x 5 x 2)/200) + 25 seconds = 50 seconds At 10 Mbps, generated bytes =

50 Mbps x 10 sec = 500 bits ~ 64 bytes, which is the minimum frame size.

2-2. The Engineering Department of twelve persons in a Small corporation is on a

regular 10Base-T Ethernet LAN hub with 16 ports. The busy group started

complaining because of the slow network performance. The network was operating

at 50% utilization, whereas 30% utilization is acceptable. if you are the

corporation's Information Technology Engineer and have to resolve the problem

technically,

a. Describe four choices for resolving the problem, maintaining the LAN as an

Ethernet LAN.

b. State the advantages and disadvantages of each approach.

1. Choice 1: Switched Ethernet - Replace regular hub to switched hub. This will increase the maximum capacity to about 6 times. No modifications need to workstations. Easy to install. Switch the hub and plug the cables into the new hub. Choice 2: Full duplex - Convert NICs on the 12 workstations and replace the hub to full duplex operation. This requires hardware and configuration changes to the hub and workstations. Will double the capacity. However, this is a dead-end approach. Choice 3: Convert the network to 100Bast-T Fast Ethernet. Need to replace the NICs in the workstations and replace hub for 100BaseT. Increases capacity by ten times. The speed at each workstation increases ten times. Requires 12 NICs for the workstation and a new hub. Choice 4: Split the workstation into multiple (n) LANs. Approximately increases the capacity by n times. Some hubs have the capacity to split LANs. If not, additional hubs need to be added.

5 | P a g e

External bridge or a workstation acting in the capacity of a bridge will bridge the split LANs. This is a scalable architecture and would allow for future growth. No hardware changes need to be made to the workstations. IP address needs to be changed in the workstations that now belong to new subnets.

2-3 In previous Exercise, the IT meager says the problem is to be solved by using

bridges and the existing hub that could be configured for four subnets. A good rule

of thumb is that LAN utilization of 20% yields good and satisfactory performance.

Assume that twelve workstations are functioning at peer-to-peer level with

distribution of traffic between any two Stations being the Same. What would be

your new configuration?

The twelve stations are divided between three subnets, with four stations in each. We need to add one 3-port bridge (in practice, a 4-port bridge), a simple version being one workstation with NICs, each connected to one of three subnets. Ports 5, 10, and 15 for the three LANs, LAN1,LAN2, and LAN3 respectively are connected to the bridge. The fourth port of the bridge is depicted as connected to external network.

The traffic in each subnet will be about 1.7 Mbps, i.e., utilization factor of 17%

2-4: Design an Ethernet LAN using a 10/100 mbps Switched Ethernet hub to handle

the following specifications:

Number of clients = 16 operating at 10 maps

Number of Server = 1

50% of the traffic is directed to the server

Draw the configuration and indicate the transmission modes (half-duplex or

duplex) on the ports.

Traffic on the hub I/O of server = 16 x 10 x 0.5 Mbps = 80 Mbps. Hence, use a 100 Mbps half-duplex mode of operation for the server as shown .

6 | P a g e

2-6. Repeat Exercise 5 if the traffic to the server increases to 80 percent.

Traffic on the server I/O of the hub = 100x 16 x 0.8 = 128 Mbps In this case the server is connected to the hub using a full duplex 100 Mbps NIC. An alternative is to split the hub into two subnets and have two half-duplex 100 Mbps I/O's to the server, each one serving one of the two subnets.

2-7. two virtual cans, 145.50.50.1 belonging to NM lab, and 145.50.60.1 belonging

to Networking lab, each have three workstations. The former has workstations

145.50.50.11-13, once the latter 145.50.60.21-23. They are connected to a

Switched hub (as shown in Figure 2.9) on ports 2 through 7. The N1Cs (network

interface cards) associated with ports are made by Cabletron and their MAC

addresses start with the vendor's global prefix 00-00-1D (hexadecimal notation)

and end with 11, 12, 13, 21, 22, and 23 (same as the courtly decimal position of IP

addresses).

a. Create a conceptual matrix table, as shown below, that would be generated my

the hub that relates the IP address, MAC address, and port number.

b. The workstation 23 is moved from Networking lab to NM lab. Show the

appropriate parameter changes on the hub and the workstation.

5. (a)

IP Address MAC Address Port Number

7 | P a g e

145.50.50.11 00-00-ID-00-00-0B 11

145.50.50.12 00-00-ID-00-00-0C 12

145.50.50.13 00-00-ID-00-00-0D 13

145.50.60.11 00-00-ID-00-00-15 21

145.50.60.22 00-00-ID-00-00-16 22

145.50.60.23 00-00-ID-00-00-17 23

(b)

IP Address MAC Address Port Number

145.50.50.11 00-00-ID-00-00-0B 11

145.50.50.12 00-00-ID-00-00-0C 12

145.50.50.13 00-00-ID-00-00-0D 13

145.50.50.23 00-00-ID-00-00-17 23

145.50.60.21 00-00-ID-00-00-15 21

145.50.60.22 00-00-ID-00-00-16 22

8. In Exercise 7, port 1 of the hub is connected to a router (as shown in Figure 2.9).

The IP and MAC addresses associated with the NIC on the hub interfacing to the

router are 145.50.10.1 and 00-00-100-00-00-01, and that with the NIC on the

router interfacing with the Switched hub of 130.30.40.1 and 00-00-10-00.00-64.

Extend the matrix of Exercise 7(a) to include port 1, using the Same convention for

MAC addresses

IP Address MAC Address Port Number

130.30.40.1 00-00-ID-00-00-64 1

8 | P a g e

145.50.50.11 00-00-ID-00-00-0B 11

145.50.50.12 00-00-ID-00-00-0C 12

145.50.50.13 00-00-ID-00-00-0D 13

145.50.60.11 00-00-ID-00-00-15 21

145.50.60.22 00-00-ID-00-00-16 22

145.50.60.23 00-00-ID-00-00-17 23

9. In Exercise 8, the router is connected to the switched hub by a Single physical

cable. The router maintains two Sets of tables, one to determine the subnets on its

network and the other to determine the host on the subnet, as shown below. 'The

third decimal of the IP address is allocated to subnet designation.

a. What is the mask used by the router to filter the subnet?

b. Show how two packets arriving in the router and addressed to 145.50.50.11

And 145.50.60.21 are directed to the Switched hub by using the above table.

9 | P a g e

9. (a) Subnet is determined by the third decimal (bits 17-24) position of the IP address. The subnet mask is defined with the network and subnet work bit positions being 1 and host positions zero. Thus the subnet mask is

255.255.255.0

or

1111 1111 1111 1111 1111 1111 0000 0000

(b) Packet addressed to 145.50.50.11

145.50.50.11 XOR 255.255.255.0 = 145.50.50.0

The subnet address table of 145.50.50.0 identifies host 11 as interface port 1. The hub, in turn,

directs the packet to its port 11.

Packet addressed to 145.50.60.11, similarly yields the subnet 145.50.60.0 and addresses the host 21

to same port 1 of the router. The hub, in turn, switches it to its port 21.

10. Design a client/server network with two Servers operating at 100Base-T Fast

Ethernet speed and the clients operating at regular 10Base-T Ethernet speed using

a 10/100 Mbps NIC. The hub is located in a wiring closet, but the servers and

clients are not. Assume that a satisfactory performance is achieved at 30%

utilization of the LAN

Limitations:

1) Maximum distance to a server from the hub = 100 m; 4 pairs half-duplex mode (100Base-T4).

Maximum distance to a client from the hub = 100 m with CAT-5 cable, half-duplex mode(100Base-T).

2) at 30% utilization, the LAN data rate is 30 Mbps.

At 10 Mbps - clients, only three clients can be accommodated for satisfactory performance.

10 | P a g e

11. Which of the following is correct? The maximum throughput of an 8-port

switched hub over an 8 port nonswitched hub is

a. the same

b. 2 times

c. 4 times

d. 8 times

(c) is the correct answer. Four pairs of conversations can simultaneously occur with 8 ports.

12. It is assumed in Exercise 11 that the LAN operates at maximum utilization.

How- ever, a regular LAN can degrade in performance to an intolerable level at

50% utilization. What is the approximate (ignore the contention of more than one

station trying to reach the same destination at the same time) percentage utilization

improvement of a l2-port switched-hub Ethernet LAN over a none switched-hub

Ethernet LAN?

For a 12-port hub at 50% utilization, maximum data rate is 5 Mbps. For a switched hub, the twelve ports can carry 6 simultaneous conversations with a data rate capacity of 60 Mbps. Thus, the percentage utilization improvement is 1200%.

13. The minimum Size of the frame is determined by the token size, which is 3

bytes long and should be contained in the ring under idle condition. Assume a 16-

Mbps LAN and transmission of 200 meters per microsecond.

a. What should be the minimum length of the ring in meters?

b. Each station normally adds a bit delay in processing the data. What is the

additional length gained by adding one station at a time?

A bit occupies 200 x 106 m/sec = 12.5 meters/bit 16 x 106 bits / sec For the token of 3 bytes or 24 bits, the minimum length of the ring is 12.5 m/bit x 24 bits = 300 meters

14. Repeat Exercise 3 for an FDDI ring. Assume the Speed of transmission is 300

meters per microsecond.

Minimum length = 300 x 106 x 24 = 72 meters 100 x 106

15. Explain why the performance of an Ethernet LAN decreases with an increase

11 | P a g e

in the number of Stations on the LAW, whereas it increases (at least initially) with

the increase in the number of Station in a token-ring LAN.

In Ethernet configuration, as number of stations increase, collision increases and stations have to abort transmission and try again. Thus utilization / performance decreases. In Token Ring configuration, when token is passed from one station to the next, the time it takes to travel is simply overhead. As number of stations increase, time to travel between adjacent stations is less, thus improving the utilization / performance of the LAN.

16. Draw a network configuration and the protocol-layer interface architecture for

a multiprotocol bridge that connects an Ethernet LAN and a token-ring LAN.

12 | P a g e

chapter 3: 3-1 What are the standards used for the various layers in an Ethernet-based

network that is managed by the Internet management protocol? Assume that the

Ethernet runs on 10 mbps on an unshielded twisted-pair cable.

Physical Layer: 10Base-T IEEE Data Link Layer IEEE 802.3 IEEE Network Layer IP IETF Transport Layer UDP IETF Application Layer SNMP IETF

3-2 considers a network of multi-vender components. Hubs are made by Cabletron

and are managed by Cabletron's Spectrum NMS. Routers are made by Cisco and

are managed my CiscoWorks NMS. The entire network is managed by a general-

purpose NMS such as HP Open View Network Node Manager. Draw a two-tier

management network that performs configuration and fault management. Explain

the rationale for your configuration.

Vendor-specific NMS has detailed information about the vendor's components. Hence, it is better

suited to do configuration management and detailed trouble shooting in fault management, such as

hardware board failure.

General purpose NMS, such as HP OpenView, can monitor several vendors' components and do an

overall fault monitoring. In addition, intelligence is built into the system to localize the fault.

3.3. Redraw the management network configuration of Exercise 2 as a three-tier

configuration. What are the requirements on the three-tier network management

system?

13 | P a g e

Spectrum and CiscoWorks behave as agents to MOM (HP OpenView) as well as managers to the managed components. For unified presentation, they utilize the user interface of HP OpenView

4. Explain succinctly the difference between the database of a: network

management system and its MIB. How do you implement each in a network

management System?

A database of an NMS is a physical database containing the network objects and values. It is implemented using any proprietary database software. MIB is a virtual database that is used by network management and agent applications to exchange information about the network objects. It has a hierarchical structure and the schema of the MIB is compiled into the management and agent management software.

5. You have been assigned the responsibility of aiding a new vendor's components

with its own NMS to an existing network manager lay a different NMS. Identify

the three sets of functions that you need to do to fulfill your task.

(i) Compile the MIB(s) of the new components on the existing NMS.

(ii) Assign IP addresses (instances of managed objects) to the new components. Also, configure them on

the network to communicate with the existing NMS.

(iii) Configure the new NMS for configuration management and detailed fault management.

14 | P a g e

6. Write an ASN.1 module that defines Days Of Week as a SEQUENCE type with

each day of the week (dayl, days, ...) as the type VisibleString. Write the ASN.1

description (a) for the structure and (b) for the value. (a) ASN.1 Structure:DaysOfWeek ::= SEQUENCE {

day1 VisibleString

day2 VisbleString

day7 VisibleString

(b)

ASN.1 record value:

day1 "Sunday"

day2 "Monday"

day7 "Saturday"

7. Write an ASN.1 module that defines daysOfWeek as all ENUMERATED data

type, with values from 0 to 6.

daysOfWeek ENUMERATED ::=

{

sunday (0)

monday (1)

tuesday (2)

wednesday (3)

thursday (4)

friday (5)

saturday (6)

}

8. The following is the informal record structure of my home address:

Name Mani M. Subramanian

15 | P a g e

Address 1652 Harts Mill Road

City Atlanta

State GA

Zip Code 30319

Write for your record:

a. the informal record structure

b. an ASN.I description of the record structure

c. the record value for your home address

a) Informal Record Structure Name Mani M. Subramanian Address 1652 Harts Mill Road City Atlanta State GA Zip Code 30319

(b) ASN.1 Structure:

MyAddress ::= [ APPLICATION 0 ] IMPLICIT {

name Name

address Address

city [0] VisibleString

State [1] VisibleString

zip [2] INTEGER

}

Name ::= SEQUENCE {

first VisbleString

middle VisibleSring DEFAULT { }

last VisibleString

}

Address ::= [ APPLICATION 1 ] IMPLICIT SEQUENCE {

number INTEGER

street VisibleString

16 | P a g e

}

(c) ASN.1 Record value:

{

{ first "Mani",

middle "M',

last "Subramanian" },

{ number 1652,

street "Harts Mill Road" },

city "Atlanta",

state "GA",

zip 30319

9. Given the definition

class : := SET {

name VisibleString

size INTEGER

graduate Boolean

}

which of the following set(s) of values is (are) compatible with the ASN.1 record

structure in Exercise 8?

a. “CS4803B'', FALSE, 28

b. CS8113B, TRUE, 28

c. “CS4803B'' 28, TRUE

d. CS4803B, 28, TRUE

Correct solutions: 1 and 3

10. a. Describe a list and an ordered list in ASN.1 syntax.

b. Identify the differences between them.

c. Using examples, differentiate between list construction and repetitive

construction.

17 | P a g e

(a) List: SET {<type1>, <type2>,…} Ordered list: SEQUENCE {<type1>, <type2>,…}

(b) Data types in SET are distinctly different and could be transmitted in any order Data types in SEQUENCE need not be different from each other, but should be transmitted in the order in which the data is inputted.

(c) List construction is done using SET and SEQUENCE and is used when data types need to be grouped. Repetitive construction is done using SET OF and SEQUENCE OF and is used when grouped data types are to be defined as an array or a table. The rules for ordering of data are the same as for SET and SEQUENCE.

11. In a ballroom dance class, the instructor asks the guests to form couples made

up of a male and a female (order does not matter) for a lance. Write an ASN.1

module for danceGroup with data type danceGroup) that is composed of data type

Couple; Couple is constructed using male and female.

danceGroup DanceGroup ::= SET OF { Couple }

Couple ::= SET { Male, Female }

male VisibleString

female VisibleString

12. A high school class consists of four boys and four girls. The names of the keys

with their heights are Adam (65''), Chang (63.'), Eduard (72''), and Gopal (62..).

The names of the girls are Beth (68”), Dipa (59'') Faye (61''), and Keisha (64'').

For each of the following cases, write an ASN.1 description for the structure and

record values my selecting appropriate data types. Start with data type Studentlnfo,

listing information on each student.

a. a random list of the Students

b. an alphabetized list of students

c. a sorted line up of students with increasing height

d. any one student to be a class representative to the faculty meeting

e. two groups, one of boys and one of girls (a) RandomList ::= SET OF StudentInfo

StudentInfo ::= SEQUENCE {

name VisibleString

male BOOLEAN

height INTEGER }

18 | P a g e

}

Record: {

{"Adam", TRUE, 65 },

{"Chang"' TRUE, 63 },

...

{"Beth", FALSE, 68 },

...

}

(b) AlphabatizedList ::= SEQUENCE OF StudentInfo

Record: {

{ "Adam", TRUE, 65 },

{ "Beth", FALSE, 68 },

...

{ "Ho", FALSE, 64 }

}

(c) IncreasingHeight ::= SEQUENCE OF StudentInfo

Record: {

{ "Dipa", FALSE, 59 },

{ "Faye", FALSE, 61 },

...

19 | P a g e

}

(d) Representative ::= {

{"Adam", TRUE, 65 } | { "Chang", TRUE, 63 } | ...

or

Representative ::= CHOICE {

student1 Student1

student2 Student2

...

student8 Student8

}

Student1 ::= SEQUENCE { VisbleString, BOOLEAN, INTEGER }

Record: {"Adam", TRUE, 65 }

Student2 ::= SEQUENCE { VisbleString, BOOLEAN, INTEGER }

Record: {"Chang", TRUE, 63 }

....

(e) Group1 ::= SET OF StudentInfo Record: {

{"Adam", TRUE, 65 },

{ "Chang", TRUE, 63 },

….

}

Group2 ::= SET OF StudentInfo

20 | P a g e

Record: {

{"Beth", FALSE, 68},

{"dipa", FALSE, 59 },

…

}

13. In Section 3.6.2, we defined the tag for Chapter-number type as

APPLICATION [2] Encode this chapter (3) in TLV format.

0100010 00000001 00000011

14. You are establishing a small company. Give an example of each of the five

functional applications that you would implement in your network management

System.

Configuration Management: Set the IP address and system description identify components, set up subnets, links to external network, etc. Fault Management: Component failures, network alarms, etc. Performance Management: Traffic on the LANs, packet loss on components and links, traffic delay, .. Security Management: Set up security parameters, password and other security administration, security break-ins, etc. Account Management: Utilization of the network resources by different users.

21 | P a g e

Chapter 4 :

1. Refer to Figure 4.3 to answer the following questions:

a. What are the classes of the networks shown in Figure 4.3(a)?

b. Explain the function of a net-work mask.

c. In Figure 4.3(c), network addresses 172.16.x.0 are subnets thrived from the

network address 172.16.0.0. Explain how the IP address bits are split between

subnet and host addresses.

(a) 172.16.46.2 is Class B address 192.168.101.1 Class C address (b) a network mask is used to create subnets and route packets to them. The IP address for a network is assigned by a centralized organization, NIC (Network Information Center). The router with an assigned node address can subdivide all the bits allocated to its hosts into subnets by applying the subnet mask and route the packets to the appropriate subnets. Each subnet maintains the address of its hosts for routing purpose. (c) The last sixteen bits are assigned as host addresses by NIC. The local network has split the first eight bits (17-24) for subnet and the last bits (25-32) for hosts. The subnet mask is 255.255.255.0.

2. Access the Simple Gateway Monitoring Protocol (SGMP) RFC 1028 on the

Internet. Describe the four message types defined in the document. (You (to not

have to present the structure of the message.)

22 | P a g e

The four SGMP messages and their functions are: (1) The "get request message type", get_req_message_type requests the values of a sequence of variables from a managed (protocol) entity by a manager (protocol) entity.

(2) The "get response message type", get_rsp_message_type is sent by a managed entity in response to a get request message type. It responds with values for the list of variables requested. (3) The "trap request message type", trap_req_message_type, is generated by a managed object. The trap messages generated are cold start, warm start, link failure, authentication failure, and EGP neighbor loss. (4) The "set request message type", set_req_message_type is issued by a manager (Protocol) entity to set the values in a managed entity.

3. Present the OBJECT IDENTIFIER for the object Sun.proclucts in two formats,

one mnemonic and the other numeric.

sun OBJECT IDENTIFIER::={internet.private.enterprises.sun.products} sun OBJECT IDENTIFIER::={1.3.6.1.4.1.42.2}

4. Represent the objects as OBJECT IDENTIFIERS Starting from the root for the

three network components in Figure 4.2.

a.hub in Figure 4.2(a) in hybrid format

b. hub in Figure 4.2(b) in numeric format

c. router in Figure 4.2(c) in hybrid format

(a) iso.org.dod.internet.private.enterprises.43.1.8.5

(b) 1 . 3 . 6 . 1 . 4 . 1 .43.1.8.5

(c) 1 . 3 . 6 . 1 . 4 . 1 .46.ciscoProducts.cisco7000

5. Encode IP address 10.20.30.40 in TLV format.

01000000 00000100 00001010 00010100 00011110 00101000

6. Refer to RFC 1213 for the following exercise:

a. Write the ASCII specifications for sysServices.

b. Illustrate the Specifications with values for a bridge.

c. Illustrate the specifications with values for a router.

23 | P a g e

a) sysServices OBJECT-TYPE SYNTAX INTEGER (0..127) ACCESS read-only STATUS mandatory DESCRIPTION "The value is a sum. This sum initially takes the value zero, Then, for each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs primarily routing functions would have a value of 4 (2^(3-1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4-1) + 2^(7-1)). Note that in the context of the Internet suite of protocols, values should be calculated accordingly:

layer functionality 1 physical (e.g., repeaters) 2 datalink/subnetwork (e.g., bridges) 3 internet (e.g., IP gateways) 4 end-to-end (e.g., IP hosts) 7 applications (e.g., mail relays) For systems including OSI protocols, layers 5 and 6 may also be counted." ::= { system 7 }

7. Write the object DESCRIPTOR and syntax of the following SNMP manager

entities:

a. IP address

b. A row in the Interfaces table (the row specifications only, not the objects in

the row)

c. 'The MAC address of an interface card

(a) DESCRIPTOR ipNetToMediaNetAddress SYNTAX IpAddress (b) DESCRIPTOR ifEntry SYNTAX IfEntry (c) DESCRIPTOR ipNetToMediaPhysAddress SYNTAX PhysAddress

8. In Exercise 4 of Chapter 1, you measured the percentage of packet loss using

ping tool, which depends on the ICMP group. Name the MIB object's that

are used in the procedure encl present the macros for the OBJECT TYPE.

24 | P a g e

9. The two MIB objects are icmpOutEchos and icmpInEchoReps. The OBJECT-TYPE macros are shown below. icmpOutEchos OBJECT-TYPE SYNTAX Counter

ACCESS read-only

STATUS mandatory

DESCRIPTION

"The number of ICMP Echo (request) messages sent."

::= { icmp 21 }

icmpInEchoReps OBJECT-TYPE

SYNTAX Counter

ACCESS read-only

STATUS mandatory

DESCRIPTION

"The number of ICMP Echo Reply messages received."

::= { icmp 9 }

9. Explain how you would determine whether a device is acting as a host or as a

router using an SNMP command.

Use get-request command for ipForwarding. A value of 1 indicates that it is a router or gateway. A value of 2 indicates that it is acting as a host.

10. Refer to the IP Address Translation table Shown in Figure 4.32 and Table

4.10 as well as the numbering convention Shown in Figure 4.22 to answer

the following questions:

a. List the columnar objects under ipNetToMediaEntry.

b. Draw the object instance table for ipNetToMediaTable as in Figure

4.23(b) without the row column. Fill three rows of data using MIB Specifications.

c. Redraw the table in (b), now filling each cell in the table with object instance

identifiers. Use N = 1.3.6.1.2.1.4.22.1 for ipNet-ToMediaEntry in the table.

a) ipNetToMediaTable {ip 22}

25 | P a g e

ipNetToMediaEntry (1) Four columnar objects under ipNetToMediaEntry: ipNetToMediaIfIndex (1) ipNetToMediaPhysAddress (2) ipNetToMediaNetAddress (3) ipNetToMediaType (4)

(b)

ipNetToMediaIfIndex ipNetToMediaPhysAddress ipNetToMediaNetAddress ipNetToMediaType

1 0x00000C3920AC 172.16.46.1 4

2 0x00000C3920AF 172.16.49.1 4

3 0x00000C3920B0 172.16.52.1 4

(c)

ipNetToMediaIfIndex ipNetToMediaPhysAddress ipNetToMediaNetAddress ipNetToMediaType

N.1.1.172.16.46.1 N.2.1.172.16.46.1 N.3.1.172.16.46.1 N.4.1.172.16.46.1

N.1.2.172.16.49.1 N.2.2.172.16.49.1 N.3.2.172.16.49.1 N.4.2.172.16.49.1

N.1.3.172.16.52.1 N.2.3.172.16.52.1 N.3.3.172.16.52.1 N.4.3.172.16.52.1

11. You own a specialty company, ABC (Atlanta Braves Company) that sells

hats and jacket. You obtained an OBJECT IDENTIFIER 5000 under enterprises

node from IANA. You have two branch locations. Each has an inventory

system that can be accessed by the IP address; they have the following OBJECT

DESCRIPTORS: branch1 - 100.100.100.15

branch2 - 100.100.100.16

Each branch has two types of products whose inventory are

hats jackets Hats are all of the same Size and the inventory is a scalar value, hat

Quantity.

26 | P a g e

Jackets come in different sizes and the inventory is maintained in a table,

jacket- table, whose columnar objects are

jacketsize (index)

jacketQuantity

Create a MIB module for your company. The objective is to find the inventory of

any specific product while sitting in your once as president of the company.

a. Draw a MIB subtree.

b. Write a MIB module.

(b) <abc> DEFINITIONS ::= BEGIN

27 | P a g e

abc OBJECT IDENTIFIER ::= { enterprises 5000 } -- Only Products group is defined in this module. -- Products Group abcProducts OBJECT IDENTIFIER ::= { abc 1 } -- the Products group hats OBJECT-TYPE SYNTAX DisplayString (SIZE(0..256)) ACCESS read-only STATUS mandatory DESCRIPTION "Hats are all made in one size and adjustable." ::= {abcProducts 1 } hatQuantity OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Quantity of hats in the inventory." ::= {hats 1 } jackets OBJECT-TYPE SYNTAX DisplayString (SIZE(0..256)) ACCESS read-only STATUS mandatory DESCRIPTION "Jackets are made in different sizes." ::= {abcProducts 2 } -- the Jackets table jacketTable OBJECT-TYPE SYNTAX SEQUENCE OF JacketTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A list of jacket entries." ::= {jackets 1 } jacketTableEntry OBJECT-TYPE SYNTAX JacketTableEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A row in the Jackets table." INDEX { jacketSize } ::= {jacketTable 1 } JacketTableEntry ::= SEQUENCE { jacketSize INTEGER, jacketQuantity INTEGER

28 | P a g e

jacketSize OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Size of jacket." ::= {jacketTableEntry 1 } jacketQuantity OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Quantity of jackets of a given size in the inventory." ::= {jacketTableEntry 1 } END

12. A network manager discovers that a network component is performing

poorly and issues an order to the technician to replace it. Which MIB group

contains this information for the technician to find out the physical location of

the component?

SysLocation in System group

13. How would you use one of the standard MIB objects to determine which of the

stations in a LAN is functioning as a bridge to the external network?

Use the ifIndex MIB in the get-request command. The bridge will have a value of 2

14. TCP is a connection-oriented protocol and UDP is a connectionless protocol.

Identify differences in the two MlBs that exemplify this difference.

TCP connection table has local and remote addresses as indices. UDP Table is only a listener table and has only the local address and port as listening port and does not keep track of the remote address and port.

15. What OBJECT TYPE would you use to identify the address of the neighboring

gateway from your local gateway?

egpNeigAddr in the egpNeighTable.

29 | P a g e

16. An IT manager gets complaints from the users that there is excessive delay in

response over the Ethernet LAN. The manager suspects the cause of the problem is

excessive collisions on the LAN. She gathers statistics on the collisions using the

dot3statsTable and localizes the problem to a single faulty network interface card.

Explain how she localized the problem. You may use RFC 2358 to answer this

exercise.

Gather statistics by making get-request command on the variable dot3StatsExcessiveCollisions, which maps to aFramesAbortedDueToXSColls on IEEE 802.3 managed object in the dot3StatsTable for each station on the LAN and discovered that only the counter with the defective NIC was changing.

17. FDDI is heavily used as a backbone network in a corporate complex.

a. Draw a MIB tree for FDDI MIB. Limit your tree to the top five groups.

b. Develop a three-column table presenting entity OID, arts brief descriptions

of the groups and the tables under each group.

(b)

Entity OID Brief Description

fddi transmisssion 3 FDDI transmission medium

30 | P a g e

fddiMIB fddi 73 FDDI MIB

fddimibSMT fddiMIB 1 SMT (Station Management) table listing

SMT entries

fddimibMAC fddiMIB 2 MAC table listing MAC entries

fddimibMACCounters fddiMIB 3 MAC counters table

fddimibPATH fddiMIB 4 Table of all PATHs across all SMTs

fddimibPORT fddiMIB 5 Table of all PORTs across all SMTs

31 | P a g e

Chapter 5 :

l- Three managed hubs with interface id 11-13 (fourth decimal position value) in

subnetwork 200.100.100.1 are being monitored by a network management system

for mean time between failures using the SysUpTime in system

{internet.mgmt.mib2.system} group. 'The NMS periodically issues the command

get-request object-instance community OBJECT IDENTIFIER

Fill the operands in the three set of requests that the NMS sends out. Use public

for the community variable.

get-request 200.100.100.11 public system.sysUpTime get-request 200.100.100.12 public system.sysUpTime get-request 200.100.100.13 public system.sysUpTime

2- You are assigned the task of writing specifications for configuring SNMP

managers and agents for a corporate network to implement the access policy. The

policy defines a community profile for all managed network components where a

public group (community name public) can only look at the system group, a

privileged group (community name privileged) that can look at all the MIB objects,

and an exclusive group (community name exclusive) that can do a read-write on all

allowed components. Present a figure (similar, but not identical, to the flowchart in

Figure 5.2) showing the paths from the SNMP managers to manager objects of a

network component.

32 | P a g e

3. Fill in the data in the trap PDU format shown in Figure 5.9 for a message sent by

the hub shown in Figure 4.2(a) one second after it is reset following a failure.

Treat the trap as generic and leave the specific trap fields blank. The only varBind

that the trap sends is the sysUpTime. (Refer to RFC 1157 and RFC 1215.)

4. An SNMP manager sends a request message to an SNMP agent requesting

sysUp time at 8:00 A.M. Fill in the data for the fields of an SNMP PDU Shown in

Figure 5.5. Please use ('SNMP'' for the application header, enumerated INTEGER

0 for version1) and “public'' for community name.

5. In Exercise 4, if the SNMP manager sent the request at 8:00 A.M. and the

SNMP agent was reset at midnight after a failure, fill in the fields for the SNMP

PDU on the response received.

6. An SNMP manager sends a request for the values of the sysUpTime in the

System group and ifType in the interfaces group for ifNumber value of 3. Write the

PDUS with the fields filled in for

33 | P a g e

a. the get-request PDU, and

b. the get-response PDU with noSuchName error message for ifType.

7. The following data response information is received my the manager for a get-

request with a varBindList. Compose

a. the get-request PDU, and

b. the get-response PDU.

34 | P a g e

8. Draw the message Sequence diagram Similar to the one in Figure 5.10 for the

hub example given in Figure 4.2(a). Assume that a separate get-request message is

sent for each data value.

35 | P a g e

9. Repeat Exercise 7 with a VarBindlist. Use the format of Figure 5.16.

36 | P a g e

10. For the UDP Group MIB in Figure 4.38, assume that there are three rows for

the columnar objects in the udpTable. Write OBJECT IDENTIFIER for all the

objects in the lexicographic order.

Answer:

T = mib-2.7.5 E = mib-2.7.5.1 E.1.1. E.1.2 E.1.3 E.2.1 E.2.2 E.2.3

11. Draw the message sequence diagram for the following ipNetToMediaTable,

retrieving all the values objects in each row with single get-next-request

commands, similar to the one Shown in Figure 5.16. The indices are

ipNetToMediaIfIndex and ipNetToMediaNetAddress. Ignore obtaining

sysUpTime.

Reordering the table in lexicographic order, we get:

ipNetToMedia

IfIndex

IpNetToMediaPhys

Address

ipNetToMediaNet

Address

ipNetTo

MediaType

16 00000C3920AF 172.16.49.1 4

2 00000C39209D 172.16.56.1 4

37 | P a g e

25 00000C3920B4 192.168.252.15 4

9 00000C3920A6 172.16.55.1 4

Now we can draw the message sequence diagram.

12. Compose the data frames for SNMP PDUS for the example in Figure 5.16 for

the following two cases:

a. the first GetNextRequest (sysUpTime, atPhysAddress) and the GetResponse

b. the second GetNextRequest And GetResponse with values obtained in part (a) .

38 | P a g e

13. A data analyzer tool is used to look at a frame of data traversing a LAN. It is

from the station noc3 in response to a request from noc1. Use the following system

status to answer this question:

Version = 0

Community = netMan

39 | P a g e

Compose the expected data frames for SNMP PDU types. Your frames should look

like the frames in Figure 5.17.

a. GetRequest from manager to manager object

b. GetResponse from managed object to manager

12. The get-request message from noc1 to noc3 looks like:

40 | P a g e

noc3 > noc1

Community = public

GetRequest

Request ID = 100

system.sysUpTime.0

udp.udpInDatagrams.0

udp.udpNoPorts.0

udp.udpInErrors.0

udp.udpOutDatagrams.0

(a) Get-Request Message from Manager-to-Agent

The get-response message from noc3 to noc1 looks like:

noc1 > noc3

Community = public

GetResponse

Request ID = 100

system.sysUpTime.0 = 1000000

udp.udpInDatagrams.0 = 500000

udp.udpNoPorts.0 = 1000

udp.udpInErrors.0 = 5000

udp.udpOutDatagrams.0 = 300000

(b) Get-Response Message from Agent-to-Manager

41 | P a g e

Chapter 8:

1. An NMS connected to an Ethernet LAN is monitoring a network of 10,000

nodes comprising routers, hubs, and workstations. It sends an SNMP query to each

station once a minute and receives a response when the Stations are up.

Assume that an average frame Size is 1000 bytes long for get-request and response

messages.

a. What is the traffic load on the LAN that has the NMS?

b. If the Ethernet LAN operates at a maximum efficiency of 40% throughput, what

is the overhead due to network monitoring? Number of get-request and responses sent per minute = 20,000 Load on the NMS LAN = (20,000*1000*8)/60 = 2.7 Mbps

2. In Exercise 1, assume the network comprises ten subnetworks, with an RMON

monitoring each subnet.

a. Design a heartbeat monitoring system, using RMONs, that indicates failures to

the NMS within a minute of a failure.

b. What is the monitoring load on each subnet?

c. lf the NMS is Still expected to detect any failure within one minute of

occurrence, what is the overhead on the LAN to which the NMS is connected clue

to this traffic?

(a) Each RMON monitors the heartbeat of its own nodes by polling the stations every minute. Whenever an RMON detects a failure, it sends a trap to the NMS. (b) Load on each subnet due to monitoring of RMON = (2,000*1000*8)/60 = 267 kbps (c) Each RMON sends a trap indicating the failure to the NMS once every minute. Thus, the NMS receives 10 frames every minute. Load on the NMS LAN = (10*1000*8)/60 = 1.33 kbps.

3. a.Describe qualitatively how the utilization (number of frames offered|/number

of frames transmitted) repents on frame size.

b. How would you measure the distribution of the frame Size on the LAN?

(a) The larger the frame size (compared to the propagation time on the LAN), the better is the utilization on an Ethernet LAN. This is due to decrease in the collision rate. (b) RMON1 Statistics Group has six objects that measure packet size of 64 (etherStatsPkts64Octets), 65-127 (etherStatsPkts65to127Octets), 128-255 (etherStatsPkts127to255Octets), 256-511 (etherStatsPkts256to511Octets), 512-1023 (etherStatsPkts512to1023Octets), and 1024-1518 (etherStatsPkts1024to1518Octets) bytes. These counters will be read every second and the difference between consecutive readings of each will give the distribution of packet size.

42 | P a g e

4. a. Describe the two methods of measuring collisions on an Ethernet LAN.

b. Compare the two methods in terms of what you can measure.

(a) The two methods of collision measurements are using 802.3 MIB and RMON1 Statistics Group. (b) 802.3 MIB provides the following parameters:

dot3StatsSingleCollisionFrames Number of frames successfully transmitted after

single collision

dot3StatsMultipleCollisionFrames Number of frames successfully transmitted after

more than one collision

dot3StatsexcessiveCollisions Number of frames failed to be transmitted to

excessive collisions

RMON MIB Statistics Group has etherStatsCollisions that gives the best estimate on the total

number of collisions.

5. Two identical token rings with the Same number of Stations operate at different

efficiencies (the ratio of time spent in data transmission to total time). One operates

at a higher efficiency than the other. You suspect that this difference is due to the

different frame sizes of the data frames in the two rings.

a. Why would you suspect the frame size?

b. How would you use RMON to prove your suspicion?

(a) The time taken by the token to travel from one station to the next is the idle time of the ring. The ring with small frames spends more time passing the token relative to the time spent on sending data frames. The Token Ring with large frames spends more time sending data frames. (b) The Token Ring Promiscuous group contains data on the sizes of the frame. It can be used to verify the suspicion.

6.How would you measure the types and distribution of flames in a token ring

lAN?

The distribution statistics on the size and type of packets is obtained using the Token Ring Promiscuous group. There are MIB objects in the Promiscuous group that monitors the total non-MAC data packets, the number of broadcast packets, and the number of multicast packets. There are counts of nine packet sizes of the following range of octets: 18-63, 64-127, 128-255, 256-511, 512-1023, 1024-2047, 2048-4095, 4096-8191, 8192-18000, and greater than 18000.

7. An RMON probe in a network measures Ethernet packets on hub interfaces

(inldex) 1 and 2. The counters were set to zero as the measurements started, and

43 | P a g e

interface 1 has counted 1000 1500-byte packets and interface 2 has measured 100

64-byte packets. These counts are stored in rows 1 and 2 of the

protocolDistStatsTable. They are indexed by the protocolDistControlIndex of 1

and 2 and the protocolDirLocalIndex of 11 and 12.

a. Draw the conceptual rows of the tables involved with the relevant columnar

objects and values.

b. Write each instance of the columnar object of the data with its associated index

and value.

(a)

(b) protocolDistStatsPkts.1.11 = 1000 protocolDistStatsPkts.2.12 = 100 protocolDistStatsOctets.1.11 = 1500000 protocolDistStatsOctets.2.12 = 6400

44 | P a g e

Chapter 12:

1. Execute the commands nslookup and dig on a host IP address and present your

results.

a.Compare the two results for the common information and present it.

b.What kinds of additional information do you get from dig?

1. Execution of nslookup for host noc4 yields: nslookup noc4

Server: cicada.btc.gatech.edu

Address: 199.77.147.28

Name: noc4.btc.gatech.edu

Address: 199.77.147.144

Execution of dig for host noc4 yields:

dig noc4|more

; <<>> DiG 8.2 <<>> noc4

;; res options: init recurs defnam dnsrch

;; got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUERY SECTION:

;; noc4, type = A, class = IN

;; AUTHORITY SECTION:

. 9m17s IN SOA A.ROOT-SERVERS.NET.

hostmaster.INTERNIC.

45 | P a g e

NET. (

1999071500 ; serial

30M ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

;; Total query time: 2 msec

;; FROM: noc2 to SERVER: default -- 199.77.147.28

;; WHEN: Fri Jul 16 06:24:37 1999

;; MSG SIZE sent: 22 rcvd: 95

(a) Both utilities provide the DNS as 199.77.147.28

(b) Dig (domain information groper) is a flexible command line tool which can

be used to gather information from the Domain Name System servers with numerous

query options (See RFC 1035).

An extract of a print out of the command is given as an example here. It has four parts:

query, answer, authority, and additional. The answer section contains answers to

specific query. The authority section lists the authoritative domain name servers and

the additional section lists additional domain name server information.

noc2% dig -x 199.77.147.28

; <<>> DiG 8.2 <<>> -x

;; res options: init recurs defnam dnsrch

;; got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6

46 | P a g e

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUERY SECTION:

;; 28.147.77.199.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:

28.147.77.199.in-addr.arpa. 22h52m52s IN PTR cicada.btc.gatech.edu.

;; AUTHORITY SECTION:

147.77.199.IN-ADDR.ARPA. 22h52m52s IN NS eagle.gcatt.gatech.edu.

;; ADDITIONAL SECTION:

eagle.gcatt.gatech.edu. 12H IN A 199.77.146.19

;; Total query time: 5 msec

;; FROM: noc2 to SERVER: default -- 199.77.147.28

;; WHEN: Fri Jul 16 07:24:57 1999

;; MSG SIZE sent: 44 rcvd: 144

2. Use dig to determine the authoritative domain name delivers for the zone

associated with altavista.com

All the answers given below are correct since they are all nameservers that maintain information about the zone: ns1.altavista.com. ns2.altavista.com. ns3.altavista.com. cr1.dec.com ns.dec.com

3. Using dig, list all the hosts associated with the zone of altavista.com.

47 | P a g e

The output of the dig command contains the following hosts in a try: altavista.com. 7200 NS ns3.alta-vista.net. altavista.com. 7200 NS crl.dec.com. altavista.com. 7200 NS ns.dec.com. altavista.com. 7200 NS ns1.alta-vista.net. altavista.com. 7200 NS ns2.alta-vista.net. altavista.com. 7200 MX 100 av-ops4.alta-vista.net. altavista.com. 7200 MX 200 mail1.digital.com. altavista.com. 7200 MX 200 mail2.digital.com. altavista.com. 7200 MX 50 av-ops3.alta-vista.net. altavista.com. 7200 A 209.162.76.11 altavista.com. 7200 A 209.162.76.5 altavista.com. 7200 A 204.152.190.18 altavista.com. 7200 A 204.152.190.69 altavista.com. 7200 A 204.152.190.70 altavista.com. 7200 A 204.152.190.71 altavista.com. 7200 A 204.152.190.72 altavista.com. 7200 A 204.152.190.14 altavista.com. 7200 A 204.152.190.19 altavista.com. 7200 A 204.152.190.13 altavista.com. 7200 A 204.152.190.16 altavista.com. 7200 A 204.152.190.11 safari.altavista.com. 7200 CNAME crawl7.av.pa-x.dec.com. ads.altavista.com. 7200 A 204.123.9.72 loghost.altavista.com. 7200 CNAME localhost.altavista.com. babelfish.altavista.com. 7200 A 204.123.9.67 babelfish.altavista.com. 7200 A 204.123.9.65 localhost.altavista.com. 7200 A 127.0.0.1 c-ns1.altavista.com. 7200 A 204.152.191.250 images.altavista.com. 7200 CNAME image.altavista.com. my.altavista.com. 7200 A 204.123.9.121 my.altavista.com. 7200 A 204.123.9.79 my.altavista.com. 7200 A 204.123.9.80 cpq.my.altavista.com. 7200 A 204.123.9.80 cpq.my.altavista.com. 7200 A 204.123.9.121 cpq.my.altavista.com. 7200 A 204.123.9.79 finance.altavista.com. 7200 A 208.221.32.66 research.finance.altavista.com. 7200 A 216.34.1.31 investing.finance.altavista.com. 7200 A 216.34.1.30 adbid.altavista.com. 7200 A 199.95.206.28 zip2.altavista.com. 7200 NS ns2.zip2.com. zip2.altavista.com. 7200 NS auth00.ns.uu.net.

48 | P a g e

zip2.altavista.com. 7200 NS ns3.alta-vista.net. zip2.altavista.com. 7200 NS ns1.zip2.com. family.altavista.com. 7200 CNAME jump.altavista.com. image.altavista.com. 7200 A 204.152.190.74 image.altavista.com. 7200 A 204.152.190.75 thumbnail.image.altavista.com. 7200 A 204.152.190.23 thumbnail.image.altavista.com. 7200 A 204.152.190.24 jump.altavista.com. 7200 A 204.152.190.8 jump.altavista.com. 7200 A 204.152.190.9 jump.altavista.com. 7200 A 204.152.190.7 ns1.altavista.com. 7200 CNAME ns1.alta-vista.net. ns2.altavista.com. 7200 CNAME ns2.alta-vista.net. ns3.altavista.com. 7200 CNAME ns3.alta-vista.net. survey.altavista.com. 7200 A 204.123.9.151 discovery.altavista.com. 7200 A 204.123.9.114 forum.discovery.altavista.com. 7200 CNAME discovery2.av.pa-x.dec.com. ie.altavista.com. 7200 A 204.123.9.127 ie.altavista.com. 7200 A 204.123.9.125 shopping.altavista.com. 7200 CNAME olympian.doubleclick.net. maps.altavista.com. 7200 CNAME avmaps.zip2.com. ww2.altavista.com. 7200 A 204.123.2.67 www.altavista.com. 7200 CNAME altavista.com. affiliate.altavista.com. 7200 A 204.152.190.25 affiliate.altavista.com. 7200 A 204.152.190.26 careers.altavista.com. 7200 A 204.123.9.98 add-url.altavista.com. 7200 A 204.123.9.76 video.altavista.com. 7200 A 204.123.9.59

4.Using dig, determine the domain name that corresponds to the IP

address198.116.142.34.

Use -x option $ dig –x 198.116.142.34 yields 34.142.116.198.in-addr.arpa. 900 PTR foundation.hq.nasa.gov; i.e. foundation.hq.nasa.gov is what the IP address resolves to.

5. a. As a network engineer, you are required to aid and configure a nomanaged

network component that has multiple interfaces remotely. What network utility

would you use?

5. b. Discover the details on interfaces available on a host that has already been

configured.

49 | P a g e

(a) The utility to be used is ifconfig. (b) Answer varies from machine to machine, because of difference in settings and hardware. The answer was generated on a machine that runs FreeBSD v.2.8-RELEASE: ifconfig –a ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500

inet 194.44.x.30 netmask 0xfffffff0 broadcast 194.44.x..31

inet 194.44.x.202 netmask 0xfffffff0 broadcast 194.44.x..207

ether 00:20:78:07:8c:74

tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552

ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 296

inet 194.44.x.30 --> 194.44.x.195 netmask 0xfffffff0

ppp2: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 296

inet 194.44.x.30 --> 194.44.x.193 netmask 0xfffffff0

ppp4: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 296

inet 194.44.x.30 --> 194.44.x.194 netmask 0xfffffff0

ppp6: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp7: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp8: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp9: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp10: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

ppp11: flags=8010<POINTOPOINT,MULTICAST> mtu 1500

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet 127.0.0.1 netmask 0xff000000

50 | P a g e

6. AS a network manager, you are responsible for the operation of a network. You

notice heavy traffic in a host that is on a TCP/IP network and want to find out the

details.

a. What basic network monitoring tools) would you use?

b. What would you look for in your results?

(a) The most useful tool is tcpdump, which can be used to analyze the packets

across each interface. (b) Look for the source and destination hosts, incoming or outgoing traffic, and the type of protocols. The data could be filtered to yield information on the source and destination hosts and the protocols. Various expressions of filtering could be used to probe into as much detail as to identify the culprit causing the traffic.

7. Using tcpdump on an Ethernet interface on a host, capture ten IP packets. .

6. The command to be invoked is tcpdump –i ed0 –c 10 Answer varies from machine to machine, because of difference in settings and hardware. The answer was generated on a machine that runs FreeBSD v.2.8-RELEASE:

tcpdump: listening on ed0 18:08:58.930277 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P

4144893661:4144893705(44) ack 2549605032 win 17520 (DF) [tos 0x10]

18:08:59.202250 somehost2.lviv.ua.625 > somehost1.cv.ua.ssh: . ack 44 win 17520

(DF) [tos 0x10]

18:08:59.490162 somehost3.on.home.com.15680 > somehost1.cv.ua.http: . ack

4259952313 win 49152 (DF)

1:1461(1460) ack 0 win 17520 (DF)

18:08:59.491398 somehost1.cv.ua.http > somehost3.home.com.15680: .

1461:2921(1460) ack 0 win 17520 (DF)

18:08:59.908582 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 44:668(624) ack

1 win 17520 (DF) [tos 0x10]

18:09:00.930373 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 668:768(100)

ack 1 win 17520 (DF) [tos 0x10]

18:09:00.930435 somehost1.cv.ua.ssh > somehost2.lviv.ua.625: P 768:800(32) ack

1 win 17520 (DF) [tos 0x10]

51 | P a g e

18:09:01.013198 somehost2.lviv.ua.625 > somehost1.cv.ua.ssh: . ack 668 win

17520 (DF) [tos 0x10]

18:09:01.137734 somehost3.on.home.com.15680 > somehost1.cv.ua.http: . ack

1461 win 49152 (DF)

8. a. What are the five major forms of display formats available in the netstat

command? Give one or two sentence description of each.

8.b. Cite an application for each of the display formats mentioned in part (a) in the

daily network operations.

8. (a) The six groups of options for the netstat utility yield information on: (1) network connections, (2) routing table, (3) interface statistics, (4) masquerade connections, and (5) multicast memberships. Network connections ( option) provide the details on the network connections including active sockets, local and remote address, etc. The routing table provides the contents of the routing table similar to arp. The interface statistics consists of interface name, maximum packet size (MTU), input and output number of packets and errors. Masquerade connections are associated with the unofficial host addresses that are hidden from external network. Multicast membership is associated with multicast routing statistics. (b) Network connections provide enormous information and a good place to start with a trouble on a network or host. For example we could see the status of the TCP sockets to troubleshoot TCP problems. The routing table, which has a finite life could be used to trace the active hosts that there was communication within the last purge cycle. Problems associated with interfaces is tracked using interface option, This is similar to ifconfig. Masquerade option is used with security considerations. Multicast member ship presents multicast routing and is used to track the multicast problems.

9. Execute the three options (a) -N, (b) -r, and (c) -i of netstat on a host and explain

your results.

(a) noc2% netstat -N

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 199.77.147.142:23 130.207.160.11:13918 ESTABLISHED

tcp 0 128 199.77.147.142:23 205.152.8.138:3405 ESTABLISHED

52 | P a g e

tcp 0 0 199.77.147.142:23 130.207.8.31:36047 ESTABLISHED

We notice that three tcp connections that are established

(b) noc2% netstat -r

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

199.77.147.183 * 255.255.255.255 UH 0 0 0 ppp0

199.77.147.142 * 255.255.255.255 UH 0 0 0 eth0

199.77.147.0 * 255.255.255.0 U 0 0 0 eth0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default main-rtr.gcatt. .0.0.0 UG 0 0 0 eth0

The default gateway is main-rtr.gcatt. Two hosts and two network connections are in

the current routing table.

(c) noc2% netstat -i

Kernel Interface table

Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg

eth0 1500 0 13856531 0 0 0 10046835 0 0 0 BRU

lo 3924 0 276700 0 0 0 276700 0 0 0 LRU

ppp0 552 0 24 0 0 0 22 0 0 0 OPRU

Three interfaces - Ethernet, loop back and PPP exist with the packet traffic statistics

associated with them.

10. Compare the results of routing tables obtained from using the arp and netstat

utilities.

noc2% /sbin/arp –n Address HWtype HWaddress Flags Mask Iface

53 | P a g e

199.77.147.28 ether 00:60:4E:00:56:FE C eth0 199.77.147.1 ether 00:60:3E:C0:24:40 C eth0 199.77.147.144 ether 00:A0:24:48:86:81 C eth0 199.77.147.183 * * MP eth0 noc2% netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 199.77.147.183 * 255.255.255.255 UH 0 0 0 ppp0 199.77.147.142 * 255.255.255.255 UH 0 0 0 eth0 199.77.147.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default main-rtr.gcatt. .0.0.0 UG 0 0 0 eth0 We notice common addresses in the two tables. The main-rtr is the same as 199.77.147.28. Host 199.77.147.144 address in the arp table is missing from the routing table - purged?

11. Ping an international site 100 times and determine the percentage packet loss.

The following solution is for 10 packets. noc2% ping -c 10 205.152.8.138 PING 205.152.8.138 (205.152.8.138): 56 data bytes 64 bytes from 205.152.8.138: icmp_seq=0 ttl=18 time=65.3 ms 64 bytes from 205.152.8.138: icmp_seq=1 ttl=18 time=47.3 ms 64 bytes from 205.152.8.138: icmp_seq=2 ttl=18 time=45.3 ms 64 bytes from 205.152.8.138: icmp_seq=3 ttl=18 time=50.9 ms 64 bytes from 205.152.8.138: icmp_seq=4 ttl=18 time=47.3 ms 64 bytes from 205.152.8.138: icmp_seq=5 ttl=18 time=45.3 ms 64 bytes from 205.152.8.138: icmp_seq=6 ttl=18 time=39.0 ms 64 bytes from 205.152.8.138: icmp_seq=8 ttl=18 time=218.1 ms 64 bytes from 205.152.8.138: icmp_seq=9 ttl=18 time=39.9 ms --- 205.152.8.138 ping statistics --- 10 packets transmitted, 9 packets received, 10% packet loss round-trip min/avg/max = 39.0/66.4/218.1 ms

12. Execute traceroute to a well-known host name and measure the effective

throughput for one of the point-to-point links in the path using bing. (hint; Vary the

packet size in bing if your results do not look right.)

Execute the following steps. (1) Obtain a list of hops and select one of them for measurements using traceroute; for

54 | P a g e

example, $ traceroute www.altavista.com. (2) Measure the effective bandwidth of one of the hops (point-to-point links): $ bing –v L1 L2 where L1 and L2 are the respective IP addresses of the point-to-point link that was selected for measurements. (3) It might happen that the results of measurements do not seem realistic (Negative or very large throughput values). In this case we might need to increase the packet size and re-run the command: $ bing –S 3000 –v L1 L2 *** Note: BING package must be installed, see http://spengler.econ.duke.edu/~ferizs/bing.html#install

13. In diagnosing poor network performance-for example, delay-you need to know

where the bottleneck is. Use traceroute to an international Site on another

continent arts isolate the belay in the path.

The site chosen is a host in BanglaDesh. (Also the students could try president.gov.al. traceroute ns1.bangla.net traceroute to ns1.bangla.net (203.188.252.2), 30 hops max, 40byte packets 1 cc-cisco1-comm.cc.gatech.edu (130.207.8.1) 2 ms 1 ms 1 ms 2 130.207.251.1 (130.207.251.1) 2 ms 2 ms 2 ms 3 f1-0.atlanta2-cr99.bbnplanet.net (192.221.26.2) 4 ms 3 ms 4 ms 4 f1-0.atlanta2-br2.bbnplanet.net (4.0.2.90) 6 ms 4 ms 3 ms 5 s4-0-0.atlanta1-br2.bbnplanet.net (4.0.1.149) 5 ms 5 ms 4 ms 6 core4-hssi5-0-0.Atlanta.cw.net (204.70.10.169) 6 ms 4 ms 5 ms 7 corerouter2.SanFrancisco.cw.net (204.70.9.132) 65 ms 65 ms 65 ms 8 xcore2.SanFrancisco.cw.net (204.70.150.137) 68 ms 69 ms 68 ms 9 cwusa-mciworldcom.SanFrancisco.cw.net (166.63.53.230) 233 ms 233 ms 230 ms 10 f5-0.tmh02.hkt.net (205.252.128.194) 247 ms 240 ms 239 ms 11 fddi2-0.yck06.hkt.net (210.176.133.25) 238 ms 239 ms 239 ms 12 f5-1.hk-T3.hkt.net (205.252.130.239) 246 ms 247 ms 247 ms 13 202.84.133.114 (202.84.133.114) 249 ms 270 ms 247 ms 14 cgw2.pacific.net.hk (202.14.67.177) 250 ms 252 ms 252 ms 15 202.64.247.6 (202.64.247.6) 1365 ms 1095 ms 1232 ms 16 * ns1.bangla.net (203.188.252.2) 1204 ms 1044 m

14. Execute the arp command on a host or router in your network multiple times.

Comment on the content and size of your results. (Your network may keep you

55 | P a g e

from exercising this utility).

Executing arp with option a, we get: arp –a netman Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- hme0 morticia.cc.gatech.edu 255.255.255.255 08:00:20:75:f5:3a hme0 cc-cisco1-comm.cc.gatech.edu 255.255.255.255 00:10:2f:ff:70:00 hme0 appalachian.cc.gatech.edu 255.255.255.255 08:00:20:1d:26:0f hme0 lurch.cc.gatech.edu 255.255.255.255 08:00:20:0f:12:78 hme0 netman.cc.gatech.edu 255.255.255.255 SP 08:00:20:9a:19:ff hme0 aphasia.cc.gatech.edu 255.255.255.255 08:00:20:87:99:5a hme0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:00:5e:00:00:00 arp –a netman Net to Media Table Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- hme0 morticia.cc.gatech.edu 255.255.255.255 08:00:20:75:f5:3a hme0 cc-cisco1-comm.cc.gatech.edu 255.255.255.255 00:10:2f:ff:70:00 hme0 appalachian.cc.gatech.edu 255.255.255.255 08:00:20:1d:26:0f hme0 vipper.cc.gatech.edu 255.255.255.255 08:00:20:96:1f:34 hme0 fagus.cc.gatech.edu 255.255.255.255 00:60:08:05:90:0d hme0 adsl1.cc.gatech.edu 255.255.255.255 08:00:20:93:df:3a hme0 netman.cc.gatech.edu 255.255.255.255 SP 08:00:20:9a:19:ff hme0 grandmama.cc.gatech.edu 255.255.255.255 08:00:20:75:db:14 hme0 mayzie.cc.gatech.edu 255.255.255.255 08:00:20:89:f0:75 hme0 BASE-ADDRESS.MCAST.NET 240.0.0.0 SM 01:00:5e:00:00:00 The arp cache table has changed between the readings. The list contains the information on the hosts reached by / via netman host. The port (single in this case) is an Ethernet interface (hme0). The IP address, mask, and MAC address are included.

15. From a workstation in a segment of your institute's network, discover all

other workstations in your segment, using a network tool. Substantiate your

result with the gathered data.

Use broadcast ping to discover the other hosts in the segment. ping a.b.c.255 for a class C segment. assuming your subnet is class C. A bridged neighboring segment would appear in the result with a different subnet ID, say a.b.d.x.

56 | P a g e

16. If your network Segment is bridged to another subnet, you would have noticed

it in Exercise 15. Using network tools, discover the workstations on the

neighboring segment if there is one. Substantiate your result with the gathered

data.

Broadcast ping to the neighboring subnet, ping a.b.d.255 (See solution for Exercise 15).

57 | P a g e

Chapter 13:

1. You are asked to do a study of the use pattern of 24,000 workstations in an

academic institution. Make the following assumptions. You ping each

Station periodically. 'The message size in both directions is 128 bytes long.

The NMS that you are using to do the study is on a 10Mbps LAN, which

functions at 30 percent efficiency. What would be the frequency of your

ping if you were not to exceed 5 percent overhead? The normal load on the LAN at 30 % efficiency is 3 Mbps. At 5% overhead, the load due to the study should not exceed 150 kbps. Each round of ping for 24,000 stations at 2*128 bytes is 49,152,000 bits. Therefore, duration of each round is 49152/150 is 327.68 seconds or 5.46 minutes. To be within the constraint of overhead, the periodicity of pinging should be greater than 5.46 minutes

2. List and contrast the tools available to discover network components The techniques used to do discover network components include: - arp/rarp: By looking up the ARP table in your host or router Gives the IP address to MAC address for hosts in the subnet - netstat or route: Looking up routing table that contain all hosts since last update - ping a.b.c.255:By broadcast pinging. If configured, gives all the hosts in the subnet on host from which ping is executed - tcpdump: by looking at the local traffic in promiscuous mode using protocol analyzers or tcpdump

3. The autodiscovery in Some NMSs is done by the network management system

starting with an arp query to the local router.

a. How would you determine the IP address of the local router?

b. Determine the local router of your workstation.

(a)The arp query on the local host of NMS would contain the router IP-MAC address. The router could also be discovered by doing traceroute, and identifying the gateway out of the subnetwork. (b) arp -a noc3.btc.gatech.edu (199.77.147.143) at 00:60:97:DD:F4:D4 [ether] on eth0 cicada.btc.gatech.edu (199.77.147.28) at 00:60:4E:00:56:FE [ether] on eth0 main-rtr.gcatt.gatech.edu (199.77.147.1) at 00:60:3E:C0:24:40 [ether] on eth0 noc4.btc.gatech.edu (199.77.147.144) at 00:A0:24:48:86:81 [ether] on eth0 noc6.btc.gatech.edu (199.77.147.183) at * PERM PUP on eth0 The router is 199.77.147.1 (the last decimal also gives it as router due to convention). traceroute netman.cc.gatech.edu traceroute to netman.cc.gatech.edu (130.207.8.31), 30 hops max, 40 byte packets 1 main-rtr.gcatt.gatech.edu (199.77.147.1) 1.244 ms 1.463 ms 1.057 ms

58 | P a g e

2 130.207.251.2 (130.207.251.2) 2.487 ms 1.836 ms 1.623 ms 3 netman.cc.gatech.edu (130.207.8.31) 2.346 ms * 1.982 ms Same router 199.77.147.1 is identified as in the arp command.

4. You are responsible for designing the auto discovery module of an NMS.

Outline the procedure and the software tools that you would use.

There are many alternative approaches to this problem, one of which is given here. 1. Execute broadcast ping or hosts to discover the hosts in the local subnet. 2. Execute arp to discover the router. 3. Execute route to discover the addresses in the routing table. 4. Identify the new hosts and routers and keep increasing the scope one additional hop at a time.

5. Redraw Figures 13.4 and 13.5 for WAN, based on IP address.

59 | P a g e

6. You are the manager of a NOC. Set up a procedure that would help your

operators track the failure of a workstation that is on a virtual LAN.

Make sure that the location field is filled in the MIB System group has location filled. It is a good practice. When there is a failure, immediately identify the arp table in the switched hub which will identify the address to port that would contain the port of the failed host. If the trouble is tracked after sometime, you can use Interfaces MIB on the hubs to trace the failed port.

7. What MIB object would you monitor for measuring the collision rate on an

Ethernet LAN? Use Ethernet-like Interface MIB, RFC 1398. The MIB object is dot3CollFrequencies, which is described as: "A count of individual MAC frames for which the transmission (successful or otherwise) on a particular interface is accompanied by a particular number of media collisions.

8. Ethernet performance degrades when the collision ratio reaches 30 to 40 percent.

Explain. How you would use the 802.3 MIB IRFC 1398) to measure the

collision ratio of an Ethernet LAN. The collision ratio of the LAN is the total

number of collisions divided lay the number of packets offered to the LAN,

measured on the Ethernet interface Total number of collisions, C, can be calculated form dot3collTable in which the number of frames which had 1, 2 ..,16 collisions. Each row contains the histograms of number of frames with collisions 1 to 16. Frames with 16 collisions are discarded due to excessive collisions. Number of frames offered to the LAN, T, is ifOutUcastPkts, (in Interfaces MIB) which is the number of packets to the Ethernet layer by higher layer. Collision rate is C/T.

9. Repeat Exercise 7, using an icon MIB The etherStatsCollisions in the Ethernet Statistics group gives the best estimate on the total number of collisions on the Ethernet segment. Use this for C defined in Exercise 8.

10 a. The trap alarm thresholds are set at two levels-rising and falling. Explain

the reasoning behind these Settings.

b. Define all the RMON parameters to be set for generating and resetting alarms

when the collision rate on an Ethernet LAN exceeds 120,000 collisions per

second and falls below 100,000 collisions per second. Use eventIndex values of

1 and 2 for event generation for the rising and falling thresholds.

60 | P a g e

(a) The reason for having a high and low threshold is to provide a hysteresis in generating the alarm. Thus, if the alarm is generated while crossing the high end in the upward direction, it will not be generated until it crosses the lower threshold at least once before crossing upper threshold again. For sustained alarm, the alarm could be turned on while crossing the high threshold in the upward direction and off when crossing the low threshold in the downward direction. (b)For the particular interface, define the values in the RMON Alarm table alarmInterval = 1 alarmVariable = etherStatsCollisions alarmSampleType = 2 alarmStartupAlarm = 3 alarmRisingThreshold = 120000 alarmFallingThreshold = 100000 alarmRisingEventIndex = 1 alarmFallingEventIndex = 2