HW5456s

SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over Transmission Control Protocol (TCP). A TCP connection is set up between a user agent and a server program. The server listens on TCP port 25 for incoming connection requests. The user end of the connection is on a TCP port number above 1023. Suppose you wish to build a packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set: Rule Direction Src Addr Dest Addr Protocol Dest Port Action A In External Internal TCP 25 Permit B Out Internal External TCP > 1023 Permit C Out Internal External TCP 25 Permit D In External Internal TCP > 1023 Permit E Either Any Any Any Any Deny Describe the effect of each rule.

SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over Transmission Control Protocol (TCP). A TCP connection is set up between a user agent and a server program. The server listens on TCP port 25 for incoming connection requests. The user end of the connection is on a TCP port number above 1023. Suppose you wish to build a packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set: Rule Direction Src Addr Dest Addr Protocol Dest Port Action A B C D E In Out Out In Either External Internal Internal External Internal External External Internal Any Any a. Describe the effect of each rule. TCP TCP TCP TCP Any 25 > 1023 25 > 1023 Permit Permit Permit Permit Any Deny A

SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over Transmission Control Protocol (TCP). A TCP connection is set up between a user agent and a server program. The server listens on TCP port 25 for incoming connection requests. The user end of the connection is on a TCP port number above 1023. Suppose you wish to build a packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set: Rule Direction Src Addr Dest Addr Protocol Dest Port Action A B с D E In Out Out Either External Internal External Internal Internal External Any External Internal Any TCP TCP TCP TCP Any 25 Permit > 1023 Permit 25 Permit > 1023 Permit Any Deny Your host in this example has IP address 172.16.1.1. Someone tries to send e- mail from a remote host with IP address 192.168.3.4. If successful, this will generate an SMTP dialogue, consisting of SMTP commands and mail, between the remote user and the SMTP server on your host.…

SMTP (Simple Mail Transfer Protocol) is the standard protocol for transferring mail between hosts over Transmission Control Protocol (TCP). A TCP connection is set up between a user agent and a server program. The server listens on TCP port 25 for incoming connection requests. The user end of the connection is on a TCP port number above 1023. Suppose you wish to build a packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set: Rule Direction Src Addr Dest Addr Protocol Dest Port Action A B C D E In Out Out In Either External Internal Internal External Internal External Any External Internal Any TCP TCP TCP TCP Any 25 > 1023 25 > 1023 Permit Permit Permit Permit Any Deny Someone from the outside world (10.1.2.3) attempts to open a connection from port 5150 on a remote host to the Web proxy server on port 8080 on one of your local hosts (172.16.3.4), in order to carry out an attack. Typical packets are as follows: Scenario Direction 3 4 In…

Computer Science Write TCP Send/Receive methods for text-based communication which uses the “$>!!$>” as the boundary pattern for messages. You can use Helper classes to ease your pseudo code.

ABC Company needs to deploy an application through which incoming TCP packets are to be scrutinized according to the content type and the payload information it carries. While content types are explicitly available through the flag, payload contents are to be read and sorted. To sort this incoming TCP packets payload, identify the method and sort the payload accordingly. Imagine the inputs accordingly. Write a Code Using JAVA STREAM FILTER

A DoS attack has been reported against FTP server 192.168.56.1. FTP traffic spikes were seen prior to the FTP server being taken offline. A network packet capture is delivered to you through this link. From an investigator perspective, what are the IoCs of this case? By following the packet capture analysis methodology, synthesize the right filters that could be used to complete your investigation and answer the following questions: What caused the spikes in FTP traffic? What events took place prior to the FTP server being taken offline? Were any files transferred to/from the FTP server or were any user accounts compromised?

Please solve it correctly and please provide explanation of your answers.   A PC and a Web Server are communicating over a TCP connection. The PC had started the three way handshake with the initial sequence number of 3069 . The Web Server's initial sequence number is 4830 . The window size of the PC is 815 bytes and the window size of the Web Server is 463 bytes. Using the third TCP handshake ack segment the PC sends the http request of the size 396 bytes to the Web Server. Then the Web Server answers with 3 segments containing the requested data. The first segment size is 42 bytes and the second segment size is 276 bytes and the third segment size is 146 bytes respectively. The PC receives all three segments within the timer. But unfortunately the second segment was corrupted. So the PC immediately sends an acknowledgement segment. Assume that the PC uses Selective Repeat/Reject ARQ.   (d) What will be the window size of PC A after receiving only the first segment from webserver? (e)…

Please solve it correctly and please provide explanation of your answers.   A PC and a Web Server are communicating over a TCP connection. The PC had started the three way handshake with the initial sequence number of 3069 . The Web Server's initial sequence number is 4830 . The window size of the PC is 815 bytes and the window size of the Web Server is 463 bytes. Using the third TCP handshake ack segment the PC sends the http request of the size 396 bytes to the Web Server. Then the Web Server answers with 3 segments containing the requested data. The first segment size is 42 bytes and the second segment size is 276 bytes and the third segment size is 146 bytes respectively. The PC receives all three segments within the timer. But unfortunately the second segment was corrupted. So the PC immediately sends an acknowledgement segment. Assume that the PC uses Selective Repeat/Reject ARQ.    (a) What will be the sequence number of the third TCP handshake signal send from PC to webserver?…

HTTP/2 versus HTTP/1.1: object download delays. Consider a client and a server, separated by an RTT of 4 time units. The client makes a request for 4 objects at t=0. O1 consists of 10 frames, 02 and 04 each consist of 1 frame, and 03 consists of 2 frames. In the HTTP/2 example shown below, the server is transmitting frames to the client in the order 01, 02, 03, 04 (as long as there are frames of type i to transmit, and when not the server just moves on to a frame from object i+1 mod 4). Each frame takes 1 time unit to transmit. server GET O4 GET 03 GET O2 GET 01 object data requested client O4 O2 Оз Under HTTP 1.1 (not shown below), the server would send 01, 02, 03, O4 in that first-come-first-served (FCFS) order, sending each object in its entirety before moving on to send the next object in that order. Let's define the object download delay as the time from when an object is requested (at t=0 below) to the time that object is received in its entirety. What is the average object…

The following questions are related to HTTP protocol Q1. The first line of a HTTP request from some client to some server is basically made of where the web page file path is added. The path is shown as folders separated by slash. Q2. If an HTTP server responds to a client request and the response is a success, what is the http code and string that marks a success response? Must provide the code and the string as they appear in TCPDump or Wireshark traces. (note: use upper case for the string and also proper spacing in you answers. Keep the order of the string and the code as seen in TCPDump) Answer: code and string that marks a success response Q3. What http header field is used to identify an address of a web page (i.e. the URI) that linked to the resource currently being requested. This field indicates the last page the user/requester was on by the time they link to the requested page. Answer: The field that indicates the last page the user/requester was on is Q4. What is the http…

Assume that Computer A, which is connected through an Ethernet cable to the Switch S1, is just powered on. The user opens a browser and then types a website address to receive the website from the Server (as shown in Figure 1). Write down all the important protocols that come into play by the time the first frame containing HTTP request reaches R1. (Note: Before HTTP frame, other frames have already been sent by other protocol(s).) Write down all the protocols with reference to the TCP Model as follows?             Application Layer:             Transport Layer:             Internet Layer:             Link Layer:

Assume that Computer A, which is connected through an Ethernet cable to the Switch S1, is just powered on. The user opens a browser and then types a website address to receive the website from the Server (as shown in Figure 1). Write down all the important protocols that come into play by the time the first frame containing http request reaches R1. (Note: Before http frame, other frames have already been sent by other protocol(s).)   Write down all the protocols with reference to the TCP Model as follows.                 Application Layer:               Transport Layer:               Internet Layer:               Link Layer:               [Physical Layer (if needed)]:               After writing down the protocols that come into play, briefly write the procedure as to what happens

A TCP server requires four separate actions to start up: SOCKET, BIND, LISTEN, and ACCEPT. Argue either for or against the following proposi- tion: The TCP library should be redesigned to combine the four TCP server setup calls into just one or two new calls. If for, give the parameters and return values of the resultant new call(s), and give a description and example of its use. If against, give examples of things one might like to do that would be hindered by a consolidated system.

The telnet program has been replaced by SSH for reasons of security. In particular, telnet does not use any encryption, making the network traffic it generates susceptible to sniffing attacks. To see how bad this can be, try the following steps: In the Wireshark window, above the packet list pane (above the top pane), you will see text entry field with ‘Apply a display filter…’ shown. Enter the value telnet in this field and press ENTER. In the packet list pane (top pane), scroll to the very top of the list and then right click the entry for the first packet and then select the Follow submenu and the TCP Stream menu option. A window is now displayed on the screen. Reflect on the information presented and consider the following questions: 1) Why do you think these results are there? 2) What does it say about the process you have gone through? 3) What differences would be observed if SSH was used instead? 4) Were any other protocols present in your network capture? What is the purpose of…

Download delays for 100 objects (HTTP 1.1 with browser caching). Consider an HTTP 1.1 client and server. The RTT delay between the client and server is 2 seconds. Suppose the time a server needs to transmit an object into its outgoing link is 3 seconds, as shown below for the first of these 100 requests. initiate TCP connection RTT request file RTT file received time You can assume that any other HTTP message not containing an object sent by the client and server has a negligible (zero) transmission time. Suppose the client makes 100 requests, one after the other, waiting for a reply to a request before sending the next request. 352 secs Using HTTP 1.1, how much time elapses between the client transmitting the first request, and the receipt of the last requested object, assuming the client uses the IF- MODIFIED-SINCE header line, and 50% of the objects requested have not changed since the client downloaded them (before these 100 downloads are performed)? 350 secs 252 secs time to…

1. It is a protocol for encapsulating data packets that use one routing protocol inside the packets of another protocol. 2. It is a hash function that has been deprecated for uses other than as a non-cryptographic checksum to verify data integrity and detect unintentional data corruption. 3. An algorithm which is a pseudorandom function family in that it can easily generate arbitrary portions of the keystream without having to start from the beginning. 4. What is the most popular and widely implemented flavor of STP? 5. An algorithm that comprises of a series of linked operations, some of which involve replacing inputs by specific outputs (substitutions) and others involve shuffling bits around (permutations). 6. It is calculated using port cost values associated with port speeds for each switch port along a given path in STP 7. A proprietary architecture that authenticates users and devices using the identity-enabled network approach, and enables the government workforce to connect…

In this programming assignment, you will implement a decentralized peer-to-peer network architec-ture (P2P), including the basic implementation of the BitTorrent protocol (BTP). General P2P architec-tures can be classified into centralized and decentralized, In P2P centralized architectures, new peers senda request to the Traker (normally done via HTTP) requesting a list containing all the IP addresses ofthe peers that are already connected to the P2P network sharing the same file. The tracker then, replieswith a response containing such list. In P2P decentralized architecture, each peer is also a Traker, and itcan share only limited resources because it only sees the partial network. On the other hand, P2P decen-tralized networks avoid single point of failure since they do not depend of centralized trackers. Examplesof P2P applications that are/were implementing centralizing architectures are Nasper, the Berkeley OpenNetwork Infrastructure (BOINC) and some versions of BitTorrent.…

Assume that there is a system call connect). This system call takes an IP address as an argument and then creates a TCP connection with that IP address. For example, connect(10.10.10.10) will create a TCP connection with the machine that has the IP address 10.10.10.10. Now, imagine that for the ptrace sandbox, the connect() system call is blocked for a known bad IP address 20.20.20.20. However, the attacker wants to connect to this blocked IP address (the attacker wants a TCP connection to 20.20.20.20, which is not allowed in the policy). It is also given that the connect() system call is allowed for the IP address 1.1.1.1. What can the attacker do to bypass this restriction and trick the ptrace sandbox (and the Operating System) Into running the connect() system call with the argument 20.20.20.207

Q2- You are designing a connection mechanism between two programs, sending packets of data over the internet. You are trying to choose a size for the packets to be sent, depending on the capacity of the channel (channel bandwidth). For example, if a channel has a capacity of 10KB, then you can choose a packet size of 10KB, and send one packet, or choose a packet size of 5KB and send two packets...Etc.  The problem you face is that the two programs are at two different locations, with two different channel capacities. If the first channel had a capacity of 3201KB, and the second channel had a capacity of 4565KB, find the maximum packet size that is suitable for both channels.

Registration Number: 193046 Consider a network with 3 hosts and a NAT router. Suppose that the network address of the home network is 192.168.NNN/24, where NNN are the last 3 digits of your Reg#. For example, if your Reg# is BSE193046, NNN = 046 and therefore the network address wil be 192168.46/24. (If NNN>255, consider NNN=254) (a) Assign any public IP address to NAT router’s outgoing interface. (b) Assign IP addresses to all 3 hosts and local interface of the NAT router in the home network. (