- 2010-09-30: Post-exam review of the second exam in room 51-02-007
- 2010-07-20: The second exam
- on 14.09.2010, 10.00 am
- in room 101-01-016
- 2010-03-23: The exam takes place in room 00-010/14, buidling 101.
- 2010-02-25: Final
meeting and excursion, see forum.
- 2009-11-16: Since today, we do have a VLAN switch for the
- 2009-11-10: The ecercises have been rescheduled. Please check
your new dates.
- 2009-11-03: There will be no lecture this week. Instead we will
have an exercise on Tuesday (in the pool room).
- 2009-10-22: Additional information on preparing the exercises.
- 2009-10-05: Webpages online.
- Lecture, Christian Schindelhauer
- Tuesday, 11am - 1pm, SR 00-034 Geb. 051
- Exercise, Arne Vater
- Wednesday, 11am -
1pm, Poolraum 82-00-029
- 2009-10-19: 1st lecture Organization and Introduction (pdf)
- 2009-10-27: 2nd lecture Ethernet (pdf)
- 2009-11-10: 3rd lecture ARP (pdf), PPP (pdf)
- 2009-11-17: 4th lecture IP (pdf), DHCP (pdf)
- 2009-11-24: 5th lecture ICMP (pdf), Distance-Vector (pdf)
- 2009-12-01: 6th lecture Link State Routing (pdf), OSPF/BGP (pdf)
- 2009-12-08: 7th lecture IPv6 (pdf)
- 2009-12-15: 8th lecture DNS (pdf)
- 2009-12-22: 9th lecture DNS (pdf)
- 2010-01-12: 10th lecture Security, Tunnels (pdf)
- 2010-01-19: 11th lecture SSL (pdf)
- 2010-01-26: 12th lecture Cryptography (pdf), IPsec (pdf)
- 2010-01-02: 13th lecture Firewalls (pdf), SIP (pdf)
- 2010-01-03: 14th lecture SIP (pdf),
- 2010-01-09: 15th lecture ISDN (pdf), GSM (pdf)
- 2010-01-10: 16th lecture UMTS (pdf)
mandatory to prepare two exercises to achieve a permit to the final exam!
Also, you have to give us your full name and login name, see this thread.
Your task for preparing the exercise consist of the following:
- Creating the exercises and preparing all hardware to solve it.
- You can find the exercise catalogue and the solutions here (pdf).
- Check the exercises for realization possibility, either with the pool computers or the notebooks provided.
- Prepare all hardware, e.g. install required tools. You may also prepare a step-by-step solution for installing those tools and have the participants do it in the exercise. This should not take too much time, though.
- You can take one of the notebooks and prepare it at home. Then you will have to copy the installation to all other notebooks, so that they are identical.
- We have a VLAN switch you can use for the exercise. You will
have to configure it according to your needs, please refer to the user manual. Also, be
aware that it is quite a large and not-so-quiet piece of hardware.
- Create an exercise sheet to distribute to all participants in the
- You can use this LaTeX template.
- Either bring a sufficient number of printouts (25) to the exercise or send it by email until Wednesday, 10am, so we will do the printing.
- Submit the exercise (pdf and source files) by email.
- Supervise your fellow students during the practical exercise.
- 2009-10-28: Basics I
Robert Jakob & Matthias Keil
- 2009-10-28: Basics II
Volker Uhrig & Javier Castillo
- 2009-11-03: Basics III
Michael Pereira Neves & Dominik Erb
- 2009-11-04: ARP (solution)
Volodymyr Goncharov & Roberto Pedro Vargas Borromeo
- 2009-11-11: VMware
Robert Jakob & Matthias Keil
- 2009-11-18: PPPoE
Christian Ortolf & Arne Vater
- 2009-11-18: IP/DHCP (solution)
Hoor Al-Hasani & Elmar Haussmann
- 2009-11-25: Static Routing
Fabian Schillinger & Dennis Gauß
- 2009-11-25: NAT & ICMP
Asha Nagendra & Shyamala Villupuram Sundararaman & Said Lobo & Pavankumar Videm
- 2009-12-02: Dynamic Routing
Fahad Bin Aziz & Mihail Borisov & Fadi Salameh
- 2009-12-02: IPv6
Roberto Pedro Vargas Borromeo & Refik Hadzialic & Iqbal Hossan
- 2009-12-09: DNS
Tuti Andriani & Triatmoko & Yaser Al-Darwich
- 2009-12-09: SSH
Dirk Kienle & Julius Holderer
- 2009-12-16: OpenVPN
Jubran Oday & Asha Nagendra
- 2009-12-16: SSL
Karl Shou-Yu Chao & Lulu Cai
- 2010-01-13: GnuPG
Volodymyr Goncharov & Roberto Pedro Vargas Borromeo & Jubran Oday
- 2010-01-13: IPsec
Hoor Al-Hasani & Elmar Haussmann & Dirk Kienle & Julius Holderer
- 2010-01-20: IPTABLES
Volker Uhrig & Javier Castillo & Shyamala Villupuram Sundararaman & Said Lobo & Pavankumar Videm
- 2010-01-20: QoS
Fabian Schillinger & Dennis Gauß & Tuti Andriani & Yaser Al-Darwich
- 2010-01-27: Voice over IP
Michael Pereira Neves & Dominik Erb & Refik Hadzialic & Iqbal Hossan& Triatmoko
- 2010-01-27: Asterisk
Fahad Bin Aziz & Mihail Borisov & Fadi Salameh & Karl Shou-Yu Chao & Lulu Cai
- James F. Kurose, Keith W. Ross: Computer Networking, A Top-Down Approach Featuring the Internet
- Douglas E. Comer: Computernetworks and Internets
- Andrew S. Tanenbaum: Computernetworks
- Patterson and Davie, Computer Networks, A Systems Approach
- R. Stevens, TCP/IP Illustrated Vol. 1
- E. Pehl, Digitale und analoge Datenübertragung
- Flaig, Hoffmann, Langauf: Internet-Telefonie VoIP mit Asterisk und SER
- Sinnreich, Johnston: Internet Communications using SIP
- Hersent, Gurle, Petit: Beyond VOIP Protocols
- Kaaranen, Ahtiainen, Laitinen: UMTS Networks Architecture Mobility and Services
- Additional texts for reading - during the lecture
The second written exam for all master students is on
Tuesday, 14.09.2010, 10am - 12 am
in room 01-016, building 101.
in room 01-016, building 101.
Written exam for all master students was on
Thursday, 25.03.2010 10am - 12am
in room 00-010/14, buidling 101. Oral exams for bachelor students and on request for master students are on the following dates
- Wednesday, 17.02.2010, 9-12, 15-18
- Wednesday, 03.03.2010, 9-12, 15-18
- Thursday, 11.03.2010, 14-18
- Friday, 19.03.2010, 9-12, 14-18
forum for general questions about the lecture. Maybe your question and the answer is probably interesting to other students. Please feel free to start new threads and interesting discussion.
ICMP, Distance Vector
Link State Routing, OSPF/BGP
- What is a protocol, why are standards necessary?
- Why stacks of protocols?
- Compare the ISO/OSI protocol stack to the TCP/IP stack of Tanenbaum!
- Why not only Ethernets are used for networking?
- Why it is impossible to use jumbo frames in a mixed Gigabit and Fast Ethernet LAN?
- What is the minimum length of an Ethernet packet, why? Is that really needed in switched Ethernets, why (not)?
- Which restriction may apply if a Gigabit Ethernet adapter is plugged into the old-standard PCI?
- Why CSMA/CD was dropped in the 10 GbE and 100 GbE standards?
- What is the major difference between an Ethernet hub and
- Does a switch increase network security? Why (not)?
- Why is there no perfect load equalization in Ethernet channel bonding? Why might it a be helpfull nevertheless?
- Why does 802.1q (VLAN extension to Ethernet) break the original standard? Which problems might occur?
- Is the deployment of VLANs a good strategy to improve overall Ethernet network security? Where might it help, where not?
- Are VLAN packets tagged with a certain ID completely invisible in a LAN?
- Why is a trailer of “00000....” attached to ARP packets in wireshark sniffings?
- Why can ARP requests of every machine can be seen in a subnet, but only the ARP replies of requests in packet sniffing?
- Ethernet is a broadcast medium: Why are not all packets seen traveling in a subnet?
- For what was the Address Resolution Protocol invented?
- What for is ARP needed?
- What does “ARP poisoning” mean?
- How does ARP spoofing work?
- Which options exist for protection against ARP attacks? Is static ARP a good idea? Why (not)?
- Why is the point-to-point protocol needed? What are the major characteristics of that protocol?
- Why PPP was developed for Layer 2? What does it mean for the protocol implementation?
- Why PPPoE was introduced? Is ARP still needed with PPPoE (Why/not)?
- Sketch the protocol stack and overhead of PPPoE compared to classical Ethernet transport!
- What does it mean for the MTU? What kind of disadvantages would a smaller MTU rather than the standard one introduce?
- Which role might the RADIUS protocol play in PPP/oE infrastructures? Why was a separate service/protocol introduced?
- Special IP addresses: Which IPv4 addresses could be assigned to end systems routable world wide? Which special addresses do you know?
- What do have PPP and DHCP have in common? What are the differences between the protocols?
- Why does DHCP implement “leases” and does not check the availability of a client directly?
- Why DHCP somehow break the network layering?
- How it is possible that the DHCP server sends the ACK message with the client IP (and other network configuration) addressed directly to the client address (which is not configured at the client yet)?
- Why would it not be a good idea to use TCP instead of UDP for the DHCP service (the reliability – think of the amount of configuration data which should be transferred properly)?
- Why DHCP should not be used/is not designed for the transfer of large amounts of configuration data (think of the vendor extensions which theoretically would allow to transmit lots of long strings)?
- Special IP addresses: Which role the IP addresses like 0.0.0.0 and 255.255.255.255 do play?
- Will the host addresses of the network 169.254.X.Y/16 be routed worldwide (why/not)? Why was this network introduced?
- What does the network mask tell?
- Explain the equivalence of 10.1.2.0/24 and 10.1.2.0/255.255.255.0
- What does sub- and supernetting mean? How does it work?
- Please give an explanation on how IPv4 routing works!
- For which reason was the “default route” introduced?
- Give a simple example of a hosts routing table!
- Specify what kind of an IP address/network this is:
ICMP, Distance Vector
- What role does ICMP play in IPv4 networking?
- Why ICMP messages like “source quench” or “redirect” are not used or should not be used any more?
- Why NAT was introduced to IPv4?
- Explain the difference between NAT and standard routing!
- What are the (dis)advantages of the concept?
- Why is the load of a NAT/masquerading router expected to be higher than on a standard one?
- Why are the header checksums of TCP and UDP to be recalculated?
- Specify which machine can be reached by ICMP messages from which one!
- How to reach the HTTP port of two different machines behind a
NAT router from the outside world?
- Why it is possible to see how many clients are attached behind a NAT router?
- Which ways exist to distinguish IP packets generated directly within the masquerading router and originating from some hosts (further) behind that router?
- Why is there no packet reassembly on the path of a packet but in the final destination only?
- What happens to payload (UDP/TCP headers included) of 3200Byte leaving a machine attached to a MTU1500 network?
- What happens when MTU is decreased to 900Byte and further along the path to 800Byte?
- What is the idea of the “fragment offset”?
Link State Routing, OSPF/BGP
- What kind of a routing protocol is RIP?
- Which metric is used by that protocol?
- Which (dis)advantages does this metric have?
- Which limitations does RIP have?
- Why RIP uses multicast networking for message exchange with neighbor routers?
- Where does multicast IPv4 address range start?
- Which other protocols use multicast for message exchange?
- What kind of routing protocols are RIP(II) and OSPF?
- Which metrics are used by these protocols?
- Which different metrics do you know?
- What kind of a metric is used in BGP?
- Why “normal” metrics could not be applied in every Inter-AS routing case?
- Which typical agreements exist between providers to exchange traffic?
- What is the major difference between IPv4 and IPv6 regarding the addressing?
- Why these changes were introduced?
- Why the traditional concept of broadcast addresses was dropped?
- What is the difference in fragmentation in IPv4 and IPv6?
- Why a new system of fragmentation was introduced?
- What is the minimum MTU in IPv6 networks?
- Which header fields were removed compared to IPv4?
- What was changed for QoS handling?
- How does the protocol stack knows which header comes next?
- How does the loopback address look like in IPv6?
- What was changed compared to IPv4?
- How does the address compression work in IPv6?
- What is the difference between link local and global addresses?
- Why is not DNS used for the routing at network layer, as it is more flexible than IP and perfectly hierarchical?
- Which transport protocol and port does DNS use?
- What is the difference between a “zone” and a “domain”?
- Which role does a caching name server play? Where would you expect it?
- Why is there just one root for the DNS and not several (competition might improve the service)?
- Why is the number of root nameservers restricted?
- How many root nameservers are possible?
- How is this number increased nevertheless?
- Which transport layer protocol is better suited for tunneling: UDP or TCP?
- Which problems might be introduced with tunneling of TCP in TCP or UDP in UDP or any other combinations?
- What does tunneling mean for the MTU size of the tunneling interface (why higher/lower/equal)?
- What is the disadvantage of a multi-client OpenVPN setup in case of generated network traffic?
- How packet delay is affected in tunnel/encryption scenarios?
- Is it possible to tunnel UDP and ICMP traffic over the standard SSH tunnel feature (why/not)?
- What are certificates meant for in secure communication?
- How is the identity of a network user/system established?
- Why exists a large number of CAs and every network provider could run one?
- Why are “certificate chains” used?
- Why is it necessary to install root certificates of non-standard CAs in a Browser?
- What is the problem if the authenticity of a root certificate could be forged (MD5 problem)?
- What are the differences, (dis)advantages of public key infrastructures and shared key systems?
- What are they used for?
- Why IPsec implements two different headers: AH and ESP?
- Which differences do network security tunnel implementations like SSH, OpenVPN and IPsec have?
- Compare layers, concepts ...!
- Which general disadvantage all these technologies share regarding a secure Internet infrastructure?
- Why, under which circumstances, Ipsec / Xauth is regarded insecure?
- Which role may certificates play?
- What disadvantage might be introduces not to use a dedicated tunnel device in the standard Linux IPsec implementation?
- What is the difference between DENY and DROP of IP packets?
- At which level packets might be filtered – which (dis)advantages does each layer offer?
- Which options exist to filter encrypted/proprietary protocols?
- How many packets have a network node with Gigabit interfaces to handle if full wire of ACK packages?
- Which measures might be implemented to reduce the security risk of brute-force-attacks e.g. on SSH or email boxes?
- Why it might be advisable to use a proxy service for network
- Which (dis)advantages might this have?
- What is the difference between NATed and proxied HTTP connection of a client?
- How does the codec used in a VoIP connection influence the amount of traffic generated?
- Why are there different protocols for session setup and a call running?
- Why it is possible to have email addresses instead of numbers in SIP? Which protocol is used to map IP addresses on telephone numbers?
- Which role does the SDP play in SIP sessions?
- In which SIP message might SDP packets?
- Which problems might occur in NAT scenarios of VoIP? Which options do you have to enable connections if both partners are behind a NAT router/firewall?
- What kind of security implications does SIP has?
- How many active VoIP sessions would be possible over a 16/1Mbit/s DSL link?
- Give a rough calculation on the size of an average VoIP packet using a-law codec!
- How much bandwidth should be reserved for SIP, RTP?
- What are the limitations of the RSVP?
- Which kind of delays you could expect in a typical VoIP session?
- Which average (summed up) delay feel users comfortable with?
- What kinds of QoS queues were introduced?
- What is the (dis)advantage of the Token Bucket mechanism?
- What are the typical policing rules, restrains for QoS?