INFA 620 Lab 1: UNDERSTANDING INTERNET PROTOCOLS
In order to detect or prevent network security breaches, you must understand the Internet protocols as well as the attacker does. The protocols originate from publicly available Requests for Comments, or RFCs. The official repository and publisher of all RFCs is the RFC Editor. The purpose of this lab is to practice locating and studying two key RFCs. (Feel free to consult any newer material on IP and TCP protocols. These RFCs are original materials on these protocols. A Request for Comments (RFC) is a publication of the Internet Engineering Task Force (IETF) and the Internet Society, the principal technical development and standards-setting bodies for the Internet. Internet and its precursor ARPANET was developed by engineers and scientists using RFCs. Assignment: 1. Find and identify the RFCs for IP and TCP (Questions you should answer are in bold red.) Go to the RFC Editor and download the specifications for IP and TCP. Procedure: • Point your browser to http://www.rfc-editor.org • Read the page, click the “RFC SEARCH” link, • In the search field “Title/Keyword,” type in the complete name of the protocol (e.g. “Internet Protocol”, not “IP”). • By default, the search results are displayed by RFC number (ascending). Also, by default, the number of results shown is 25. Click ‘All’ to show all the results. • Identify the RFC for each protocol, by RFC number: RFC _______ Internet Protocol (5 points) RFC _______ Transmission Control Protocol (5 points) • Download the RFCs and use them to answer the following questions
2. Refer to the RFCs to answer the following questions
Questions about IP (40 Points) a. What two basic functions does IP implement? (10 points) b. What four key mechanisms does IP use to provide its service? 10 points) c. Via what protocol does IP communicate errors? (5 points) d. In the IP header, what is the Identification field used for? (5 points) e. A number of bits within the IP header are designated reserved or optional; why would these be important in network security? (10 points)
Questions about TCP (40 Points) a. What is the difference between a socket and a connection? (5 points) b. Name five of the six calls the TCP interface provides (to applications) (15 points) c. What are active and passive OPEN requests? (5 points) d. Describe the three-way handshake. (15 points)
3. First google netstat and understand what it is. At a workstation, open some web pages and then at a command prompt type: netstat -a .
Identify the ports your machine is listening on and the state of the various connections it is holding (10 points). Post your answer to the assignment folder under LAB1